-
Sergei Golubchik authored
accessing freed memory. Before XMLCOL::WriteColumn() Tdbp->Clist gets assigned a nodelist in Clist = RowNode->SelectNodes(g, Colname, Clist); which is RowNode->Doc->Xop->nodesetval. In XMLCOL::WriteColumn() ValNode = ColNode->SelectSingleNode(g, Xname, Vxnp); calls LIBXMLDOC::GetNodeList() again, which frees the previous XPath object Xop and replaces it with a new one. In this case RowNode->Doc == ColNode->Doc, so Clist->Listp points to a freed memory now.8afcda93
