From 971202e71c04df5d82226be9db6ff92d1eb9096c Mon Sep 17 00:00:00 2001
From: Martin <gzlist@googlemail.com>
Date: Sun, 11 Oct 2009 16:17:21 +0100
Subject: [PATCH] Avoid leaking strings on some more kinds of invalid XPath expressions

---
 python/tests/xpathleak.py |    6 +++++-
 xpath.c                   |    2 ++
 2 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/python/tests/xpathleak.py b/python/tests/xpathleak.py
index dcc144c..879de1c 100644
--- a/python/tests/xpathleak.py
+++ b/python/tests/xpathleak.py
@@ -27,7 +27,11 @@ libxml2.registerErrorHandler(callback, "-->")
 doc = libxml2.parseDoc("<fish/>")
 ctxt = doc.xpathNewContext()
 ctxt.setContextNode(doc)
-for expr in (":false()","bad:()","bad(:)",":bad(:)","bad:(:)","bad:bad(:)"):
+badexprs = (
+	":false()", "bad:()", "bad(:)", ":bad(:)", "bad:(:)", "bad:bad(:)",
+	"a:/b", "/c:/d", "//e:/f", "g://h"
+	)
+for expr in badexprs:
 	try:
 		ctxt.xpathEval(expr)
 	except libxml2.xpathError, e:
diff --git a/xpath.c b/xpath.c
index 5b84d22..8482c40 100644
--- a/xpath.c
+++ b/xpath.c
@@ -11333,6 +11333,7 @@ xmlXPathCompRelativeLocationPath
 	SKIP_BLANKS;
     }
     xmlXPathCompStep(ctxt);
+    CHECK_ERROR;
     SKIP_BLANKS;
     while (CUR == '/') {
 	if ((CUR == '/') && (NXT(1) == '/')) {
@@ -11392,6 +11393,7 @@ xmlXPathCompLocationPath(xmlXPathParserContextPtr ctxt) {
 		     (CUR == '@') || (CUR == '*')))
 		    xmlXPathCompRelativeLocationPath(ctxt);
 	    }
+	    CHECK_ERROR;
 	}
     }
 }
-- 
1.6.1.2