Fix heap-use-after-free in xmlAddNextSibling and xmlAddChild

Fix-heap-use-after-free-in-xmlAddNextSibling-and-xmlAddChild.patch

@@ -0,0 +1,31 @@
+From ace5aece17b5ecaafee286fc943616fdee03d885 Mon Sep 17 00:00:00 2001
+From: panxiaohe <panxiaohe@huawei.com>
+Date: Thu, 11 Nov 2021 16:45:04 +0800
+Subject: [PATCH] Fix heap-use-after-free in xmlAddNextSibling and xmlAddChild
+
+---
+ xinclude.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/xinclude.c b/xinclude.c
+index b2e6ea1..d39ff7d 100644
+--- a/xinclude.c
++++ b/xinclude.c
+@@ -1103,12 +1103,11 @@ xmlXIncludeCopyRange(xmlXIncludeCtxtPtr ctxt, xmlDocPtr target,
+ 	    }
+ 	    if (tmp != NULL) {
+ 		if (level == lastLevel)
+-		    xmlAddNextSibling(last, tmp);
++		    last = xmlAddNextSibling(last, tmp);
+ 		else {
+-		    xmlAddChild(last, tmp);
++		    last = xmlAddChild(last, tmp);
+ 		    lastLevel = level;
+ 		}
+-		last = tmp;
+ 	    }
+ 	}
+ 	/*
+-- 
+1.8.3.1
+

libxml2.spec

@@ -1,7 +1,7 @@
 Summary: Library providing XML and HTML support
 Name: libxml2
 Version: 2.9.10
-Release: 19
+Release: 20
 License: MIT
 Group: Development/Libraries
 Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
@@ -102,6 +102,7 @@ Patch89: Hardcode-maximum-XPath-recursion-depth.patch
 Patch90: Fix-XPath-recursion-limit.patch
 Patch91: Fix-Null-deref-in-xmlSchemaGetComponentTargetNs.patch
 Patch92: Fix-memleaks-in-xmlXIncludeProcessFlags.patch
+Patch93: Fix-heap-use-after-free-in-xmlAddNextSibling-and-xmlAddChild.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: python3-devel
@@ -262,6 +263,12 @@ rm -fr %{buildroot}
 
 
 %changelog
+* Thu Nov 11 2021 panxiaohe <panxiaohe@huawei.com> - 2.9.10-20
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix heap-use-after-free in xmlAddNextSibling and xmlAddChild
+
 * Tue Nov 9 2021 panxiaohe <panxiaohe@huawei.com> - 2.9.10-19
 - Type:bugfix
 - ID:NA