packages/libxml2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libxml2/backport-malloc-fail-Fix-memory-leak-in-xmlFAParseCharProp.patch
zhuofeng feb7e8218d backport upstream patches 
(cherry picked from commit ec64ed27a9add0f7a9bf6ee351ad67302a60c383)
2023-06-20 11:16:46 +08:00

94 lines
2.7 KiB
Diff
Raw Permalink Blame History

From 40bc1c699a7999626d3384be43684f2a68dad6c4 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 17 Feb 2023 15:40:32 +0100
Subject: [PATCH] malloc-fail: Fix memory leak in xmlFAParseCharProp
Found with libFuzzer, see #344.
Reference:https://github.com/GNOME/libxml2/commit/40bc1c699a7999626d3384be43684f2a68dad6c4
Conflict:NA
---
xmlregexp.c | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)
diff --git a/xmlregexp.c b/xmlregexp.c
index fb2eadc..8c2ea81 100644
--- a/xmlregexp.c
+++ b/xmlregexp.c
@@ -1245,7 +1245,7 @@ xmlRegPrintCtxt(FILE *output, xmlRegParserCtxtPtr ctxt) {
* *
************************************************************************/
-static void
+static xmlRegRangePtr
xmlRegAtomAddRange(xmlRegParserCtxtPtr ctxt, xmlRegAtomPtr atom,
int neg, xmlRegAtomType type, int start, int end,
xmlChar *blockName) {
@@ -1253,11 +1253,11 @@ xmlRegAtomAddRange(xmlRegParserCtxtPtr ctxt, xmlRegAtomPtr atom,
if (atom == NULL) {
ERROR("add range: atom is NULL");
- return;
+ return(NULL);
}
if (atom->type != XML_REGEXP_RANGES) {
ERROR("add range: atom is not ranges");
- return;
+ return(NULL);
}
if (atom->maxRanges == 0) {
atom->maxRanges = 4;
@@ -1266,7 +1266,7 @@ xmlRegAtomAddRange(xmlRegParserCtxtPtr ctxt, xmlRegAtomPtr atom,
if (atom->ranges == NULL) {
xmlRegexpErrMemory(ctxt, "adding ranges");
atom->maxRanges = 0;
- return;
+ return(NULL);
}
} else if (atom->nbRanges >= atom->maxRanges) {
xmlRegRangePtr *tmp;
@@ -1276,16 +1276,17 @@ xmlRegAtomAddRange(xmlRegParserCtxtPtr ctxt, xmlRegAtomPtr atom,
if (tmp == NULL) {
xmlRegexpErrMemory(ctxt, "adding ranges");
atom->maxRanges /= 2;
- return;
+ return(NULL);
}
atom->ranges = tmp;
}
range = xmlRegNewRange(ctxt, neg, type, start, end);
if (range == NULL)
- return;
+ return(NULL);
range->blockName = blockName;
atom->ranges[atom->nbRanges++] = range;
+ return(range);
}
static int
@@ -4899,11 +4900,16 @@ xmlFAParseCharProp(xmlRegParserCtxtPtr ctxt) {
}
if (ctxt->atom == NULL) {
ctxt->atom = xmlRegNewAtom(ctxt, type);
- if (ctxt->atom != NULL)
- ctxt->atom->valuep = blockName;
+ if (ctxt->atom == NULL) {
+ xmlFree(blockName);
+ return;
+ }
+ ctxt->atom->valuep = blockName;
} else if (ctxt->atom->type == XML_REGEXP_RANGES) {
- xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg,
- type, 0, 0, blockName);
+ if (xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg,
+ type, 0, 0, blockName) == NULL) {
+ xmlFree(blockName);
+ }
}
}
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink