49 lines
1.4 KiB
Diff
49 lines
1.4 KiB
Diff
From f0b5515c26a65c218dcab95b411f25f2e57328d0 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Wed, 2 Nov 2022 15:44:42 +0100
|
|
Subject: [PATCH 05/28] malloc-fail: Fix memory leak in xmlStaticCopyNodeList
|
|
|
|
Found with libFuzzer, see #344.
|
|
|
|
Reference: https://github.com/GNOME/libxml2/commit/a22bd982bf10291deea8ba0c61bf75b898c604ce
|
|
Conflict: NA
|
|
---
|
|
tree.c | 7 +++++--
|
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/tree.c b/tree.c
|
|
index 84da156..b32561d 100644
|
|
--- a/tree.c
|
|
+++ b/tree.c
|
|
@@ -4388,7 +4388,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
|
|
}
|
|
if (doc->intSubset == NULL) {
|
|
q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
|
|
- if (q == NULL) return(NULL);
|
|
+ if (q == NULL) goto error;
|
|
q->doc = doc;
|
|
q->parent = parent;
|
|
doc->intSubset = (xmlDtdPtr) q;
|
|
@@ -4400,7 +4400,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
|
|
} else
|
|
#endif /* LIBXML_TREE_ENABLED */
|
|
q = xmlStaticCopyNode(node, doc, parent, 1);
|
|
- if (q == NULL) return(NULL);
|
|
+ if (q == NULL) goto error;
|
|
if (ret == NULL) {
|
|
q->prev = NULL;
|
|
ret = p = q;
|
|
@@ -4413,6 +4413,9 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
|
|
node = node->next;
|
|
}
|
|
return(ret);
|
|
+error:
|
|
+ xmlFreeNodeList(ret);
|
|
+ return(NULL);
|
|
}
|
|
|
|
/**
|
|
--
|
|
2.27.0
|
|
|