68 lines
1.8 KiB
Diff
68 lines
1.8 KiB
Diff
From ed615967dfeba615218826bb4ef0c87877cb53cd Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Fri, 17 Feb 2023 15:23:42 +0100
|
|
Subject: [PATCH] malloc-fail: Fix memory leak in xmlRegexpCompile
|
|
|
|
Found with libFuzzer, see #344.
|
|
|
|
Reference:https://github.com/GNOME/libxml2/commit/ed615967dfeba615218826bb4ef0c87877cb53cd
|
|
Conflict:NA
|
|
---
|
|
xmlregexp.c | 18 ++++++++----------
|
|
1 file changed, 8 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/xmlregexp.c b/xmlregexp.c
|
|
index 11c684a..360916f 100644
|
|
--- a/xmlregexp.c
|
|
+++ b/xmlregexp.c
|
|
@@ -5566,7 +5566,7 @@ xmlRegexpPrint(FILE *output, xmlRegexpPtr regexp) {
|
|
*/
|
|
xmlRegexpPtr
|
|
xmlRegexpCompile(const xmlChar *regexp) {
|
|
- xmlRegexpPtr ret;
|
|
+ xmlRegexpPtr ret = NULL;
|
|
xmlRegParserCtxtPtr ctxt;
|
|
|
|
ctxt = xmlRegNewParserCtxt(regexp);
|
|
@@ -5576,7 +5576,7 @@ xmlRegexpCompile(const xmlChar *regexp) {
|
|
/* initialize the parser */
|
|
ctxt->state = xmlRegStatePush(ctxt);
|
|
if (ctxt->state == NULL)
|
|
- return(NULL);
|
|
+ goto error;
|
|
ctxt->start = ctxt->state;
|
|
ctxt->end = NULL;
|
|
|
|
@@ -5585,10 +5585,8 @@ xmlRegexpCompile(const xmlChar *regexp) {
|
|
if (CUR != 0) {
|
|
ERROR("xmlFAParseRegExp: extra characters");
|
|
}
|
|
- if (ctxt->error != 0) {
|
|
- xmlRegFreeParserCtxt(ctxt);
|
|
- return(NULL);
|
|
- }
|
|
+ if (ctxt->error != 0)
|
|
+ goto error;
|
|
ctxt->end = ctxt->state;
|
|
ctxt->start->type = XML_REGEXP_START_STATE;
|
|
ctxt->end->type = XML_REGEXP_FINAL_STATE;
|
|
@@ -5597,11 +5595,11 @@ xmlRegexpCompile(const xmlChar *regexp) {
|
|
xmlFAEliminateEpsilonTransitions(ctxt);
|
|
|
|
|
|
- if (ctxt->error != 0) {
|
|
- xmlRegFreeParserCtxt(ctxt);
|
|
- return(NULL);
|
|
- }
|
|
+ if (ctxt->error != 0)
|
|
+ goto error;
|
|
ret = xmlRegEpxFromParse(ctxt);
|
|
+
|
|
+error:
|
|
xmlRegFreeParserCtxt(ctxt);
|
|
return(ret);
|
|
}
|
|
--
|
|
2.27.0
|
|
|