From ba290a86639a6a9fc8af81936ad2d3a4d22d502f Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sun, 5 Mar 2023 14:08:57 +0100
Subject: [PATCH] malloc-fail: Fix memory leak in xmlSchemaItemListAddSize

Found with libFuzzer, see #344.

Reference:https://github.com/GNOME/libxml2/commit/ba290a86639a6a9fc8af81936ad2d3a4d22d502f
Conflict:NA
---
 xmlschemas.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/xmlschemas.c b/xmlschemas.c
index 4a767ac..9be7999 100644
--- a/xmlschemas.c
+++ b/xmlschemas.c
@@ -3445,14 +3445,17 @@ xmlSchemaItemListAddSize(xmlSchemaItemListPtr list,
 	}
 	list->sizeItems = initialSize;
     } else if (list->sizeItems <= list->nbItems) {
+        void **tmp;
+
 	list->sizeItems *= 2;
-	list->items = (void **) xmlRealloc(list->items,
+	tmp = (void **) xmlRealloc(list->items,
 	    list->sizeItems * sizeof(void *));
-	if (list->items == NULL) {
+	if (tmp == NULL) {
 	    xmlSchemaPErrMemory(NULL, "growing item list", NULL);
-	    list->sizeItems = 0;
+	    list->sizeItems /= 2;
 	    return(-1);
 	}
+        list->items = tmp;
     }
     list->items[list->nbItems++] = item;
     return(0);
-- 
2.27.0