• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1From a22bd982bf10291deea8ba0c61bf75b898c604ce Mon Sep 17 00:00:00 2001
2From: Nick Wellnhofer <wellnhofer@aevum.de>
3Date: Wed, 2 Nov 2022 15:44:42 +0100
4Subject: [PATCH] malloc-fail: Fix memory leak in xmlStaticCopyNodeList
5
6Found with libFuzzer, see #344.
7---
8 tree.c | 7 +++++--
9 1 file changed, 5 insertions(+), 2 deletions(-)
10
11diff --git a/tree.c b/tree.c
12index 507869efe..647288ce3 100644
13--- a/tree.c
14+++ b/tree.c
15@@ -4388,7 +4388,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
16 	    }
17 	    if (doc->intSubset == NULL) {
18 		q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
19-		if (q == NULL) return(NULL);
20+		if (q == NULL) goto error;
21 		q->doc = doc;
22 		q->parent = parent;
23 		doc->intSubset = (xmlDtdPtr) q;
24@@ -4400,7 +4400,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
25 	} else
26 #endif /* LIBXML_TREE_ENABLED */
27 	    q = xmlStaticCopyNode(node, doc, parent, 1);
28-	if (q == NULL) return(NULL);
29+	if (q == NULL) goto error;
30 	if (ret == NULL) {
31 	    q->prev = NULL;
32 	    ret = p = q;
33@@ -4413,6 +4413,9 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
34 	node = node->next;
35     }
36     return(ret);
37+error:
38+    xmlFreeNodeList(ret);
39+    return(NULL);
40 }
41
42 /**
43--
44GitLab
45
46