1From a09c89545d3ed5b56701abcc5d638faa01c5c903 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Mon, 15 Aug 2022 12:19:25 +0200 4Subject: [PATCH] Fix memory leak with invalid XSD 5 6xmlSchemaClearElemInfo can add new items to the "matcher" cache, so the 7cache must be cleared after calling this function, not before. This 8only seems to affect invalid XSDs. 9 10Fixes #390. 11Reference:https://github.com/GNOME/libxml2/commit/a09c89545d3ed5b56701abcc5d638faa01c5c903 12Conflict:NA 13--- 14 xmlschemas.c | 26 +++++++++++++++----------- 15 1 file changed, 15 insertions(+), 11 deletions(-) 16 17diff --git a/xmlschemas.c b/xmlschemas.c 18index 9da4cd1..9aa6acf 100644 19--- a/xmlschemas.c 20+++ b/xmlschemas.c 21@@ -27830,17 +27830,6 @@ xmlSchemaClearValidCtxt(xmlSchemaValidCtxtPtr vctxt) 22 } while (cur != NULL); 23 vctxt->aidcs = NULL; 24 } 25- if (vctxt->idcMatcherCache != NULL) { 26- xmlSchemaIDCMatcherPtr matcher = vctxt->idcMatcherCache, tmp; 27- 28- while (matcher) { 29- tmp = matcher; 30- matcher = matcher->nextCached; 31- xmlSchemaIDCFreeMatcherList(tmp); 32- } 33- vctxt->idcMatcherCache = NULL; 34- } 35- 36 37 if (vctxt->idcNodes != NULL) { 38 int i; 39@@ -27907,6 +27896,21 @@ xmlSchemaClearValidCtxt(xmlSchemaValidCtxtPtr vctxt) 40 xmlFree(vctxt->filename); 41 vctxt->filename = NULL; 42 } 43+ 44+ /* 45+ * Note that some cleanup functions can move items to the cache, 46+ * so the cache shouldn't be freed too early. 47+ */ 48+ if (vctxt->idcMatcherCache != NULL) { 49+ xmlSchemaIDCMatcherPtr matcher = vctxt->idcMatcherCache, tmp; 50+ 51+ while (matcher) { 52+ tmp = matcher; 53+ matcher = matcher->nextCached; 54+ xmlSchemaIDCFreeMatcherList(tmp); 55+ } 56+ vctxt->idcMatcherCache = NULL; 57+ } 58 } 59 60 /** 61-- 622.27.0 63 64