1From 08695683dbd78301aa95bf3042871256479bc6a6 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Mon, 30 Jan 2023 15:52:00 +0100 4Subject: [PATCH] malloc-fail: Add error check in xmlXPathEqualNodeSetFloat 5 6Avoid null deref. 7 8Found with libFuzzer, see #344. 9 10Reference:https://github.com/GNOME/libxml2/commit/08695683dbd78301aa95bf3042871256479bc6a6 11Conflict:NA 12--- 13 xpath.c | 1 + 14 1 file changed, 1 insertion(+) 15 16diff --git a/xpath.c b/xpath.c 17index 6d76e43..77d5434 100644 18--- a/xpath.c 19+++ b/xpath.c 20@@ -6799,6 +6799,7 @@ xmlXPathEqualNodeSetFloat(xmlXPathParserContextPtr ctxt, 21 xmlFree(str2); 22 xmlXPathNumberFunction(ctxt, 1); 23 val = valuePop(ctxt); 24+ CHECK_ERROR0; 25 v = val->floatval; 26 xmlXPathReleaseObject(ctxt->context, val); 27 if (!xmlXPathIsNaN(v)) { 28-- 292.27.0 30 31