1From 7ec314efcd8b3df1d05d793812e54656bf539af8 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Mon, 30 Jan 2023 15:59:55 +0100 4Subject: [PATCH] malloc-fail: Add error checks in xmlXPathEqualValuesCommon 5 6Avoid null deref. 7 8Found with libFuzzer, see #344. 9 10Reference:https://github.com/GNOME/libxml2/commit/7ec314efcd8b3df1d05d793812e54656bf539af8 11Conflict:NA 12--- 13 xpath.c | 2 ++ 14 1 file changed, 2 insertions(+) 15 16diff --git a/xpath.c b/xpath.c 17index fbec21b..6d76e43 100644 18--- a/xpath.c 19+++ b/xpath.c 20@@ -7011,6 +7011,7 @@ xmlXPathEqualValuesCommon(xmlXPathParserContextPtr ctxt, 21 valuePush(ctxt, arg2); 22 xmlXPathNumberFunction(ctxt, 1); 23 arg2 = valuePop(ctxt); 24+ CHECK_ERROR0; 25 /* Falls through. */ 26 case XPATH_NUMBER: 27 /* Hand check NaN and Infinity equalities */ 28@@ -7074,6 +7075,7 @@ xmlXPathEqualValuesCommon(xmlXPathParserContextPtr ctxt, 29 valuePush(ctxt, arg1); 30 xmlXPathNumberFunction(ctxt, 1); 31 arg1 = valuePop(ctxt); 32+ CHECK_ERROR0; 33 /* Hand check NaN and Infinity equalities */ 34 if (xmlXPathIsNaN(arg1->floatval) || 35 xmlXPathIsNaN(arg2->floatval)) { 36-- 372.27.0 38 39