1From 1c5e1fc194a661783d4bffbfd4b4424a7d74881f Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Tue, 14 Feb 2023 13:56:21 +0100 4Subject: [PATCH] malloc-fail: Check for malloc failure in 5 xmlFindCharEncodingHandler 6 7Don't return encoding handlers with a NULL name. 8 9Found with libFuzzer, see #344. 10 11Reference:https://github.com/GNOME/libxml2/commit/1c5e1fc194a661783d4bffbfd4b4424a7d74881f 12Conflict:NA 13--- 14 encoding.c | 12 ++++++++++++ 15 1 file changed, 12 insertions(+) 16 17diff --git a/encoding.c b/encoding.c 18index c073a9c..400e860 100644 19--- a/encoding.c 20+++ b/encoding.c 21@@ -1726,6 +1726,12 @@ xmlFindCharEncodingHandler(const char *name) { 22 } 23 memset(enc, 0, sizeof(xmlCharEncodingHandler)); 24 enc->name = xmlMemStrdup(name); 25+ if (enc->name == NULL) { 26+ xmlFree(enc); 27+ iconv_close(icv_in); 28+ iconv_close(icv_out); 29+ return(NULL); 30+ } 31 enc->input = NULL; 32 enc->output = NULL; 33 enc->iconv_in = icv_in; 34@@ -1758,6 +1764,12 @@ xmlFindCharEncodingHandler(const char *name) { 35 } 36 memset(encu, 0, sizeof(xmlCharEncodingHandler)); 37 encu->name = xmlMemStrdup(name); 38+ if (encu->name == NULL) { 39+ xmlFree(encu); 40+ closeIcuConverter(ucv_in); 41+ closeIcuConverter(ucv_out); 42+ return(NULL); 43+ } 44 encu->input = NULL; 45 encu->output = NULL; 46 encu->uconv_in = ucv_in; 47-- 482.27.0 49 50