1From f0b5515c26a65c218dcab95b411f25f2e57328d0 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Wed, 2 Nov 2022 15:44:42 +0100 4Subject: [PATCH 05/28] malloc-fail: Fix memory leak in xmlStaticCopyNodeList 5 6Found with libFuzzer, see #344. 7 8Reference: https://github.com/GNOME/libxml2/commit/a22bd982bf10291deea8ba0c61bf75b898c604ce 9Conflict: NA 10--- 11 tree.c | 7 +++++-- 12 1 file changed, 5 insertions(+), 2 deletions(-) 13 14diff --git a/tree.c b/tree.c 15index 84da156..b32561d 100644 16--- a/tree.c 17+++ b/tree.c 18@@ -4388,7 +4388,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { 19 } 20 if (doc->intSubset == NULL) { 21 q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); 22- if (q == NULL) return(NULL); 23+ if (q == NULL) goto error; 24 q->doc = doc; 25 q->parent = parent; 26 doc->intSubset = (xmlDtdPtr) q; 27@@ -4400,7 +4400,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { 28 } else 29 #endif /* LIBXML_TREE_ENABLED */ 30 q = xmlStaticCopyNode(node, doc, parent, 1); 31- if (q == NULL) return(NULL); 32+ if (q == NULL) goto error; 33 if (ret == NULL) { 34 q->prev = NULL; 35 ret = p = q; 36@@ -4413,6 +4413,9 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { 37 node = node->next; 38 } 39 return(ret); 40+error: 41+ xmlFreeNodeList(ret); 42+ return(NULL); 43 } 44 45 /** 46-- 472.27.0 48 49