1From 691f7eb44dd82a3de79e492bbe6c5426c96cbdde Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Wed, 15 Feb 2023 14:05:13 +0100 4Subject: [PATCH] malloc-fail: Fix memory leak in xmlXPathCompareValues 5 6Found with libFuzzer, see #344. 7 8Reference:https://github.com/GNOME/libxml2/commit/691f7eb44dd82a3de79e492bbe6c5426c96cbdde 9Conflict:NA 10--- 11 xpath.c | 5 +++-- 12 1 file changed, 3 insertions(+), 2 deletions(-) 13 14diff --git a/xpath.c b/xpath.c 15index 212a4e0..c1d119b 100644 16--- a/xpath.c 17+++ b/xpath.c 18@@ -7375,14 +7375,14 @@ xmlXPathCompareValues(xmlXPathParserContextPtr ctxt, int inf, int strict) { 19 valuePush(ctxt, arg1); 20 xmlXPathNumberFunction(ctxt, 1); 21 arg1 = valuePop(ctxt); 22- CHECK_ERROR0; 23 } 24 if (arg2->type != XPATH_NUMBER) { 25 valuePush(ctxt, arg2); 26 xmlXPathNumberFunction(ctxt, 1); 27 arg2 = valuePop(ctxt); 28- CHECK_ERROR0; 29 } 30+ if (ctxt->error) 31+ goto error; 32 /* 33 * Add tests for infinity and nan 34 * => feedback on 3.4 for Inf and NaN 35@@ -7432,6 +7432,7 @@ xmlXPathCompareValues(xmlXPathParserContextPtr ctxt, int inf, int strict) { 36 } 37 } 38 } 39+error: 40 xmlXPathReleaseObject(ctxt->context, arg1); 41 xmlXPathReleaseObject(ctxt->context, arg2); 42 return(ret); 43-- 442.27.0 45 46