1From 3dc645227ed1ac463c9d333c6eb92d1b6bb26ae9 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Wed, 15 Feb 2023 14:30:40 +0100 4Subject: [PATCH] malloc-fail: Fix memory leak in xmlXPathEqualValuesCommon 5 6Found with libFuzzer, see #344. 7 8Reference:https://github.com/GNOME/libxml2/commit/3dc645227ed1ac463c9d333c6eb92d1b6bb26ae9 9Conflict:NA 10--- 11 xpath.c | 6 ++++-- 12 1 file changed, 4 insertions(+), 2 deletions(-) 13 14diff --git a/xpath.c b/xpath.c 15index cf74030..ef9f517 100644 16--- a/xpath.c 17+++ b/xpath.c 18@@ -7028,7 +7028,8 @@ xmlXPathEqualValuesCommon(xmlXPathParserContextPtr ctxt, 19 valuePush(ctxt, arg2); 20 xmlXPathNumberFunction(ctxt, 1); 21 arg2 = valuePop(ctxt); 22- CHECK_ERROR0; 23+ if (ctxt->error) 24+ break; 25 /* Falls through. */ 26 case XPATH_NUMBER: 27 /* Hand check NaN and Infinity equalities */ 28@@ -7092,7 +7093,8 @@ xmlXPathEqualValuesCommon(xmlXPathParserContextPtr ctxt, 29 valuePush(ctxt, arg1); 30 xmlXPathNumberFunction(ctxt, 1); 31 arg1 = valuePop(ctxt); 32- CHECK_ERROR0; 33+ if (ctxt->error) 34+ break; 35 /* Hand check NaN and Infinity equalities */ 36 if (xmlXPathIsNaN(arg1->floatval) || 37 xmlXPathIsNaN(arg2->floatval)) { 38-- 392.27.0 40 41 42