1From 1aabc9db40dc5ec1f8f22c09e74c63dda53f7ed6 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Sun, 22 Jan 2023 13:20:15 +0100 4Subject: [PATCH] malloc-fail: Fix null deref in xmlBufResize 5 6Found with libFuzzer, see #344. 7 8Reference:https://github.com/GNOME/libxml2/commit/1aabc9db40dc5ec1f8f22c09e74c63dda53f7ed6 9Conflict:NA 10--- 11 buf.c | 3 ++- 12 1 file changed, 2 insertions(+), 1 deletion(-) 13 14diff --git a/buf.c b/buf.c 15index e851364..69370b7 100644 16--- a/buf.c 17+++ b/buf.c 18@@ -821,7 +821,8 @@ xmlBufResize(xmlBufPtr buf, size_t size) 19 if (buf->content == NULL) { 20 rebuf = (xmlChar *) xmlMallocAtomic(newSize); 21 buf->use = 0; 22- rebuf[buf->use] = 0; 23+ if (rebuf != NULL) 24+ rebuf[buf->use] = 0; 25 } else if (buf->size - buf->use < 100) { 26 rebuf = (xmlChar *) xmlRealloc(buf->content, newSize); 27 } else { 28-- 292.27.0 30 31