1From dc2dde1ab92e50766df654fa9445456adb007605 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Sat, 4 Feb 2023 15:00:54 +0100 4Subject: [PATCH] malloc-fail: Fix null deref in xmlXIncludeLoadTxt 5 6Found with libFuzzer, see #344. 7 8Reference:https://github.com/GNOME/libxml2/commit/dc2dde1ab92e50766df654fa9445456adb007605 9Conflict:xinclude.c 10--- 11 xinclude.c | 6 ++++++ 12 1 file changed, 6 insertions(+) 13 14diff --git a/xinclude.c b/xinclude.c 15index e5e3b16..60a0d7b 100644 16--- a/xinclude.c 17+++ b/xinclude.c 18@@ -1891,6 +1891,12 @@ xmlXIncludeLoadTxt(xmlXIncludeCtxtPtr ctxt, const xmlChar *url, int nr) { 19 xmlCharEncCloseFunc(buf->encoder); 20 buf->encoder = xmlGetCharEncodingHandler(enc); 21 node = xmlNewText(NULL); 22+ if (node == NULL) { 23+ xmlFreeInputStream(inputStream); 24+ xmlFreeParserCtxt(pctxt); 25+ xmlFree(URL); 26+ return(-1); 27+ } 28 29 /* 30 * Scan all chars from the resource and add the to the node 31-- 322.27.0 33 34