From 93a1d2238087c3acc650ba741067f34fb94905fc Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 16 Apr 2019 13:37:47 +0200
Subject: [PATCH 21/37] Fix memory leaks in xmlXPathParseNameComplex error
 paths

Found by OSS-Fuzz.
---
 xpath.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/xpath.c b/xpath.c
index a3a2aa6..1c567d7 100644
--- a/xpath.c
+++ b/xpath.c
@@ -10004,15 +10004,19 @@ xmlXPathParseNameComplex(xmlXPathParserContextPtr ctxt, int qualified) {
 		   (IS_COMBINING(c)) ||
 		   (IS_EXTENDER(c))) {
 		if (len + 10 > max) {
+                    xmlChar *tmp;
                     if (max > XML_MAX_NAME_LENGTH) {
+                        xmlFree(buffer);
                         XP_ERRORNULL(XPATH_EXPR_ERROR);
                     }
 		    max *= 2;
-		    buffer = (xmlChar *) xmlRealloc(buffer,
-			                            max * sizeof(xmlChar));
-		    if (buffer == NULL) {
+		    tmp = (xmlChar *) xmlRealloc(buffer,
+			                         max * sizeof(xmlChar));
+		    if (tmp == NULL) {
+                        xmlFree(buffer);
 			XP_ERRORNULL(XPATH_MEMORY_ERROR);
 		    }
+                    buffer = tmp;
 		}
 		COPY_BUF(l,buffer,len,c);
 		NEXTL(l);
-- 
1.8.3.1