From b697d7bb5953faa2e699aafcca4058f4caffe734 Mon Sep 17 00:00:00 2001
From: Greg Hildstrom <ghildstrom@forcepoint.com>
Date: Tue, 4 Sep 2018 16:48:15 +0200
Subject: [PATCH 22/62] Fix xmlSchemaValidCtxtPtr reuse memory leak

When reusing an xmlSchemaValidCtxtPtr to validate multiple xml documents
against the same schema, there is a memory leak in xmlschemas.c in
xmlSchemaClearValidCtxt(). The vctxt->idcKeys and associated counters
are not cleaned up in xmlSchemaClearValidCtxt() as they are in
xmlSchemaFreeValidCtxt(). As a result, vctxt->idcKeys grows with each
xmlValidateDoc() call that uses the same context and that memory is
never freed. Similarly, vctxt->nbIdcKeys and vctxt->sizeIdcKeys
increment and are never reset.

Closes: #23
---
 xmlschemas.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/xmlschemas.c b/xmlschemas.c
index 405f72a..019988a 100644
--- a/xmlschemas.c
+++ b/xmlschemas.c
@@ -27653,6 +27653,17 @@ xmlSchemaClearValidCtxt(xmlSchemaValidCtxtPtr vctxt)
 	vctxt->nbIdcNodes = 0;
 	vctxt->sizeIdcNodes = 0;
     }
+
+    if (vctxt->idcKeys != NULL) {
+	int i;
+	for (i = 0; i < vctxt->nbIdcKeys; i++)
+	    xmlSchemaIDCFreeKey(vctxt->idcKeys[i]);
+	xmlFree(vctxt->idcKeys);
+	vctxt->idcKeys = NULL;
+	vctxt->nbIdcKeys = 0;
+	vctxt->sizeIdcKeys = 0;
+    }
+
     /*
     * Note that we won't delete the XPath state pool here.
     */
-- 
1.8.3.1