From 3776cb4745cecd8f477b45857c9033a908f25cf3 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 22 Nov 2018 15:27:28 +0100
Subject: [PATCH 35/62] Fix memory leak in xmlSwitchInputEncodingInt error path

Found by OSS-Fuzz.
---
 parserInternals.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/parserInternals.c b/parserInternals.c
index 09876ab..0f015de 100644
--- a/parserInternals.c
+++ b/parserInternals.c
@@ -1240,8 +1240,18 @@ xmlSwitchInputEncodingInt(xmlParserCtxtPtr ctxt, xmlParserInputPtr input,
 	 * size to be able to convert the buffer.
 	 */
 	xmlErrInternal(ctxt, "switching encoding : no input\n", NULL);
+        /*
+         * Callers assume that the input buffer takes ownership of the
+         * encoding handler. xmlCharEncCloseFunc frees unregistered
+         * handlers and avoids a memory leak.
+         */
+        xmlCharEncCloseFunc(handler);
 	return (-1);
     }
+    /*
+     * We should actually raise an error here, see issue #34.
+     */
+    xmlCharEncCloseFunc(handler);
     return (0);
 }
 
-- 
1.8.3.1