42 lines
1.2 KiB
Diff
42 lines
1.2 KiB
Diff
From 93a1d2238087c3acc650ba741067f34fb94905fc Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Tue, 16 Apr 2019 13:37:47 +0200
|
|
Subject: [PATCH 21/37] Fix memory leaks in xmlXPathParseNameComplex error
|
|
paths
|
|
|
|
Found by OSS-Fuzz.
|
|
---
|
|
xpath.c | 10 +++++++---
|
|
1 file changed, 7 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/xpath.c b/xpath.c
|
|
index a3a2aa6..1c567d7 100644
|
|
--- a/xpath.c
|
|
+++ b/xpath.c
|
|
@@ -10004,15 +10004,19 @@ xmlXPathParseNameComplex(xmlXPathParserContextPtr ctxt, int qualified) {
|
|
(IS_COMBINING(c)) ||
|
|
(IS_EXTENDER(c))) {
|
|
if (len + 10 > max) {
|
|
+ xmlChar *tmp;
|
|
if (max > XML_MAX_NAME_LENGTH) {
|
|
+ xmlFree(buffer);
|
|
XP_ERRORNULL(XPATH_EXPR_ERROR);
|
|
}
|
|
max *= 2;
|
|
- buffer = (xmlChar *) xmlRealloc(buffer,
|
|
- max * sizeof(xmlChar));
|
|
- if (buffer == NULL) {
|
|
+ tmp = (xmlChar *) xmlRealloc(buffer,
|
|
+ max * sizeof(xmlChar));
|
|
+ if (tmp == NULL) {
|
|
+ xmlFree(buffer);
|
|
XP_ERRORNULL(XPATH_MEMORY_ERROR);
|
|
}
|
|
+ buffer = tmp;
|
|
}
|
|
COPY_BUF(l,buffer,len,c);
|
|
NEXTL(l);
|
|
--
|
|
1.8.3.1
|
|
|