50 lines
1.2 KiB
Diff
50 lines
1.2 KiB
Diff
From 346febc6abbd63d1fa6a532c7429d2c11b5c269b Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Thu, 25 Apr 2019 11:34:08 +0200
|
|
Subject: [PATCH 26/37] Fix call stack overflow in xmlFreePattern
|
|
|
|
Since xmlFreePattern tried to free the next pattern recursively, its
|
|
behavior is identical to xmlFreePatternList. Make it call
|
|
xmlFreePatternList to avoid call stack overflows.
|
|
|
|
Found by OSS-Fuzz.
|
|
---
|
|
pattern.c | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/pattern.c b/pattern.c
|
|
index 0eb8d81..fdf5c79 100644
|
|
--- a/pattern.c
|
|
+++ b/pattern.c
|
|
@@ -229,13 +229,16 @@ xmlNewPattern(void) {
|
|
*/
|
|
void
|
|
xmlFreePattern(xmlPatternPtr comp) {
|
|
+ xmlFreePatternList(comp);
|
|
+}
|
|
+
|
|
+static void
|
|
+xmlFreePatternInternal(xmlPatternPtr comp) {
|
|
xmlStepOpPtr op;
|
|
int i;
|
|
|
|
if (comp == NULL)
|
|
return;
|
|
- if (comp->next != NULL)
|
|
- xmlFreePattern(comp->next);
|
|
if (comp->stream != NULL)
|
|
xmlFreeStreamComp(comp->stream);
|
|
if (comp->pattern != NULL)
|
|
@@ -273,7 +276,7 @@ xmlFreePatternList(xmlPatternPtr comp) {
|
|
cur = comp;
|
|
comp = comp->next;
|
|
cur->next = NULL;
|
|
- xmlFreePattern(cur);
|
|
+ xmlFreePatternInternal(cur);
|
|
}
|
|
}
|
|
|
|
--
|
|
1.8.3.1
|
|
|