1From 62f199ed7d1c99999030810495bd12fd5b86fee1 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Fri, 17 Mar 2023 12:40:46 +0100 4Subject: [PATCH] malloc-fail: Add error check in htmlParseHTMLAttribute 5 6This function must return NULL is an error occurs. 7 8Found by OSS-Fuzz, see #344. 9 10Reference:https://github.com/GNOME/libxml2/commit/62f199ed7d1c99999030810495bd12fd5b86fee1 11Conflict:NA 12 13--- 14 HTMLparser.c | 4 ++++ 15 1 file changed, 4 insertions(+) 16 17diff --git a/HTMLparser.c b/HTMLparser.c 18index 3682807..42d1b29 100644 19--- a/HTMLparser.c 20+++ b/HTMLparser.c 21@@ -2846,6 +2846,10 @@ htmlParseHTMLAttribute(htmlParserCtxtPtr ctxt, const xmlChar stop) { 22 out = &buffer[indx]; 23 } 24 c = CUR_CHAR(l); 25+ if (ctxt->instate == XML_PARSER_EOF) { 26+ xmlFree(buffer); 27+ return(NULL); 28+ } 29 if (c < 0x80) 30 { *out++ = c; bits= -6; } 31 else if (c < 0x800) 32-- 332.27.0 34 35