1From 4499143a8737148b9be4e3c05e71bc60c5b52e4f Mon Sep 17 00:00:00 2001
2From: Nick Wellnhofer <wellnhofer@aevum.de>
3Date: Sun, 26 Feb 2023 15:43:50 +0100
4Subject: [PATCH] malloc-fail: Check for malloc failure in xmlHashAddEntry
5
6Found with libFuzzer, see #344.
7
8Reference:https://github.com/GNOME/libxml2/commit/4499143a8737148b9be4e3c05e71bc60c5b52e4f
9Conflict:NA
10---
11 hash.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----
12 1 file changed, 50 insertions(+), 4 deletions(-)
13
14diff --git a/hash.c b/hash.c
15index 7b82d2f..00250ba 100644
16--- a/hash.c
17+++ b/hash.c
18@@ -614,8 +614,24 @@ xmlHashAddEntry3(xmlHashTablePtr table, const xmlChar *name,
19         entry->name3 = (xmlChar *) name3;
20     } else {
21 	entry->name = xmlStrdup(name);
22-	entry->name2 = xmlStrdup(name2);
23-	entry->name3 = xmlStrdup(name3);
24+        if (entry->name == NULL) {
25+            entry->name2 = NULL;
26+            goto error;
27+        }
28+        if (name2 == NULL) {
29+            entry->name2 = NULL;
30+        } else {
31+	    entry->name2 = xmlStrdup(name2);
32+            if (entry->name2 == NULL)
33+                goto error;
34+        }
35+        if (name3 == NULL) {
36+            entry->name3 = NULL;
37+        } else {
38+	    entry->name3 = xmlStrdup(name3);
39+            if (entry->name3 == NULL)
40+                goto error;
41+        }
42     }
43     entry->payload = userdata;
44     entry->next = NULL;
45@@ -631,6 +647,13 @@ xmlHashAddEntry3(xmlHashTablePtr table, const xmlChar *name,
46 	xmlHashGrow(table, MAX_HASH_LEN * table->size);
47 
48     return(0);
49+
50+error:
51+    xmlFree(entry->name2);
52+    xmlFree(entry->name);
53+    if (insert != NULL)
54+        xmlFree(entry);
55+    return(-1);
56 }
57 
58 /**
59@@ -744,8 +767,24 @@ xmlHashUpdateEntry3(xmlHashTablePtr table, const xmlChar *name,
60         entry->name3 = (xmlChar *) name3;
61     } else {
62 	entry->name = xmlStrdup(name);
63-	entry->name2 = xmlStrdup(name2);
64-	entry->name3 = xmlStrdup(name3);
65+        if (entry->name == NULL) {
66+            entry->name2 = NULL;
67+            goto error;
68+        }
69+        if (name2 == NULL) {
70+            entry->name2 = NULL;
71+        } else {
72+	    entry->name2 = xmlStrdup(name2);
73+            if (entry->name2 == NULL)
74+                goto error;
75+        }
76+        if (name3 == NULL) {
77+            entry->name3 = NULL;
78+        } else {
79+	    entry->name3 = xmlStrdup(name3);
80+            if (entry->name3 == NULL)
81+                goto error;
82+        }
83     }
84     entry->payload = userdata;
85     entry->next = NULL;
86@@ -757,6 +796,13 @@ xmlHashUpdateEntry3(xmlHashTablePtr table, const xmlChar *name,
87 	insert->next = entry;
88     }
89     return(0);
90+
91+error:
92+    xmlFree(entry->name2);
93+    xmlFree(entry->name);
94+    if (insert != NULL)
95+        xmlFree(entry);
96+    return(-1);
97 }
98 
99 /**
100-- 
1012.27.0
102
103