153aa9179Sopenharmony_ciFrom 4499143a8737148b9be4e3c05e71bc60c5b52e4f Mon Sep 17 00:00:00 2001
253aa9179Sopenharmony_ciFrom: Nick Wellnhofer <wellnhofer@aevum.de>
353aa9179Sopenharmony_ciDate: Sun, 26 Feb 2023 15:43:50 +0100
453aa9179Sopenharmony_ciSubject: [PATCH] malloc-fail: Check for malloc failure in xmlHashAddEntry
553aa9179Sopenharmony_ci
653aa9179Sopenharmony_ciFound with libFuzzer, see #344.
753aa9179Sopenharmony_ci
853aa9179Sopenharmony_ciReference:https://github.com/GNOME/libxml2/commit/4499143a8737148b9be4e3c05e71bc60c5b52e4f
953aa9179Sopenharmony_ciConflict:NA
1053aa9179Sopenharmony_ci---
1153aa9179Sopenharmony_ci hash.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----
1253aa9179Sopenharmony_ci 1 file changed, 50 insertions(+), 4 deletions(-)
1353aa9179Sopenharmony_ci
1453aa9179Sopenharmony_cidiff --git a/hash.c b/hash.c
1553aa9179Sopenharmony_ciindex 7b82d2f..00250ba 100644
1653aa9179Sopenharmony_ci--- a/hash.c
1753aa9179Sopenharmony_ci+++ b/hash.c
1853aa9179Sopenharmony_ci@@ -614,8 +614,24 @@ xmlHashAddEntry3(xmlHashTablePtr table, const xmlChar *name,
1953aa9179Sopenharmony_ci         entry->name3 = (xmlChar *) name3;
2053aa9179Sopenharmony_ci     } else {
2153aa9179Sopenharmony_ci 	entry->name = xmlStrdup(name);
2253aa9179Sopenharmony_ci-	entry->name2 = xmlStrdup(name2);
2353aa9179Sopenharmony_ci-	entry->name3 = xmlStrdup(name3);
2453aa9179Sopenharmony_ci+        if (entry->name == NULL) {
2553aa9179Sopenharmony_ci+            entry->name2 = NULL;
2653aa9179Sopenharmony_ci+            goto error;
2753aa9179Sopenharmony_ci+        }
2853aa9179Sopenharmony_ci+        if (name2 == NULL) {
2953aa9179Sopenharmony_ci+            entry->name2 = NULL;
3053aa9179Sopenharmony_ci+        } else {
3153aa9179Sopenharmony_ci+	    entry->name2 = xmlStrdup(name2);
3253aa9179Sopenharmony_ci+            if (entry->name2 == NULL)
3353aa9179Sopenharmony_ci+                goto error;
3453aa9179Sopenharmony_ci+        }
3553aa9179Sopenharmony_ci+        if (name3 == NULL) {
3653aa9179Sopenharmony_ci+            entry->name3 = NULL;
3753aa9179Sopenharmony_ci+        } else {
3853aa9179Sopenharmony_ci+	    entry->name3 = xmlStrdup(name3);
3953aa9179Sopenharmony_ci+            if (entry->name3 == NULL)
4053aa9179Sopenharmony_ci+                goto error;
4153aa9179Sopenharmony_ci+        }
4253aa9179Sopenharmony_ci     }
4353aa9179Sopenharmony_ci     entry->payload = userdata;
4453aa9179Sopenharmony_ci     entry->next = NULL;
4553aa9179Sopenharmony_ci@@ -631,6 +647,13 @@ xmlHashAddEntry3(xmlHashTablePtr table, const xmlChar *name,
4653aa9179Sopenharmony_ci 	xmlHashGrow(table, MAX_HASH_LEN * table->size);
4753aa9179Sopenharmony_ci 
4853aa9179Sopenharmony_ci     return(0);
4953aa9179Sopenharmony_ci+
5053aa9179Sopenharmony_ci+error:
5153aa9179Sopenharmony_ci+    xmlFree(entry->name2);
5253aa9179Sopenharmony_ci+    xmlFree(entry->name);
5353aa9179Sopenharmony_ci+    if (insert != NULL)
5453aa9179Sopenharmony_ci+        xmlFree(entry);
5553aa9179Sopenharmony_ci+    return(-1);
5653aa9179Sopenharmony_ci }
5753aa9179Sopenharmony_ci 
5853aa9179Sopenharmony_ci /**
5953aa9179Sopenharmony_ci@@ -744,8 +767,24 @@ xmlHashUpdateEntry3(xmlHashTablePtr table, const xmlChar *name,
6053aa9179Sopenharmony_ci         entry->name3 = (xmlChar *) name3;
6153aa9179Sopenharmony_ci     } else {
6253aa9179Sopenharmony_ci 	entry->name = xmlStrdup(name);
6353aa9179Sopenharmony_ci-	entry->name2 = xmlStrdup(name2);
6453aa9179Sopenharmony_ci-	entry->name3 = xmlStrdup(name3);
6553aa9179Sopenharmony_ci+        if (entry->name == NULL) {
6653aa9179Sopenharmony_ci+            entry->name2 = NULL;
6753aa9179Sopenharmony_ci+            goto error;
6853aa9179Sopenharmony_ci+        }
6953aa9179Sopenharmony_ci+        if (name2 == NULL) {
7053aa9179Sopenharmony_ci+            entry->name2 = NULL;
7153aa9179Sopenharmony_ci+        } else {
7253aa9179Sopenharmony_ci+	    entry->name2 = xmlStrdup(name2);
7353aa9179Sopenharmony_ci+            if (entry->name2 == NULL)
7453aa9179Sopenharmony_ci+                goto error;
7553aa9179Sopenharmony_ci+        }
7653aa9179Sopenharmony_ci+        if (name3 == NULL) {
7753aa9179Sopenharmony_ci+            entry->name3 = NULL;
7853aa9179Sopenharmony_ci+        } else {
7953aa9179Sopenharmony_ci+	    entry->name3 = xmlStrdup(name3);
8053aa9179Sopenharmony_ci+            if (entry->name3 == NULL)
8153aa9179Sopenharmony_ci+                goto error;
8253aa9179Sopenharmony_ci+        }
8353aa9179Sopenharmony_ci     }
8453aa9179Sopenharmony_ci     entry->payload = userdata;
8553aa9179Sopenharmony_ci     entry->next = NULL;
8653aa9179Sopenharmony_ci@@ -757,6 +796,13 @@ xmlHashUpdateEntry3(xmlHashTablePtr table, const xmlChar *name,
8753aa9179Sopenharmony_ci 	insert->next = entry;
8853aa9179Sopenharmony_ci     }
8953aa9179Sopenharmony_ci     return(0);
9053aa9179Sopenharmony_ci+
9153aa9179Sopenharmony_ci+error:
9253aa9179Sopenharmony_ci+    xmlFree(entry->name2);
9353aa9179Sopenharmony_ci+    xmlFree(entry->name);
9453aa9179Sopenharmony_ci+    if (insert != NULL)
9553aa9179Sopenharmony_ci+        xmlFree(entry);
9653aa9179Sopenharmony_ci+    return(-1);
9753aa9179Sopenharmony_ci }
9853aa9179Sopenharmony_ci 
9953aa9179Sopenharmony_ci /**
10053aa9179Sopenharmony_ci-- 
10153aa9179Sopenharmony_ci2.27.0
10253aa9179Sopenharmony_ci
103