third_party/libxml2/backport-malloc-fail-Fix-memory-leak-in-xmlNewPropInternal.patch

53aa9179Sopenharmony_ciFrom dee436cd010d7144730526914193bd9fe6c74821 Mon Sep 17 00:00:00 2001
53aa9179Sopenharmony_ciFrom: Nick Wellnhofer <wellnhofer@aevum.de>
53aa9179Sopenharmony_ciDate: Wed, 2 Nov 2022 15:53:52 +0100
53aa9179Sopenharmony_ciSubject: [PATCH 06/28] malloc-fail: Fix memory leak in xmlNewPropInternal
53aa9179Sopenharmony_ci
53aa9179Sopenharmony_ciAlso fixes a memory leak if called with a non-element node.
53aa9179Sopenharmony_ci
53aa9179Sopenharmony_ciFound with libFuzzer, see #344.
53aa9179Sopenharmony_ci
53aa9179Sopenharmony_ciReference: https://github.com/GNOME/libxml2/commit/fa361de0b759f045c5f6f7f9c09a133abcc074c9
53aa9179Sopenharmony_ciConflict: NA
53aa9179Sopenharmony_ci---
53aa9179Sopenharmony_ci tree.c | 3 ++-
53aa9179Sopenharmony_ci 1 file changed, 2 insertions(+), 1 deletion(-)
53aa9179Sopenharmony_ci
53aa9179Sopenharmony_cidiff --git a/tree.c b/tree.c
53aa9179Sopenharmony_ciindex b32561d..6a8c2ea 100644
53aa9179Sopenharmony_ci--- a/tree.c
53aa9179Sopenharmony_ci+++ b/tree.c
53aa9179Sopenharmony_ci@@ -1866,7 +1866,7 @@ xmlNewPropInternal(xmlNodePtr node, xmlNsPtr ns,
53aa9179Sopenharmony_ci
53aa9179Sopenharmony_ci     if ((node != NULL) && (node->type != XML_ELEMENT_NODE)) {
53aa9179Sopenharmony_ci         if ((eatname == 1) &&
53aa9179Sopenharmony_ci-	    ((node->doc == NULL) ||
53aa9179Sopenharmony_ci+	    ((node->doc == NULL) || (node->doc->dict == NULL) ||
53aa9179Sopenharmony_ci 	     (!(xmlDictOwns(node->doc->dict, name)))))
53aa9179Sopenharmony_ci             xmlFree((xmlChar *) name);
53aa9179Sopenharmony_ci         return (NULL);
53aa9179Sopenharmony_ci@@ -1879,6 +1879,7 @@ xmlNewPropInternal(xmlNodePtr node, xmlNsPtr ns,
53aa9179Sopenharmony_ci     if (cur == NULL) {
53aa9179Sopenharmony_ci         if ((eatname == 1) &&
53aa9179Sopenharmony_ci 	    ((node == NULL) || (node->doc == NULL) ||
53aa9179Sopenharmony_ci+             (node->doc->dict == NULL) ||
53aa9179Sopenharmony_ci 	     (!(xmlDictOwns(node->doc->dict, name)))))
53aa9179Sopenharmony_ci             xmlFree((xmlChar *) name);
53aa9179Sopenharmony_ci         xmlTreeErrMemory("building attribute");
53aa9179Sopenharmony_ci--
53aa9179Sopenharmony_ci2.27.0
53aa9179Sopenharmony_ci