1From ba290a86639a6a9fc8af81936ad2d3a4d22d502f Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Sun, 5 Mar 2023 14:08:57 +0100 4Subject: [PATCH] malloc-fail: Fix memory leak in xmlSchemaItemListAddSize 5 6Found with libFuzzer, see #344. 7 8Reference:https://github.com/GNOME/libxml2/commit/ba290a86639a6a9fc8af81936ad2d3a4d22d502f 9Conflict:NA 10--- 11 xmlschemas.c | 9 ++++++--- 12 1 file changed, 6 insertions(+), 3 deletions(-) 13 14diff --git a/xmlschemas.c b/xmlschemas.c 15index 4a767ac..9be7999 100644 16--- a/xmlschemas.c 17+++ b/xmlschemas.c 18@@ -3445,14 +3445,17 @@ xmlSchemaItemListAddSize(xmlSchemaItemListPtr list, 19 } 20 list->sizeItems = initialSize; 21 } else if (list->sizeItems <= list->nbItems) { 22+ void **tmp; 23+ 24 list->sizeItems *= 2; 25- list->items = (void **) xmlRealloc(list->items, 26+ tmp = (void **) xmlRealloc(list->items, 27 list->sizeItems * sizeof(void *)); 28- if (list->items == NULL) { 29+ if (tmp == NULL) { 30 xmlSchemaPErrMemory(NULL, "growing item list", NULL); 31- list->sizeItems = 0; 32+ list->sizeItems /= 2; 33 return(-1); 34 } 35+ list->items = tmp; 36 } 37 list->items[list->nbItems++] = item; 38 return(0); 39-- 402.27.0 41 42