1From 6f9604f0e3e52e96881ab3b662f35fbe04cd49ac Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Sun, 26 Feb 2023 16:09:50 +0100 4Subject: [PATCH] malloc-fail: Fix memory leak in xmlXPathCacheNewNodeSet 5 6Found with libFuzzer, see #344. 7 8Reference:https://github.com/GNOME/libxml2/commit/6f9604f0e3e52e96881ab3b662f35fbe04cd49ac 9Conflict:NA 10--- 11 xpath.c | 15 +++++++++------ 12 1 file changed, 9 insertions(+), 6 deletions(-) 13 14diff --git a/xpath.c b/xpath.c 15index 84b139d..1f358e3 100644 16--- a/xpath.c 17+++ b/xpath.c 18@@ -2448,21 +2448,24 @@ xmlXPathCacheNewNodeSet(xmlXPathContextPtr ctxt, xmlNodePtr val) 19 (cache->miscObjs->number != 0)) 20 { 21 xmlXPathObjectPtr ret; 22+ xmlNodeSetPtr set; 23 /* 24 * Fallback to misc-cache. 25 */ 26 27+ set = xmlXPathNodeSetCreate(val); 28+ if (set == NULL) { 29+ ctxt->lastError.domain = XML_FROM_XPATH; 30+ ctxt->lastError.code = XML_ERR_NO_MEMORY; 31+ return(NULL); 32+ } 33+ 34 ret = (xmlXPathObjectPtr) 35 cache->miscObjs->items[--cache->miscObjs->number]; 36 37 ret->type = XPATH_NODESET; 38 ret->boolval = 0; 39- ret->nodesetval = xmlXPathNodeSetCreate(val); 40- if (ret->nodesetval == NULL) { 41- ctxt->lastError.domain = XML_FROM_XPATH; 42- ctxt->lastError.code = XML_ERR_NO_MEMORY; 43- return(NULL); 44- } 45+ ret->nodesetval = set; 46 #ifdef XP_DEBUG_OBJ_USAGE 47 xmlXPathDebugObjUsageRequested(ctxt, XPATH_NODESET); 48 #endif 49-- 502.27.0 51 52