1From bc9f372c1001ff64353400edf489fb0ce4ab17fc Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Sun, 26 Feb 2023 18:00:30 +0100 4Subject: [PATCH] malloc-fail: Fix memory leak in xmlXPathDistinctSorted 5 6Found with libFuzzer, see #344. 7 8Reference:https://github.com/GNOME/libxml2/commit/bc9f372c1001ff64353400edf489fb0ce4ab17fc 9Conflict:NA 10--- 11 xpath.c | 13 ++++++++++--- 12 1 file changed, 10 insertions(+), 3 deletions(-) 13 14diff --git a/xpath.c b/xpath.c 15index 1f358e3..b6a3983 100644 16--- a/xpath.c 17+++ b/xpath.c 18@@ -4540,16 +4540,23 @@ xmlXPathDistinctSorted (xmlNodeSetPtr nodes) { 19 cur = xmlXPathNodeSetItem(nodes, i); 20 strval = xmlXPathCastNodeToString(cur); 21 if (xmlHashLookup(hash, strval) == NULL) { 22- xmlHashAddEntry(hash, strval, strval); 23- /* TODO: Propagate memory error. */ 24+ if (xmlHashAddEntry(hash, strval, strval) < 0) { 25+ xmlFree(strval); 26+ goto error; 27+ } 28 if (xmlXPathNodeSetAddUnique(ret, cur) < 0) 29- break; 30+ goto error; 31 } else { 32 xmlFree(strval); 33 } 34 } 35 xmlHashFree(hash, xmlHashDefaultDeallocator); 36 return(ret); 37+ 38+error: 39+ xmlHashFree(hash, xmlHashDefaultDeallocator); 40+ xmlXPathFreeNodeSet(ret); 41+ return(NULL); 42 } 43 44 /** 45-- 462.27.0 47 48