153aa9179Sopenharmony_ciFrom bd9de3a31f66bbf38b2e90cc9efb1374cc1314da Mon Sep 17 00:00:00 2001 253aa9179Sopenharmony_ciFrom: Nick Wellnhofer <wellnhofer@aevum.de> 353aa9179Sopenharmony_ciDate: Sun, 22 Jan 2023 16:52:39 +0100 453aa9179Sopenharmony_ciSubject: [PATCH] malloc-fail: Fix null deref in xmlAddDefAttrs 553aa9179Sopenharmony_ci 653aa9179Sopenharmony_ciFound with libFuzzer, see #344. 753aa9179Sopenharmony_ci 853aa9179Sopenharmony_ciReference:https://github.com/GNOME/libxml2/commit/bd9de3a31f66bbf38b2e90cc9efb1374cc1314da 953aa9179Sopenharmony_ciConflict:NA 1053aa9179Sopenharmony_ci--- 1153aa9179Sopenharmony_ci parser.c | 2 ++ 1253aa9179Sopenharmony_ci 1 file changed, 2 insertions(+) 1353aa9179Sopenharmony_ci 1453aa9179Sopenharmony_cidiff --git a/parser.c b/parser.c 1553aa9179Sopenharmony_ciindex fafae15..3c06439 100644 1653aa9179Sopenharmony_ci--- a/parser.c 1753aa9179Sopenharmony_ci+++ b/parser.c 1853aa9179Sopenharmony_ci@@ -1334,6 +1334,8 @@ xmlAddDefAttrs(xmlParserCtxtPtr ctxt, 1953aa9179Sopenharmony_ci /* intern the string and precompute the end */ 2053aa9179Sopenharmony_ci len = xmlStrlen(value); 2153aa9179Sopenharmony_ci value = xmlDictLookup(ctxt->dict, value, len); 2253aa9179Sopenharmony_ci+ if (value == NULL) 2353aa9179Sopenharmony_ci+ goto mem_error; 2453aa9179Sopenharmony_ci defaults->values[5 * defaults->nbAttrs + 2] = value; 2553aa9179Sopenharmony_ci defaults->values[5 * defaults->nbAttrs + 3] = value + len; 2653aa9179Sopenharmony_ci if (ctxt->external) 2753aa9179Sopenharmony_ci-- 2853aa9179Sopenharmony_ci2.27.0 2953aa9179Sopenharmony_ci 30