153aa9179Sopenharmony_ciFrom dc2dde1ab92e50766df654fa9445456adb007605 Mon Sep 17 00:00:00 2001 253aa9179Sopenharmony_ciFrom: Nick Wellnhofer <wellnhofer@aevum.de> 353aa9179Sopenharmony_ciDate: Sat, 4 Feb 2023 15:00:54 +0100 453aa9179Sopenharmony_ciSubject: [PATCH] malloc-fail: Fix null deref in xmlXIncludeLoadTxt 553aa9179Sopenharmony_ci 653aa9179Sopenharmony_ciFound with libFuzzer, see #344. 753aa9179Sopenharmony_ci 853aa9179Sopenharmony_ciReference:https://github.com/GNOME/libxml2/commit/dc2dde1ab92e50766df654fa9445456adb007605 953aa9179Sopenharmony_ciConflict:xinclude.c 1053aa9179Sopenharmony_ci--- 1153aa9179Sopenharmony_ci xinclude.c | 6 ++++++ 1253aa9179Sopenharmony_ci 1 file changed, 6 insertions(+) 1353aa9179Sopenharmony_ci 1453aa9179Sopenharmony_cidiff --git a/xinclude.c b/xinclude.c 1553aa9179Sopenharmony_ciindex e5e3b16..60a0d7b 100644 1653aa9179Sopenharmony_ci--- a/xinclude.c 1753aa9179Sopenharmony_ci+++ b/xinclude.c 1853aa9179Sopenharmony_ci@@ -1891,6 +1891,12 @@ xmlXIncludeLoadTxt(xmlXIncludeCtxtPtr ctxt, const xmlChar *url, int nr) { 1953aa9179Sopenharmony_ci xmlCharEncCloseFunc(buf->encoder); 2053aa9179Sopenharmony_ci buf->encoder = xmlGetCharEncodingHandler(enc); 2153aa9179Sopenharmony_ci node = xmlNewText(NULL); 2253aa9179Sopenharmony_ci+ if (node == NULL) { 2353aa9179Sopenharmony_ci+ xmlFreeInputStream(inputStream); 2453aa9179Sopenharmony_ci+ xmlFreeParserCtxt(pctxt); 2553aa9179Sopenharmony_ci+ xmlFree(URL); 2653aa9179Sopenharmony_ci+ return(-1); 2753aa9179Sopenharmony_ci+ } 2853aa9179Sopenharmony_ci 2953aa9179Sopenharmony_ci /* 3053aa9179Sopenharmony_ci * Scan all chars from the resource and add the to the node 3153aa9179Sopenharmony_ci-- 3253aa9179Sopenharmony_ci2.27.0 3353aa9179Sopenharmony_ci 34