153aa9179Sopenharmony_ciFrom a800b7e058b09031aba92949eecf2c76fa030635 Mon Sep 17 00:00:00 2001 253aa9179Sopenharmony_ciFrom: Nick Wellnhofer <wellnhofer@aevum.de> 353aa9179Sopenharmony_ciDate: Thu, 4 May 2023 12:47:00 +0200 453aa9179Sopenharmony_ciSubject: [PATCH] regexp: Fix null deref in xmlFAFinishReduceEpsilonTransitions 553aa9179Sopenharmony_ci 653aa9179Sopenharmony_ciShort-lived regression found by OSS-Fuzz. 753aa9179Sopenharmony_ci 853aa9179Sopenharmony_ciReference:https://github.com/GNOME/libxml2/commit/a800b7e058b09031aba92949eecf2c76fa030635 953aa9179Sopenharmony_ciConflict:NA 1053aa9179Sopenharmony_ci 1153aa9179Sopenharmony_ci--- 1253aa9179Sopenharmony_ci xmlregexp.c | 2 ++ 1353aa9179Sopenharmony_ci 1 file changed, 2 insertions(+) 1453aa9179Sopenharmony_ci 1553aa9179Sopenharmony_cidiff --git a/xmlregexp.c b/xmlregexp.c 1653aa9179Sopenharmony_ciindex 185fcda..b0111e2 100644 1753aa9179Sopenharmony_ci--- a/xmlregexp.c 1853aa9179Sopenharmony_ci+++ b/xmlregexp.c 1953aa9179Sopenharmony_ci@@ -1896,6 +1896,8 @@ xmlFAFinishReduceEpsilonTransitions(xmlRegParserCtxtPtr ctxt, int tonr) { 2053aa9179Sopenharmony_ci xmlRegStatePtr to; 2153aa9179Sopenharmony_ci 2253aa9179Sopenharmony_ci to = ctxt->states[tonr]; 2353aa9179Sopenharmony_ci+ if (to == NULL) 2453aa9179Sopenharmony_ci+ return; 2553aa9179Sopenharmony_ci if ((to->mark == XML_REGEXP_MARK_START) || 2653aa9179Sopenharmony_ci (to->mark == XML_REGEXP_MARK_NORMAL)) 2753aa9179Sopenharmony_ci return; 2853aa9179Sopenharmony_ci-- 2953aa9179Sopenharmony_ci2.27.0 3053aa9179Sopenharmony_ci 31