tree: Fix xmlTextMerge with NULL args

Restore pre-2.13 behavior. Fixes #875.
2025-03-27 18:50:07 +03:00 · 2025-03-18 11:11:20 +01:00 · 2025-03-18 11:11:20 +01:00 · 58d7a3b725
commit 58d7a3b725
parent 6d02b54e0c
2 changed files with 19 additions and 10 deletions
--- a/fuzz/api.c
+++ b/fuzz/api.c
@ -2449,11 +2449,14 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
                first = getNode(0);
                second = getNode(1);
                argsOk =
-                    (first != NULL && first->type == XML_TEXT_NODE &&
-                     second != NULL && second->type == XML_TEXT_NODE &&
-                     first != second &&
-                     first->name == second->name);
-                if (argsOk) {
+                    first == NULL ?
+                        second != NULL :
+                        second == NULL ||
+                        (first->type == XML_TEXT_NODE &&
+                         second->type == XML_TEXT_NODE &&
+                         first != second &&
+                         first->name == second->name);
+                if (argsOk && second != NULL) {
                    if (second->parent != NULL)
                        parent = second->parent;
                    else
@ -2462,7 +2465,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
                }
                res = xmlTextMerge(first, second);
                oomReport = (argsOk && res == NULL);
-                if (res != NULL) {
+                if (res != NULL && first != NULL) {
                    removeNode(second);
                    dropNode(parent);
                    checkContent(first);
--- a/tree.c
+++ b/tree.c
@ -5858,15 +5858,21 @@ xmlNodeAddContent(xmlNodePtr cur, const xmlChar *content) {
 * @first:  the first text node
 * @second:  the second text node being merged
 *
- * Merge the second text node into the first. The second node is
- * unlinked and freed.
+ * Merge the second text node into the first. If @first is NULL,
+ * @second is returned. Otherwise, the second node is unlinked and
+ * freed.
 *
 * Returns the first text node augmented or NULL in case of error.
 */
 xmlNodePtr
 xmlTextMerge(xmlNodePtr first, xmlNodePtr second) {
-    if ((first == NULL) || (first->type != XML_TEXT_NODE) ||
-        (second == NULL) || (second->type != XML_TEXT_NODE) ||
+    if (first == NULL)
+        return(second);
+    if (second == NULL)
+        return(first);
+
+    if ((first->type != XML_TEXT_NODE) ||
+        (second->type != XML_TEXT_NODE) ||
        (first == second) ||
        (first->name != second->name))
 	return(NULL);