shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-03-31 06:50:06 +03:00
Code

malloc-fail: Fix memory leak in WXS_ADD_{LOCAL,GLOBAL}

Browse Source 
It's somewhat dangerous to add the cleanup code to a macro, but
otherwise we'd have to fix all the call sites.

Found with libFuzzer, see #344.
This commit is contained in:
Nick Wellnhofer 2023-03-05 14:09:49 +01:00
parent a5787229e5
commit 9afb6c5fb8
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
xmlschemas.c
View File

@ -308,10 +308,20 @@ static const xmlChar *xmlNamespaceNs = (const xmlChar *)
#define WXS_SCHEMA(ctx) (ctx)->schema
#define WXS_ADD_LOCAL(ctx, item) \
xmlSchemaAddItemSize(&(WXS_BUCKET(ctx)->locals), 10, item)
do { \
if (xmlSchemaAddItemSize(&(WXS_BUCKET(ctx)->locals), 10, item) < 0) { \
xmlFree(item); \
item = NULL; \
} \
} while (0)
#define WXS_ADD_GLOBAL(ctx, item) \
xmlSchemaAddItemSize(&(WXS_BUCKET(ctx)->globals), 5, item)
do { \
if (xmlSchemaAddItemSize(&(WXS_BUCKET(ctx)->globals), 5, item) < 0) { \
xmlFree(item); \
item = NULL; \
} \
} while (0)
#define WXS_ADD_PENDING(ctx, item) \
xmlSchemaAddItemSize(&((ctx)->constructor->pending), 10, item)
@ -3764,8 +3774,7 @@ xmlSchemaAddItemSize(xmlSchemaItemListPtr *list, int initialSize, void *item)
if (*list == NULL)
return(-1);
}
xmlSchemaItemListAddSize(*list, initialSize, item);
return(0);
return(xmlSchemaItemListAddSize(*list, initialSize, item));
}
/**