shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-01-27 14:03:36 +03:00
Code

Fix memory leak in xmlParseEntityDecl error path

Browse Source 
When parsing the entity value, it can happen that an external entity
with an unsupported encoding is loaded and the parser is stopped. This
would lead to a memory leak.

A custom SAX callback could also stop the parser.

Found with libFuzzer and ASan.
This commit is contained in:
Nick Wellnhofer 2017-06-09 15:10:13 +02:00
parent 94f6ce838c
commit bedbef8065
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
parser.c
View File

@ -5713,7 +5713,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
}
}
if (ctxt->instate == XML_PARSER_EOF)
return;
goto done;
SKIP_BLANKS;
if (RAW != '>') {
xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
@ -5744,17 +5744,17 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
cur = xmlSAX2GetEntity(ctxt, name);
}
}
if (cur != NULL) {
if (cur->orig != NULL)
xmlFree(orig);
else
cur->orig = orig;
} else
xmlFree(orig);
if ((cur != NULL) && (cur->orig == NULL)) {
cur->orig = orig;
orig = NULL;
}
}
done:
if (value != NULL) xmlFree(value);
if (URI != NULL) xmlFree(URI);
if (literal != NULL) xmlFree(literal);
if (orig != NULL) xmlFree(orig);
}
}