shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-03-21 22:50:08 +03:00
Code

buf: Also reset input in error case

Browse Source 
Avoid dangling pointers if memory allocation failed. This could cause
a use-after-free after recent changes.

Found by OSS-Fuzz.
This commit is contained in:
Nick Wellnhofer 2023-10-11 13:32:54 +02:00
parent 514ab39955
commit fef12ed816
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
buf.c
View File

@ -1017,8 +1017,12 @@ xmlBufMergeBuffer(xmlBufPtr buf, xmlBufferPtr buffer) {
*/
int
xmlBufResetInput(xmlBufPtr buf, xmlParserInputPtr input) {
if ((input == NULL) || (buf == NULL) || (buf->error))
if (input == NULL)
return(-1);
if ((buf == NULL) || (buf->error)) {
input->base = input->cur = input->end = BAD_CAST "";
return(-1);
}
CHECK_COMPAT(buf)
input->base = input->cur = buf->content;
input->end = &buf->content[buf->use];