lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-07-28 00:21:53 +03:00
Code Activity

malloc-fail: Fix infinite loop in htmlParseContentInternal

Browse Source 
Found with libFuzzer, see #344.
This commit is contained in:
Nick Wellnhofer
2023-02-16 14:53:29 +01:00
parent f3e62035d8
commit 04c2955197
1 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
HTMLparser.c
View File

@ -4733,8 +4733,16 @@ htmlParseContentInternal(htmlParserCtxtPtr ctxt) {
int depth; int depth;
const xmlChar *name; const xmlChar *name;
currentNode = xmlStrdup(ctxt->name);
depth = ctxt->nameNr; depth = ctxt->nameNr;
if (depth <= 0) {
currentNode = NULL;
} else {
currentNode = xmlStrdup(ctxt->name);
if (currentNode == NULL) {
htmlErrMemory(ctxt, NULL);
return;
}
}
while (1) { while (1) {
GROW; GROW;
@ -4750,8 +4758,16 @@ htmlParseContentInternal(htmlParserCtxtPtr ctxt) {
if (currentNode != NULL) if (currentNode != NULL)
xmlFree(currentNode); xmlFree(currentNode);
currentNode = xmlStrdup(ctxt->name);
depth = ctxt->nameNr; depth = ctxt->nameNr;
if (depth <= 0) {
currentNode = NULL;
} else {
currentNode = xmlStrdup(ctxt->name);
if (currentNode == NULL) {
htmlErrMemory(ctxt, NULL);
break;
}
}
} }
continue; /* while */ continue; /* while */
} }
@ -4773,6 +4789,10 @@ htmlParseContentInternal(htmlParserCtxtPtr ctxt) {
xmlFree(currentNode); xmlFree(currentNode);
currentNode = xmlStrdup(ctxt->name); currentNode = xmlStrdup(ctxt->name);
if (currentNode == NULL) {
htmlErrMemory(ctxt, NULL);
break;
}
depth = ctxt->nameNr; depth = ctxt->nameNr;
continue; continue;
} }
@ -4796,6 +4816,10 @@ htmlParseContentInternal(htmlParserCtxtPtr ctxt) {
if (currentNode != NULL) xmlFree(currentNode); if (currentNode != NULL) xmlFree(currentNode);
currentNode = xmlStrdup(ctxt->name); currentNode = xmlStrdup(ctxt->name);
if (currentNode == NULL) {
htmlErrMemory(ctxt, NULL);
break;
}
depth = ctxt->nameNr; depth = ctxt->nameNr;
continue; continue;
} }
@ -4847,6 +4871,10 @@ htmlParseContentInternal(htmlParserCtxtPtr ctxt) {
if (currentNode != NULL) xmlFree(currentNode); if (currentNode != NULL) xmlFree(currentNode);
currentNode = xmlStrdup(ctxt->name); currentNode = xmlStrdup(ctxt->name);
if (currentNode == NULL) {
htmlErrMemory(ctxt, NULL);
break;
}
depth = ctxt->nameNr; depth = ctxt->nameNr;
} }
else if (CUR == '<') { else if (CUR == '<') {