malloc-fail: Stop using XPath stack frames

There's too much code which assumes that if ctxt->value is non-null, a value can be successfully popped off the stack. This assumption can break with stack frames when malloc fails. Instead of trying to fix all call sites, remove the stack frame logic. It only offered very little protection against misbehaving extension functions. We already check the stack size after a function call which should be enough. Found by OSS-Fuzz.
2025-10-26 00:37:43 +03:00 · 2023-03-13 17:11:27 +01:00
parent 457fc622d5
commit 483793940c
2 changed files with 5 additions and 54 deletions
--- a/include/libxml/xpath.h
+++ b/include/libxml/xpath.h
@@ -400,7 +400,7 @@ struct _xmlXPathParserContext {
    int xptr;				/* it this an XPointer expression */
    xmlNodePtr         ancestor;	/* used for walking preceding axis */

-    int              valueFrame;        /* used to limit Pop on the stack */
+    int              valueFrame;        /* unused */
 };

 /************************************************************************