lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-07-29 11:41:22 +03:00
Code Activity

malloc-fail: Fix infinite loop in htmlParseStartTag

Browse Source 
Found with libFuzzer, see #344.
This commit is contained in:
Nick Wellnhofer
2023-02-16 14:45:06 +01:00
parent ec05f04d8b
commit 643b4e90eb
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
HTMLparser.c
View File

@ -2566,6 +2566,7 @@ htmlSkipBogusComment(htmlParserCtxtPtr ctxt) {
static const xmlChar * static const xmlChar *
htmlParseHTMLName(htmlParserCtxtPtr ctxt) { htmlParseHTMLName(htmlParserCtxtPtr ctxt) {
const xmlChar *ret;
int i = 0; int i = 0;
xmlChar loc[HTML_PARSER_BUFFER_SIZE]; xmlChar loc[HTML_PARSER_BUFFER_SIZE];
@ -2583,7 +2584,11 @@ htmlParseHTMLName(htmlParserCtxtPtr ctxt) {
NEXT; NEXT;
} }
return(xmlDictLookup(ctxt->dict, loc, i)); ret = xmlDictLookup(ctxt->dict, loc, i);
if (ret == NULL)
htmlErrMemory(ctxt, NULL);
return(ret);
} }
@ -4031,7 +4036,8 @@ htmlParseStartTag(htmlParserCtxtPtr ctxt) {
SKIP_BLANKS; SKIP_BLANKS;
while ((CUR != 0) && while ((CUR != 0) &&
(CUR != '>') && (CUR != '>') &&
((CUR != '/') || (NXT(1) != '>'))) { ((CUR != '/') || (NXT(1) != '>')) &&
(ctxt->instate != XML_PARSER_EOF)) {
GROW; GROW;
attname = htmlParseAttribute(ctxt, &attvalue); attname = htmlParseAttribute(ctxt, &attvalue);
if (attname != NULL) { if (attname != NULL) {