lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Code Activity

malloc-fail: Add more error checks when parsing names

Browse Source 
xmlParseName and similar functions must return NULL if an error occurs.

Found by OSS-Fuzz, see #344.
This commit is contained in:
Nick Wellnhofer
2023-03-17 12:39:35 +01:00
parent 8090e58564
commit c81d0d04bf
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
parser.c
View File

@@ -3350,6 +3350,8 @@ xmlParseName(xmlParserCtxtPtr ctxt) {
XML_MAX_NAME_LENGTH; XML_MAX_NAME_LENGTH;
GROW; GROW;
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
#ifdef DEBUG #ifdef DEBUG
nbParseName++; nbParseName++;
@@ -3405,6 +3407,8 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
* Handler for more complex cases * Handler for more complex cases
*/ */
GROW; GROW;
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
startPosition = CUR_PTR - BASE_PTR; startPosition = CUR_PTR - BASE_PTR;
c = CUR_CHAR(l); c = CUR_CHAR(l);
if ((c == ' ') || (c == '>') || (c == '/') || /* accelerators */ if ((c == ' ') || (c == '>') || (c == '/') || /* accelerators */
@@ -3682,6 +3686,8 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
if (count++ > XML_PARSER_CHUNK_SIZE) { if (count++ > XML_PARSER_CHUNK_SIZE) {
count = 0; count = 0;
GROW; GROW;
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
} }
COPY_BUF(l,buf,len,c); COPY_BUF(l,buf,len,c);
NEXTL(l); NEXTL(l);
@@ -8861,6 +8867,8 @@ xmlParseQName(xmlParserCtxtPtr ctxt, const xmlChar **prefix) {
const xmlChar *l, *p; const xmlChar *l, *p;
GROW; GROW;
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
l = xmlParseNCName(ctxt); l = xmlParseNCName(ctxt);
if (l == NULL) { if (l == NULL) {