lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-21 14:53:44 +03:00
Code Activity

malloc-fail: Fix memory leak in xmlRegexpCompile

Browse Source 
Found with libFuzzer, see #344.
This commit is contained in:
Nick Wellnhofer
2023-02-17 15:23:42 +01:00
parent 53d1cc98cf
commit ed615967df
1 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
xmlregexp.c
View File

@@ -5603,7 +5603,7 @@ xmlRegexpPrint(FILE *output, xmlRegexpPtr regexp) {
*/
xmlRegexpPtr
xmlRegexpCompile(const xmlChar *regexp) {
xmlRegexpPtr ret;
xmlRegexpPtr ret = NULL;
xmlRegParserCtxtPtr ctxt;
ctxt = xmlRegNewParserCtxt(regexp);
@@ -5613,7 +5613,7 @@ xmlRegexpCompile(const xmlChar *regexp) {
/* initialize the parser */
ctxt->state = xmlRegStatePush(ctxt);
if (ctxt->state == NULL)
return(NULL);
goto error;
ctxt->start = ctxt->state;
ctxt->end = NULL;
@@ -5622,10 +5622,8 @@ xmlRegexpCompile(const xmlChar *regexp) {
if (CUR != 0) {
ERROR("xmlFAParseRegExp: extra characters");
}
if (ctxt->error != 0) {
xmlRegFreeParserCtxt(ctxt);
return(NULL);
}
if (ctxt->error != 0)
goto error;
ctxt->end = ctxt->state;
ctxt->start->type = XML_REGEXP_START_STATE;
ctxt->end->type = XML_REGEXP_FINAL_STATE;
@@ -5634,11 +5632,11 @@ xmlRegexpCompile(const xmlChar *regexp) {
xmlFAEliminateEpsilonTransitions(ctxt);
if (ctxt->error != 0) {
xmlRegFreeParserCtxt(ctxt);
return(NULL);
}
if (ctxt->error != 0)
goto error;
ret = xmlRegEpxFromParse(ctxt);
error:
xmlRegFreeParserCtxt(ctxt);
return(ret);
}