Commit bedbef80 authored by Nick Wellnhofer's avatar Nick Wellnhofer
Browse files

Fix memory leak in xmlParseEntityDecl error path

When parsing the entity value, it can happen that an external entity
with an unsupported encoding is loaded and the parser is stopped. This
would lead to a memory leak.

A custom SAX callback could also stop the parser.

Found with libFuzzer and ASan.
parent 94f6ce83
......@@ -5713,7 +5713,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
}
}
if (ctxt->instate == XML_PARSER_EOF)
return;
goto done;
SKIP_BLANKS;
if (RAW != '>') {
xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
......@@ -5744,17 +5744,17 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
cur = xmlSAX2GetEntity(ctxt, name);
}
}
if (cur != NULL) {
if (cur->orig != NULL)
xmlFree(orig);
else
cur->orig = orig;
} else
xmlFree(orig);
if ((cur != NULL) && (cur->orig == NULL)) {
cur->orig = orig;
orig = NULL;
}
}
done:
if (value != NULL) xmlFree(value);
if (URI != NULL) xmlFree(URI);
if (literal != NULL) xmlFree(literal);
if (orig != NULL) xmlFree(orig);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment