projects / platform / upstream / libxml2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e5c2356)
[CVE-2019-19956] Fix memory leak in xmlParseBalancedChunkMemoryRecover 98/226698/2 sandbox/backup/libxml2_2.9.9_20200316 accepted/tizen/base/20200316.043445 submit/tizen_base/20200305.042653 submit/tizen_base/20200309.044758
authorZhipeng Xie <xiezhipeng1@huawei.com>
Wed, 7 Aug 2019 09:39:17 +0000 (17:39 +0800)
committerDongHun Kwak <dh0128.kwak@samsung.com>
Thu, 5 Mar 2020 04:11:43 +0000 (13:11 +0900)
When doc is NULL, namespace created in xmlTreeEnsureXMLDecl
is bind to newDoc->oldNs, in this case, set newDoc->oldNs to
NULL and free newDoc will cause a memory leak.

Found with libFuzzer.

Closes #82.

Change-Id: I9de145cc666e3791a81bfacb3930d21e624c4a7a
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
parser.c patch | blob | history

diff --git a/parser.c b/parser.c
index 5813a66..7b532e0 100644 (file)
--- a/parser.c
+++ b/parser.c
@@ -13898,7 +13898,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
     xmlFreeParserCtxt(ctxt);
     newDoc->intSubset = NULL;
     newDoc->extSubset = NULL;
-    newDoc->oldNs = NULL;
+    if(doc != NULL)
+        newDoc->oldNs = NULL;
     xmlFreeDoc(newDoc);
 
     return(ret);
Domain: System / Base;