45 lines
1.5 KiB
Diff
45 lines
1.5 KiB
Diff
From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Sat, 1 May 2021 16:53:33 +0200
|
|
Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv
|
|
|
|
Check return value of recursive calls to
|
|
xmlParseElementChildrenContentDeclPriv and return immediately in case
|
|
of errors. Otherwise, struct xmlElementContent could contain unexpected
|
|
null pointers, leading to a null deref when post-validating documents
|
|
which aren't well-formed and parsed in recovery mode.
|
|
|
|
Fixes #243.
|
|
---
|
|
parser.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/parser.c b/parser.c
|
|
index b42e6043..73c27edd 100644
|
|
--- a/parser.c
|
|
+++ b/parser.c
|
|
@@ -6208,6 +6208,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
|
|
SKIP_BLANKS;
|
|
cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
|
|
depth + 1);
|
|
+ if (cur == NULL)
|
|
+ return(NULL);
|
|
SKIP_BLANKS;
|
|
GROW;
|
|
} else {
|
|
@@ -6341,6 +6343,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
|
|
SKIP_BLANKS;
|
|
last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
|
|
depth + 1);
|
|
+ if (last == NULL) {
|
|
+ if (ret != NULL)
|
|
+ xmlFreeDocElementContent(ctxt->myDoc, ret);
|
|
+ return(NULL);
|
|
+ }
|
|
SKIP_BLANKS;
|
|
} else {
|
|
elem = xmlParseName(ctxt);
|
|
--
|
|
GitLab
|
|
|