c/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2 synced 2025-03-28 21:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd

Browse Source 
xmlSchemaItemListAdd can reallocate the items array. Update local
variables after adding item in

- xmlSchemaIDCFillNodeTables
- xmlSchemaBubbleIDCNodeTables

Fixes #828.
This commit is contained in:
Nick Wellnhofer 2024-12-10 16:52:05 +01:00
parent 503f788e84
commit 245b70d7d2
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
xmlschemas.c
View File

@ -23388,6 +23388,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
}
if (xmlSchemaItemListAdd(bind->dupls, bind->nodeTable[j]) == -1)
goto internal_error;
dupls = (xmlSchemaPSVIIDCNodePtr *) bind->dupls->items;
/*
* Remove the duplicate entry from the IDC node-table.
*/
@ -23604,6 +23605,8 @@ xmlSchemaBubbleIDCNodeTables(xmlSchemaValidCtxtPtr vctxt)
goto internal_error;
}
xmlSchemaItemListAdd(parBind->dupls, parNode);
dupls = (xmlSchemaPSVIIDCNodePtr *)
parBind->dupls->items;
} else {
/*
* Add the node-table entry (node and key-sequence) of