diff --git a/fuzz/api.c b/fuzz/api.c index 3ac5c1fc..8d563286 100644 --- a/fuzz/api.c +++ b/fuzz/api.c @@ -2522,30 +2522,38 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) { } case OP_XML_NODE_LIST_GET_STRING: { + xmlDocPtr doc; + xmlNodePtr list; xmlChar *string; startOp("xmlNodeListGetString"); incStrIdx(); + doc = getDoc(0); + list = getNode(1); string = xmlNodeListGetString( - getDoc(0), - getNode(1), + doc, + list, getInt(0)); - oomReport = (string == NULL); + oomReport = (list != NULL && string == NULL); moveStr(0, string); endOp(); break; } case OP_XML_NODE_LIST_GET_RAW_STRING: { + xmlDocPtr doc; + xmlNodePtr list; xmlChar *string; startOp("xmlNodeListGetRawString"); incStrIdx(); + doc = getDoc(0); + list = getNode(1); string = xmlNodeListGetRawString( - getDoc(0), - getNode(1), + doc, + list, getInt(0)); - oomReport = (string == NULL); + oomReport = (list != NULL && string == NULL); moveStr(0, string); endOp(); break; diff --git a/tree.c b/tree.c index 254ea5a3..85f43f86 100644 --- a/tree.c +++ b/tree.c @@ -1594,11 +1594,11 @@ error: /** * xmlNodeListGetString: * @doc: a document (optional) - * @list: a node list of attribute children (optional) + * @list: a node list of attribute children * @inLine: whether entity references are substituted * * Serializes attribute children (text and entity reference nodes) - * into a string. An empty list produces an empty string. + * into a string. * * If @inLine is true, entity references will be substituted. * Otherwise, entity references will be kept and special characters @@ -1612,11 +1612,14 @@ xmlNodeListGetString(xmlDocPtr doc, const xmlNode *list, int inLine) { int escMode; + /* backward compatibility */ + if (list == NULL) + return(NULL); + if (inLine) { escMode = 0; } else { - if ((list != NULL) && - (list->parent != NULL) && + if ((list->parent != NULL) && (list->parent->type == XML_ATTRIBUTE_NODE)) escMode = 2; else @@ -1630,11 +1633,11 @@ xmlNodeListGetString(xmlDocPtr doc, const xmlNode *list, int inLine) /** * xmlNodeListGetRawString: * @doc: a document (optional) - * @list: a node list of attribute children (optional) + * @list: a node list of attribute children * @inLine: whether entity references are substituted * * Serializes attribute children (text and entity reference nodes) - * into a string. An empty list produces an empty string. + * into a string. * * If @inLine is true, entity references will be substituted. * Otherwise, entity references will be kept and special characters @@ -1646,6 +1649,11 @@ xmlChar * xmlNodeListGetRawString(const xmlDoc *doc, const xmlNode *list, int inLine) { int escMode = inLine ? 0 : 3; + + /* backward compatibility */ + if (list == NULL) + return(NULL); + return(xmlNodeListGetStringInternal((xmlDocPtr) doc, list, escMode)); } #endif /* LIBXML_TREE_ENABLED */ diff --git a/valid.c b/valid.c index 7b9cd0d3..0e4a9c29 100644 --- a/valid.c +++ b/valid.c @@ -6224,7 +6224,10 @@ xmlValidateElement(xmlValidCtxtPtr ctxt, xmlDocPtr doc, xmlNodePtr root) { if (elem->type == XML_ELEMENT_NODE) { attr = elem->properties; while (attr != NULL) { - value = xmlNodeListGetString(doc, attr->children, 0); + if (attr->children == NULL) + value = xmlStrdup(BAD_CAST ""); + else + value = xmlNodeListGetString(doc, attr->children, 0); if (value == NULL) { xmlVErrMemory(ctxt); ret = 0; diff --git a/xmlreader.c b/xmlreader.c index a7328e18..3528d7d8 100644 --- a/xmlreader.c +++ b/xmlreader.c @@ -2340,6 +2340,8 @@ xmlTextReaderGetAttributeNo(xmlTextReaderPtr reader, int no) { } /* TODO walk the DTD if present */ + if (cur->children == NULL) + return(NULL); ret = xmlNodeListGetString(reader->node->doc, cur->children, 1); if (ret == NULL) xmlTextReaderErrMemory(reader); @@ -3585,6 +3587,8 @@ xmlTextReaderValue(xmlTextReaderPtr reader) { xmlDocPtr doc = NULL; xmlChar *ret; + if (attr->children == NULL) + return(NULL); if (attr->parent != NULL) doc = attr->parent->doc; ret = xmlNodeListGetString(doc, attr->children, 1);