c/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2 synced 2025-03-28 21:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

malloc-fail: Fix type confusion in xmlSchemaCheckAGPropsCorrect

Browse Source 
Attribute groups must be marked as containing references also if an OOM
error occurred. Otherwise, references won't be resolved, leading to type
confusion in xmlSchemaCheckAGPropsCorrect later in the fixup phase.

I'm not sure why xmlSchemaFixupComponents is called at all if an error
occurred. This has lead to similar issues in the past. On the other
hand, continuing in the presence of errors helps when fuzzing.

See #344.
This commit is contained in:
Nick Wellnhofer 2025-03-09 13:31:10 +01:00
parent d96911f100
commit 9f8484602f
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
xmlschemas.c
View File

@ -7715,6 +7715,7 @@ xmlSchemaParseAttributeGroupDefinition(xmlSchemaParserCtxtPtr pctxt,
xmlNodePtr child = NULL;
xmlAttrPtr attr;
int hasRefs = 0;
int res;
if ((pctxt == NULL) || (schema == NULL) || (node == NULL))
return (NULL);
@ -7769,12 +7770,13 @@ xmlSchemaParseAttributeGroupDefinition(xmlSchemaParserCtxtPtr pctxt,
/*
* Parse contained attribute decls/refs.
*/
if (xmlSchemaParseLocalAttributes(pctxt, schema, &child,
res = xmlSchemaParseLocalAttributes(pctxt, schema, &child,
(xmlSchemaItemListPtr *) &(ret->attrUses),
XML_SCHEMA_TYPE_ATTRIBUTEGROUP, &hasRefs) == -1)
return(NULL);
XML_SCHEMA_TYPE_ATTRIBUTEGROUP, &hasRefs);
if (hasRefs)
ret->flags |= XML_SCHEMAS_ATTRGROUP_HAS_REFS;
if (res == -1)
return(NULL);
/*
* Parse the attribute wildcard.
*/