代码拉取完成,页面将自动刷新
Fork 仓库
加载中
确定同步?
同步操作将从 OpenHarmony/third_party_libxml2 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
backport-malloc-fail-Don-t-call-xmlErrMemory-in-xmlstring.c.patch
2.25 KB
冉召宇
提交于
2024-04-25 19:13
.
libxml2切openEuler7.0
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
From c7260a47f19e01f4f663b6a56fbdc2dafd8a6e7e Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 23 Jan 2023 10:19:59 +0100
Subject: [PATCH] malloc-fail: Don't call xmlErrMemory in xmlstring.c
Functions like xmlStrdup are called in the error handling code
(__xmlRaiseError) which can cause problems like use-after-free or
infinite loops when invoked recursively.
Calling xmlErrMemory without a context argument isn't helpful anyway.
Found with libFuzzer, see #344.
Reference:https://github.com/GNOME/libxml2/commit/c7260a47f19e01f4f663b6a56fbdc2dafd8a6e7e
Conflict:xmlstring.c
---
xmlstring.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/xmlstring.c b/xmlstring.c
index 5a6875f..9709545 100644
--- a/xmlstring.c
+++ b/xmlstring.c
@@ -45,7 +45,6 @@ xmlStrndup(const xmlChar *cur, int len) {
if ((cur == NULL) || (len < 0)) return(NULL);
ret = (xmlChar *) xmlMallocAtomic(((size_t) len + 1) * sizeof(xmlChar));
if (ret == NULL) {
- xmlErrMemory(NULL, NULL);
return(NULL);
}
memcpy(ret, cur, len * sizeof(xmlChar));
@@ -90,7 +89,6 @@ xmlCharStrndup(const char *cur, int len) {
if ((cur == NULL) || (len < 0)) return(NULL);
ret = (xmlChar *) xmlMallocAtomic(((size_t) len + 1) * sizeof(xmlChar));
if (ret == NULL) {
- xmlErrMemory(NULL, NULL);
return(NULL);
}
for (i = 0;i < len;i++) {
@@ -465,7 +463,6 @@ xmlStrncat(xmlChar *cur, const xmlChar *add, int len) {
return(NULL);
ret = (xmlChar *) xmlRealloc(cur, ((size_t) size + len + 1) * sizeof(xmlChar));
if (ret == NULL) {
- xmlErrMemory(NULL, NULL);
return(cur);
}
memcpy(&ret[size], add, len * sizeof(xmlChar));
@@ -505,7 +502,6 @@ xmlStrncatNew(const xmlChar *str1, const xmlChar *str2, int len) {
return(NULL);
ret = (xmlChar *) xmlMalloc(((size_t) size + len + 1) * sizeof(xmlChar));
if (ret == NULL) {
- xmlErrMemory(NULL, NULL);
return(xmlStrndup(str1, size));
}
memcpy(ret, str1, size * sizeof(xmlChar));
@@ -1034,7 +1030,6 @@ xmlEscapeFormatString(xmlChar **msg)
out-of-memory situations. */
xmlFree(*msg);
*msg = NULL;
- xmlErrMemory(NULL, NULL);
return(NULL);
}
--
2.27.0
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化