代码拉取完成,页面将自动刷新
Fork 仓库
加载中
确定同步?
同步操作将从 OpenHarmony/third_party_libxml2 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
backport-malloc-fail-Fix-memory-leak-after-calling-valuePush.patch
1.64 KB
冉召宇
提交于
2024-04-25 19:13
.
libxml2切openEuler7.0
From 85bc313e7996c06d52b6f6f5c6a467ff3a148e75 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 15 Feb 2023 13:49:28 +0100
Subject: [PATCH] malloc-fail: Fix memory leak after calling valuePush
Destroy the object in valuePush if the function fails. This is somewhat
dangerous but matches the expectations of users.
Found with libFuzzer, see #344.
Reference:https://github.com/GNOME/libxml2/commit/85bc313e7996c06d52b6f6f5c6a467ff3a148e75
Conflict:NA
---
xpath.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/xpath.c b/xpath.c
index 7833870..dc99e63 100644
--- a/xpath.c
+++ b/xpath.c
@@ -2881,6 +2881,8 @@ valuePop(xmlXPathParserContextPtr ctxt)
* a memory error is recorded in the parser context.
*
* Returns the number of items on the value stack, or -1 in case of error.
+ *
+ * The object is destroyed in case of error.
*/
int
valuePush(xmlXPathParserContextPtr ctxt, xmlXPathObjectPtr value)
@@ -2899,6 +2901,7 @@ valuePush(xmlXPathParserContextPtr ctxt, xmlXPathObjectPtr value)
if (ctxt->valueMax >= XPATH_MAX_STACK_DEPTH) {
xmlXPathPErrMemory(ctxt, "XPath stack depth limit reached\n");
+ xmlXPathFreeObject(value);
return (-1);
}
tmp = (xmlXPathObjectPtr *) xmlRealloc(ctxt->valueTab,
@@ -2906,6 +2909,7 @@ valuePush(xmlXPathParserContextPtr ctxt, xmlXPathObjectPtr value)
sizeof(ctxt->valueTab[0]));
if (tmp == NULL) {
xmlXPathPErrMemory(ctxt, "pushing value\n");
+ xmlXPathFreeObject(value);
return (-1);
}
ctxt->valueMax *= 2;
--
2.27.0
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化