changeset
Fix leak that may occur when xmlnode_from_str fails
Mon, 13 Sep 2021 17:06:37 -0500
- author
- Elliott Sales de Andrade <quantum.analyst@gmail.com>
- date
- Mon, 13 Sep 2021 17:06:37 -0500
- branch
- release-2.x.y
- changeset 41044
- 59a77978ca08
- parent 41043
- f14a311b8313
- child 41045
- c8e2ffe9b4d0
Fix leak that may occur when xmlnode_from_str fails
The failure may occur any time in the middle of parsing, and `xpd->current` may
not actually be pointing to the root of the parsed tree. Thus we need to walk
back up before freeing the xmlnode.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34988
Testing Done:
Ran the reproducer testcase on `fuzz_xml`
Reviewed at https://reviews.imfreedom.org/r/911/
| libpurple/xmlnode.c | file | annotate | diff | comparison | revisions |
--- a/libpurple/xmlnode.c Sat Sep 11 11:51:05 2021 -0500 +++ b/libpurple/xmlnode.c Mon Sep 13 17:06:37 2021 -0500 @@ -725,8 +725,15 @@ ret = xpd->current; if (xpd->error) { ret = NULL; - if (xpd->current) + if (xpd->current) { + /* If an error occurred while parsing, we may be + * pointing at some random child, so walk back up the + * tree in order to free everything. */ + while (xpd->current->parent != NULL) { + xpd->current = xpd->current->parent; + } xmlnode_free(xpd->current); + } } g_free(xpd);
