malloc-fail: Fix memory leak in xmlSchemaParseUnion

Also report malloc failure from xmlStrndup. Found with libFuzzer, see #344.
author: Nick Wellnhofer <wellnhofer@aevum.de> 2023-03-05 14:10:41 +0100
committer: Nick Wellnhofer <wellnhofer@aevum.de> 2023-03-08 13:17:49 +0100
commit: 961a4f35bfcbe3f2b0ca0932e880ea73cbb2ab2c (patch)
tree: fdbae3a1dc8f22a412b1904be806f362c950c5e8 /xmlschemas.c
parent: 260d6b8d77d11a20a2614eef99e88e68eaca6550 (diff)
download: libxml2-961a4f35bfcbe3f2b0ca0932e880ea73cbb2ab2c.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/xmlschemas.c b/xmlschemas.c
index 1bc4fc31..d6471afe 100644
--- a/xmlschemas.c
+++ b/xmlschemas.c
@@ -9032,6 +9032,11 @@ xmlSchemaParseUnion(xmlSchemaParserCtxtPtr ctxt, xmlSchemaPtr schema,
 	    if (end == cur)
 		break;
 	    tmp = xmlStrndup(cur, end - cur);
+            if (tmp == NULL) {
+                xmlSchemaPErrMemory(ctxt, "xmlSchemaParseUnion, "
+                    "duplicating type name", NULL);
+                return (-1);
+            }
 	    if (xmlSchemaPValAttrNodeQNameValue(ctxt, schema,
 		NULL, attr, BAD_CAST tmp, &nsName, &localName) == 0) {
 		/*
@@ -9042,6 +9047,7 @@ xmlSchemaParseUnion(xmlSchemaParserCtxtPtr ctxt, xmlSchemaPtr schema,
 		if (link == NULL) {
 		    xmlSchemaPErrMemory(ctxt, "xmlSchemaParseUnion, "
 			"allocating a type link", NULL);
+	            FREE_AND_NULL(tmp)
 		    return (-1);
 		}
 		link->type = NULL;
author	Nick Wellnhofer <wellnhofer@aevum.de>	2023-03-05 14:10:41 +0100
committer	Nick Wellnhofer <wellnhofer@aevum.de>	2023-03-08 13:17:49 +0100
commit	961a4f35bfcbe3f2b0ca0932e880ea73cbb2ab2c (patch)
tree	fdbae3a1dc8f22a412b1904be806f362c950c5e8 /xmlschemas.c
parent	260d6b8d77d11a20a2614eef99e88e68eaca6550 (diff)
download	libxml2-961a4f35bfcbe3f2b0ca0932e880ea73cbb2ab2c.tar.gz