File libxml2-CVE-2019-20388.patch of Package libxml2.16384

Overview Repositories Revisions Requests Users Attributes Meta

File libxml2-CVE-2019-20388.patch of Package libxml2.16384

From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Tue, 20 Aug 2019 16:33:06 +0800
Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream

When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
vctxt->xsiAssemble to 0 again which cause the alloced schema
can not be freed anymore.

Found with libFuzzer.

Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
---
 xmlschemas.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/xmlschemas.c b/xmlschemas.c
index 301c84499..39d92182f 100644
--- a/xmlschemas.c
+++ b/xmlschemas.c
@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
     vctxt->nberrors = 0;
     vctxt->depth = -1;
     vctxt->skipDepth = -1;
-    vctxt->xsiAssemble = 0;
     vctxt->hasKeyrefs = 0;
 #ifdef ENABLE_IDC_NODE_TABLES_TEST
     vctxt->createIDCNodeTables = 1;

Places

File libxml2-CVE-2019-20388.patch of Package libxml2.16384

Places