kc3-lang/libxml2

Browse

Commit 83fb4119a9e8b5f029f6b876ecc497be4e6702e7

Nick Wellnhofer 2017-09-05T23:45:04

Fix memory leaks in SAX1 parser Found by OSS-Fuzz. I could only reproduce this with the (obsolete) SAX1 parser. One leak is caused by duplicate namespaced attribute names and can be reproduced in memory mode (testcase 4556417027538944): $ cat file <d xmlns:a="ns" a:x="v" xmlns:b="ns" b:x="v"/> $ xmllint --sax1 --memory file The other is caused by ATTLISTs with a normalized default for "xmlns" if they're processed after the entity recursion limit was hit (testcase 5580750034305024). $ cat file <!DOCTYPE d [ <!ENTITY a '<d>&a;'> <!ATTLIST d xmlns NMTOKEN 't'> ]> <d>&a; $ xmllint --sax1 --valid file Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2461 


          

          

        

        


    

  





 kmx.io    
 mail    
 discord

kmxgit v0.4.0