kmx git

Show log
Commit

Hash : 6a12be77
Author :
Date : 2023-01-31T12:46:30

malloc-fail: Avoid use-after-free after unsuccessful valuePush

In xpath.c there's a lot of code like:

    valuePush(ctxt, xmlCacheNewX());
    ...
    valuePop(ctxt);

If xmlCacheNewX fails, no value will be pushed on the stack. If there's
no error check in between, valuePop will pop an unrelated value which
can lead to use-after-free errors.

Instead of trying to fix all call sites, we simply stop popping values
if an error was signaled. This requires to change the CHECK_TYPE macro
which is often used to determine whether a value can be safely popped.

Found with libFuzzer, see #344.

Properties

Git HTTP	https://git.kmx.io/kc3-lang/libxml2.git
Git SSH	git@git.kmx.io:kc3-lang/libxml2.git
Public access ?	public
Description	GNOME libxml2 Upstream GNOME Gitlab Github Fork Github
Users
Tags	v2.9.9-rc2 v2.9.9-rc1 v2.9.9 v2.9.8-rc1 v2.9.8 v2.9.7-rc1 v2.9.7 v2.9.6-rc1 v2.9.6 v2.9.5-rc2 v2.9.5-rc1 v2.9.5 v2.9.4-rc2 v2.9.4-rc1 v2.9.4 v2.9.3 v2.9.2-rc2 v2.9.2-rc1 v2.9.2 v2.9.14 v2.9.13 v2.9.12 v2.9.11 v2.9.10-rc1 v2.9.10 v2.9.1 v2.9.0-rc2 v2.9.0 v2.8.0-rc2 v2.8.0-rc1 v2.8.0 v2.7.8 v2.7.7 v2.7.6 v2.7.5 v2.7.4 v2.15.1 v2.15.0 v2.14.6 v2.14.5 v2.14.4 v2.14.3 v2.14.2 v2.14.1 v2.14.0 v2.13.9 v2.13.8 v2.13.7 v2.13.6 v2.13.5 v2.13.4 v2.13.3 v2.13.2 v2.13.1 v2.13.0 v2.12.9 v2.12.8 v2.12.7 v2.12.6 v2.12.5 v2.12.4 v2.12.3 v2.12.2 v2.12.10 v2.12.1 v2.12.0 v2.11.9 v2.11.8 v2.11.7 v2.11.6 v2.11.5 v2.11.4 v2.11.3 v2.11.2 v2.11.1 v2.11.0 v2.10.4 v2.10.3 v2.10.2 v2.10.1 v2.10.0 help PRE_MUCKUP3 PRE_MUCKUP2 PRE_MUCKUP LIB_XML_1_X LIB_XML_1_8_3 LIB_XML_1_7_3 LIB_XML_1_7_1 LIB_XML_1_7_0 LIB_XML_1_6_2 LIB_XML_1_6_1 LIB_XML_1_4 LIB_XML_1_3 LIB_XML_1_1 LIBXML_TEST_2_0_0 LIBXML_2_6_10 LIBXML_2_5_6 LIBXML_2_5_5 LIBXML_2_5_4 LIBXML_2_5_3 LIBXML_2_5_2 LIBXML_2_5_1 LIBXML_2_4_7 LIBXML_2_4_6 LIBXML_2_4_4 LIBXML_2_4_30 LIBXML_2_4_3 LIBXML_2_4_29 LIBXML_2_4_27 LIBXML_2_4_26 LIBXML_2_4_25 LIBXML_2_4_24 LIBXML_2_4_23 LIBXML_2_4_22 LIBXML_2_4_20 LIBXML_2_4_2 LIBXML_2_4_18 LIBXML_2_4_16 LIBXML_2_4_14 LIBXML_2_4_13 LIBXML_2_4_12 LIBXML_2_4_11 LIBXML_2_4_0 LIBXML_2_3_9 LIBXML_2_3_8 LIBXML_2_3_7 LIBXML_2_3_6 LIBXML_2_3_5 LIBXML_2_3_4 LIBXML_2_3_3 LIBXML_2_3_2 LIBXML_2_3_14 LIBXML_2_3_13 LIBXML_2_3_12 LIBXML_2_3_11 LIBXML_2_3_10 LIBXML_2_3_0 LIBXML_2_2_8 LIBXML_2_2_7 LIBXML_2_2_6 LIBXML_2_2_4 LIBXML_2_2_3 LIBXML_2_2_1 LIBXML_2_1_1 LIBXML_2_1_0 LIBXML_2_0_0 LIBXML_1_8_9 LIBXML_1_8_8 LIBXML_1_8_6 LIBXML_1_8_5 LIBXML_1_8_17 LIBXML_1_8_16 LIBXML_1_8_14 LIBXML_1_8_12 LIBXML_1_8_10_REAL LIBXML_1_8_10 LIBXML_1_5_0 LIBXML_0_99 LIBXML2_6_0 LIBXML2_2_6_9 LIBXML2_2_6_8 LIBXML2_2_6_7 LIBXML2_2_6_6 LIBXML2_2_6_5 LIBXML2_2_6_4 LIBXML2_2_6_3 LIBXML2_2_6_28 LIBXML2_2_6_27 LIBXML2_2_6_26 LIBXML2_2_6_24 LIBXML2_2_6_23 LIBXML2_2_6_22 LIBXML2_2_6_21 LIBXML2_2_6_20 LIBXML2_2_6_2 LIBXML2_2_6_19 LIBXML2_2_6_18 LIBXML2_2_6_16 LIBXML2_2_6_15 LIBXML2_2_6_14 LIBXML2_2_6_13 LIBXML2_2_6_12 LIBXML2_2_6_11 LIBXML2_2_6_1 LIBXML2_2_5_x LIBXML2_2_5_9 LIBXML2_2_5_8 LIBXML2_2_5_7 LIBXML2_2_5_11 LIBXML2_2_5_10 LIBXML2_2_5_0 LIBXML2_2_4_21 LIBXML2.7.3 LIBXML2.7.2 LIBXML2.7.1 LIBXML2.7.0 LIBXML2.6.32 GNUMERIC_FIRST_PUBLIC_RELEASE GNOME_PRINT_0_24 GNOME_0_30 FOR_GNOME_0_99_1 EAZEL-NAUTILUS-MS-AUG07 ChangeLog CVE-2021-3541 CVE-2016-4483 CVE-2016-4449 CVE-2016-3705 CVE-2016-3627 CVE-2016-1840 CVE-2016-1839 CVE-2016-1838 CVE-2016-1837 CVE-2016-1836 CVE-2016-1835 CVE-2016-1834 CVE-2016-1833 CVE-2016-1762 CVE-2015-8317 CVE-2015-8242 CVE-2015-8035 CVE-2015-7942-2 CVE-2015-7942 CVE-2015-7941_2 CVE-2015-7941_1 CVE-2015-7500 CVE-2015-7499-2 CVE-2015-7499-1 CVE-2015-7498 CVE-2015-7497 CVE-2015-5312 CVE-2015-1819 CVE-2014-3660 CVE-2014-0191 CVE-2013-2877

kc3-lang/libxml2/include/libxml

Commit

Files

Properties