malloc-fail: Fix null deref if growing input buffer fails

Also add some error checks. Found with libFuzzer, see #344.
author: Nick Wellnhofer <wellnhofer@aevum.de> 2023-01-22 14:52:06 +0100
committer: Nick Wellnhofer <wellnhofer@aevum.de> 2023-01-24 11:32:15 +0100
commit: 2355eac59e91e1465696150cf0efc9029ba4f9b2 (patch)
tree: 186ede1a8c4ccdcdcb2ec0193113f35de59f4593 /encoding.c
parent: 0c5f40b788410753eb73e3040be4f50b608923e1 (diff)
download: libxml2-2355eac59e91e1465696150cf0efc9029ba4f9b2.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/encoding.c b/encoding.c
index 634349a0..3f8dab4b 100644
--- a/encoding.c
+++ b/encoding.c
@@ -2332,7 +2332,8 @@ xmlCharEncInput(xmlParserInputBufferPtr input, int flush)
         toconv = 64 * 1024;
     written = xmlBufAvail(out);
     if (toconv * 2 >= written) {
-        xmlBufGrow(out, toconv * 2);
+        if (xmlBufGrow(out, toconv * 2) < 0)
+            return (-1);
         written = xmlBufAvail(out);
     }
     if ((written > 128 * 1024) && (flush == 0))
author	Nick Wellnhofer <wellnhofer@aevum.de>	2023-01-22 14:52:06 +0100
committer	Nick Wellnhofer <wellnhofer@aevum.de>	2023-01-24 11:32:15 +0100
commit	2355eac59e91e1465696150cf0efc9029ba4f9b2 (patch)
tree	186ede1a8c4ccdcdcb2ec0193113f35de59f4593 /encoding.c
parent	0c5f40b788410753eb73e3040be4f50b608923e1 (diff)
download	libxml2-2355eac59e91e1465696150cf0efc9029ba4f9b2.tar.gz