diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-01-22 14:52:06 +0100 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-01-24 11:32:15 +0100 |
commit | 2355eac59e91e1465696150cf0efc9029ba4f9b2 (patch) | |
tree | 186ede1a8c4ccdcdcb2ec0193113f35de59f4593 /encoding.c | |
parent | 0c5f40b788410753eb73e3040be4f50b608923e1 (diff) | |
download | libxml2-2355eac59e91e1465696150cf0efc9029ba4f9b2.tar.gz |
malloc-fail: Fix null deref if growing input buffer fails
Also add some error checks.
Found with libFuzzer, see #344.
Diffstat (limited to 'encoding.c')
-rw-r--r-- | encoding.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -2332,7 +2332,8 @@ xmlCharEncInput(xmlParserInputBufferPtr input, int flush) toconv = 64 * 1024; written = xmlBufAvail(out); if (toconv * 2 >= written) { - xmlBufGrow(out, toconv * 2); + if (xmlBufGrow(out, toconv * 2) < 0) + return (-1); written = xmlBufAvail(out); } if ((written > 128 * 1024) && (flush == 0)) |