diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-03-13 17:11:27 +0100 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-03-13 17:11:27 +0100 |
commit | 483793940c476483eb7ca1873100bf58a2441478 (patch) | |
tree | 7f6c3a46bbb4140345e3f355dae924e23c1f4159 /include | |
parent | 457fc622d5e8e3734d9c294c81d6c1babb9c5dd5 (diff) | |
download | libxml2-483793940c476483eb7ca1873100bf58a2441478.tar.gz |
malloc-fail: Stop using XPath stack frames
There's too much code which assumes that if ctxt->value is non-null,
a value can be successfully popped off the stack. This assumption can
break with stack frames when malloc fails.
Instead of trying to fix all call sites, remove the stack frame logic.
It only offered very little protection against misbehaving extension
functions. We already check the stack size after a function call which
should be enough.
Found by OSS-Fuzz.
Diffstat (limited to 'include')
-rw-r--r-- | include/libxml/xpath.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/libxml/xpath.h b/include/libxml/xpath.h index 8a70ddc2..b57985a2 100644 --- a/include/libxml/xpath.h +++ b/include/libxml/xpath.h @@ -400,7 +400,7 @@ struct _xmlXPathParserContext { int xptr; /* it this an XPointer expression */ xmlNodePtr ancestor; /* used for walking preceding axis */ - int valueFrame; /* used to limit Pop on the stack */ + int valueFrame; /* unused */ }; /************************************************************************ |