From dc2dde1ab92e50766df654fa9445456adb007605 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 4 Feb 2023 15:00:54 +0100
Subject: malloc-fail: Fix null deref in xmlXIncludeLoadTxt

Found with libFuzzer, see #344.
---
 xinclude.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'xinclude.c')

diff --git a/xinclude.c b/xinclude.c
index 0b9f9ca6..2f4ee8cf 100644
--- a/xinclude.c
+++ b/xinclude.c
@@ -1732,6 +1732,12 @@ xmlXIncludeLoadTxt(xmlXIncludeCtxtPtr ctxt, const xmlChar *url,
 	xmlCharEncCloseFunc(buf->encoder);
     buf->encoder = xmlGetCharEncodingHandler(enc);
     node = xmlNewDocText(ctxt->doc, NULL);
+    if (node == NULL) {
+        xmlFreeInputStream(inputStream);
+        xmlFreeParserCtxt(pctxt);
+        xmlFree(URL);
+        return(-1);
+    }
 
     /*
      * Scan all chars from the resource and add the to the node
-- 
cgit v1.2.1