From 2355eac59e91e1465696150cf0efc9029ba4f9b2 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sun, 22 Jan 2023 14:52:06 +0100
Subject: malloc-fail: Fix null deref if growing input buffer fails

Also add some error checks.

Found with libFuzzer, see #344.
---
 xmlIO.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'xmlIO.c')

diff --git a/xmlIO.c b/xmlIO.c
index 05800185..d26ddc41 100644
--- a/xmlIO.c
+++ b/xmlIO.c
@@ -3218,7 +3218,8 @@ xmlParserInputBufferGrow(xmlParserInputBufferPtr in, int len) {
         if (res < 0)
             return(-1);
 
-        xmlBufAddLen(buf, res);
+        if (xmlBufAddLen(buf, res) < 0)
+            return(-1);
     }
 
     /*
-- 
cgit v1.2.1