1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
From: Gaurav <g.gupta@samsung.com>
Date: Fri, 13 Jun 2014 14:45:20 +0800
Subject: Adding some missing NULL checks
in SAX2 DOM building code and in the HTML parser
---
HTMLparser.c | 4 ++--
SAX2.c | 9 +++++++++
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/HTMLparser.c b/HTMLparser.c
index 44c1a3c..79b1adf 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -3671,13 +3671,13 @@ htmlParseStartTag(htmlParserCtxtPtr ctxt) {
int i;
int discardtag = 0;
- if (ctxt->instate == XML_PARSER_EOF)
- return(-1);
if ((ctxt == NULL) || (ctxt->input == NULL)) {
htmlParseErr(ctxt, XML_ERR_INTERNAL_ERROR,
"htmlParseStartTag: context error\n", NULL, NULL);
return -1;
}
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(-1);
if (CUR != '<') return -1;
NEXT;
diff --git a/SAX2.c b/SAX2.c
index 33d167e..76b7158 100644
--- a/SAX2.c
+++ b/SAX2.c
@@ -1177,6 +1177,12 @@ xmlSAX2AttributeInternal(void *ctx, const xmlChar *fullname,
val = xmlStringDecodeEntities(ctxt, value, XML_SUBSTITUTE_REF,
0,0,0);
ctxt->depth--;
+ if (val == NULL) {
+ xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElement");
+ if (name != NULL)
+ xmlFree(name);
+ return;
+ }
} else {
val = (xmlChar *) value;
}
@@ -2570,6 +2576,9 @@ xmlSAX2Characters(void *ctx, const xmlChar *ch, int len)
(xmlDictOwns(ctxt->dict, lastChild->content))) {
lastChild->content = xmlStrdup(lastChild->content);
}
+ if (lastChild->content == NULL) {
+ xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters: xmlStrdup returned NULL");
+ }
if (((size_t)ctxt->nodelen + (size_t)len > XML_MAX_TEXT_LENGTH) &&
((ctxt->options & XML_PARSE_HUGE) == 0)) {
xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters: huge text node");
|
