HGKeeper

Fix leak that may occur when xmlnode_from_str fails
release-2.x.y
2021-09-13, Elliott Sales de Andrade

59a77978ca08

Parents f14a311b8313
Children c8e2ffe9b4d0

Fix leak that may occur when xmlnode_from_str fails

The failure may occur any time in the middle of parsing, and `xpd->current` may
not actually be pointing to the root of the parsed tree. Thus we need to walk
back up before freeing the xmlnode.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34988

Testing Done:
Ran the reproducer testcase on `fuzz_xml`

Reviewed at https://reviews.imfreedom.org/r/911/

1 files changed, 8 insertions(+), 1 deletions(-)

+8 -1

libpurple/xmlnode.c

~~--- a/libpurple/xmlnode.c Sat Sep 11 11:51:05 2021 -0500~~

+++ b/libpurple/xmlnode.c Mon Sep 13 17:06:37 2021 -0500

@@ -725,8 +725,15 @@

ret = xpd->current;

if (xpd->error) {

ret = NULL;

~~- if (xpd->current)~~

+ if (xpd->current) {

+ /* If an error occurred while parsing, we may be

+ * pointing at some random child, so walk back up the

+ * tree in order to free everything. */

+ while (xpd->current->parent != NULL) {

+ xpd->current = xpd->current->parent;

+ }

xmlnode_free(xpd->current);

+ }

}

g_free(xpd);

pidgin/pidgin