From: Gaurav Date: Fri, 13 Jun 2014 14:45:20 +0800 Subject: Adding some missing NULL checks in SAX2 DOM building code and in the HTML parser --- HTMLparser.c | 4 ++-- SAX2.c | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/HTMLparser.c b/HTMLparser.c index 44c1a3c..79b1adf 100644 --- a/HTMLparser.c +++ b/HTMLparser.c @@ -3671,13 +3671,13 @@ htmlParseStartTag(htmlParserCtxtPtr ctxt) { int i; int discardtag = 0; - if (ctxt->instate == XML_PARSER_EOF) - return(-1); if ((ctxt == NULL) || (ctxt->input == NULL)) { htmlParseErr(ctxt, XML_ERR_INTERNAL_ERROR, "htmlParseStartTag: context error\n", NULL, NULL); return -1; } + if (ctxt->instate == XML_PARSER_EOF) + return(-1); if (CUR != '<') return -1; NEXT; diff --git a/SAX2.c b/SAX2.c index 33d167e..76b7158 100644 --- a/SAX2.c +++ b/SAX2.c @@ -1177,6 +1177,12 @@ xmlSAX2AttributeInternal(void *ctx, const xmlChar *fullname, val = xmlStringDecodeEntities(ctxt, value, XML_SUBSTITUTE_REF, 0,0,0); ctxt->depth--; + if (val == NULL) { + xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElement"); + if (name != NULL) + xmlFree(name); + return; + } } else { val = (xmlChar *) value; } @@ -2570,6 +2576,9 @@ xmlSAX2Characters(void *ctx, const xmlChar *ch, int len) (xmlDictOwns(ctxt->dict, lastChild->content))) { lastChild->content = xmlStrdup(lastChild->content); } + if (lastChild->content == NULL) { + xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters: xmlStrdup returned NULL"); + } if (((size_t)ctxt->nodelen + (size_t)len > XML_MAX_TEXT_LENGTH) && ((ctxt->options & XML_PARSE_HUGE) == 0)) { xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters: huge text node");