GNOME Bugzilla – Bug 702673
Lack of Sanity Checking for malloc() calls in libxml2-2.6.31 and higher
Last modified: 2021-07-05 13:25:45 UTC
Hello All, While researching source code in 'VirtualBox 4.2.10', I came across some potential problems with the code below, specifically in libxml2-2.6.31 and calls to malloc(), these issues may also be in libxml2-2.7.x as well. In directory 'src/libs/libxml2-2.6.31' in file 'threads.c' at line 438, I found the following call to malloc() with no corresponding check for a return value of NULL, possibly indicating failure: cs = malloc(sizeof(CRITICAL_SECTION)); While I realize that the function __xmlGlobalInitMutexLock(void) has no return value, should this not be checked before 'cs' is passed to the function 'InitializeCriticalSection'? Additionally at line 667 in file 'threads.c', function 'xmlGetGlobalState' a call to malloc() is made and assigned to p, but no check is made for a return value of NULL , possibly indicating failure: p = (xmlGlobalStateCleanupHelperParams *) malloc(sizeof(xmlGlobalStateCleanupHelperParams)); In file 'xmllint.c', function 'registerNode', a call to malloc() is made and assigned to node->_private without a check of the return value being NULL, possibly indicating failure to allocate memory to hold (long) 0x81726354 on the next line. Bill Parker (wp02855 at gmail dot com)
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/libxml2/-/issues/ Thank you for your understanding and your help.