malloc-fail: Fix memory leak in xsltResolveSASCallback

Found with libFuzzer, see #84.

1 files changed, 10 insertions, 0 deletions

diff --git a/libxslt/attributes.c b/libxslt/attributes.c
index 608508a8..4cc49d0d 100644
--- a/libxslt/attributes.c
+++ b/libxslt/attributes.c
@@ -87,6 +87,7 @@ typedef xsltAttrSetContext *xsltAttrSetContextPtr;
 struct _xsltAttrSetContext {
     xsltStylesheetPtr topStyle;
     xsltStylesheetPtr style;
+    int error;
 };
 
 static void
@@ -666,6 +667,12 @@ xsltResolveSASCallback(void *payload, void *data,
     xsltStylesheetPtr topStyle = asctx->topStyle;
     xsltStylesheetPtr style = asctx->style;
 
+    if (asctx->error) {
+        if (style != topStyle)
+            xsltFreeAttrSet(set);
+        return;
+    }
+
     xsltResolveAttrSet(set, topStyle, style, name, ns, 1);
 
     /* Move attribute sets to top stylesheet. */
@@ -678,6 +685,8 @@ xsltResolveSASCallback(void *payload, void *data,
 	    xsltGenericError(xsltGenericErrorContext,
                 "xsl:attribute-set : internal error, can't move imported "
                 " attribute set %s\n", name);
+            asctx->error = 1;
+            xsltFreeAttrSet(set);
         }
     }
 }
@@ -698,6 +707,7 @@ xsltResolveStylesheetAttributeSet(xsltStylesheetPtr style) {
 	    "Resolving attribute sets references\n");
 #endif
     asctx.topStyle = style;
+    asctx.error = 0;
     cur = style;
     while (cur != NULL) {
 	if (cur->attributeSets != NULL) {