malloc-fail: Fix use-after-free after xsltSetAttrVTsegment

Found by OSS-Fuzz, see #84.
author: Nick Wellnhofer <wellnhofer@aevum.de> 2023-03-19 13:10:54 +0100
committer: Nick Wellnhofer <wellnhofer@aevum.de> 2023-03-19 13:10:54 +0100
commit: dd5a4064672c18e01b8a06ba62e67df24390f64a (patch)
tree: 6a3244781eac0da37bc681def141ddcbef3831ad
parent: df6dc8f69940e56b4900acd74dd6e16afc7f328b (diff)
download: libxslt-dd5a4064672c18e01b8a06ba62e67df24390f64a.tar.gz
1 files changed, 1 insertions, 3 deletions
diff --git a/libxslt/attrvt.c b/libxslt/attrvt.c
index a885526e..3d51feda 100644
--- a/libxslt/attrvt.c
+++ b/libxslt/attrvt.c
@@ -155,10 +155,8 @@ xsltSetAttrVTsegment(xsltAttrVTPtr avt, void *val) {
         size_t size = sizeof(xsltAttrVT) +
                       (avt->max_seg + MAX_AVT_SEG) * sizeof(void *);
 	xsltAttrVTPtr tmp = (xsltAttrVTPtr) xmlRealloc(avt, size);
-	if (tmp == NULL) {
-            xsltFreeAttrVT(avt);
+	if (tmp == NULL)
 	    return NULL;
-	}
         avt = tmp;
 	memset(&avt->segments[avt->nb_seg], 0, MAX_AVT_SEG*sizeof(void *));
 	avt->max_seg += MAX_AVT_SEG;
author	Nick Wellnhofer <wellnhofer@aevum.de>	2023-03-19 13:10:54 +0100
committer	Nick Wellnhofer <wellnhofer@aevum.de>	2023-03-19 13:10:54 +0100
commit	dd5a4064672c18e01b8a06ba62e67df24390f64a (patch)
tree	6a3244781eac0da37bc681def141ddcbef3831ad
parent	df6dc8f69940e56b4900acd74dd6e16afc7f328b (diff)
download	libxslt-dd5a4064672c18e01b8a06ba62e67df24390f64a.tar.gz