[xml] Regarding Malloc Failure Handling


Recently we performed failure testing on libxml, that is we simulated malloc failures to see how libxml behaved in that scenario. As a result of the testing we found a number of memory leaks and some crashes. Something like the following in function xmlNewBlanksWrapperInputStream


Snippet of the code

input = xmlNewInputStream(ctxt);

    if (input == NULL) {



    length = xmlStrlen(entity->name) + 5;

    buffer = xmlMallocAtomic(length);

    if (buffer == NULL) {

       xmlErrMemory(ctxt, NULL);



Here I believe if the malloc fails for buffer, there will be a memleak for input….


Or another example in function xmlParseEntityDecl-

if ((ctxt->myDoc == NULL) ||

            (xmlStrEqual(ctxt->myDoc->version, SAX_COMPAT_MODE))) {

            if (ctxt->myDoc == NULL) {

               ctxt->myDoc = xmlNewDoc(SAX_COMPAT_MODE);


            if (ctxt->myDoc->intSubset == NULL)

               ctxt->myDoc->intSubset = xmlNewDtd(ctxt->myDoc,


If malloc fails inside xmlNewDoc, there will be a crash on the subsequent line.

          There are other similar problems, so I was wondering if there is an assumption that malloc failure will not occur since it is a rare occurrence. Or does corrective action need to be taken wherever it occurs in the failure path.


Thanks in advance!!







[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]