Fix potential null pointer dereference (issue #502)

commit: b3a467e3922a5894a903790673af93b347aba385 [log] [tgz]
author: Gaurav <g.gupta@samsung.com> Sat Mar 12 02:53:04 2016 +0100
committer: Sebastian Pipping <sebastian@pipping.org> Sat Mar 12 02:53:04 2016 +0100
tree: ba4038bb7af76f133e888889b9b1198db8bdd560
parent: 2671b8bb9182cec4032df07b1d4574a6fcd06244 [diff]
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index 3491811..e308c79 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c

@@ -2922,6 +2922,8 @@
         unsigned long uriHash = hash_secret_salt;
         ((XML_Char *)s)[-1] = 0;  /* clear flag */
         id = (ATTRIBUTE_ID *)lookup(parser, &dtd->attributeIds, s, 0);
+        if (!id || !id->prefix)
+          return XML_ERROR_NO_MEMORY;
         b = id->prefix->binding;
         if (!b)
           return XML_ERROR_UNBOUND_PREFIX;
@@ -5486,6 +5488,8 @@
             return NULL;
           id->prefix = (PREFIX *)lookup(parser, &dtd->prefixes, poolStart(&dtd->pool),
                                         sizeof(PREFIX));
+          if (!id->prefix)
+            return NULL;
           if (id->prefix->name == poolStart(&dtd->pool))
             poolFinish(&dtd->pool);
           else
commit	b3a467e3922a5894a903790673af93b347aba385	[log] [tgz]
author	Gaurav <g.gupta@samsung.com>	Sat Mar 12 02:53:04 2016 +0100
committer	Sebastian Pipping <sebastian@pipping.org>	Sat Mar 12 02:53:04 2016 +0100
tree	ba4038bb7af76f133e888889b9b1198db8bdd560
parent	2671b8bb9182cec4032df07b1d4574a6fcd06244 [diff]