Fix memory leaks in SAX1 parser
Found by OSS-Fuzz. I could only reproduce this with the (obsolete)
SAX1 parser.
One leak is caused by duplicate namespaced attribute names and can be
reproduced in memory mode (testcase 4556417027538944):
$ cat file
<d xmlns:a="ns" a:x="v" xmlns:b="ns" b:x="v"/>
$ xmllint --sax1 --memory file
The other is caused by ATTLISTs with a normalized default for "xmlns"
if they're processed after the entity recursion limit was hit
(testcase 5580750034305024).
$ cat file
<!DOCTYPE d [
<!ENTITY a '<d>&a;'>
<!ATTLIST d xmlns NMTOKEN 't'>
]>
<d>&a;
$ xmllint --sax1 --valid file
Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2461
1 file changed