From aec2b976cd67bd5bbaaa58e7301dbce4b0a6bddb Mon Sep 17 00:00:00 2001
From: "Fred L. Drake, Jr." <fdrake@users.sourceforge.net>
Date: Fri, 17 May 2002 15:21:53 +0000
Subject: [PATCH] Hopefully the last needed checks for MALLOC() failure in
 xmlparse.c, this avoids memory faults when the initial allocations fail,
 returning NULL to the caller instead. This closes SF bug #496505.

---
 expat/lib/xmlparse.c | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index 2dcfbeb7..16f49215 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -572,7 +572,6 @@ XML_Parser
 XML_ParserCreate_MM(const XML_Char *encodingName,
 		    const XML_Memory_Handling_Suite *memsuite,
 		    const XML_Char *nameSep) {
-  
   XML_Parser parser;
   static const XML_Char implicitContext[] = {
     'x', 'm', 'l', '=', 'h', 't', 't', 'p', ':', '/', '/',
@@ -585,18 +584,22 @@ XML_ParserCreate_MM(const XML_Char *encodingName,
   if (memsuite) {
     XML_Memory_Handling_Suite *mtemp;
     parser = memsuite->malloc_fcn(sizeof(Parser));
-    mtemp = &(((Parser *) parser)->m_mem);
-    mtemp->malloc_fcn = memsuite->malloc_fcn;
-    mtemp->realloc_fcn = memsuite->realloc_fcn;
-    mtemp->free_fcn = memsuite->free_fcn;
+    if (parser != NULL) {
+      mtemp = &(((Parser *) parser)->m_mem);
+      mtemp->malloc_fcn = memsuite->malloc_fcn;
+      mtemp->realloc_fcn = memsuite->realloc_fcn;
+      mtemp->free_fcn = memsuite->free_fcn;
+    }
   }
   else {
     XML_Memory_Handling_Suite *mtemp;
     parser = malloc(sizeof(Parser));
-    mtemp = &(((Parser *) parser)->m_mem);
-    mtemp->malloc_fcn = malloc;
-    mtemp->realloc_fcn = realloc;
-    mtemp->free_fcn = free;
+    if (parser != NULL) {
+      mtemp = &(((Parser *) parser)->m_mem);
+      mtemp->malloc_fcn = malloc;
+      mtemp->realloc_fcn = realloc;
+      mtemp->free_fcn = free;
+    }
   }
 
   if (!parser)
@@ -607,7 +610,16 @@ XML_ParserCreate_MM(const XML_Char *encodingName,
 
   attsSize = INIT_ATTS_SIZE;
   atts = MALLOC(attsSize * sizeof(ATTRIBUTE));
+  if (atts == NULL) {
+    FREE(parser);
+    return NULL;
+  }
   dataBuf = MALLOC(INIT_DATA_BUF_SIZE * sizeof(XML_Char));
+  if (dataBuf == NULL) {
+    FREE(atts);
+    FREE(parser);
+    return NULL;
+  }
   dataBufEnd = dataBuf + INIT_DATA_BUF_SIZE;
   freeBindingList = 0;
   inheritedBindings = 0;
-- 
2.40.0