From 5a19e21605398cef6a8b1452477a8705cb41562b Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 2 Nov 2022 16:13:27 +0100
Subject: [PATCH] malloc-fail: Fix use-after-free in xmlXIncludeAddNode

Found with libFuzzer, see #344.

Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b]
CVE: CVE-2022-49043
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 xinclude.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xinclude.c b/xinclude.c
index e5fdf0f..36fa8ec 100644
--- a/xinclude.c
+++ b/xinclude.c
@@ -612,14 +612,15 @@ xmlXIncludeAddNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur) {
     }
     URL = xmlSaveUri(uri);
     xmlFreeURI(uri);
-    xmlFree(URI);
     if (URL == NULL) {
 	xmlXIncludeErr(ctxt, cur, XML_XINCLUDE_HREF_URI,
 	               "invalid value URI %s\n", URI);
 	if (fragment != NULL)
 	    xmlFree(fragment);
+	xmlFree(URI);
 	return(-1);
     }
+    xmlFree(URI);
 
     if (xmlStrEqual(URL, ctxt->doc->URL))
 	local = 1;
-- 
2.25.1