libxslt/libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch

From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 26 Aug 2020 00:34:38 +0200
Subject: [PATCH] Don't set maxDepth in XPath contexts

The maximum recursion depth is hardcoded in libxml2 now.
---
 libxslt/functions.c |  2 +-
 tests/fuzz/fuzz.c   | 11 ++---------
 2 files changed, 3 insertions(+), 10 deletions(-)

Index: libxslt-1.1.34/tests/fuzz/fuzz.c
===================================================================
--- libxslt-1.1.34.orig/tests/fuzz/fuzz.c
+++ libxslt-1.1.34/tests/fuzz/fuzz.c
@@ -168,7 +168,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_
     xpctxt = tctxt->xpathCtxt;
 
     /* Resource limits to avoid timeouts and call stack overflows */
-    xpctxt->maxDepth = 500;
     xpctxt->opLimit = 500000;
 
     /* Test namespaces used in xpath.xml */
@@ -299,12 +298,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_U
     return 0;
 }
 
-static void
-xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
-    ctxt->maxDepth = 200;
-    ctxt->opLimit = 100000;
-}
-
 xmlChar *
 xsltFuzzXslt(const char *data, size_t size) {
     xmlDocPtr xsltDoc;
@@ -334,7 +327,7 @@ xsltFuzzXslt(const char *data, size_t si
         xmlFreeDoc(xsltDoc);
         return NULL;
     }
-    xsltSetXPathResourceLimits(sheet->xpathCtxt);
+    sheet->xpathCtxt->opLimit = 100000;
     sheet->xpathCtxt->opCount = 0;
     if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {
         xsltFreeStylesheet(sheet);
@@ -346,7 +339,7 @@ xsltFuzzXslt(const char *data, size_t si
     xsltSetCtxtSecurityPrefs(sec, ctxt);
     ctxt->maxTemplateDepth = 100;
     ctxt->opLimit = 20000;
-    xsltSetXPathResourceLimits(ctxt->xpathCtxt);
+    ctxt->xpathCtxt->opLimit = 100000;
     ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
 
     result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);
Accepting request 896723 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - Fix build with libxml2 2.9.12 that removes maxParserDepth XPath limit - Add upstream patches: * libxslt-Stop-using-maxParserDepth-XPath-limit.patch * libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch OBS-URL: https://build.opensuse.org/request/show/896723 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=84 2021-06-01 22:37:05 +02:00			`From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001`
			`From: Nick Wellnhofer <wellnhofer@aevum.de>`
			`Date: Wed, 26 Aug 2020 00:34:38 +0200`
			`Subject: [PATCH] Don't set maxDepth in XPath contexts`

			`The maximum recursion depth is hardcoded in libxml2 now.`
			`---`
			`libxslt/functions.c \| 2 +-`
			`tests/fuzz/fuzz.c \| 11 ++---------`
			`2 files changed, 3 insertions(+), 10 deletions(-)`

			`Index: libxslt-1.1.34/tests/fuzz/fuzz.c`
			`===================================================================`
			`--- libxslt-1.1.34.orig/tests/fuzz/fuzz.c`
			`+++ libxslt-1.1.34/tests/fuzz/fuzz.c`
			`@@ -168,7 +168,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_`
			`xpctxt = tctxt->xpathCtxt;`

			`/* Resource limits to avoid timeouts and call stack overflows */`
			`- xpctxt->maxDepth = 500;`
			`xpctxt->opLimit = 500000;`

			`/* Test namespaces used in xpath.xml */`
			`@@ -299,12 +298,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_U`
			`return 0;`
			`}`

			`-static void`
			`-xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {`
			`- ctxt->maxDepth = 200;`
			`- ctxt->opLimit = 100000;`
			`-}`
			`-`
			`xmlChar *`
			`xsltFuzzXslt(const char *data, size_t size) {`
			`xmlDocPtr xsltDoc;`
			`@@ -334,7 +327,7 @@ xsltFuzzXslt(const char *data, size_t si`
			`xmlFreeDoc(xsltDoc);`
			`return NULL;`
			`}`
			`- xsltSetXPathResourceLimits(sheet->xpathCtxt);`
			`+ sheet->xpathCtxt->opLimit = 100000;`
			`sheet->xpathCtxt->opCount = 0;`
			`if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {`
			`xsltFreeStylesheet(sheet);`
			`@@ -346,7 +339,7 @@ xsltFuzzXslt(const char *data, size_t si`
			`xsltSetCtxtSecurityPrefs(sec, ctxt);`
			`ctxt->maxTemplateDepth = 100;`
			`ctxt->opLimit = 20000;`
			`- xsltSetXPathResourceLimits(ctxt->xpathCtxt);`
			`+ ctxt->xpathCtxt->opLimit = 100000;`
			`ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;`

			`result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);`