8e9f5d7cb1
- Security fix [bsc#1154609, CVE-2019-18197] * Fix dangling pointer in xsltCopyText * Add libxslt-CVE-2019-18197.patch OBS-URL: https://build.opensuse.org/request/show/741566 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=80
31 lines
874 B
Diff
31 lines
874 B
Diff
From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Sat, 17 Aug 2019 16:51:53 +0200
|
|
Subject: [PATCH] Fix dangling pointer in xsltCopyText
|
|
|
|
xsltCopyText didn't reset ctxt->lasttext in some cases which could
|
|
lead to various memory errors in relation with CDATA sections in input
|
|
documents.
|
|
|
|
Found by OSS-Fuzz.
|
|
---
|
|
libxslt/transform.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/libxslt/transform.c b/libxslt/transform.c
|
|
index 95ebd073..d7ab0b66 100644
|
|
--- a/libxslt/transform.c
|
|
+++ b/libxslt/transform.c
|
|
@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
|
|
if ((copy->content = xmlStrdup(cur->content)) == NULL)
|
|
return NULL;
|
|
}
|
|
+
|
|
+ ctxt->lasttext = NULL;
|
|
} else {
|
|
/*
|
|
* normal processing. keep counters to extend the text node
|
|
--
|
|
2.22.0
|
|
|