aboutsummaryrefslogtreecommitdiffstats
path: root/main/libxslt/CVE-2019-18197.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/libxslt/CVE-2019-18197.patch')
-rw-r--r--main/libxslt/CVE-2019-18197.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/main/libxslt/CVE-2019-18197.patch b/main/libxslt/CVE-2019-18197.patch
new file mode 100644
index 0000000000..a8c7cf541d
--- /dev/null
+++ b/main/libxslt/CVE-2019-18197.patch
@@ -0,0 +1,30 @@
+From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 17 Aug 2019 16:51:53 +0200
+Subject: [PATCH] Fix dangling pointer in xsltCopyText
+
+xsltCopyText didn't reset ctxt->lasttext in some cases which could
+lead to various memory errors in relation with CDATA sections in input
+documents.
+
+Found by OSS-Fuzz.
+---
+ libxslt/transform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 95ebd073..d7ab0b66 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
+ if ((copy->content = xmlStrdup(cur->content)) == NULL)
+ return NULL;
+ }
++
++ ctxt->lasttext = NULL;
+ } else {
+ /*
+ * normal processing. keep counters to extend the text node
+--
+2.22.0
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 02:42:22 +0000