diff options
Diffstat (limited to 'main/libxslt/CVE-2019-18197.patch')
-rw-r--r-- | main/libxslt/CVE-2019-18197.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/main/libxslt/CVE-2019-18197.patch b/main/libxslt/CVE-2019-18197.patch new file mode 100644 index 0000000000..a8c7cf541d --- /dev/null +++ b/main/libxslt/CVE-2019-18197.patch @@ -0,0 +1,30 @@ +From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 17 Aug 2019 16:51:53 +0200 +Subject: [PATCH] Fix dangling pointer in xsltCopyText + +xsltCopyText didn't reset ctxt->lasttext in some cases which could +lead to various memory errors in relation with CDATA sections in input +documents. + +Found by OSS-Fuzz. +--- + libxslt/transform.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 95ebd073..d7ab0b66 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, + if ((copy->content = xmlStrdup(cur->content)) == NULL) + return NULL; + } ++ ++ ctxt->lasttext = NULL; + } else { + /* + * normal processing. keep counters to extend the text node +-- +2.22.0 + |