diff options
Diffstat (limited to 'main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch')
-rw-r--r-- | main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch b/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch new file mode 100644 index 0000000000..e943e79045 --- /dev/null +++ b/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch @@ -0,0 +1,42 @@ +From 824657768aea2cce9c23e72ba8085cb5e44350c7 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Mon, 17 Aug 2020 04:27:13 +0200 +Subject: [PATCH] Transfer XPath limits to XPtr context + +Expressions like document('doc.xml#xpointer(evil_expr)') ignored the +XPath limits. +--- + libxslt/functions.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/libxslt/functions.c b/libxslt/functions.c +index b350545a..975ea790 100644 +--- a/libxslt/functions.c ++++ b/libxslt/functions.c +@@ -178,10 +178,22 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI) + goto out_fragment; + } + ++#if LIBXML_VERSION >= 20911 || \ ++ defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) ++ xptrctxt->opLimit = ctxt->context->opLimit; ++ xptrctxt->opCount = ctxt->context->opCount; ++ xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth; ++ ++ resObj = xmlXPtrEval(fragment, xptrctxt); ++ ++ ctxt->context->opCount = xptrctxt->opCount; ++#else + resObj = xmlXPtrEval(fragment, xptrctxt); +- xmlXPathFreeContext(xptrctxt); + #endif + ++ xmlXPathFreeContext(xptrctxt); ++#endif /* LIBXML_XPTR_ENABLED */ ++ + if (resObj == NULL) + goto out_fragment; + +-- +GitLab + |