summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrej Valek <andrej.valek@siemens.com>2018-05-16 12:59:22 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-05-22 13:09:04 +0100
commita997bcd3f985b65141f9b7a497581da2fd7afc10 (patch)
tree9114a0106b4e513920f9da5a794d3e0f6cd68861
parenta36c1e514d43854b22da75a2ec4c8069a6eaab27 (diff)
downloadopenembedded-core-a997bcd3f985b65141f9b7a497581da2fd7afc10.tar.gz
openembedded-core-a997bcd3f985b65141f9b7a497581da2fd7afc10.tar.bz2
openembedded-core-a997bcd3f985b65141f9b7a497581da2fd7afc10.zip
libxslt: Fix handling of RVTs returned from nested EXSLT functions
Set the context variable to NULL when evaluating EXSLT functions. Fixes potential use-after-free errors or memory leaks. Fixes bug 792580 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
-rw-r--r--meta/recipes-support/libxslt/libxslt/fix-rvts-handling.patch80
-rw-r--r--meta/recipes-support/libxslt/libxslt_1.1.32.bb5
2 files changed, 84 insertions, 1 deletions
diff --git a/meta/recipes-support/libxslt/libxslt/fix-rvts-handling.patch b/meta/recipes-support/libxslt/libxslt/fix-rvts-handling.patch
new file mode 100644
index 0000000000..424c976d9b
--- /dev/null
+++ b/meta/recipes-support/libxslt/libxslt/fix-rvts-handling.patch
@@ -0,0 +1,80 @@
+libxslt-1.1.32: Fix handling of RVTs returned from nested EXSLT functions
+
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=792580
+
+Set the context variable to NULL when evaluating EXSLT functions.
+Fixes potential use-after-free errors or memory leaks.
+
+Upstream-Status: Backport [https://git.gnome.org/browse/libxslt/commit/?id=8bd32f7753ac253a54279a0b6a88d15a57076bb0]
+bug: 792580
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/libexslt/functions.c b/libexslt/functions.c
+index dc794e3..8511cb0 100644
+--- a/libexslt/functions.c
++++ b/libexslt/functions.c
+@@ -280,6 +280,7 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
+ exsltFuncFunctionData *func;
+ xmlNodePtr paramNode, oldInsert, fake;
+ int oldBase;
++ void *oldCtxtVar;
+ xsltStackElemPtr params = NULL, param;
+ xsltTransformContextPtr tctxt = xsltXPathGetTransformContext(ctxt);
+ int i, notSet;
+@@ -418,11 +419,14 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
+ fake = xmlNewDocNode(tctxt->output, NULL,
+ (const xmlChar *)"fake", NULL);
+ oldInsert = tctxt->insert;
++ oldCtxtVar = tctxt->contextVariable;
+ tctxt->insert = fake;
++ tctxt->contextVariable = NULL;
+ xsltApplyOneTemplate (tctxt, tctxt->node,
+ func->content, NULL, NULL);
+ xsltLocalVariablePop(tctxt, tctxt->varsBase, -2);
+ tctxt->insert = oldInsert;
++ tctxt->contextVariable = oldCtxtVar;
+ tctxt->varsBase = oldBase; /* restore original scope */
+ if (params != NULL)
+ xsltFreeStackElemList(params);
+diff --git a/tests/docs/bug-209.xml b/tests/docs/bug-209.xml
+new file mode 100644
+index 0000000..69d62f2
+--- /dev/null
++++ b/tests/docs/bug-209.xml
+@@ -0,0 +1 @@
++<doc/>
+diff --git a/tests/general/bug-209.out b/tests/general/bug-209.out
+new file mode 100644
+index 0000000..e829790
+--- /dev/null
++++ b/tests/general/bug-209.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++<result/>
+diff --git a/tests/general/bug-209.xsl b/tests/general/bug-209.xsl
+new file mode 100644
+index 0000000..fe69ac6
+--- /dev/null
++++ b/tests/general/bug-209.xsl
+@@ -0,0 +1,21 @@
++<xsl:stylesheet
++ version="1.0"
++ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
++ xmlns:func="http://exslt.org/functions"
++ extension-element-prefixes="func">
++
++ <xsl:template match="/">
++ <xsl:variable name="v" select="func:a()" />
++ <xsl:copy-of select="$v"/>
++ </xsl:template>
++
++ <func:function name="func:a">
++ <func:result select="func:b()" />
++ </func:function>
++
++ <func:function name="func:b">
++ <func:result>
++ <result/>
++ </func:result>
++ </func:function>
++</xsl:stylesheet>
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.32.bb b/meta/recipes-support/libxslt/libxslt_1.1.32.bb
index 6a03f77699..f0fa5e723f 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.32.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.32.bb
@@ -8,7 +8,10 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458"
SECTION = "libs"
DEPENDS = "libxml2"
-SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz"
+SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \
+ file://fix-rvts-handling.patch \
+ "
+
SRC_URI[md5sum] = "1fc72f98e98bf4443f1651165f3aa146"
SRC_URI[sha256sum] = "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460"