diff options
Diffstat (limited to 'poky/meta/recipes-support/libxslt/files/CVE-2019-18197.patch')
-rw-r--r-- | poky/meta/recipes-support/libxslt/files/CVE-2019-18197.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/libxslt/files/CVE-2019-18197.patch b/poky/meta/recipes-support/libxslt/files/CVE-2019-18197.patch new file mode 100644 index 0000000000..5f2b620396 --- /dev/null +++ b/poky/meta/recipes-support/libxslt/files/CVE-2019-18197.patch @@ -0,0 +1,33 @@ +libxslt: fix CVE-2019-18197 + +Added after 1.1.33 release. + +CVE: CVE-2019-18197 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt.git] +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +commit 2232473733b7313d67de8836ea3b29eec6e8e285 +Author: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat Aug 17 16:51:53 2019 +0200 + + Fix dangling pointer in xsltCopyText + + xsltCopyText didn't reset ctxt->lasttext in some cases which could + lead to various memory errors in relation with CDATA sections in input + documents. + + Found by OSS-Fuzz. + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 95ebd07..d7ab0b6 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, + if ((copy->content = xmlStrdup(cur->content)) == NULL) + return NULL; + } ++ ++ ctxt->lasttext = NULL; + } else { + /* + * normal processing. keep counters to extend the text node |