packages/libxslt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!10 【master分支】Fix the large loop found in xsltApplyStylesheetUser through fuzzing test cases.

Browse Source 
From: @yang_zhuang_zhuang
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2020-09-23 14:37:38 +08:00 committed by Gitee
commit ebfde0447c
2 changed files with 55 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
Fix-quadratic-runtime-with-text-and-xsl-message.patch Normal file
View File

@ -0,0 +1,49 @@
From 4ccc06b56b8b6d39c29932c92cd1ed82f6698d6f Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sun, 20 Sep 2020 15:14:47 +0200
Subject: [PATCH 33/37] Fix quadratic runtime with text and <xsl:message>
Backup and restore "last text" data in xsltEvalTemplateString.
Otherwise, optimization of string concatenation would be disabled
whenever an xsl:message was processed.
Found by OSS-Fuzz.
---
libxslt/templates.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libxslt/templates.c b/libxslt/templates.c
index 48b73a5..4108ed2 100644
--- a/libxslt/templates.c
+++ b/libxslt/templates.c
@@ -210,6 +210,8 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt,
{
xmlNodePtr oldInsert, insert = NULL;
xmlChar *ret;
+ const xmlChar *oldLastText;
+ int oldLastTextSize, oldLastTextUse;
if ((ctxt == NULL) || (contextNode == NULL) || (inst == NULL) ||
(inst->type != XML_ELEMENT_NODE))
@@ -233,12 +235,18 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt,
}
oldInsert = ctxt->insert;
ctxt->insert = insert;
+ oldLastText = ctxt->lasttext;
+ oldLastTextSize = ctxt->lasttsize;
+ oldLastTextUse = ctxt->lasttuse;
/*
* OPTIMIZE TODO: if inst->children consists only of text-nodes.
*/
xsltApplyOneTemplate(ctxt, contextNode, inst->children, NULL, NULL);
ctxt->insert = oldInsert;
+ ctxt->lasttext = oldLastText;
+ ctxt->lasttsize = oldLastTextSize;
+ ctxt->lasttuse = oldLastTextUse;
ret = xmlNodeGetContent(insert);
if (insert != NULL)
--
1.8.3.1

8
libxslt.spec
View File

@ -1,12 +1,13 @@
Name: libxslt Name: libxslt
Version: 1.1.34 Version: 1.1.34
Release: 1 Release: 2
Summary: XSLT Transformation Library Summary: XSLT Transformation Library
License: MIT License: MIT
URL: http://xmlsoft.org/libxslt/ URL: http://xmlsoft.org/libxslt/
Source0: https://github.com/GNOME/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: https://github.com/GNOME/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
# PATCH-FIX-UPSTREAM bug-fix https://github.com/GNOME/libxslt/ # PATCH-FIX-UPSTREAM bug-fix https://github.com/GNOME/libxslt/
Patch0000:CVE-2015-9019.patch Patch0: CVE-2015-9019.patch
Patch1: Fix-quadratic-runtime-with-text-and-xsl-message.patch
BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27 BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27
@ -96,6 +97,9 @@ make check
%doc python/tests/*.xsl %doc python/tests/*.xsl
%changelog %changelog
* Wed Sep 23 2020 yangzhuangzhuang<yangzhuangzhuang1@huawei.com> - 1.1.34-2
- Fix the large loop found in xsltApplyStylesheetUser through fuzzing testcase xslt.
* Mon Jun 22 2020 linwei<linwei54@huawei.com> - 1.1.34-1 * Mon Jun 22 2020 linwei<linwei54@huawei.com> - 1.1.34-1
- update to 1.1.34 - update to 1.1.34