lib/libxslt
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxslt synced 2025-08-08 21:42:07 +03:00
Code Activity

Fix handling of RVTs returned from nested EXSLT functions

Browse Source 
Set the context variable to NULL when evaluating EXSLT functions.
Fixes potential use-after-free errors or memory leaks.

Fixes bug 792580. Thanks to Clemens Gutweiler for the report.

https://bugzilla.gnome.org/show_bug.cgi?id=792580
This commit is contained in:
Nick Wellnhofer
2018-01-16 18:59:02 +01:00
parent 840c8e2b6a
commit 8bd32f7753
4 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libexslt/functions.c
View File

@@ -292,6 +292,7 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
exsltFuncFunctionData *func;
xmlNodePtr paramNode, oldInsert, fake;
int oldBase;
void *oldCtxtVar;
xsltStackElemPtr params = NULL, param;
xsltTransformContextPtr tctxt = xsltXPathGetTransformContext(ctxt);
int i, notSet;
@@ -430,11 +431,14 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
fake = xmlNewDocNode(tctxt->output, NULL,
(const xmlChar *)"fake", NULL);
oldInsert = tctxt->insert;
oldCtxtVar = tctxt->contextVariable;
tctxt->insert = fake;
tctxt->contextVariable = NULL;
xsltApplyOneTemplate (tctxt, tctxt->node,
func->content, NULL, NULL);
xsltLocalVariablePop(tctxt, tctxt->varsBase, -2);
tctxt->insert = oldInsert;
tctxt->contextVariable = oldCtxtVar;
tctxt->varsBase = oldBase; /* restore original scope */
if (params != NULL)
xsltFreeStackElemList(params);