[libxslt] Disable xsltCopyTextString optimization for extensions

From: Nick Wellnhofer <nwellnhof src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxslt] Disable xsltCopyTextString optimization for extensions
Date: Fri, 10 Feb 2017 13:15:51 +0000 (UTC)

commit ec547b2c12dc12e1277bc527fdc6b37a2feb1b43
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Fri Feb 10 14:12:28 2017 +0100

    Disable xsltCopyTextString optimization for extensions
    
    Extensions could append text using xmlAddChild which will free the
    buffer pointed to by 'lasttext'. This buffer could later be
    reallocated with a different size than recorded in 'lasttsize'.
    
    Fixes bug #777432:
    
    https://bugzilla.gnome.org/show_bug.cgi?id=777432

 libxslt/transform.c |   24 ++++++++++++++++++++++++
 1 files changed, 24 insertions(+), 0 deletions(-)
---
diff --git a/libxslt/transform.c b/libxslt/transform.c
index afc037e..85ad3a2 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -2686,6 +2686,18 @@ xsltApplySequenceConstructor(xsltTransformContextPtr ctxt,
                        "xsltApplySequenceConstructor: extension construct %s\n",
                        cur->name));
 #endif
+                    /*
+                     * Disable the xsltCopyTextString optimization for
+                     * extension elements. Extensions could append text using
+                     * xmlAddChild which will free the buffer pointed to by
+                     * 'lasttext'. This buffer could later be reallocated with
+                     * a different size than recorded in 'lasttsize'. See bug
+                     * #777432.
+                     */
+                    if (cur->psvi == xsltExtMarker) {
+                        ctxt->lasttext = NULL;
+                    }
+
                    ctxt->insert = insert;
 
                    func(ctxt, contextNode, cur, cur->psvi);
@@ -2869,6 +2881,18 @@ xsltApplySequenceConstructor(xsltTransformContextPtr ctxt,
                     cur->name));
 #endif
 
+                /*
+                 * Disable the xsltCopyTextString optimization for
+                 * extension elements. Extensions could append text using
+                 * xmlAddChild which will free the buffer pointed to by
+                 * 'lasttext'. This buffer could later be reallocated with
+                 * a different size than recorded in 'lasttsize'. See bug
+                 * #777432.
+                 */
+                if (cur->psvi == xsltExtMarker) {
+                   ctxt->lasttext = NULL;
+                }
+
                 ctxt->insert = insert;
 
                 function(ctxt, contextNode, cur, cur->psvi);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]