[libxslt] Fix NULL deref in xsltDefaultSortFunction

From: Nick Wellnhofer <nwellnhof src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxslt] Fix NULL deref in xsltDefaultSortFunction
Date: Mon, 31 Jul 2017 13:14:59 +0000 (UTC)

commit 6b067190fe4f0a9031cc39b6e52cfc19c416aac0
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Sun Jul 30 18:33:27 2017 +0200

    Fix NULL deref in xsltDefaultSortFunction
    
    An evaluation error in a secondary sort key could lead to a NULL pointer
    dereference.
    
    Thanks to Nicolas Gregoire for the report.
    
    Fixes bug 785588.

 libxslt/xsltutils.c       |    2 ++
 tests/docs/bug-208.xml    |    8 ++++++++
 tests/general/bug-208.err |    6 ++++++
 tests/general/bug-208.xsl |    8 ++++++++
 4 files changed, 24 insertions(+), 0 deletions(-)
---
diff --git a/libxslt/xsltutils.c b/libxslt/xsltutils.c
index c250ccf..6bd8ed0 100644
--- a/libxslt/xsltutils.c
+++ b/libxslt/xsltutils.c
@@ -1249,6 +1249,8 @@ xsltDefaultSortFunction(xsltTransformContextPtr ctxt, xmlNodePtr *sorts,
                        if (res[j] == NULL) {
                            if (res[j+incr] != NULL)
                                tst = 1;
+                       } else if (res[j+incr] == NULL) {
+                           tst = -1;
                        } else {
                            if (numb) {
                                /* We make NaN smaller than number in
diff --git a/tests/docs/bug-208.xml b/tests/docs/bug-208.xml
new file mode 100644
index 0000000..5d3529a
--- /dev/null
+++ b/tests/docs/bug-208.xml
@@ -0,0 +1,8 @@
+<a>
+  <b>
+    <c>
+      <d1><d2/></d1>
+    <e/>
+    </c>
+  </b>
+</a>
diff --git a/tests/general/bug-208.err b/tests/general/bug-208.err
new file mode 100644
index 0000000..02c9712
--- /dev/null
+++ b/tests/general/bug-208.err
@@ -0,0 +1,6 @@
+XPath error : Undefined namespace prefix
+XPath error : Undefined namespace prefix
+XPath error : Undefined namespace prefix
+XPath error : Undefined namespace prefix
+XPath error : Undefined namespace prefix
+no result for ./../docs/bug-208.xml
diff --git a/tests/general/bug-208.out b/tests/general/bug-208.out
new file mode 100644
index 0000000..e69de29
diff --git a/tests/general/bug-208.xsl b/tests/general/bug-208.xsl
new file mode 100644
index 0000000..322b58d
--- /dev/null
+++ b/tests/general/bug-208.xsl
@@ -0,0 +1,8 @@
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"; version="1.0">
+  <xsl:template match="/">
+    <xsl:for-each select="//.">
+      <xsl:sort/>
+      <xsl:sort select="*[a:b]"/>;
+    </xsl:for-each>
+  </xsl:template>
+</xsl:stylesheet>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]