[libxslt] Check for return value of xmlUTF8Strlen

[Nick Wellnhofer <nwellnhof src gnome org>]

commit 1785d1189e2af54ce8f9942eee0eda67dd8a17ba
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Thu May 18 17:33:21 2017 +0200

    Check for return value of xmlUTF8Strlen
    
    Check whether xmlUTF8Strlen returns -1 for invalid UTF-8.
    
    Under normal conditions, libxslt should never receive invalid UTF-8.
    But this change helps when fuzzing and hardens security.

 libexslt/strings.c |   27 +++++++++++++++++++++++++--
 1 files changed, 25 insertions(+), 2 deletions(-)
---
diff --git a/libexslt/strings.c b/libexslt/strings.c
index 9be90b5..8c8ed1d 100644
--- a/libexslt/strings.c
+++ b/libexslt/strings.c
@@ -265,7 +265,10 @@ exsltStrEncodeUriFunction (xmlXPathParserContextPtr ctxt, int nargs) {
     str = xmlXPathPopString(ctxt);
     str_len = xmlUTF8Strlen(str);
 
-    if (str_len == 0) {
+    if (str_len <= 0) {
+        if (str_len < 0)
+            xsltGenericError(xsltGenericErrorContext,
+                             "exsltStrEncodeUriFunction: invalid UTF-8\n");
        xmlXPathReturnEmptyString(ctxt);
        xmlFree(str);
        return;
@@ -310,7 +313,10 @@ exsltStrDecodeUriFunction (xmlXPathParserContextPtr ctxt, int nargs) {
     str = xmlXPathPopString(ctxt);
     str_len = xmlUTF8Strlen(str);
 
-    if (str_len == 0) {
+    if (str_len <= 0) {
+        if (str_len < 0)
+            xsltGenericError(xsltGenericErrorContext,
+                             "exsltStrDecodeUriFunction: invalid UTF-8\n");
        xmlXPathReturnEmptyString(ctxt);
        xmlFree(str);
        return;
@@ -354,6 +360,13 @@ exsltStrPaddingFunction (xmlXPathParserContextPtr ctxt, int nargs) {
        str = xmlXPathPopString(ctxt);
        str_len = xmlUTF8Strlen(str);
        str_size = xmlStrlen(str);
+        if (str_len < 0) {
+            xsltGenericError(xsltGenericErrorContext,
+                             "exsltStrPaddingFunction: invalid UTF-8\n");
+            xmlXPathReturnEmptyString(ctxt);
+            xmlFree(str);
+            return;
+        }
     }
     if (str_len == 0) {
        if (str != NULL) xmlFree(str);
@@ -422,6 +435,16 @@ exsltStrAlignFunction (xmlXPathParserContextPtr ctxt, int nargs) {
     str_l = xmlUTF8Strlen (str);
     padding_l = xmlUTF8Strlen (padding);
 
+    if (str_l < 0 || padding_l < 0) {
+        xsltGenericError(xsltGenericErrorContext,
+                         "exsltStrAlignFunction: invalid UTF-8\n");
+        xmlXPathReturnEmptyString(ctxt);
+        xmlFree(str);
+        xmlFree(padding);
+        xmlFree(alignment);
+        return;
+    }
+
     if (str_l == padding_l) {
        xmlXPathReturnString (ctxt, str);
        xmlFree(padding);