[libxslt] Optional operation limit

[Nick Wellnhofer <nwellnhof src gnome org>]

commit d3ec60600c736d0cca002d83022e38febda7ffbf
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Thu Apr 25 14:29:11 2019 +0200

    Optional operation limit
    
    Useful to avoid timeouts when fuzzing.

 libxslt/transform.c     | 11 +++++++++++
 libxslt/xsltInternals.h |  2 ++
 tests/fuzz/xslt.c       |  1 +
 3 files changed, 14 insertions(+)
---
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 0636dbd0..b4c8a7cc 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -2411,6 +2411,17 @@ xsltApplySequenceConstructor(xsltTransformContextPtr ctxt,
     */
     cur = list;
     while (cur != NULL) {
+        if (ctxt->opLimit != 0) {
+            if (ctxt->opCount >= ctxt->opLimit) {
+               xsltTransformError(ctxt, NULL, cur,
+                   "xsltApplySequenceConstructor: "
+                    "Operation limit exceeded\n");
+               ctxt->state = XSLT_STATE_STOPPED;
+                goto error;
+            }
+            ctxt->opCount += 1;
+        }
+
         ctxt->inst = cur;
 
 #ifdef WITH_DEBUGGER
diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
index 464c5cd9..4ac51446 100644
--- a/libxslt/xsltInternals.h
+++ b/libxslt/xsltInternals.h
@@ -1780,6 +1780,8 @@ struct _xsltTransformContext {
     int depth;          /* Needed to catch recursions */
     int maxTemplateDepth;
     int maxTemplateVars;
+    unsigned long opLimit;
+    unsigned long opCount;
 };
 
 /**
diff --git a/tests/fuzz/xslt.c b/tests/fuzz/xslt.c
index 0520550d..0d7bfebf 100644
--- a/tests/fuzz/xslt.c
+++ b/tests/fuzz/xslt.c
@@ -124,6 +124,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
     ctxt = xsltNewTransformContext(sheet, doc);
     xsltSetCtxtSecurityPrefs(sec, ctxt);
     ctxt->maxTemplateDepth = 100;
+    ctxt->opLimit = 200000;
     xsltSetXPathResourceLimits(ctxt->xpathCtxt);
     ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;