[libxslt] Use xmlNewTextChild in EXSLT dyn:map
- From: Nick Wellnhofer <nwellnhof src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libxslt] Use xmlNewTextChild in EXSLT dyn:map
- Date: Wed, 13 Mar 2019 11:31:17 +0000 (UTC)
commit eb48a900198d991fff9bde6390e84066de66abea
Author: Nick Wellnhofer <wellnhofer aevum de>
Date: Tue Mar 12 17:59:29 2019 +0100
Use xmlNewTextChild in EXSLT dyn:map
xmlTextChild supports entities but dyn:map should create an element
containing a literal string.
Found with libFuzzer and UBSan.
libexslt/dynamic.c | 18 +++++++++---------
tests/exslt/dynamic/dynmap.out | 1 +
tests/exslt/dynamic/dynmap.xsl | 1 +
3 files changed, 11 insertions(+), 9 deletions(-)
---
diff --git a/libexslt/dynamic.c b/libexslt/dynamic.c
index dd0804bc..a5b569af 100644
--- a/libexslt/dynamic.c
+++ b/libexslt/dynamic.c
@@ -194,10 +194,10 @@ exsltDynMapFunction(xmlXPathParserContextPtr ctxt, int nargs)
case XPATH_BOOLEAN:
if (container != NULL) {
xmlNodePtr cur =
- xmlNewChild((xmlNodePtr) container, NULL,
- BAD_CAST "boolean",
- BAD_CAST (subResult->
- boolval ? "true" : ""));
+ xmlNewTextChild((xmlNodePtr) container, NULL,
+ BAD_CAST "boolean",
+ BAD_CAST (subResult->
+ boolval ? "true" : ""));
if (cur != NULL) {
cur->ns =
xmlNewNs(cur,
@@ -215,8 +215,8 @@ exsltDynMapFunction(xmlXPathParserContextPtr ctxt, int nargs)
xmlXPathCastNumberToString(subResult->
floatval);
xmlNodePtr cur =
- xmlNewChild((xmlNodePtr) container, NULL,
- BAD_CAST "number", val);
+ xmlNewTextChild((xmlNodePtr) container, NULL,
+ BAD_CAST "number", val);
if (val != NULL)
xmlFree(val);
@@ -234,9 +234,9 @@ exsltDynMapFunction(xmlXPathParserContextPtr ctxt, int nargs)
case XPATH_STRING:
if (container != NULL) {
xmlNodePtr cur =
- xmlNewChild((xmlNodePtr) container, NULL,
- BAD_CAST "string",
- subResult->stringval);
+ xmlNewTextChild((xmlNodePtr) container, NULL,
+ BAD_CAST "string",
+ subResult->stringval);
if (cur != NULL) {
cur->ns =
xmlNewNs(cur,
diff --git a/tests/exslt/dynamic/dynmap.out b/tests/exslt/dynamic/dynmap.out
index 7a900cae..ca81ace5 100644
--- a/tests/exslt/dynamic/dynmap.out
+++ b/tests/exslt/dynamic/dynmap.out
@@ -37,6 +37,7 @@
<exsl:string xmlns:exsl="http://exslt.org/common";>without-child</exsl:string>
<exsl:string xmlns:exsl="http://exslt.org/common";>without-child</exsl:string>
<exsl:string xmlns:exsl="http://exslt.org/common";>with-child</exsl:string>
+ <exsl:string xmlns:exsl="http://exslt.org/common";>&)</exsl:string>
</string>
<namespace>
<exsl:string xmlns:exsl="http://exslt.org/common";>dynmap</exsl:string>
diff --git a/tests/exslt/dynamic/dynmap.xsl b/tests/exslt/dynamic/dynmap.xsl
index 40f9eaf1..867e39a8 100644
--- a/tests/exslt/dynamic/dynmap.xsl
+++ b/tests/exslt/dynamic/dynmap.xsl
@@ -17,6 +17,7 @@
</number>
<string>
<xsl:copy-of select="dyn:map(*, 'name()')"/>
+ <xsl:copy-of select="dyn:map(., '"&)"')"/>
</string>
<namespace>
<xsl:copy-of select="dyn:map(namespace::*, 'name(/*)')"/>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
