[libxslt] Avoid recursion in keys.c:skipPredicate
- From: Nick Wellnhofer <nwellnhof src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libxslt] Avoid recursion in keys.c:skipPredicate
- Date: Sun, 15 Sep 2019 12:57:08 +0000 (UTC)
commit d8ce4f1c27cdcbe0b202a696d636d2122abb192e
Author: Nick Wellnhofer <wellnhofer aevum de>
Date: Sun Sep 15 12:15:08 2019 +0200
Avoid recursion in keys.c:skipPredicate
Fixes potential call stack overflow found by OSS-Fuzz.
libxslt/keys.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
---
diff --git a/libxslt/keys.c b/libxslt/keys.c
index a1f150aa..ecef5382 100644
--- a/libxslt/keys.c
+++ b/libxslt/keys.c
@@ -241,6 +241,8 @@ skipString(const xmlChar *cur, int end) {
*/
static int
skipPredicate(const xmlChar *cur, int end) {
+ int level = 0;
+
if ((cur == NULL) || (end < 0)) return(-1);
if (cur[end] != '[') return(end);
end++;
@@ -251,12 +253,12 @@ skipPredicate(const xmlChar *cur, int end) {
return(-1);
continue;
} else if (cur[end] == '[') {
- end = skipPredicate(cur, end);
- if (end <= 0)
- return(-1);
- continue;
- } else if (cur[end] == ']')
- return(end + 1);
+ level += 1;
+ } else if (cur[end] == ']') {
+ if (level == 0)
+ return(end + 1);
+ level -= 1;
+ }
end++;
}
return(-1);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
