[libxslt] Transfer XPath limits to XPtr context

From: Nick Wellnhofer <nwellnhof src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxslt] Transfer XPath limits to XPtr context
Date: Mon, 17 Aug 2020 12:14:07 +0000 (UTC)

commit 824657768aea2cce9c23e72ba8085cb5e44350c7
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Mon Aug 17 04:27:13 2020 +0200

    Transfer XPath limits to XPtr context
    
    Expressions like document('doc.xml#xpointer(evil_expr)') ignored the
    XPath limits.

 libxslt/functions.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)
---
diff --git a/libxslt/functions.c b/libxslt/functions.c
index b350545a..975ea790 100644
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -178,10 +178,22 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
        goto out_fragment;
     }
 
+#if LIBXML_VERSION >= 20911 || \
+    defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
+    xptrctxt->opLimit = ctxt->context->opLimit;
+    xptrctxt->opCount = ctxt->context->opCount;
+    xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
+
+    resObj = xmlXPtrEval(fragment, xptrctxt);
+
+    ctxt->context->opCount = xptrctxt->opCount;
+#else
     resObj = xmlXPtrEval(fragment, xptrctxt);
-    xmlXPathFreeContext(xptrctxt);
 #endif
 
+    xmlXPathFreeContext(xptrctxt);
+#endif /* LIBXML_XPTR_ENABLED */
+
     if (resObj == NULL)
        goto out_fragment;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]