[libxslt] Fix double-free with stylesheets containing entity nodes
- From: Nick Wellnhofer <nwellnhof src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libxslt] Fix double-free with stylesheets containing entity nodes
- Date: Tue, 2 Feb 2021 03:52:48 +0000 (UTC)
commit 3e8bbcdec8d2318ca8ab27a2a4a509a5d9bb2d51
Author: Nick Wellnhofer <wellnhofer aevum de>
Date: Tue Feb 2 04:28:15 2021 +0100
Fix double-free with stylesheets containing entity nodes
Fix broken logic to make sure that entity nodes are deleted from the
stylesheet. Note that stylesheets parsed with XML_PARSE_NOENT, which
is included in XSLT_PARSE_OPTIONS, aren't affected.
Found by OSS-Fuzz.
libxslt/xslt.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
---
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
index 7a1ce011..69116f2b 100644
--- a/libxslt/xslt.c
+++ b/libxslt/xslt.c
@@ -3656,12 +3656,8 @@ xsltPreprocessStylesheet(xsltStylesheetPtr style, xmlNodePtr cur)
(!xsltCheckExtURI(style, cur->ns->href))) {
goto skip_children;
} else if (cur->children != NULL) {
- if ((cur->children->type != XML_ENTITY_DECL) &&
- (cur->children->type != XML_ENTITY_REF_NODE) &&
- (cur->children->type != XML_ENTITY_NODE)) {
- cur = cur->children;
- continue;
- }
+ cur = cur->children;
+ continue;
}
skip_children:
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]