libxslt: patch security issues

[feed/packages.git] / libs / libxslt / patches / 101-fix-cve-2019-13117.patch

diff --git a/libs/libxslt/patches/101-fix-cve-2019-13117.patch b/libs/libxslt/patches/101-fix-cve-2019-13117.patch
new file mode 100644 (file)
index 0000000..78ebb90
--- /dev/null
+++ b/libs/libxslt/patches/101-fix-cve-2019-13117.patch
@@ -0,0 +1,29 @@
+From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 27 Apr 2019 11:19:48 +0200
+Subject: [PATCH] Fix uninitialized read of xsl:number token
+
+Found by OSS-Fuzz.
+---
+ libxslt/numbers.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index 89e1f668..75c31eba 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
+               tokens->tokens[tokens->nTokens].token = val - 1;
+               ix += len;
+               val = xmlStringCurrentChar(NULL, format+ix, &len);
+-          }
++          } else {
++                tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
++                tokens->tokens[tokens->nTokens].width = 1;
++            }
+       } else if ( (val == (xmlChar)'A') ||
+                   (val == (xmlChar)'a') ||
+                   (val == (xmlChar)'I') ||
+-- 
+2.21.0
+