[xslt] [PATCH 2/3] Fix NULL deref through valuePop retval: xsltKeyFunction
- From: Jan Pokorný <jpokorny redhat com>
- To: xslt gnome org
- Subject: [xslt] [PATCH 2/3] Fix NULL deref through valuePop retval: xsltKeyFunction
- Date: Wed, 18 Dec 2013 23:20:11 +0100
Test case (both template and the input):
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform";>
<!-- xsl:output method="text" indent="no"/ -->
<xsl:template match="*">
<xsl:value-of select="generate-id()=generate-id(key('none', $nonexistent))"/>
</xsl:template>
</xsl:stylesheet>
Before:
runtime error: file bug-generateid-deref.xsl line 5 element value-of
Variable 'nonexistent' has not been declared.
XPath error : Stack usage error
XPath error : Stack usage error
Segmentation fault (core dumped)
After (provided that original segfault in xsltGenerateIdFunction
was fixed first [patch preceding this one has been already provided
for that]):
runtime error: file bug-generateid-deref.xsl line 5 element value-of
Variable 'nonexistent' has not been declared.
XPath error : Stack usage errror
XPath error : Stack usage errror
runtime error: file bug-generateid-deref.xsl line 5 element value-of
generate-id() : invalid arg expecting a node-set
runtime error: file bug-generateid-deref.xsl line 5 element value-of
XPath evaluation returned no result.
The only drawback of the current patch is this sort of regression
in the test suite:
## Running general tests
bug-180 result
4d3
< xmlXPathCompiledEval: 1 objects left on the stack.
## Running general tests without dictionaries
bug-180 result
4d3
< xmlXPathCompiledEval: 1 objects left on the stack.
Signed-off-by: Jan Pokorný <jpokorny redhat com>
---
libxslt/functions.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libxslt/functions.c b/libxslt/functions.c
index 38345c0..4a5475d 100644
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -384,6 +384,8 @@ xsltKeyFunction(xmlXPathParserContextPtr ctxt, int nargs){
* Get the key's name.
*/
obj1 = valuePop(ctxt);
+ if (obj1 == NULL)
+ return;
if ((obj2->type == XPATH_NODESET) || (obj2->type == XPATH_XSLT_TREE)) {
int i;
--
1.8.1.4
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
