Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/libxslt/patches/CVE-2012-6139-2.patch
author Petr Sumbera <petr.sumbera@oracle.com>
Mon, 26 Aug 2013 13:00:27 -0700
branchs11u1-sru
changeset 2748 76a9a8bd58ae
permissions -rw-r--r--
16554178 problem in LIBRARY/LIBXSLT

From 6c99c519d97e5fcbec7a9537d190efb442e4e833 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <[email protected]>
Date: Wed, 10 Oct 2012 10:09:36 +0000
Subject: Crash when passing an uninitialized variable to document()

https://bugzilla.gnome.org/show_bug.cgi?id=685330

Missing check for NULL
---
diff --git a/libxslt/functions.c b/libxslt/functions.c
index ed2c163..c754994 100644
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -260,7 +260,7 @@ xsltDocumentFunction(xmlXPathParserContextPtr ctxt, int nargs)
         obj = valuePop(ctxt);
         ret = xmlXPathNewNodeSet(NULL);
 
-        if (obj->nodesetval) {
+        if ((obj != NULL) && obj->nodesetval) {
             for (i = 0; i < obj->nodesetval->nodeNr; i++) {
                 valuePush(ctxt,
                           xmlXPathNewNodeSet(obj->nodesetval->nodeTab[i]));
@@ -280,7 +280,8 @@ xsltDocumentFunction(xmlXPathParserContextPtr ctxt, int nargs)
             }
         }
 
-        xmlXPathFreeObject(obj);
+        if (obj != NULL)
+            xmlXPathFreeObject(obj);
         if (obj2 != NULL)
             xmlXPathFreeObject(obj2);
         valuePush(ctxt, ret);
upstream/oracle/userland-gate