diff options
Diffstat (limited to 'textproc/libxslt/files/patch-git-03-77c26bad0433541f486b1e7ced44ca9979376908')
-rw-r--r-- | textproc/libxslt/files/patch-git-03-77c26bad0433541f486b1e7ced44ca9979376908 | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/textproc/libxslt/files/patch-git-03-77c26bad0433541f486b1e7ced44ca9979376908 b/textproc/libxslt/files/patch-git-03-77c26bad0433541f486b1e7ced44ca9979376908 new file mode 100644 index 000000000000..157dd444ba89 --- /dev/null +++ b/textproc/libxslt/files/patch-git-03-77c26bad0433541f486b1e7ced44ca9979376908 @@ -0,0 +1,70 @@ +From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Wed, 26 Aug 2020 00:34:38 +0200 +Subject: [PATCH] Don't set maxDepth in XPath contexts + +The maximum recursion depth is hardcoded in libxml2 now. +--- + libxslt/functions.c | 2 +- + tests/fuzz/fuzz.c | 11 ++--------- + 2 files changed, 3 insertions(+), 10 deletions(-) + +diff --git a/libxslt/functions.c b/libxslt/functions.c +index 975ea790..7887dda7 100644 +--- libxslt/functions.c ++++ libxslt/functions.c +@@ -182,7 +182,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI) + defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) + xptrctxt->opLimit = ctxt->context->opLimit; + xptrctxt->opCount = ctxt->context->opCount; +- xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth; ++ xptrctxt->depth = ctxt->context->depth; + + resObj = xmlXPtrEval(fragment, xptrctxt); + +diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c +index 75234ad6..780c2d41 100644 +--- tests/fuzz/fuzz.c ++++ tests/fuzz/fuzz.c +@@ -183,7 +183,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, + xpctxt = tctxt->xpathCtxt; + + /* Resource limits to avoid timeouts and call stack overflows */ +- xpctxt->maxDepth = 500; + xpctxt->opLimit = 500000; + + /* Test namespaces used in xpath.xml */ +@@ -314,12 +313,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, + return 0; + } + +-static void +-xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) { +- ctxt->maxDepth = 200; +- ctxt->opLimit = 100000; +-} +- + xmlChar * + xsltFuzzXslt(const char *data, size_t size) { + xmlDocPtr xsltDoc; +@@ -349,7 +342,7 @@ xsltFuzzXslt(const char *data, size_t size) { + xmlFreeDoc(xsltDoc); + return NULL; + } +- xsltSetXPathResourceLimits(sheet->xpathCtxt); ++ sheet->xpathCtxt->opLimit = 100000; + sheet->xpathCtxt->opCount = 0; + if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) { + xsltFreeStylesheet(sheet); +@@ -361,7 +354,7 @@ xsltFuzzXslt(const char *data, size_t size) { + xsltSetCtxtSecurityPrefs(sec, ctxt); + ctxt->maxTemplateDepth = 100; + ctxt->opLimit = 20000; +- xsltSetXPathResourceLimits(ctxt->xpathCtxt); ++ ctxt->xpathCtxt->opLimit = 100000; + ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount; + + result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt); +-- +GitLab + |