summaryrefslogtreecommitdiff
path: root/system/libxslt/CVE-2019-13117.patch
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-07-23 18:07:09 -0400
committerMax Rees <maxcrees@me.com>2019-07-23 18:07:09 -0400
commit0b09c67b8eba048295e57af90599dd74d1e30df8 (patch)
tree9fa18b7e838bdcb803e806a8f893217a11f184e0 /system/libxslt/CVE-2019-13117.patch
parentb7ffaa4d55e1faf4de0f8e6a2edf372fedfeaf71 (diff)
downloadpackages-0b09c67b8eba048295e57af90599dd74d1e30df8.tar.gz
packages-0b09c67b8eba048295e57af90599dd74d1e30df8.tar.bz2
packages-0b09c67b8eba048295e57af90599dd74d1e30df8.tar.xz
packages-0b09c67b8eba048295e57af90599dd74d1e30df8.zip
system/libxslt: patch for CVE-2019-13117, CVE-2019-13118
Diffstat (limited to 'system/libxslt/CVE-2019-13117.patch')
-rw-r--r--system/libxslt/CVE-2019-13117.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/system/libxslt/CVE-2019-13117.patch b/system/libxslt/CVE-2019-13117.patch
new file mode 100644
index 000000000..78ebb9075
--- /dev/null
+++ b/system/libxslt/CVE-2019-13117.patch
@@ -0,0 +1,29 @@
+From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 27 Apr 2019 11:19:48 +0200
+Subject: [PATCH] Fix uninitialized read of xsl:number token
+
+Found by OSS-Fuzz.
+---
+ libxslt/numbers.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index 89e1f668..75c31eba 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
+ tokens->tokens[tokens->nTokens].token = val - 1;
+ ix += len;
+ val = xmlStringCurrentChar(NULL, format+ix, &len);
+- }
++ } else {
++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
++ tokens->tokens[tokens->nTokens].width = 1;
++ }
+ } else if ( (val == (xmlChar)'A') ||
+ (val == (xmlChar)'a') ||
+ (val == (xmlChar)'I') ||
+--
+2.21.0
+