diff options
| author | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-09-20 15:14:47 +0200 |
|---|---|---|
| committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-09-20 16:22:03 +0200 |
| commit | 4ccc06b56b8b6d39c29932c92cd1ed82f6698d6f (patch) | |
| tree | 59c1965f9bc72bfd7aa2f0468c6693a4de224f96 | |
| parent | 5b822f63692c02a09fd6bf993c2e4788b8b07355 (diff) | |
| download | libxslt-4ccc06b56b8b6d39c29932c92cd1ed82f6698d6f.tar.gz | |
Fix quadratic runtime with text and <xsl:message>
Backup and restore "last text" data in xsltEvalTemplateString.
Otherwise, optimization of string concatenation would be disabled
whenever an xsl:message was processed.
Found by OSS-Fuzz.
| -rw-r--r-- | libxslt/templates.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/libxslt/templates.c b/libxslt/templates.c index 48b73a53..4108ed26 100644 --- a/libxslt/templates.c +++ b/libxslt/templates.c @@ -210,6 +210,8 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt, { xmlNodePtr oldInsert, insert = NULL; xmlChar *ret; + const xmlChar *oldLastText; + int oldLastTextSize, oldLastTextUse; if ((ctxt == NULL) || (contextNode == NULL) || (inst == NULL) || (inst->type != XML_ELEMENT_NODE)) @@ -233,12 +235,18 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt, } oldInsert = ctxt->insert; ctxt->insert = insert; + oldLastText = ctxt->lasttext; + oldLastTextSize = ctxt->lasttsize; + oldLastTextUse = ctxt->lasttuse; /* * OPTIMIZE TODO: if inst->children consists only of text-nodes. */ xsltApplyOneTemplate(ctxt, contextNode, inst->children, NULL, NULL); ctxt->insert = oldInsert; + ctxt->lasttext = oldLastText; + ctxt->lasttsize = oldLastTextSize; + ctxt->lasttuse = oldLastTextUse; ret = xmlNodeGetContent(insert); if (insert != NULL) |