diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-08-17 04:27:13 +0200 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-08-17 04:27:13 +0200 |
commit | 824657768aea2cce9c23e72ba8085cb5e44350c7 (patch) | |
tree | 16ce1fc0db60a34f009c9d015ef35ddc05ad6635 | |
parent | 9ae2f94df1721e002941b40665efb762aefcea1a (diff) | |
download | libxslt-824657768aea2cce9c23e72ba8085cb5e44350c7.tar.gz |
Transfer XPath limits to XPtr context
Expressions like document('doc.xml#xpointer(evil_expr)') ignored the
XPath limits.
-rw-r--r-- | libxslt/functions.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/libxslt/functions.c b/libxslt/functions.c index b350545a..975ea790 100644 --- a/libxslt/functions.c +++ b/libxslt/functions.c @@ -178,10 +178,22 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI) goto out_fragment; } +#if LIBXML_VERSION >= 20911 || \ + defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) + xptrctxt->opLimit = ctxt->context->opLimit; + xptrctxt->opCount = ctxt->context->opCount; + xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth; + + resObj = xmlXPtrEval(fragment, xptrctxt); + + ctxt->context->opCount = xptrctxt->opCount; +#else resObj = xmlXPtrEval(fragment, xptrctxt); - xmlXPathFreeContext(xptrctxt); #endif + xmlXPathFreeContext(xptrctxt); +#endif /* LIBXML_XPTR_ENABLED */ + if (resObj == NULL) goto out_fragment; |