diff options
| author | Nick Wellnhofer <wellnhofer@aevum.de> | 2019-08-17 16:51:53 +0200 |
|---|---|---|
| committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2019-08-17 17:19:16 +0200 |
| commit | 2232473733b7313d67de8836ea3b29eec6e8e285 (patch) | |
| tree | 7dc8251552fe75ffd0a906a121977298854a73c1 | |
| parent | 20cadc71bda05542bb21cb0aded54dd27d369826 (diff) | |
| download | libxslt-2232473733b7313d67de8836ea3b29eec6e8e285.tar.gz | |
Fix dangling pointer in xsltCopyText
xsltCopyText didn't reset ctxt->lasttext in some cases which could
lead to various memory errors in relation with CDATA sections in input
documents.
Found by OSS-Fuzz.
| -rw-r--r-- | libxslt/transform.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libxslt/transform.c b/libxslt/transform.c index 95ebd073..d7ab0b66 100644 --- a/libxslt/transform.c +++ b/libxslt/transform.c @@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, if ((copy->content = xmlStrdup(cur->content)) == NULL) return NULL; } + + ctxt->lasttext = NULL; } else { /* * normal processing. keep counters to extend the text node |