diff options
| author | Nick Wellnhofer <wellnhofer@aevum.de> | 2021-03-02 12:45:43 +0100 |
|---|---|---|
| committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2021-03-02 14:22:35 +0100 |
| commit | d25b8c6c8d45c58097dbf68aa96b506a6e2c40f4 (patch) | |
| tree | 949c06fd8498a9bc9e4ac5997068fc33d3091745 | |
| parent | 242f19684953ecca80db4582753bd04c1684ca00 (diff) | |
| download | libxslt-d25b8c6c8d45c58097dbf68aa96b506a6e2c40f4.tar.gz | |
Fix xsl:number generating invalid UTF-8
xsl:number with an empty grouping separator would generate 0xFF bytes.
Found by OSS-Fuzz.
| -rw-r--r-- | libxslt/preproc.c | 2 | ||||
| -rw-r--r-- | tests/REC/Makefile.am | 1 | ||||
| -rw-r--r-- | tests/REC/test-7.7-6.out | 11 | ||||
| -rw-r--r-- | tests/REC/test-7.7-6.xml | 1 | ||||
| -rw-r--r-- | tests/REC/test-7.7-6.xsl | 36 |
5 files changed, 51 insertions, 0 deletions
diff --git a/libxslt/preproc.c b/libxslt/preproc.c index bd654daf..7d2fa221 100644 --- a/libxslt/preproc.c +++ b/libxslt/preproc.c @@ -1494,6 +1494,8 @@ xsltNumberComp(xsltStylesheetPtr style, xmlNodePtr cur) { comp->numdata.groupingCharacterLen = xmlStrlen(prop); comp->numdata.groupingCharacter = xsltGetUTF8Char(prop, &(comp->numdata.groupingCharacterLen)); + if (comp->numdata.groupingCharacter < 0) + comp->numdata.groupingCharacter = 0; } prop = xsltGetCNsProp(style, cur, (const xmlChar *)"grouping-size", XSLT_NAMESPACE); diff --git a/tests/REC/Makefile.am b/tests/REC/Makefile.am index 8b185fc0..b0d943f2 100644 --- a/tests/REC/Makefile.am +++ b/tests/REC/Makefile.am @@ -74,6 +74,7 @@ EXTRA_DIST = \ test-7.7-3.out test-7.7-3.xml test-7.7-3.xsl \ test-7.7-4.out test-7.7-4.xml test-7.7-4.xsl \ test-7.7-5.out test-7.7-5.xml test-7.7-5.xsl \ + test-7.7-6.out test-7.7-6.xml test-7.7-6.xsl \ test-8-1.out test-8-1.xml test-8-1.xsl \ test-9.1-1.out test-9.1-1.xml test-9.1-1.xsl \ test-9.1-2.out test-9.1-2.xml test-9.1-2.xsl \ diff --git a/tests/REC/test-7.7-6.out b/tests/REC/test-7.7-6.out new file mode 100644 index 00000000..66b3cd5f --- /dev/null +++ b/tests/REC/test-7.7-6.out @@ -0,0 +1,11 @@ +<?xml version="1.0"?> +<results> + <r>1.234.567.890</r> + <r>1’234’567’890</r> + <r>1.2.3.4.5.6.7.8.9.0</r> + <r>1234567890</r> + <r>1234567890</r> + <r>1234567890</r> + <r>1234567890</r> + <r>1234567890</r> +</results> diff --git a/tests/REC/test-7.7-6.xml b/tests/REC/test-7.7-6.xml new file mode 100644 index 00000000..69d62f2c --- /dev/null +++ b/tests/REC/test-7.7-6.xml @@ -0,0 +1 @@ +<doc/> diff --git a/tests/REC/test-7.7-6.xsl b/tests/REC/test-7.7-6.xsl new file mode 100644 index 00000000..6449dc1c --- /dev/null +++ b/tests/REC/test-7.7-6.xsl @@ -0,0 +1,36 @@ +<xsl:stylesheet + version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> + +<xsl:output indent="yes"/> + +<xsl:template match="/"> + <results> + <r> + <xsl:number value="1234567890" grouping-separator="." grouping-size="3"/> + </r> + <r> + <xsl:number value="1234567890" grouping-separator="’" grouping-size="3"/> + </r> + <r> + <xsl:number value="1234567890" grouping-separator="." grouping-size="1"/> + </r> + <r> + <xsl:number value="1234567890" grouping-separator="." grouping-size="0"/> + </r> + <r> + <xsl:number value="1234567890" grouping-separator="." grouping-size="-1"/> + </r> + <r> + <xsl:number value="1234567890" grouping-separator="." grouping-size="99"/> + </r> + <r> + <xsl:number value="1234567890" grouping-separator="." grouping-size="abc"/> + </r> + <r> + <xsl:number value="1234567890" grouping-separator="" grouping-size="3"/> + </r> + </results> +</xsl:template> + +</xsl:stylesheet> |