diff options
Diffstat (limited to 'meta/recipes-support/libxslt/files/CVE-2019-13117.patch')
-rw-r--r-- | meta/recipes-support/libxslt/files/CVE-2019-13117.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/meta/recipes-support/libxslt/files/CVE-2019-13117.patch new file mode 100644 index 0000000000..ef3f2709f7 --- /dev/null +++ b/meta/recipes-support/libxslt/files/CVE-2019-13117.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||
3 | Date: Sat, 27 Apr 2019 11:19:48 +0200 | ||
4 | Subject: [PATCH] Fix uninitialized read of xsl:number token | ||
5 | |||
6 | Found by OSS-Fuzz. | ||
7 | |||
8 | CVE: CVE-2019-13117 | ||
9 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1] | ||
10 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
11 | --- | ||
12 | libxslt/numbers.c | 5 ++++- | ||
13 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/libxslt/numbers.c b/libxslt/numbers.c | ||
16 | index 89e1f668..75c31eba 100644 | ||
17 | --- a/libxslt/numbers.c | ||
18 | +++ b/libxslt/numbers.c | ||
19 | @@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format, | ||
20 | tokens->tokens[tokens->nTokens].token = val - 1; | ||
21 | ix += len; | ||
22 | val = xmlStringCurrentChar(NULL, format+ix, &len); | ||
23 | - } | ||
24 | + } else { | ||
25 | + tokens->tokens[tokens->nTokens].token = (xmlChar)'0'; | ||
26 | + tokens->tokens[tokens->nTokens].width = 1; | ||
27 | + } | ||
28 | } else if ( (val == (xmlChar)'A') || | ||
29 | (val == (xmlChar)'a') || | ||
30 | (val == (xmlChar)'I') || | ||
31 | -- | ||
32 | 2.21.0 | ||
33 | |||