c/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2 synced 2025-03-28 21:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't follow next pointer on documents in xmlXPathRunStreamEval

Browse Source 
RVTs from libxslt are document nodes which are linked using the 'next'
pointer. These pointers must never be used to navigate the document
tree. Otherwise, random content from other RVTs could be returned
when evaluating XPath expressions.

It's interesting that this seemingly long-standing bug wasn't
discovered earlier. This issue could also cause severe performance
degradation.

Fixes https://gitlab.gnome.org/GNOME/libxslt/-/issues/37
This commit is contained in:
Nick Wellnhofer 2020-06-24 15:33:38 +02:00
parent c0440868c3
commit 9f42f6baaa
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
xpath.c
View File

@ -13833,7 +13833,8 @@ scan_children:
do {
cur = cur->parent;
depth--;
if ((cur == NULL) || (cur == limit))
if ((cur == NULL) || (cur == limit) ||
(cur->type == XML_DOCUMENT_NODE))
goto done;
if (cur->type == XML_ELEMENT_NODE) {
ret = xmlStreamPop(patstream);