Gitiles
Code Review Sign In
gerrit.openbmc.org / stefanberger / openbmc / 96ff1984133494bf6a3451ddeb7f14548d3697e1 / . / poky / meta / recipes-support / libxslt / files / CVE-2019-13117.patch
blob: ef3f2709f730c2f938ea31bca96a02afbc9587a6 [file] [log] [blame]
Brad Bishop96ff1982019-08-19 13:50:42 -0400[diff] [blame^]1From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
2From: Nick Wellnhofer <wellnhofer@aevum.de>
3Date: Sat, 27 Apr 2019 11:19:48 +0200
4Subject: [PATCH] Fix uninitialized read of xsl:number token
5
6Found by OSS-Fuzz.
7
8CVE: CVE-2019-13117
9Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1]
10Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
11---
12 libxslt/numbers.c | 5 ++++-
13 1 file changed, 4 insertions(+), 1 deletion(-)
14
15diff --git a/libxslt/numbers.c b/libxslt/numbers.c
16index 89e1f668..75c31eba 100644
17--- a/libxslt/numbers.c
18+++ b/libxslt/numbers.c
19@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
20 tokens->tokens[tokens->nTokens].token = val - 1;
21 ix += len;
22 val = xmlStringCurrentChar(NULL, format+ix, &len);
23- }
24+ } else {
25+ tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
26+ tokens->tokens[tokens->nTokens].width = 1;
27+ }
28 } else if ( (val == (xmlChar)'A') ||
29 (val == (xmlChar)'a') ||
30 (val == (xmlChar)'I') ||
31--
322.21.0
33