30 lines
919 B
Diff
30 lines
919 B
Diff
From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Sat, 27 Apr 2019 11:19:48 +0200
|
|
Subject: [PATCH] Fix uninitialized read of xsl:number token
|
|
|
|
Found by OSS-Fuzz.
|
|
---
|
|
libxslt/numbers.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libxslt/numbers.c b/libxslt/numbers.c
|
|
index 89e1f668..75c31eba 100644
|
|
--- a/libxslt/numbers.c
|
|
+++ b/libxslt/numbers.c
|
|
@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
|
|
tokens->tokens[tokens->nTokens].token = val - 1;
|
|
ix += len;
|
|
val = xmlStringCurrentChar(NULL, format+ix, &len);
|
|
- }
|
|
+ } else {
|
|
+ tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
|
|
+ tokens->tokens[tokens->nTokens].width = 1;
|
|
+ }
|
|
} else if ( (val == (xmlChar)'A') ||
|
|
(val == (xmlChar)'a') ||
|
|
(val == (xmlChar)'I') ||
|
|
--
|
|
2.21.0
|
|
|