Skip to content
Snippets Groups Projects
Commit 9e964711d54a authored by Nick Wellnhofer's avatar Nick Wellnhofer
Browse files

Fix double-free with stylesheets containing entity nodes 

Fix broken logic to make sure that entity nodes are deleted from the
stylesheet. Note that stylesheets parsed with XML_PARSE_NOENT, which
is included in XSLT_PARSE_OPTIONS, aren't affected.

Found by OSS-Fuzz.
parent 15225c40cf25
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 2 additions and 6 deletions
libxslt/xslt.c
+ 2
6
View file @ 9e964711
...@@ -3656,9 +3656,6 @@ ...@@ -3656,9 +3656,6 @@
(!xsltCheckExtURI(style, cur->ns->href))) { (!xsltCheckExtURI(style, cur->ns->href))) {
goto skip_children; goto skip_children;
} else if (cur->children != NULL) { } else if (cur->children != NULL) {
if ((cur->children->type != XML_ENTITY_DECL) &&
(cur->children->type != XML_ENTITY_REF_NODE) &&
(cur->children->type != XML_ENTITY_NODE)) {
cur = cur->children; cur = cur->children;
continue; continue;
} }
...@@ -3662,7 +3659,6 @@ ...@@ -3662,7 +3659,6 @@
cur = cur->children; cur = cur->children;
continue; continue;
} }
}
skip_children: skip_children:
if (cur->next != NULL) { if (cur->next != NULL) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment