Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3
libxslt-python
libxslt-CVE-2016-4738.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libxslt-CVE-2016-4738.patch of Package libxslt-python
From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <wellnhofer@aevum.de> Date: Fri, 10 Jun 2016 14:23:58 +0200 Subject: Fix heap overread in xsltFormatNumberConversion An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string. Found with afl-fuzz and ASan. --- libxslt/numbers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libxslt/numbers.c b/libxslt/numbers.c index d1549b4..e78c46b 100644 --- a/libxslt/numbers.c +++ b/libxslt/numbers.c @@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self, } /* We have finished the integer part, now work on fraction */ - if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) { + if ( (*the_format != 0) && + (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) { format_info.add_decimal = TRUE; the_format += xsltUTF8Size(the_format); /* Skip over the decimal */ } -- cgit v0.12
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor