Package: libxslt / 1.1.32-2.2~deb10u1

0007-Fix-uninitialized-read-of-xsl-number-token.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 27 Apr 2019 11:19:48 +0200
Subject: Fix uninitialized read of xsl:number token
Origin: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-13117
Bug-Debian: https://bugs.debian.org/931321
Bug-Debian: https://bugs.debian.org/933743

Found by OSS-Fuzz.
---
 libxslt/numbers.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libxslt/numbers.c b/libxslt/numbers.c
index 89e1f668b2bd..75c31ebaeb88 100644
--- a/libxslt/numbers.c
+++ b/libxslt/numbers.c
@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
 		tokens->tokens[tokens->nTokens].token = val - 1;
 		ix += len;
 		val = xmlStringCurrentChar(NULL, format+ix, &len);
-	    }
+	    } else {
+                tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
+                tokens->tokens[tokens->nTokens].width = 1;
+            }
 	} else if ( (val == (xmlChar)'A') ||
 		    (val == (xmlChar)'a') ||
 		    (val == (xmlChar)'I') ||
-- 
2.20.1