kc3-lang/libxml2/result/XPath/xptr/vidbase

• Show log

  Commit

• Hash : 9ab01a27
  Author :
  Date : 2016-06-28T14:22:23
  

  Fix XPointer paths beginning with range-to
  
  The old code would invoke the broken xmlXPtrRangeToFunction. range-to
  isn't really a function but a special kind of location step. Remove
  this function and always handle range-to in the XPath code.
  
  The old xmlXPtrRangeToFunction could also be abused to trigger a
  use-after-free error with the potential for remote code execution.
  
  Found with afl-fuzz.
  
  Fixes CVE-2016-5131.
  

Download

• result/XPath/xptr/vidbase

• 
  ========================
  Expression: xpointer(id('chapter1')/p)
  Object is a Node Set :
  Set contains 4 nodes:
  1  ELEMENT p
  2  ELEMENT p
  3  ELEMENT p
  4  ELEMENT p
  
  ========================
  Expression: xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
  Object is a Location Set:
  1 :   Object is a range :
    From node
      ELEMENT p
    To node
      ELEMENT p
  
  
  ========================
  Expression: xpointer(range-to(id('chapter2')))
  Object is a Location Set:
  1 :   Object is a range :
    From node
       /
    To node
      ELEMENT chapter
        ATTRIBUTE id
          TEXT
            content=chapter2
  
  

Download