Overview

File libxslt-CVE-2025-11731.patch of Package libxslt

From fe508f201efb9ea37bfbe95413b8b28251497de3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= <drott@chromium.org>
Date: Wed, 27 Aug 2025 14:28:40 +0300
Subject: [PATCH] End function node ancestor search at document

Avoids dereferencing a non-existent ->ns property on an
XML_DOCUMENT_NODE pointer.

Fixes #151.
---
 libexslt/functions.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libexslt/functions.c b/libexslt/functions.c
index 8d35a7ae..a54ee70c 100644
--- a/libexslt/functions.c
+++ b/libexslt/functions.c
@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst,
      * instanciation of a func:result element.
      */
     for (test = inst->parent; test != NULL; test = test->parent) {
-	if (IS_XSLT_ELEM(test) &&
-	    IS_XSLT_NAME(test, "stylesheet")) {
+	if (/* Traversal has reached the top-level document without
+         * finding a func:function ancestor. */
+        (test != NULL && test->type == XML_DOCUMENT_NODE) ||
+        /* Traversal reached a stylesheet-namespace node,
+         * and has left the function namespace. */
+        (IS_XSLT_ELEM(test) &&
+         IS_XSLT_NAME(test, "stylesheet"))) {
 	    xsltGenericError(xsltGenericErrorContext,
 			     "func:result element not a descendant "
 			     "of a func:function\n");
-- 
GitLab
openSUSE Build Service is sponsored by
Places