From aa6f56004bb2c74426e966b55caa071166598f82 Mon Sep 17 00:00:00 2001
From: yang_zhuang_zhuang <1162011203@qq.com>
Date: Wed, 23 Sep 2020 10:15:30 +0800
Subject: [PATCH] Fix the large loop found in xsltApplyStylesheetUser through
 fuzzing testcase xslt.

---
 ...ic-runtime-with-text-and-xsl-message.patch | 49 +++++++++++++++++++
 libxslt.spec                                  |  8 ++-
 2 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100644 Fix-quadratic-runtime-with-text-and-xsl-message.patch

diff --git a/Fix-quadratic-runtime-with-text-and-xsl-message.patch b/Fix-quadratic-runtime-with-text-and-xsl-message.patch
new file mode 100644
index 0000000..b3585d1
--- /dev/null
+++ b/Fix-quadratic-runtime-with-text-and-xsl-message.patch
@@ -0,0 +1,49 @@
+From 4ccc06b56b8b6d39c29932c92cd1ed82f6698d6f Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 20 Sep 2020 15:14:47 +0200
+Subject: [PATCH 33/37] Fix quadratic runtime with text and <xsl:message>
+
+Backup and restore "last text" data in xsltEvalTemplateString.
+Otherwise, optimization of string concatenation would be disabled
+whenever an xsl:message was processed.
+
+Found by OSS-Fuzz.
+---
+ libxslt/templates.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/libxslt/templates.c b/libxslt/templates.c
+index 48b73a5..4108ed2 100644
+--- a/libxslt/templates.c
++++ b/libxslt/templates.c
+@@ -210,6 +210,8 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt,
+ {
+     xmlNodePtr oldInsert, insert = NULL;
+     xmlChar *ret;
++    const xmlChar *oldLastText;
++    int oldLastTextSize, oldLastTextUse;
+ 
+     if ((ctxt == NULL) || (contextNode == NULL) || (inst == NULL) ||
+         (inst->type != XML_ELEMENT_NODE))
+@@ -233,12 +235,18 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt,
+     }
+     oldInsert = ctxt->insert;
+     ctxt->insert = insert;
++    oldLastText = ctxt->lasttext;
++    oldLastTextSize = ctxt->lasttsize;
++    oldLastTextUse = ctxt->lasttuse;
+     /*
+     * OPTIMIZE TODO: if inst->children consists only of text-nodes.
+     */
+     xsltApplyOneTemplate(ctxt, contextNode, inst->children, NULL, NULL);
+ 
+     ctxt->insert = oldInsert;
++    ctxt->lasttext = oldLastText;
++    ctxt->lasttsize = oldLastTextSize;
++    ctxt->lasttuse = oldLastTextUse;
+ 
+     ret = xmlNodeGetContent(insert);
+     if (insert != NULL)
+-- 
+1.8.3.1
+
diff --git a/libxslt.spec b/libxslt.spec
index 42da99d..bd0db6c 100644
--- a/libxslt.spec
+++ b/libxslt.spec
@@ -1,12 +1,13 @@
 Name:     libxslt
 Version:  1.1.34
-Release:  1
+Release:  2
 Summary:  XSLT Transformation Library
 License:  MIT
 URL:      http://xmlsoft.org/libxslt/
 Source0:  https://github.com/GNOME/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 # PATCH-FIX-UPSTREAM bug-fix https://github.com/GNOME/libxslt/
-Patch0000:CVE-2015-9019.patch
+Patch0: CVE-2015-9019.patch
+Patch1: Fix-quadratic-runtime-with-text-and-xsl-message.patch
 
 BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27
 
@@ -96,6 +97,9 @@ make check
 %doc python/tests/*.xsl
 
 %changelog
+* Wed Sep 23 2020 yangzhuangzhuang<yangzhuangzhuang1@huawei.com> - 1.1.34-2
+- Fix the large loop found in xsltApplyStylesheetUser through fuzzing testcase xslt.
+
 * Mon Jun 22 2020 linwei<linwei54@huawei.com> - 1.1.34-1
 - update to 1.1.34
 
-- 
Gitee