gentoo-overlay/dev-libs/libxslt/files/libxslt-1.1.26-generate-id-crash.patch

From 4da0f7e207f14a03daad4663865c285eb27f93e9 Mon Sep 17 00:00:00 2001
From: Chris Evans <cevans@chromium.org>
Date: Mon, 3 Sep 2012 18:16:44 +0800
Subject: [PATCH] Avoid a heap use after free error

For https://code.google.com/p/chromium/issues/detail?id=140368
---
 libxslt/functions.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libxslt/functions.c b/libxslt/functions.c
index 5a8eb79..fe2f1ca 100644
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -660,6 +660,7 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs)
 void
 xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
     xmlNodePtr cur = NULL;
+    xmlXPathObjectPtr obj = NULL;
     long val;
     xmlChar str[30];
     xmlDocPtr doc;
@@ -667,7 +668,6 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
     if (nargs == 0) {
 	cur = ctxt->context->node;
     } else if (nargs == 1) {
-	xmlXPathObjectPtr obj;
 	xmlNodeSetPtr nodelist;
 	int i, ret;
 
@@ -690,7 +690,6 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
 	    if (ret == -1)
 	        cur = nodelist->nodeTab[i];
 	}
-	xmlXPathFreeObject(obj);
     } else {
 	xsltTransformError(xsltXPathGetTransformContext(ctxt), NULL, NULL,
 		"generate-id() : invalid number of args %d\n", nargs);
@@ -713,6 +712,9 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
 
     }
 
+    if (obj)
+        xmlXPathFreeObject(obj);
+
     val = (long)((char *)cur - (char *)doc);
     if (val >= 0) {
       sprintf((char *)str, "idp%ld", val);
-- 
1.7.12