malloc-fail: Fix out-of-bounds access in xsltEvalTemplateString

The context node might be a namespace node, resulting in an OOB access when passed to xmlGetLineNo later. Pass the instruction node instead which is what xsltTransformError expects anyway. Found with libFuzzer, see #84.
author: Nick Wellnhofer <wellnhofer@aevum.de> 2023-02-26 16:53:49 +0100
committer: Nick Wellnhofer <wellnhofer@aevum.de> 2023-02-26 16:55:37 +0100
commit: 290e3e459b4f76f5fa1e3784b866cc0b76b35a55 (patch)
tree: fd96392e75ad076b2835e1bc936d0e2f9946acd4
parent: 80a37629f2117cd39065d6e6005a4dc14c1258fb (diff)
download: libxslt-290e3e459b4f76f5fa1e3784b866cc0b76b35a55.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libxslt/templates.c b/libxslt/templates.c
index 804eef53..f08b9bda 100644
--- a/libxslt/templates.c
+++ b/libxslt/templates.c
@@ -229,7 +229,7 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt,
     insert = xmlNewDocNode(ctxt->output, NULL,
 	                   (const xmlChar *)"fake", NULL);
     if (insert == NULL) {
-	xsltTransformError(ctxt, NULL, contextNode,
+	xsltTransformError(ctxt, NULL, inst,
 		"Failed to create temporary node\n");
 	return(NULL);
     }
author	Nick Wellnhofer <wellnhofer@aevum.de>	2023-02-26 16:53:49 +0100
committer	Nick Wellnhofer <wellnhofer@aevum.de>	2023-02-26 16:55:37 +0100
commit	290e3e459b4f76f5fa1e3784b866cc0b76b35a55 (patch)
tree	fd96392e75ad076b2835e1bc936d0e2f9946acd4
parent	80a37629f2117cd39065d6e6005a4dc14c1258fb (diff)
download	libxslt-290e3e459b4f76f5fa1e3784b866cc0b76b35a55.tar.gz