[xml/sgml-pkgs] Bug#945770: Segfaults running XSLT operations
Sébastien Bocahu
sebastien.bocahu at afidium.com
Thu Nov 28 11:13:42 GMT 2019
Package: libxslt1.1
Version: 1.1.32-2.2~deb10u1
Running XSLT operations might result in segmentation faults with version
1.1.32.
We experienced it running some of our apps in a Debian 10, Apache
mod_php environment which uses Debian's stock packages. Code path is
rather difficult to analyze & to share, so it might not be possible to
reproduce.
However, the exact same app with exact same input was tested on the
exact same environment except the libxslt version:
- With 1.1.32-2.2~deb10u1 (Debian's) : Segfault of Apache process:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 xmlStrEqual__internal_alias (
str2=0x6e2f6d6f632e6d75 <error: Cannot access memory at address
0x6e2f6d6f632e6d75>,
str1=0x558f57552cf1 "ttp://www.w3.org/2001/XMLSchema-instance") at
../../xmlstring.c:162
- With 1.1.33 (built as Debian package from upstream libxslt sources &
minor modifications to 1.1.32 Debian packaging sources) :
runs fine.
BTW, we don't know if it is related, but we had already identified the
need to upgrade to 1.1.33 for our apps as we experienced bug #939785 as
well.
I suggest replacing v1.1.32 with v1.1.33 in Buster.
Thanks,
More information about the debian-xml-sgml-pkgs
mailing list