libxslt: Fix handling of RVTs returned from nested EXSLT functions

Set the context variable to NULL when evaluating EXSLT functions.
Fixes potential use-after-free errors or memory leaks.

Fixes bug 792580

(From OE-Core rev: a997bcd3f985b65141f9b7a497581da2fd7afc10)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-support/libxslt/libxslt/fix-rvts-handling.patch

@@ -0,0 +1,80 @@
+libxslt-1.1.32: Fix handling of RVTs returned from nested EXSLT functions
+
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=792580
+
+Set the context variable to NULL when evaluating EXSLT functions.
+Fixes potential use-after-free errors or memory leaks.
+
+Upstream-Status: Backport [https://git.gnome.org/browse/libxslt/commit/?id=8bd32f7753ac253a54279a0b6a88d15a57076bb0]
+bug: 792580
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/libexslt/functions.c b/libexslt/functions.c
+index dc794e3..8511cb0 100644
+--- a/libexslt/functions.c
++++ b/libexslt/functions.c
+@@ -280,6 +280,7 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
+     exsltFuncFunctionData *func;
+     xmlNodePtr paramNode, oldInsert, fake;
+     int oldBase;
++    void *oldCtxtVar;
+     xsltStackElemPtr params = NULL, param;
+     xsltTransformContextPtr tctxt = xsltXPathGetTransformContext(ctxt);
+     int i, notSet;
+@@ -418,11 +419,14 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
+     fake = xmlNewDocNode(tctxt->output, NULL,
+ 			 (const xmlChar *)"fake", NULL);
+     oldInsert = tctxt->insert;
++    oldCtxtVar = tctxt->contextVariable;
+     tctxt->insert = fake;
++    tctxt->contextVariable = NULL;
+     xsltApplyOneTemplate (tctxt, tctxt->node,
+ 			  func->content, NULL, NULL);
+     xsltLocalVariablePop(tctxt, tctxt->varsBase, -2);
+     tctxt->insert = oldInsert;
++    tctxt->contextVariable = oldCtxtVar;
+     tctxt->varsBase = oldBase;	/* restore original scope */
+     if (params != NULL)
+ 	xsltFreeStackElemList(params);
+diff --git a/tests/docs/bug-209.xml b/tests/docs/bug-209.xml
+new file mode 100644
+index 0000000..69d62f2
+--- /dev/null
++++ b/tests/docs/bug-209.xml
+@@ -0,0 +1 @@
++<doc/>
+diff --git a/tests/general/bug-209.out b/tests/general/bug-209.out
+new file mode 100644
+index 0000000..e829790
+--- /dev/null
++++ b/tests/general/bug-209.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++<result/>
+diff --git a/tests/general/bug-209.xsl b/tests/general/bug-209.xsl
+new file mode 100644
+index 0000000..fe69ac6
+--- /dev/null
++++ b/tests/general/bug-209.xsl
+@@ -0,0 +1,21 @@
++<xsl:stylesheet
++    version="1.0"
++    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
++    xmlns:func="http://exslt.org/functions"
++    extension-element-prefixes="func">
++
++    <xsl:template match="/">
++        <xsl:variable name="v" select="func:a()" />
++        <xsl:copy-of select="$v"/>
++    </xsl:template>
++
++    <func:function name="func:a">
++        <func:result select="func:b()" />
++    </func:function>
++
++    <func:function name="func:b">
++        <func:result>
++            <result/>
++        </func:result>
++    </func:function>
++</xsl:stylesheet>

meta/recipes-support/libxslt/libxslt_1.1.32.bb

@@ -8,7 +8,10 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458"
 SECTION = "libs"
 DEPENDS = "libxml2"
 
-SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz"
+SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \
+           file://fix-rvts-handling.patch \
+           "
+
 SRC_URI[md5sum] = "1fc72f98e98bf4443f1651165f3aa146"
 SRC_URI[sha256sum] = "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460"