Optional operation limit

Useful to avoid timeouts when fuzzing.

libxslt/transform.c

@@ -2411,6 +2411,17 @@ xsltApplySequenceConstructor(xsltTransformContextPtr ctxt,
     */
     cur = list;
     while (cur != NULL) {
+        if (ctxt->opLimit != 0) {
+            if (ctxt->opCount >= ctxt->opLimit) {
+		xsltTransformError(ctxt, NULL, cur,
+		    "xsltApplySequenceConstructor: "
+                    "Operation limit exceeded\n");
+	        ctxt->state = XSLT_STATE_STOPPED;
+                goto error;
+            }
+            ctxt->opCount += 1;
+        }
+
         ctxt->inst = cur;
 
 #ifdef WITH_DEBUGGER

libxslt/xsltInternals.h

@@ -1780,6 +1780,8 @@ struct _xsltTransformContext {
     int depth;          /* Needed to catch recursions */
     int maxTemplateDepth;
     int maxTemplateVars;
+    unsigned long opLimit;
+    unsigned long opCount;
 };
 
 /**

tests/fuzz/xslt.c

@@ -124,6 +124,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
     ctxt = xsltNewTransformContext(sheet, doc);
     xsltSetCtxtSecurityPrefs(sec, ctxt);
     ctxt->maxTemplateDepth = 100;
+    ctxt->opLimit = 200000;
     xsltSetXPathResourceLimits(ctxt->xpathCtxt);
     ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;