Fix CVE-2016-4738:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738
https://bugs.chromium.org/p/chromium/issues/detail?id=619006

Patch copied from upstream source repository:
https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880

From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 10 Jun 2016 14:23:58 +0200
Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion

An empty decimal-separator could cause a heap overread. This can be
exploited to leak a couple of bytes after the buffer that holds the
pattern string.

Found with afl-fuzz and ASan.
---
 libxslt/numbers.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libxslt/numbers.c b/libxslt/numbers.c
index d1549b4..e78c46b 100644
--- a/libxslt/numbers.c
+++ b/libxslt/numbers.c
@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
     }
 
     /* We have finished the integer part, now work on fraction */
-    if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
+    if ( (*the_format != 0) &&
+         (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
         format_info.add_decimal = TRUE;
 	the_format += xsltUTF8Size(the_format);	/* Skip over the decimal */
     }
-- 
2.10.2

1845aee1fb4079fc71d93ba00e4b10be'>commit</a><a href='/guix/diff/tests/lint.scm?id=d5ecfb491845aee1fb4079fc71d93ba00e4b10be'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/lint.scm'>
<input type='hidden' name='id' value='d5ecfb491845aee1fb4079fc71d93ba00e4b10be'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=d5ecfb491845aee1fb4079fc71d93ba00e4b10be'>root</a>/<a href='/guix/log/tests?id=d5ecfb491845aee1fb4079fc71d93ba00e4b10be'>tests</a>/<a href='/guix/log/tests/lint.scm?id=d5ecfb491845aee1fb4079fc71d93ba00e4b10be'>lint.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/lint.scm?id=d5ecfb491845aee1fb4079fc71d93ba00e4b10be&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-12-07 12:48:26 +0100'>2020-12-07</span></td><td><a href='/guix/commit/tests/lint.scm?id=d8ae7852057d5c1818c9c8bb77e8c41407a0d985'>tests: lint: Add origin patch file name test cases.</a><span class='msg-avail'>...<span class='msg-tooltip'>In particular, "&lt;origin&gt; patches: same file name -&gt; no warnings" would
have caught the issue which was fixed in commit
21887021b9acf60157b1b0a39c16f2ec6498021b.

* tests/lint.scm (patches: file names): Rename this test case...
("file patches: different file name -&gt; warning"): ... to this.
("file patches: same file name -&gt; no warnings")
("&lt;origin&gt; patches: different file name -&gt; warning")
("&lt;origin&gt; patches: same file name -&gt; no warnings"): New test cases.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Chris Marusich</td></tr>
<tr><td><span title='2020-11-21 22:11:36 -0500'>2020-11-21</span></td><td><a href='/guix/commit/tests/lint.scm?id=464b1fffb0f08a452b4ee67ba23c87730d73568e'>lint: Add 'check-haskell-stackage' checker.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/lint.scm (check-haskell-stackage): New procedure.
(%network-dependent-checkers): Add 'haskell-stackage' checker.
* guix/import/hackage.scm (%hackage-url): New variable.
(hackage-source-url, hackage-cabal-url): Use it in place of a
hard-coded string.
* guix/import/stackage.scm (%stackage-url): Make it a parameter.
(stackage-lts-info-fetch): Update accordingly.
* tests/lint.scm ("hackage-stackage"): New test.
</span></span></td><td>Timothy Sample</td></tr>
<tr><td><span title='2020-11-21 12:39:14 +0100'>2020-11-21</span></td><td><a href='/guix/commit/tests/lint.scm?id=4f156c259f984f4f5a3692364746446294ee102c'>lint: Add 'patch-headers' checker.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/lint.scm (check-patch-headers): New procedure.
(%local-checkers): Add 'patch-headers' checker.
* tests/lint.scm ("patch headers: no warnings")
("patch headers: missing comment", "patch headers: empty")
("patch headers: patch not found"): New tests.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2020-12-07	tests: lint: Add origin patch file name test cases....In particular, "<origin> patches: same file name -> no warnings" would have caught the issue which was fixed in commit 21887021b9acf60157b1b0a39c16f2ec6498021b. * tests/lint.scm (patches: file names): Rename this test case... ("file patches: different file name -> warning"): ... to this. ("file patches: same file name -> no warnings") ("<origin> patches: different file name -> warning") ("<origin> patches: same file name -> no warnings"): New test cases. Signed-off-by: Ludovic Courtès <ludo@gnu.org>	Chris Marusich
2020-11-21	lint: Add 'check-haskell-stackage' checker....* guix/lint.scm (check-haskell-stackage): New procedure. (%network-dependent-checkers): Add 'haskell-stackage' checker. * guix/import/hackage.scm (%hackage-url): New variable. (hackage-source-url, hackage-cabal-url): Use it in place of a hard-coded string. * guix/import/stackage.scm (%stackage-url): Make it a parameter. (stackage-lts-info-fetch): Update accordingly. * tests/lint.scm ("hackage-stackage"): New test.	Timothy Sample
2020-11-21	lint: Add 'patch-headers' checker....* guix/lint.scm (check-patch-headers): New procedure. (%local-checkers): Add 'patch-headers' checker. * tests/lint.scm ("patch headers: no warnings") ("patch headers: missing comment", "patch headers: empty") ("patch headers: patch not found"): New tests.	Ludovic Courtès