kmx git

Commit	Date	Message
c64d4efb	2018-10-13T00:12:12	Remove redefined starts and defines inside include elements When including a grammar from another grammar, we need to make sure that any redefines of starts and includes that that grammar does inside any of its include elements are also removed.
46da8fc5	2018-10-12T23:46:24	Allow choice within choice in nameClass in RELAX NG The pattern nameClass allows for nested choice elements, for example <name> <choice> <choice> <name>a</name> <name>b</name> </choice> <name>c</name> </choice> </name> which is semantically equivalent to <name> <choice> <name>a</name> <name>b</name> <name>c</name> </choice> </name> The old code didn’t handle this correctly, as it never expected a choice inside another choice. This patch fixes this by flattening any nested choices. This pattern of nested choice elements comes up in RELAX NG simplification, where all choice elements are rewritten in this nested manner, see section 4.12 of the RELAX NG specification.
4338c310	2018-10-12T22:30:26	Look inside divs for starts and defines inside include RELAX NG allows for div elements inside of include elements. We need to look inside those div elements for start and define elements that may be redefining start and define elements in the included grammar.
123234f2	2018-09-11T14:52:07	Free input buffer in xmlHaltParser This avoids miscalculation of available bytes. Thanks to Yunho Kim for the report. Closes: #26
72182550	2017-11-04T15:38:58	Add test for ICU flush and pivot buffer
5af594d8	2017-10-07T14:54:45	Fix comparison of nodesets to strings Fix two bugs in xmlXPathNodeValHash which could lead to errors when comparing nodesets to strings: - Only use contents of text nodes to compute the hash for element nodes. Comments, PIs, and other node types don't affect the string-value and must be ignored. - Reset `string` to NULL for node types other than text. Reported by Aleksei on the mailing list: https://mail.gnome.org/archives/xml/2017-September/msg00016.html
69936b12	2017-08-30T14:16:01	Revert "Print error messages for truncated UTF-8 sequences" This reverts commit 79c8a6b which caused a serious regression in streaming mode. Also reverts part of commit 52ceced "Fix infinite loops with push parser in recovery mode". Fixes bug 786554.
899a5d9f	2017-07-25T14:59:49	Detect infinite recursion in parameter entities When expanding a parameter entity in a DTD, infinite recursion could lead to an infinite loop or memory exhaustion. Thanks to Wei Lei for the first of many reports. Fixes bug 759579.
872fea94	2017-06-19T00:24:12	Get rid of "blanks wrapper" for parameter entities Now that replacement of parameter entities goes exclusively through xmlSkipBlankChars, we can account for the surrounding space characters there and remove the "blanks wrapper" hack.
24246c76	2017-06-20T12:56:36	Fix xmlHaltParser Pop all extra input streams before resetting the input. Otherwise, a call to xmlPopInput could make input available again. Also set input->end to input->cur. Changes the test output for some error tests. Unfortunately, some fuzzed test cases were added to the test suite without manual cleanup. This makes it almost impossible to review the impact of later changes on the test output.
8bbe4508	2017-06-17T16:15:09	Spelling and grammar fixes Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other misspellings.
5f440d8c	2017-06-12T14:32:34	Rework entity boundary checks Make sure to finish all entities in the internal subset. Nevertheless, readd a sanity check in xmlParseStartTag2 that was lost in my previous commit. Also add a sanity check in xmlPopInput. Popping an input unexpectedly was the source of many recent memory bugs. The check doesn't mitigate such issues but helps with diagnosis. Always base entity boundary checks on the input ID, not the input pointer. The pointer could have been reallocated to the old address. Always throw a well-formedness error if a boundary check fails. In a few places, a validity error was thrown. Fix a few error codes and improve indentation.
dbaab1f3	2017-06-16T21:38:57	Test SAX2 callbacks with entity substitution This detects regressions like bug 760367.
67f9f9d6	2017-06-12T19:25:01	Misc fixes for 'make tests' - Silence test output. - Clean up after doc/examples tests. - Adjust expected output for script tests. - Add missing results for relaxng/pattern3 There are still two test failures I can't comment on: - regexp/bug316338 - schemas/any4_0
0b2d5c48	2017-06-12T19:10:04	Initialize keepBlanks in HTML parser This caused failures in the HTML push tests but the fix required to change the expected output of the HTML SAX tests.
85c112a0	2017-06-12T18:26:11	Add test cases for bug 758518 test/HTML/758518-entity.html exposed a bug in pushParseTest() in runtest.c which assumed that an input file was at least 4 bytes long. That test case is only 3 bytes, so we now take the minimum of 4 bytes or the length of the test input. We also now use 'chunkSize' in place of the hard-coded value '1024' later in the function.
79c8a6b1	2017-06-10T17:01:27	Print error messages for truncated UTF-8 sequences Before, truncated UTF-8 sequences at the end of a file were treated as EOF. Create an error message containing the offending bytes. xmlStringCurrentChar would also print characters from the input stream, not the string it's working on.
932cc989	2017-06-03T02:01:29	Fix buffer size checks in xmlSnprintfElementContent xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). Thanks to Marcel Böhme and Thuan Pham for the report.
e2663054	2017-06-05T15:37:17	Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= The NEXTL macro used to call xmlParserHandlePEReference. When parsing "complex" names inside the DTD, this could result in entity expansion which created a new input buffer. The fix is to simply remove the call to xmlParserHandlePEReference from the NEXTL macro. This is safe because no users of the macro require expansion of parameter entities. - xmlParseNameComplex - xmlParseNCNameComplex - xmlParseNmtoken The percent sign is not allowed in names, which are grammatical tokens. - xmlParseEntityValue Parameter-entity references in entity values are expanded but this happens in a separate step in this function. - xmlParseSystemLiteral Parameter-entity references are ignored in the system literal. - xmlParseAttValueComplex - xmlParseCharDataComplex - xmlParseCommentComplex - xmlParsePI - xmlParseCDSect Parameter-entity references are ignored outside the DTD. - xmlLoadEntityContent This function is only called from xmlStringLenDecodeEntities and entities are replaced in a separate step immediately after the function call. This bug could also be triggered with an internal subset and double entity expansion. This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== When parsing Names inside an expanded parameter entity with the XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the GROW macro if the input buffer was exhausted. At the end of the parameter entity's replacement text, this function would then call xmlPopInput which invalidated the input buffer. There should be no need to invoke GROW in this situation because the buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, at least for UTF-8, in xmlCurrentChar. This also matches the code path executed when XML_PARSE_OLD10 is not set. This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size.
7482f41f	2017-06-01T22:00:19	Check for integer overflow in xmlXPathFormatNumber Check for overflow before casting double to int. Found with afl-fuzz and UBSan.
855c19ef	2017-06-01T01:04:08	Avoid reparsing in xmlParseStartTag2 The code in xmlParseStartTag2 must handle the case that the input buffer was grown and reallocated which can invalidate pointers to attribute values. Before, this was handled by detecting changes of the input buffer "base" pointer and, in case of a change, jumping back to the beginning of the function and reparsing the start tag. The major problem of this approach is that whether an input buffer is reallocated is nondeterministic, resulting in seemingly random test failures. See the mailing list thread "runtest mystery bug: name2.xml error case regression test" from 2012, for example. If a reallocation was detected, the code also made no attempts to continue parsing in case of errors which makes a difference in the lax "recover" mode. Now we store the current input buffer "base" pointer for each (not separately allocated) attribute in the namespace URI field, which isn't used until later. After the whole start tag was parsed, the pointers to the attribute values are reconstructed using the offset between the new and the old input buffer. This relies on arithmetic on dangling pointers which is technically undefined behavior. But it seems like the easiest and most efficient fix and a similar approach is used in xmlParserInputGrow. This changes the error output of several tests, typically making it more verbose because we try harder to continue parsing in case of errors. (Another possible solution is to check not only the "base" pointer but the size of the input buffer as well. But this would result in even more reparsing.)
f4029cd4	2016-04-21T16:37:26	Check XPath exponents for overflow Avoid undefined behavior and wrong results with huge exponents. Found with afl-fuzz and UBSan.
a58331a6	2017-05-29T21:02:21	Check for overflow in xmlXPathIsPositionalPredicate Avoid undefined behavior when casting from double to int. Found with afl-fuzz and UBSan.
a851868a	2017-05-29T20:14:42	Parse small XPath numbers more accurately Don't count leading zeros towards the fraction size limit. This allows to parse numbers like 0.0000000000000000000000000000000000000000000000000000000001 which is the only standard-conformant way to represent such numbers, as scientific notation isn't allowed in XPath 1.0. (It is allowed in XPath 2.0 and in libxml2 as an extension, though.) Overall accuracy is still bad, see bug 783238.
4bebb030	2016-04-21T13:41:09	Rework XPath rounding functions Use the C library's floor and ceil functions. The old code was overly complicated for no apparent reason and could result in undefined behavior when handling NaNs (found with afl-fuzz and UBSan). Fix wrong comment in xmlXPathRoundFunction. The implementation was already following the spec and rounding half up.
40f58521	2017-05-26T20:16:35	Fix axis traversal from attribute and namespace nodes When traversing the "preceding" axis from an attribute node, we must first go up to the attribute's containing element. Otherwise, text children of other attributes could be returned. This made it possible to hit a code path in xmlXPathNextAncestor which contained another bug: The attribute node was initialized with the context node instead of the current node. Normally, this code path is only hit via xmlXPathNextAncestorOrSelf in which case the current and context node are the same. The combination of the two bugs could result in an infinite loop, found with libFuzzer. Traversing the "following" and the "preceding" axis from namespace nodes should be handled similarly. This wasn't supported at all previously.
9ab01a27	2016-06-28T14:22:23	Fix XPointer paths beginning with range-to The old code would invoke the broken xmlXPtrRangeToFunction. range-to isn't really a function but a special kind of location step. Remove this function and always handle range-to in the XPath code. The old xmlXPtrRangeToFunction could also be abused to trigger a use-after-free error with the potential for remote code execution. Found with afl-fuzz. Fixes CVE-2016-5131.
d8083bf7	2016-06-25T12:35:50	Fix NULL pointer deref in XPointer range-to - Check for errors after evaluating first operand. - Add sanity check for empty stack. Found with afl-fuzz.
0bcd05c5	2016-03-01T15:18:04	Heap-based buffer overread in htmlCurrentChar For https://bugzilla.gnome.org/show_bug.cgi?id=758606 * parserInternals.c: (xmlNextChar): Add an test to catch other issues on ctxt->input corruption proactively. For non-UTF-8 charsets, xmlNextChar() failed to check for the end of the input buffer and would continuing reading. Fix this by pulling out the check for the end of the input buffer into common code, and return if we reach the end of the input buffer prematurely. * result/HTML/758606.html: Added. * result/HTML/758606.html.err: Added. * result/HTML/758606.html.sax: Added. * result/HTML/758606_2.html: Added. * result/HTML/758606_2.html.err: Added. * result/HTML/758606_2.html.sax: Added. * test/HTML/758606.html: Added test case. * test/HTML/758606_2.html: Added test case.
00906759	2016-01-26T16:57:03	Heap-based buffer-underreads due to xmlParseName For https://bugzilla.gnome.org/show_bug.cgi?id=759573 * parser.c: (xmlParseElementDecl): Return early on invalid input to fix non-minimized test case (759573-2.xml). Otherwise the parser gets into a bad state in SKIP(3) at the end of the function. (xmlParseConditionalSections): Halt parsing when hitting invalid input that would otherwise caused xmlParserHandlePEReference() to recurse unexpectedly. This fixes the minimized test case (759573.xml). * result/errors/759573-2.xml: Add. * result/errors/759573-2.xml.err: Add. * result/errors/759573-2.xml.str: Add. * result/errors/759573.xml: Add. * result/errors/759573.xml.err: Add. * result/errors/759573.xml.str: Add. * test/errors/759573-2.xml: Add. * test/errors/759573.xml: Add.
38eae571	2016-03-07T14:04:08	Heap use-after-free in xmlSAX2AttributeNs For https://bugzilla.gnome.org/show_bug.cgi?id=759020 * parser.c: (xmlParseStartTag2): Attribute strings are only valid if the base does not change, so add another check where the base may change. Make sure to set 'attvalue' to NULL after freeing it. * result/errors/759020.xml: Added. * result/errors/759020.xml.err: Added. * result/errors/759020.xml.str: Added. * test/errors/759020.xml: Added test case.
beca86e8	2016-05-04T11:23:49	Detect change of encoding when parsing HTML names From https://bugzilla.gnome.org/show_bug.cgi?id=758518 Happens when a file has a name getting parsed, but no valid encoding set, so libxml has to guess what the encoding is. This patch detects when the buffer location changes, and if it does, restarts the parsing of the name. This slightly change a couple of regression tests output
45752d2c	2016-03-03T11:50:34	Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> * parser.c: (xmlParseNCNameComplex): Store start position instead of a pointer to the name since the underlying buffer may change, resulting in a stale pointer being used. * result/errors/759398.xml: Added. * result/errors/759398.xml.err: Added. * result/errors/759398.xml.str: Added. * test/errors/759398.xml: Added test case.
a820dbea	2016-03-01T11:34:04	Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> Reviewed by David Kilzer. * HTMLparser.c: (htmlParseName): Add bounds check. (htmlParseNameComplex): Ditto. * result/HTML/758605.html: Added. * result/HTML/758605.html.err: Added. * result/HTML/758605.html.sax: Added. * runtest.c: (pushParseTest): The input for the new test case was so small (4 bytes) that htmlParseChunk() was never called after htmlCreatePushParserCtxt(), thereby creating a false positive test failure. Fixed by using a do-while loop so we always call htmlParseChunk() at least once. * test/HTML/758605.html: Added.
db07dd61	2016-02-12T09:58:29	Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> * parser.c: (xmlParseEndTag2): Add bounds checks before dereferencing ctxt->input->cur past the end of the buffer, or incrementing the pointer past the end of the buffer. * result/errors/758588.xml: Add test result. * result/errors/758588.xml.err: Ditto. * result/errors/758588.xml.str: Ditto. * test/errors/758588.xml: Add regression test.
6eb0894a	2016-05-05T16:49:00	Fix memory leak with XPath namespace nodes Set hasNsNodes to 1 when adding namespace nodes via XP_TEST_HIT.
82b73039	2016-04-30T17:53:10	Fix namespace axis traversal When the namespace axis is traversed in "toBool" mode, the traversal can exit early, before visiting all nodes. In this case, the XPath context still contains a non-NULL tmpNsList. This means that - the check when to start a new traversal was wrong and - the tmpNsList could be leaked. Fixes bug #750037 and, by accident, bug #756075: https://bugzilla.gnome.org/show_bug.cgi?id=750037 https://bugzilla.gnome.org/show_bug.cgi?id=756075
839689a9	2016-04-27T18:00:12	Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression The ch1 slot of OP_VALUEs contains an invalid value. Ignore it. Fixes bug #760325: https://bugzilla.gnome.org/show_bug.cgi?id=760325
f39fd66e	2016-04-27T03:01:16	Fix namespace::node() XPath expression Make sure that xmlXPathNodeSetAddNs is called for namespace nodes when matched with a namespace::node() step. This correctly sets the parent of namespace nodes. Note that xmlXPathNodeSetAddNs must only be called if working on the namespace axis. Otherwise, the context node is not the parent of the namespace node and the standard XP_TEST_HIT macro must be invoked. This explains the errors in the C14N tests that the old TODO comment mentioned.
e2893903	2016-04-21T19:19:23	Fix parsing of NCNames in XPath The NCName parser would allow any NameChar as start character. For example, the following XPath expressions would compile: self::-abc self::0abc self::.abc
cad102b8	2016-04-15T22:41:24	Do normalize string-based datatype value in RelaxNG facet checking Original patch is from Jan Pokorný <jpokorny redhat com> https://mail.gnome.org/archives/xml/2013-November/msg00028.html Improve it according to reviews and add test files.
5be1a6e8	2016-01-19T11:38:52	Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd <https://bugzilla.gnome.org/show_bug.cgi?id=760861> Add missing test results to fix the following errors when running "make Schemastests": ## Schemas regression tests diff: ./result/schemas/regexp-char-ref_0_0.err: No such file or directory diff: ./result/schemas/regexp-char-ref_1_0.err: No such file or directory * result/schemas/regexp-char-ref_0_0.err: Added. * result/schemas/regexp-char-ref_1_0.err: Added.
49bbfdb6	2016-03-14T15:53:16	Add missing RNG test files For https://bugzilla.gnome.org/show_bug.cgi?id=760249 Add missing test results from Bug 710744 for commit 6473a41a49601da8355c4b407b99474ada170213.
4f8606c1	2016-01-05T13:38:09	Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> * parser.c: (xmlCheckCdataPush): Add 'complete' argument to describe whether the buffer passed in is the whole CDATA buffer, or if there is more data to parse. If there is more data to parse, don't return a negative value for an invalid multi-byte UTF-8 character that is split between buffers. (xmlParseTryOrFinish): Pass 'complete' argument to xmlCheckCdataPush() as appropriate. * result/cdata-2-byte-UTF-8.xml: Added. * result/cdata-2-byte-UTF-8.xml.rde: Added. * result/cdata-2-byte-UTF-8.xml.rdr: Added. * result/cdata-2-byte-UTF-8.xml.sax: Added. * result/cdata-2-byte-UTF-8.xml.sax2: Added. * result/cdata-3-byte-UTF-8.xml: Added. * result/cdata-3-byte-UTF-8.xml.rde: Added. * result/cdata-3-byte-UTF-8.xml.rdr: Added. * result/cdata-3-byte-UTF-8.xml.sax: Added. * result/cdata-3-byte-UTF-8.xml.sax2: Added. * result/cdata-4-byte-UTF-8.xml: Added. * result/cdata-4-byte-UTF-8.xml.rde: Added. * result/cdata-4-byte-UTF-8.xml.rdr: Added. * result/cdata-4-byte-UTF-8.xml.sax: Added. * result/cdata-4-byte-UTF-8.xml.sax2: Added. * result/noent/cdata-2-byte-UTF-8.xml: Added. * result/noent/cdata-3-byte-UTF-8.xml: Added. * result/noent/cdata-4-byte-UTF-8.xml: Added. * test/cdata-2-byte-UTF-8.xml: Added. * test/cdata-3-byte-UTF-8.xml: Added. * test/cdata-4-byte-UTF-8.xml: Added. - Add tests and results. Only 'make Readertests XMLPushtests' fails prior to the fix.
a7a94612	2016-02-09T12:55:29	Heap-based buffer overread in xmlNextChar For https://bugzilla.gnome.org/show_bug.cgi?id=759671 when the end of the internal subset isn't properly detected xmlParseInternalSubset should just return instead of trying to process input further.
f1063fdb	2015-11-20T16:06:59	CVE-2015-7500 Fix memory access error due to incorrect entities boundaries For https://bugzilla.gnome.org/show_bug.cgi?id=756525 handle properly the case where we popped out of the current entity while processing a start tag Reported by Kostya Serebryany @ Google This slightly modifies the output of 754946 in regression tests
4a5d80ad	2015-09-18T15:06:46	Fix a bug in CData error handling in the push parser For https://bugzilla.gnome.org/show_bug.cgi?id=754947 The checking function was returning incorrect args in some cases Adds the test to teh reg suite and fix one of the existing test output
51f02b0a	2015-09-15T16:50:32	Fix a bug on name parsing at the end of current input buffer For https://bugzilla.gnome.org/show_bug.cgi?id=754946 When hitting the end of the current input buffer while parsing a name we could end up loosing the beginning of the name, which led to various issues.
ef709ce2	2015-09-10T19:41:41	Fix the spurious ID already defined error For https://bugzilla.gnome.org/show_bug.cgi?id=737840 the fix for 724903 introduced a regression on external entities carrying IDs, revert that patch in part and add a specific test to avoid readding it
2fab235d	2015-03-16T08:38:36	Fix support for except in nameclasses For https://bugzilla.gnome.org/show_bug.cgi?id=565219 The code was imply missing even if simple, added a few regression tests.
02b252d7	2015-03-08T17:00:37	Regression test for bug #695699
342658a1	2015-03-08T16:46:04	Add a couple of XPath tests
f6aaabce	2015-03-08T16:05:26	Allow attributes on descendant-or-self axis If the context node is an attribute, the attribute itself is on the descendant-or-self axis. The principal node type of this axis is element, so the only node test that can return the attribute is "node()". In other words, "@attr/descendant-or-self::node()" is equivalent to "@attr". This matches the behavior of Saxon-CE.
df23f584	2014-10-23T13:52:47	Adding example from bugs 738805 to regression tests For https://bugzilla.gnome.org/show_bug.cgi?id=738805 Tortuous test case provided by pierre.labastie@neuf.fr
6473a41a	2013-10-23T14:51:33	Implement choice for name classes on attributes https://bugzilla.gnome.org/show_bug.cgi?id=710744
dcc19503	2013-05-22T22:56:45	Fix a parsing bug on non-ascii element and CR/LF usage https://bugzilla.gnome.org/show_bug.cgi?id=698550 Somehow the behaviour of the internal parser routine changed slightly when encountering CR/LF, which led to a bug when parsing document with non-ascii Names
483272f3	2013-03-27T13:37:14	Added a regression tests from bug 694228 data Provided by Mark Rowe <mrowe@apple.com>
a3f1e3e5	2013-03-11T13:57:53	Avoid extra processing on entities If an entity has already been checked for correctness no need to check it on every reference
a7982ce2	2012-10-25T15:39:39	Adding streaming validation to runtest checks
f933c898	2012-09-07T19:32:12	Keep non-significant blanks node in HTML parser For https://bugzilla.gnome.org/show_bug.cgi?id=681822 Regardless if the option HTML_PARSE_NOBLANKS is set or not, blank nodes are removed from a HTML document, for example: <html> <head> <title>This is a test.</title> </head> <body> <p>This is a test.</p> </body> </html> is read as: <html><head><title>This is a test.</title></head><body> <p>This is a test.</p> </body></html> This changes the default behaviour but the old behaviour is available as expected when using the parser flag HTML_PARSE_NOBLANKS Based on original patch from Igor Ignatyuk <igor_ignatiouk@hotmail.com> * HTMLparser.c: change various places in the parser where ignorable_space SAX callback was called without checking for the parser flag preference * xmllint.c: make sure we use the new flag even for HTML parsing * result/HTML/*: this modifies the output of a number of tests
e7bf892d	2012-07-30T20:09:25	Improve error reporting on parser errors The extra string was being dismissed when provided. * parser.c: handle bot case properly * result/: this changes a few error reports
4629ee02	2012-07-23T14:15:40	Do not fetch external parsed entities Unless explicietely asked for when validating or replacing entities with their value. Problem pointed out by Tom Lane <tgl@redhat.com> * parser.c: do not load external parsed entities unless needed * test/errors/extparsedent.xml result/errors/extparsedent.xml*: add a regression test to avoid change of the behaviour in the future
a0cd075d	2012-05-11T19:31:12	HTML parser error with <noscript> in the <head> For https://bugzilla.gnome.org/show_bug.cgi?id=615785 When the <noscript> is found, <head> is closed and a <body> element is created. The real <body id="xxx"> gets skipped over, so I can't see any of the body's attributes. Just don't close <head> when encountering a <noscript> Add a regression test too
4609e6c9	2012-05-11T15:31:05	XSD: optional element in complex type extension For https://bugzilla.gnome.org/show_bug.cgi?id=609796 Libxml2 fails to validate an instance document against a schema if an element whose type is a complex extension of some base type with an optional child element and that child element is not specified in the instance document. For example, suppose I have some complex type BaseType that is defined to have one child element in a sequence group that has minOccurs set to 0
868d92da	2012-05-10T15:34:57	Add HTML parser support for HTML5 meta charset encoding declaration For https://bugzilla.gnome.org/show_bug.cgi?id=655218 http://www.w3.org/TR/2011/WD-html5-20110525/semantics.html#the-meta-element """ The charset attribute specifies the character encoding used by the document. This is a character encoding declaration. If the attribute is present in an XML document, its value must be an ASCII case-insensitive match for the string "UTF-8" (and the document is therefore forced to use UTF-8 as its encoding). """ However, while <meta http-equiv="Content-Type" content="text/html; charset=utf8"> works, <meta charset="utf8"> does not. While libxml2 HTML parser is not tuned for HTML5, this is a simple addition Also added a testcase
77b77b13	2012-01-26T19:11:02	Fix SAX2 builder in case of undefined element namespaces Work as in XML-1.0 before namespaces, and use prefix:localname as the new element name (and no namespace of course) Also fix 3 cases in the regression tests where the prefix: was erroneously dropped in such case
cb3549e3	2011-11-11T11:25:07	Improve the error report on undefined REFs Use the tree node to provide the error context instead of the parser input which is not relevant anymore, based on a suggestion by François Delyon <f.delyon@satimage.fr>
3c080d6d	2010-03-15T15:47:50	Don't give default HTML boolean attribute values in parser * HTMLparser.c: don't default value of HTML boolean attributes in the parser * SAX2.c: move this to SAX2 tree building backend * result/HTML/doc2.htm.sax result/HTML/doc3.htm.sax result/HTML/wired.html.sax: this changes a few HTML SAX regression tests
aa422d92	2009-09-24T11:31:48	595792 fixing a RelaxNG bug introduced in 2.7.4 * relaxng.c: refs definitions added from inported schemas should not be processed as refs from the main schemas * test/relaxng/595792* result/relaxng/595792*: add the test to the regression suite
9332b48f	2009-09-23T18:28:43	Fix a Relaxng bug raised by libvirt test suite * xmlregexp.c: other fixes in 2.7.4 raised this internal error when comparing ranges, this affects among others detection of the determinism * test/relaxng/libvirt* result/relaxng/libvirt*: add a test case based on libvirt schemas and tests
1ba2aca3	2009-08-31T16:47:39	492317 Fix Relax-NG validation problems * relaxng.c xmlregexp.c: a subtle problem when checking for compileable content model, if using the same elements in cases of choices. Handled by adding a special flag to the regexp compilation to detect transitions with different atoms using same strings. * test/relaxng/492317* result/relaxng/492317*: add the test to the regression suite
ec18c960	2009-08-26T18:37:43	558452 fight with reg test and error report * relaxng.c: tiny fix and provide more context on some errors * result/relaxng/558452_0* test/relaxng/558452: add some regression tests for the bugs Makefile.am runtest.c: fight with the fact streaming error messages can differ due to missing node context
4013e83e	2009-08-26T17:24:31	579746 XSD validation not correct / nilable groups * xmlschemas.c: when a particle need to be processed via counted transition, if the group is nillable, the counting won't work, so keep track of nillable subset as they are built and generate the appropriate epsilon transitions as needed * test/schemas/579746* result/schemas/579746*: add related test cases based on the bug report
a6c76a26	2009-08-26T14:37:00	566012 part 2 fix regresion tests and push mode * test/utf16bebom.xml: regression test showed that this test case was broken but previous behaviour would not detect it ! * parser.c: fix 566012 for the push mode of the parser, tricky ! * test/ebcdic_566012.xml result//ebcdic_566012.xml*: add the test to the regression suite
283d5027	2009-08-25T17:18:39	587663 Incorrect Attribute-Value Normalization * parser.c: when replacing entities and that the entity is CDATA and reference entities then white space character in replacement text need to be replaced by 0x20 * result/noent/att10: correct the output of the associated regression test
d80d0728	2009-08-22T18:56:01	559410 - Regexp bug on (...)? constructs * xmlregexp.c: fix a regexp bug on some (...)? constructs * test/schemas/nvdcve* result/schemas/nvdcve*: add the tests to the regression suite
a721612e	2009-08-21T18:22:58	446613 small validation bug mixed content with NS * valid.c: fix a bug when valdating mixed content lists and some name use namespaces prefixes. * result/valid/notes.xml* test/valid/dtds/notes.dtd * test/valid/notes.xml: add the test case to the regression suite
bd56c443	2009-08-12T15:39:23	571271 fix semantic of xsd:all with minOccurs=0 * xmlschemas.c: apparently we though it allowed any of the sub elements to be missing, and probably not what's expected from the spec, though it used to forbid it c.f.: http://lists.xml.org/archives/xml-dev/200109/msg00512.html asking HT for confirmation but it's likely that we were wrong on the semantic * result/schemas/all_1_[367]*: this changes the output of soem of our internal regression tests
be390ed0	2009-08-12T12:40:39	Test case for 570702
edc68aad	2009-08-07T20:29:33	582906 XSD validating multiple imports of the same schema * xmlschemas.c: When validating a schema that includes the same file that has no targetNamespace defined an internal erro was thrown, depending on the orig namespace that should be allowed though * test/schemas/582906-* result/schemas/582906-*: 2 tests case, one where this is allowed, and one where this is forbidden
d9960720	2009-08-07T19:01:32	Bug 582887 – problems validating complex schemas * xmlschemas.c: fixes the problem faced when importing the same schemas multiple times but from different places which is allowed * test/schemas/582887* result/schemas/582887*: adding the specific test to the regressions
83868247	2009-07-09T10:26:22	Aleksey Sanin support for c14n 1.1 * c14n.c include/libxml/c14n.h: adds support for C14N 1.1, new flags at the API level * runtest.c Makefile.am testC14N.c xmllint.c: add support in CLI tools and test binaries * result/c14n/1-1-without-comments/* test/c14n/1-1-without-comments/*: add a new batch of tests
7f4547cd	2008-10-03T07:58:23	preparing the release of 2.7.2 fix the Solaris portability issue * configure.in doc/* NEWS: preparing the release of 2.7.2 * dict.c: fix the Solaris portability issue * parser.c: additional cleanup on #554660 fix * test/ent13 result/ent13* result/noent/ent13: added the example in the regression test suite. HTMLparser.c: handle leading BOM in htmlParseElement() Daniel svn path=/trunk/; revision=3799
a57ba4ce	2008-09-25T16:06:18	fix an HTML parsing error on large data sections reported by Mike Day add * HTMLparser.c: fix an HTML parsing error on large data sections reported by Mike Day * test/HTML/utf8bug.html result/HTML/utf8bug.html.err result/HTML/utf8bug.html.sax result/HTML/utf8bug.html: add the reproducer to the test suite daniel svn path=/trunk/; revision=3797
0161e638	2008-08-28T15:36:32	completely different fix for the recursion detection based on entity * parser.c include/libxml/parser.h: completely different fix for the recursion detection based on entity density, big cleanups in the entity parsing code too * result/.sax: the parser should not ask for used defined versions of the predefined entities * testrecurse.c: automatic test for entity recursion checks * Makefile.am: added testrecurse * test/recurse/lol* test/recurse/good*: a first set of tests for the recursion Daniel svn path=/trunk/; revision=3783
bf9c1dad	2008-08-26T07:46:42	add the testchar to 'make check' Volker Grabsch pointed out a typo * Makefile.am: add the testchar to 'make check' * xmlschemas.c: Volker Grabsch pointed out a typo * xmlregexp.c: production [19] from XML Schemas regexps were a mistake removed in version REC-xmlschema-2-20041028, Volker Grabsch provided a patch to remove it * test/schemas/regexp-char-ref_0.xml test/schemas/regexp-char-ref_0.xsd test/schemas/regexp-char-ref_1.xsd result/schemas/regexp-char-ref_0_0 result/schemas/regexp-char-ref_1_0: Volker Grabsch also provided regession tests for this Daniel svn path=/trunk/; revision=3776
d7af5553	2008-08-04T15:29:44	rewrite the URI parser to update to rfc3986 (from 2396) removed the error * uri.c include/libxml/uri.h: rewrite the URI parser to update to rfc3986 (from 2396) * test/errors/webdav.xml result/errors/webdav.xml: removed the error test, 'DAV:' is a correct URI under 3986 Makefile.am: small cleanup in make check Daniel svn path=/trunk/; revision=3763
37334576	2008-07-31T08:20:02	added a skipped list, insert rmt-ns10-035 improve 'make check' clean up * runxmlconf.c: added a skipped list, insert rmt-ns10-035 * Makefile.am: improve 'make check' * include/libxml/xmlerror.h parser.c: clean up namespace errors checking and reporting, errors when a document is labelled as UTF-16 while it is parsed as UTF-8 and no encoding was given explicitely. * result/errors/webdav.xml.*: some warnings are no recategorized as Namespace errors Daniel svn path=/trunk/; revision=3761
97c9ce2e	2008-03-25T16:52:41	fix various attribute normalisation problems reported by Ashwin this * parser.c: fix various attribute normalisation problems reported by Ashwin * result/c14n/without-comments/example-4 result/c14n/with-comments/example-4: this impacted the result of two c14n tests :-\ * test/att9 test/att10 test/att11 result//att9* result//att10* result//att11*: added 3 specific regression tests coming from the XML spec revision and from Ashwin Daniel svn path=/trunk/; revision=3715
8bf64aef	2008-03-24T20:45:21	fix a problem reported by Ashwin for system parameter entities referenced * parser.c: fix a problem reported by Ashwin for system parameter entities referenced from entities in external subset, add a specific loading routine. * test/valid/dtds/external.ent test/valid/dtds/external2.ent test/valid/t11.xml result/valid/t11.xml*: added the test to the regression suite Daniel svn path=/trunk/; revision=3713
d0d2f090	2008-03-07T16:50:21	fix handling of empty CDATA nodes as reported and discussed around #514181 * xmlsave.c parser.c: fix handling of empty CDATA nodes as reported and discussed around #514181 and associated patches * test/emptycdata.xml result/emptycdata.xml* result/noent/emptycdata.xml: added a specific test in the regression suite. Daniel svn path=/trunk/; revision=3701
57c9db07	2008-03-06T14:37:10	poblem with encoding detection for UTF-16 reported by Ashwin and found by * encoding.c: poblem with encoding detection for UTF-16 reported by Ashwin and found by Bill * test/valid/dtds/utf16b.ent test/valid/dtds/utf16l.ent test/valid/UTF16Entity.xml result/valid/UTF16Entity.xml*: added the example to the regression tests Daniel svn path=/trunk/; revision=3700
041b687e	2008-02-08T10:37:18	apply patch from Andrew Tosh to fix behaviour when '.' is used in a * xmlregexp.c: apply patch from Andrew Tosh to fix behaviour when '.' is used in a posCharGroup * test/schemas/poschargrp0_0.* result/schemas/poschargrp0_0_0*: added the test to the regression suite Daniel svn path=/trunk/; revision=3687
c707d0b7	2008-01-24T14:48:54	fix a memeory leak in internal subset parsing with a fix from Ashwin add * parser.c: fix a memeory leak in internal subset parsing with a fix from Ashwin * test/errors/content1.xml result/errors/content1.xml*: add test to regressions Daniel svn path=/trunk/; revision=3680
c821e03c	2007-08-28T17:33:45	another nasty regexp case fixed. added to regression suite Daniel * xmlregexp.c: another nasty regexp case fixed. * test/regexp/ranges2 result/regexp/ranges2: added to regression suite Daniel svn path=/trunk/; revision=3658
3888f472	2007-08-23T09:29:03	applied patch from Frank Gross fixing Schemas IDC import bug #455953 and * xmlschemas.c test/schemas/455953 result/schemas/bug455953*: applied patch from Frank Gross fixing Schemas IDC import bug #455953 and also add the test to the regression suite Daniel svn path=/trunk/; revision=3652
da629347	2007-08-01T07:49:06	fixed a parser bug where invalid char in comment may not be detected, * parser.c: fixed a parser bug where invalid char in comment may not be detected, reported by Ashwin Sinha * test/errors/comment1.xml result/errors/comment1.xml*: added the example to the regression suite Daniel svn path=/trunk/; revision=3647
dfac946c	2007-06-12T14:44:32	fixed the push mode when a big comment occurs before an internal subset, * parser.c: fixed the push mode when a big comment occurs before an internal subset, should close bug #438835 * test/comment6.xml result//comment6.xml*: added a special test in the regression suite Daniel svn path=/trunk/; revision=3635
b9e5acc4	2007-06-12T13:43:00	fix bug #414846 where invalid characters in attributes would sometimes not * parser.c: fix bug #414846 where invalid characters in attributes would sometimes not be detected. * test/errors/attr4.xml result/errors/attr4.xml*: added a specific test case to the regression tests Daniel svn path=/trunk/; revision=3634
42720248	2007-04-16T07:02:31	change the way script/style are parsed to not try to detect comments, * HTMLparser.c: change the way script/style are parsed to not try to detect comments, reported by Mike Day * result/HTML/doc3.*: affects the result of that test Daniel svn path=/trunk/; revision=3598

c64d4efb

2018-10-13T00:12:12

Remove redefined starts and defines inside include elements When including a grammar from another grammar, we need to make sure that any redefines of starts and includes that that grammar does inside any of its include elements are also removed.

46da8fc5

2018-10-12T23:46:24

Allow choice within choice in nameClass in RELAX NG The pattern nameClass allows for nested choice elements, for example <name> <choice> <choice> <name>a</name> <name>b</name> </choice> <name>c</name> </choice> </name> which is semantically equivalent to <name> <choice> <name>a</name> <name>b</name> <name>c</name> </choice> </name> The old code didn’t handle this correctly, as it never expected a choice inside another choice. This patch fixes this by flattening any nested choices. This pattern of nested choice elements comes up in RELAX NG simplification, where all choice elements are rewritten in this nested manner, see section 4.12 of the RELAX NG specification.

4338c310

2018-10-12T22:30:26

Look inside divs for starts and defines inside include RELAX NG allows for div elements inside of include elements. We need to look inside those div elements for start and define elements that may be redefining start and define elements in the included grammar.

123234f2

2018-09-11T14:52:07

Free input buffer in xmlHaltParser This avoids miscalculation of available bytes. Thanks to Yunho Kim for the report. Closes: #26

72182550

2017-11-04T15:38:58

Add test for ICU flush and pivot buffer

5af594d8

2017-10-07T14:54:45

Fix comparison of nodesets to strings Fix two bugs in xmlXPathNodeValHash which could lead to errors when comparing nodesets to strings: - Only use contents of text nodes to compute the hash for element nodes. Comments, PIs, and other node types don't affect the string-value and must be ignored. - Reset `string` to NULL for node types other than text. Reported by Aleksei on the mailing list: https://mail.gnome.org/archives/xml/2017-September/msg00016.html

69936b12

2017-08-30T14:16:01

Revert "Print error messages for truncated UTF-8 sequences" This reverts commit 79c8a6b which caused a serious regression in streaming mode. Also reverts part of commit 52ceced "Fix infinite loops with push parser in recovery mode". Fixes bug 786554.

899a5d9f

2017-07-25T14:59:49

Detect infinite recursion in parameter entities When expanding a parameter entity in a DTD, infinite recursion could lead to an infinite loop or memory exhaustion. Thanks to Wei Lei for the first of many reports. Fixes bug 759579.

872fea94

2017-06-19T00:24:12

Get rid of "blanks wrapper" for parameter entities Now that replacement of parameter entities goes exclusively through xmlSkipBlankChars, we can account for the surrounding space characters there and remove the "blanks wrapper" hack.

24246c76

2017-06-20T12:56:36

Fix xmlHaltParser Pop all extra input streams before resetting the input. Otherwise, a call to xmlPopInput could make input available again. Also set input->end to input->cur. Changes the test output for some error tests. Unfortunately, some fuzzed test cases were added to the test suite without manual cleanup. This makes it almost impossible to review the impact of later changes on the test output.

8bbe4508

2017-06-17T16:15:09

Spelling and grammar fixes Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other misspellings.

5f440d8c

2017-06-12T14:32:34

Rework entity boundary checks Make sure to finish all entities in the internal subset. Nevertheless, readd a sanity check in xmlParseStartTag2 that was lost in my previous commit. Also add a sanity check in xmlPopInput. Popping an input unexpectedly was the source of many recent memory bugs. The check doesn't mitigate such issues but helps with diagnosis. Always base entity boundary checks on the input ID, not the input pointer. The pointer could have been reallocated to the old address. Always throw a well-formedness error if a boundary check fails. In a few places, a validity error was thrown. Fix a few error codes and improve indentation.

dbaab1f3

2017-06-16T21:38:57

Test SAX2 callbacks with entity substitution This detects regressions like bug 760367.

67f9f9d6

2017-06-12T19:25:01

Misc fixes for 'make tests' - Silence test output. - Clean up after doc/examples tests. - Adjust expected output for script tests. - Add missing results for relaxng/pattern3 There are still two test failures I can't comment on: - regexp/bug316338 - schemas/any4_0

0b2d5c48

2017-06-12T19:10:04

Initialize keepBlanks in HTML parser This caused failures in the HTML push tests but the fix required to change the expected output of the HTML SAX tests.

85c112a0

2017-06-12T18:26:11

Add test cases for bug 758518 test/HTML/758518-entity.html exposed a bug in pushParseTest() in runtest.c which assumed that an input file was at least 4 bytes long. That test case is only 3 bytes, so we now take the minimum of 4 bytes or the length of the test input. We also now use 'chunkSize' in place of the hard-coded value '1024' later in the function.

79c8a6b1

2017-06-10T17:01:27

Print error messages for truncated UTF-8 sequences Before, truncated UTF-8 sequences at the end of a file were treated as EOF. Create an error message containing the offending bytes. xmlStringCurrentChar would also print characters from the input stream, not the string it's working on.

932cc989

2017-06-03T02:01:29

Fix buffer size checks in xmlSnprintfElementContent xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). Thanks to Marcel Böhme and Thuan Pham for the report.

e2663054

2017-06-05T15:37:17

Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= The NEXTL macro used to call xmlParserHandlePEReference. When parsing "complex" names inside the DTD, this could result in entity expansion which created a new input buffer. The fix is to simply remove the call to xmlParserHandlePEReference from the NEXTL macro. This is safe because no users of the macro require expansion of parameter entities. - xmlParseNameComplex - xmlParseNCNameComplex - xmlParseNmtoken The percent sign is not allowed in names, which are grammatical tokens. - xmlParseEntityValue Parameter-entity references in entity values are expanded but this happens in a separate step in this function. - xmlParseSystemLiteral Parameter-entity references are ignored in the system literal. - xmlParseAttValueComplex - xmlParseCharDataComplex - xmlParseCommentComplex - xmlParsePI - xmlParseCDSect Parameter-entity references are ignored outside the DTD. - xmlLoadEntityContent This function is only called from xmlStringLenDecodeEntities and entities are replaced in a separate step immediately after the function call. This bug could also be triggered with an internal subset and double entity expansion. This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== When parsing Names inside an expanded parameter entity with the XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the GROW macro if the input buffer was exhausted. At the end of the parameter entity's replacement text, this function would then call xmlPopInput which invalidated the input buffer. There should be no need to invoke GROW in this situation because the buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, at least for UTF-8, in xmlCurrentChar. This also matches the code path executed when XML_PARSE_OLD10 is not set. This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size.

7482f41f

2017-06-01T22:00:19

Check for integer overflow in xmlXPathFormatNumber Check for overflow before casting double to int. Found with afl-fuzz and UBSan.

855c19ef

2017-06-01T01:04:08

Avoid reparsing in xmlParseStartTag2 The code in xmlParseStartTag2 must handle the case that the input buffer was grown and reallocated which can invalidate pointers to attribute values. Before, this was handled by detecting changes of the input buffer "base" pointer and, in case of a change, jumping back to the beginning of the function and reparsing the start tag. The major problem of this approach is that whether an input buffer is reallocated is nondeterministic, resulting in seemingly random test failures. See the mailing list thread "runtest mystery bug: name2.xml error case regression test" from 2012, for example. If a reallocation was detected, the code also made no attempts to continue parsing in case of errors which makes a difference in the lax "recover" mode. Now we store the current input buffer "base" pointer for each (not separately allocated) attribute in the namespace URI field, which isn't used until later. After the whole start tag was parsed, the pointers to the attribute values are reconstructed using the offset between the new and the old input buffer. This relies on arithmetic on dangling pointers which is technically undefined behavior. But it seems like the easiest and most efficient fix and a similar approach is used in xmlParserInputGrow. This changes the error output of several tests, typically making it more verbose because we try harder to continue parsing in case of errors. (Another possible solution is to check not only the "base" pointer but the size of the input buffer as well. But this would result in even more reparsing.)

f4029cd4

2016-04-21T16:37:26

Check XPath exponents for overflow Avoid undefined behavior and wrong results with huge exponents. Found with afl-fuzz and UBSan.

a58331a6

2017-05-29T21:02:21

Check for overflow in xmlXPathIsPositionalPredicate Avoid undefined behavior when casting from double to int. Found with afl-fuzz and UBSan.

a851868a

2017-05-29T20:14:42

Parse small XPath numbers more accurately Don't count leading zeros towards the fraction size limit. This allows to parse numbers like 0.0000000000000000000000000000000000000000000000000000000001 which is the only standard-conformant way to represent such numbers, as scientific notation isn't allowed in XPath 1.0. (It is allowed in XPath 2.0 and in libxml2 as an extension, though.) Overall accuracy is still bad, see bug 783238.

4bebb030

2016-04-21T13:41:09

Rework XPath rounding functions Use the C library's floor and ceil functions. The old code was overly complicated for no apparent reason and could result in undefined behavior when handling NaNs (found with afl-fuzz and UBSan). Fix wrong comment in xmlXPathRoundFunction. The implementation was already following the spec and rounding half up.

40f58521

2017-05-26T20:16:35

Fix axis traversal from attribute and namespace nodes When traversing the "preceding" axis from an attribute node, we must first go up to the attribute's containing element. Otherwise, text children of other attributes could be returned. This made it possible to hit a code path in xmlXPathNextAncestor which contained another bug: The attribute node was initialized with the context node instead of the current node. Normally, this code path is only hit via xmlXPathNextAncestorOrSelf in which case the current and context node are the same. The combination of the two bugs could result in an infinite loop, found with libFuzzer. Traversing the "following" and the "preceding" axis from namespace nodes should be handled similarly. This wasn't supported at all previously.

9ab01a27

2016-06-28T14:22:23

Fix XPointer paths beginning with range-to The old code would invoke the broken xmlXPtrRangeToFunction. range-to isn't really a function but a special kind of location step. Remove this function and always handle range-to in the XPath code. The old xmlXPtrRangeToFunction could also be abused to trigger a use-after-free error with the potential for remote code execution. Found with afl-fuzz. Fixes CVE-2016-5131.

d8083bf7

2016-06-25T12:35:50

Fix NULL pointer deref in XPointer range-to - Check for errors after evaluating first operand. - Add sanity check for empty stack. Found with afl-fuzz.

0bcd05c5

2016-03-01T15:18:04

Heap-based buffer overread in htmlCurrentChar For https://bugzilla.gnome.org/show_bug.cgi?id=758606 * parserInternals.c: (xmlNextChar): Add an test to catch other issues on ctxt->input corruption proactively. For non-UTF-8 charsets, xmlNextChar() failed to check for the end of the input buffer and would continuing reading. Fix this by pulling out the check for the end of the input buffer into common code, and return if we reach the end of the input buffer prematurely. * result/HTML/758606.html: Added. * result/HTML/758606.html.err: Added. * result/HTML/758606.html.sax: Added. * result/HTML/758606_2.html: Added. * result/HTML/758606_2.html.err: Added. * result/HTML/758606_2.html.sax: Added. * test/HTML/758606.html: Added test case. * test/HTML/758606_2.html: Added test case.

00906759

2016-01-26T16:57:03

Heap-based buffer-underreads due to xmlParseName For https://bugzilla.gnome.org/show_bug.cgi?id=759573 * parser.c: (xmlParseElementDecl): Return early on invalid input to fix non-minimized test case (759573-2.xml). Otherwise the parser gets into a bad state in SKIP(3) at the end of the function. (xmlParseConditionalSections): Halt parsing when hitting invalid input that would otherwise caused xmlParserHandlePEReference() to recurse unexpectedly. This fixes the minimized test case (759573.xml). * result/errors/759573-2.xml: Add. * result/errors/759573-2.xml.err: Add. * result/errors/759573-2.xml.str: Add. * result/errors/759573.xml: Add. * result/errors/759573.xml.err: Add. * result/errors/759573.xml.str: Add. * test/errors/759573-2.xml: Add. * test/errors/759573.xml: Add.

38eae571

2016-03-07T14:04:08

Heap use-after-free in xmlSAX2AttributeNs For https://bugzilla.gnome.org/show_bug.cgi?id=759020 * parser.c: (xmlParseStartTag2): Attribute strings are only valid if the base does not change, so add another check where the base may change. Make sure to set 'attvalue' to NULL after freeing it. * result/errors/759020.xml: Added. * result/errors/759020.xml.err: Added. * result/errors/759020.xml.str: Added. * test/errors/759020.xml: Added test case.

beca86e8

2016-05-04T11:23:49

Detect change of encoding when parsing HTML names From https://bugzilla.gnome.org/show_bug.cgi?id=758518 Happens when a file has a name getting parsed, but no valid encoding set, so libxml has to guess what the encoding is. This patch detects when the buffer location changes, and if it does, restarts the parsing of the name. This slightly change a couple of regression tests output

45752d2c

2016-03-03T11:50:34

Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> * parser.c: (xmlParseNCNameComplex): Store start position instead of a pointer to the name since the underlying buffer may change, resulting in a stale pointer being used. * result/errors/759398.xml: Added. * result/errors/759398.xml.err: Added. * result/errors/759398.xml.str: Added. * test/errors/759398.xml: Added test case.

a820dbea

2016-03-01T11:34:04

Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> Reviewed by David Kilzer. * HTMLparser.c: (htmlParseName): Add bounds check. (htmlParseNameComplex): Ditto. * result/HTML/758605.html: Added. * result/HTML/758605.html.err: Added. * result/HTML/758605.html.sax: Added. * runtest.c: (pushParseTest): The input for the new test case was so small (4 bytes) that htmlParseChunk() was never called after htmlCreatePushParserCtxt(), thereby creating a false positive test failure. Fixed by using a do-while loop so we always call htmlParseChunk() at least once. * test/HTML/758605.html: Added.

db07dd61

2016-02-12T09:58:29

Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> * parser.c: (xmlParseEndTag2): Add bounds checks before dereferencing ctxt->input->cur past the end of the buffer, or incrementing the pointer past the end of the buffer. * result/errors/758588.xml: Add test result. * result/errors/758588.xml.err: Ditto. * result/errors/758588.xml.str: Ditto. * test/errors/758588.xml: Add regression test.

6eb0894a

2016-05-05T16:49:00

Fix memory leak with XPath namespace nodes Set hasNsNodes to 1 when adding namespace nodes via XP_TEST_HIT.

82b73039

2016-04-30T17:53:10

Fix namespace axis traversal When the namespace axis is traversed in "toBool" mode, the traversal can exit early, before visiting all nodes. In this case, the XPath context still contains a non-NULL tmpNsList. This means that - the check when to start a new traversal was wrong and - the tmpNsList could be leaked. Fixes bug #750037 and, by accident, bug #756075: https://bugzilla.gnome.org/show_bug.cgi?id=750037 https://bugzilla.gnome.org/show_bug.cgi?id=756075

839689a9

2016-04-27T18:00:12

Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression The ch1 slot of OP_VALUEs contains an invalid value. Ignore it. Fixes bug #760325: https://bugzilla.gnome.org/show_bug.cgi?id=760325

f39fd66e

2016-04-27T03:01:16

Fix namespace::node() XPath expression Make sure that xmlXPathNodeSetAddNs is called for namespace nodes when matched with a namespace::node() step. This correctly sets the parent of namespace nodes. Note that xmlXPathNodeSetAddNs must only be called if working on the namespace axis. Otherwise, the context node is not the parent of the namespace node and the standard XP_TEST_HIT macro must be invoked. This explains the errors in the C14N tests that the old TODO comment mentioned.

e2893903

2016-04-21T19:19:23

Fix parsing of NCNames in XPath The NCName parser would allow any NameChar as start character. For example, the following XPath expressions would compile: self::-abc self::0abc self::.abc

cad102b8

2016-04-15T22:41:24

Do normalize string-based datatype value in RelaxNG facet checking Original patch is from Jan Pokorný <jpokorny redhat com> https://mail.gnome.org/archives/xml/2013-November/msg00028.html Improve it according to reviews and add test files.

5be1a6e8

2016-01-19T11:38:52

Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd <https://bugzilla.gnome.org/show_bug.cgi?id=760861> Add missing test results to fix the following errors when running "make Schemastests": ## Schemas regression tests diff: ./result/schemas/regexp-char-ref_0_0.err: No such file or directory diff: ./result/schemas/regexp-char-ref_1_0.err: No such file or directory * result/schemas/regexp-char-ref_0_0.err: Added. * result/schemas/regexp-char-ref_1_0.err: Added.

49bbfdb6

2016-03-14T15:53:16

Add missing RNG test files For https://bugzilla.gnome.org/show_bug.cgi?id=760249 Add missing test results from Bug 710744 for commit 6473a41a49601da8355c4b407b99474ada170213.

4f8606c1

2016-01-05T13:38:09

Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> * parser.c: (xmlCheckCdataPush): Add 'complete' argument to describe whether the buffer passed in is the whole CDATA buffer, or if there is more data to parse. If there is more data to parse, don't return a negative value for an invalid multi-byte UTF-8 character that is split between buffers. (xmlParseTryOrFinish): Pass 'complete' argument to xmlCheckCdataPush() as appropriate. * result/cdata-2-byte-UTF-8.xml: Added. * result/cdata-2-byte-UTF-8.xml.rde: Added. * result/cdata-2-byte-UTF-8.xml.rdr: Added. * result/cdata-2-byte-UTF-8.xml.sax: Added. * result/cdata-2-byte-UTF-8.xml.sax2: Added. * result/cdata-3-byte-UTF-8.xml: Added. * result/cdata-3-byte-UTF-8.xml.rde: Added. * result/cdata-3-byte-UTF-8.xml.rdr: Added. * result/cdata-3-byte-UTF-8.xml.sax: Added. * result/cdata-3-byte-UTF-8.xml.sax2: Added. * result/cdata-4-byte-UTF-8.xml: Added. * result/cdata-4-byte-UTF-8.xml.rde: Added. * result/cdata-4-byte-UTF-8.xml.rdr: Added. * result/cdata-4-byte-UTF-8.xml.sax: Added. * result/cdata-4-byte-UTF-8.xml.sax2: Added. * result/noent/cdata-2-byte-UTF-8.xml: Added. * result/noent/cdata-3-byte-UTF-8.xml: Added. * result/noent/cdata-4-byte-UTF-8.xml: Added. * test/cdata-2-byte-UTF-8.xml: Added. * test/cdata-3-byte-UTF-8.xml: Added. * test/cdata-4-byte-UTF-8.xml: Added. - Add tests and results. Only 'make Readertests XMLPushtests' fails prior to the fix.

a7a94612

2016-02-09T12:55:29

Heap-based buffer overread in xmlNextChar For https://bugzilla.gnome.org/show_bug.cgi?id=759671 when the end of the internal subset isn't properly detected xmlParseInternalSubset should just return instead of trying to process input further.

f1063fdb

2015-11-20T16:06:59

CVE-2015-7500 Fix memory access error due to incorrect entities boundaries For https://bugzilla.gnome.org/show_bug.cgi?id=756525 handle properly the case where we popped out of the current entity while processing a start tag Reported by Kostya Serebryany @ Google This slightly modifies the output of 754946 in regression tests

4a5d80ad

2015-09-18T15:06:46

Fix a bug in CData error handling in the push parser For https://bugzilla.gnome.org/show_bug.cgi?id=754947 The checking function was returning incorrect args in some cases Adds the test to teh reg suite and fix one of the existing test output

51f02b0a

2015-09-15T16:50:32

Fix a bug on name parsing at the end of current input buffer For https://bugzilla.gnome.org/show_bug.cgi?id=754946 When hitting the end of the current input buffer while parsing a name we could end up loosing the beginning of the name, which led to various issues.

ef709ce2

2015-09-10T19:41:41

Fix the spurious ID already defined error For https://bugzilla.gnome.org/show_bug.cgi?id=737840 the fix for 724903 introduced a regression on external entities carrying IDs, revert that patch in part and add a specific test to avoid readding it

2fab235d

2015-03-16T08:38:36

Fix support for except in nameclasses For https://bugzilla.gnome.org/show_bug.cgi?id=565219 The code was imply missing even if simple, added a few regression tests.

02b252d7

2015-03-08T17:00:37

Regression test for bug #695699

342658a1

2015-03-08T16:46:04

Add a couple of XPath tests

f6aaabce

2015-03-08T16:05:26

Allow attributes on descendant-or-self axis If the context node is an attribute, the attribute itself is on the descendant-or-self axis. The principal node type of this axis is element, so the only node test that can return the attribute is "node()". In other words, "@attr/descendant-or-self::node()" is equivalent to "@attr". This matches the behavior of Saxon-CE.

df23f584

2014-10-23T13:52:47

Adding example from bugs 738805 to regression tests For https://bugzilla.gnome.org/show_bug.cgi?id=738805 Tortuous test case provided by pierre.labastie@neuf.fr

6473a41a

2013-10-23T14:51:33

Implement choice for name classes on attributes https://bugzilla.gnome.org/show_bug.cgi?id=710744

dcc19503

2013-05-22T22:56:45

Fix a parsing bug on non-ascii element and CR/LF usage https://bugzilla.gnome.org/show_bug.cgi?id=698550 Somehow the behaviour of the internal parser routine changed slightly when encountering CR/LF, which led to a bug when parsing document with non-ascii Names

483272f3

2013-03-27T13:37:14

Added a regression tests from bug 694228 data Provided by Mark Rowe <mrowe@apple.com>

a3f1e3e5

2013-03-11T13:57:53

Avoid extra processing on entities If an entity has already been checked for correctness no need to check it on every reference

a7982ce2

2012-10-25T15:39:39

Adding streaming validation to runtest checks

f933c898

2012-09-07T19:32:12

Keep non-significant blanks node in HTML parser For https://bugzilla.gnome.org/show_bug.cgi?id=681822 Regardless if the option HTML_PARSE_NOBLANKS is set or not, blank nodes are removed from a HTML document, for example: <html> <head> <title>This is a test.</title> </head> <body> <p>This is a test.</p> </body> </html> is read as: <html><head><title>This is a test.</title></head><body> <p>This is a test.</p> </body></html> This changes the default behaviour but the old behaviour is available as expected when using the parser flag HTML_PARSE_NOBLANKS Based on original patch from Igor Ignatyuk <igor_ignatiouk@hotmail.com> * HTMLparser.c: change various places in the parser where ignorable_space SAX callback was called without checking for the parser flag preference * xmllint.c: make sure we use the new flag even for HTML parsing * result/HTML/*: this modifies the output of a number of tests

e7bf892d

2012-07-30T20:09:25

Improve error reporting on parser errors The extra string was being dismissed when provided. * parser.c: handle bot case properly * result/: this changes a few error reports

4629ee02

2012-07-23T14:15:40

Do not fetch external parsed entities Unless explicietely asked for when validating or replacing entities with their value. Problem pointed out by Tom Lane <tgl@redhat.com> * parser.c: do not load external parsed entities unless needed * test/errors/extparsedent.xml result/errors/extparsedent.xml*: add a regression test to avoid change of the behaviour in the future

a0cd075d

2012-05-11T19:31:12

HTML parser error with <noscript> in the <head> For https://bugzilla.gnome.org/show_bug.cgi?id=615785 When the <noscript> is found, <head> is closed and a <body> element is created. The real <body id="xxx"> gets skipped over, so I can't see any of the body's attributes. Just don't close <head> when encountering a <noscript> Add a regression test too

4609e6c9

2012-05-11T15:31:05

XSD: optional element in complex type extension For https://bugzilla.gnome.org/show_bug.cgi?id=609796 Libxml2 fails to validate an instance document against a schema if an element whose type is a complex extension of some base type with an optional child element and that child element is not specified in the instance document. For example, suppose I have some complex type BaseType that is defined to have one child element in a sequence group that has minOccurs set to 0

868d92da

2012-05-10T15:34:57

Add HTML parser support for HTML5 meta charset encoding declaration For https://bugzilla.gnome.org/show_bug.cgi?id=655218 http://www.w3.org/TR/2011/WD-html5-20110525/semantics.html#the-meta-element """ The charset attribute specifies the character encoding used by the document. This is a character encoding declaration. If the attribute is present in an XML document, its value must be an ASCII case-insensitive match for the string "UTF-8" (and the document is therefore forced to use UTF-8 as its encoding). """ However, while <meta http-equiv="Content-Type" content="text/html; charset=utf8"> works, <meta charset="utf8"> does not. While libxml2 HTML parser is not tuned for HTML5, this is a simple addition Also added a testcase

77b77b13

2012-01-26T19:11:02

Fix SAX2 builder in case of undefined element namespaces Work as in XML-1.0 before namespaces, and use prefix:localname as the new element name (and no namespace of course) Also fix 3 cases in the regression tests where the prefix: was erroneously dropped in such case

cb3549e3

2011-11-11T11:25:07

Improve the error report on undefined REFs Use the tree node to provide the error context instead of the parser input which is not relevant anymore, based on a suggestion by François Delyon <f.delyon@satimage.fr>

3c080d6d

2010-03-15T15:47:50

Don't give default HTML boolean attribute values in parser * HTMLparser.c: don't default value of HTML boolean attributes in the parser * SAX2.c: move this to SAX2 tree building backend * result/HTML/doc2.htm.sax result/HTML/doc3.htm.sax result/HTML/wired.html.sax: this changes a few HTML SAX regression tests

aa422d92

2009-09-24T11:31:48

595792 fixing a RelaxNG bug introduced in 2.7.4 * relaxng.c: refs definitions added from inported schemas should not be processed as refs from the main schemas * test/relaxng/595792* result/relaxng/595792*: add the test to the regression suite

9332b48f

2009-09-23T18:28:43

Fix a Relaxng bug raised by libvirt test suite * xmlregexp.c: other fixes in 2.7.4 raised this internal error when comparing ranges, this affects among others detection of the determinism * test/relaxng/libvirt* result/relaxng/libvirt*: add a test case based on libvirt schemas and tests

1ba2aca3

2009-08-31T16:47:39

492317 Fix Relax-NG validation problems * relaxng.c xmlregexp.c: a subtle problem when checking for compileable content model, if using the same elements in cases of choices. Handled by adding a special flag to the regexp compilation to detect transitions with different atoms using same strings. * test/relaxng/492317* result/relaxng/492317*: add the test to the regression suite

ec18c960

2009-08-26T18:37:43

558452 fight with reg test and error report * relaxng.c: tiny fix and provide more context on some errors * result/relaxng/558452_0* test/relaxng/558452*: add some regression tests for the bugs * Makefile.am runtest.c: fight with the fact streaming error messages can differ due to missing node context

4013e83e

2009-08-26T17:24:31

579746 XSD validation not correct / nilable groups * xmlschemas.c: when a particle need to be processed via counted transition, if the group is nillable, the counting won't work, so keep track of nillable subset as they are built and generate the appropriate epsilon transitions as needed * test/schemas/579746* result/schemas/579746*: add related test cases based on the bug report

a6c76a26

2009-08-26T14:37:00

566012 part 2 fix regresion tests and push mode * test/utf16bebom.xml: regression test showed that this test case was broken but previous behaviour would not detect it ! * parser.c: fix 566012 for the push mode of the parser, tricky ! * test/ebcdic_566012.xml result//ebcdic_566012.xml*: add the test to the regression suite

283d5027

2009-08-25T17:18:39

587663 Incorrect Attribute-Value Normalization * parser.c: when replacing entities and that the entity is CDATA and reference entities then white space character in replacement text need to be replaced by 0x20 * result/noent/att10: correct the output of the associated regression test

d80d0728

2009-08-22T18:56:01

559410 - Regexp bug on (...)? constructs * xmlregexp.c: fix a regexp bug on some (...)? constructs * test/schemas/nvdcve* result/schemas/nvdcve*: add the tests to the regression suite

a721612e

2009-08-21T18:22:58

446613 small validation bug mixed content with NS * valid.c: fix a bug when valdating mixed content lists and some name use namespaces prefixes. * result/valid/notes.xml* test/valid/dtds/notes.dtd * test/valid/notes.xml: add the test case to the regression suite

bd56c443

2009-08-12T15:39:23

571271 fix semantic of xsd:all with minOccurs=0 * xmlschemas.c: apparently we though it allowed any of the sub elements to be missing, and probably not what's expected from the spec, though it used to forbid it c.f.: http://lists.xml.org/archives/xml-dev/200109/msg00512.html asking HT for confirmation but it's likely that we were wrong on the semantic * result/schemas/all_1_[367]*: this changes the output of soem of our internal regression tests

be390ed0

2009-08-12T12:40:39

Test case for 570702

edc68aad

2009-08-07T20:29:33

582906 XSD validating multiple imports of the same schema * xmlschemas.c: When validating a schema that includes the same file that has no targetNamespace defined an internal erro was thrown, depending on the orig namespace that should be allowed though * test/schemas/582906-* result/schemas/582906-*: 2 tests case, one where this is allowed, and one where this is forbidden

d9960720

2009-08-07T19:01:32

Bug 582887 – problems validating complex schemas * xmlschemas.c: fixes the problem faced when importing the same schemas multiple times but from different places which is allowed * test/schemas/582887* result/schemas/582887*: adding the specific test to the regressions

83868247

2009-07-09T10:26:22

Aleksey Sanin support for c14n 1.1 * c14n.c include/libxml/c14n.h: adds support for C14N 1.1, new flags at the API level * runtest.c Makefile.am testC14N.c xmllint.c: add support in CLI tools and test binaries * result/c14n/1-1-without-comments/* test/c14n/1-1-without-comments/*: add a new batch of tests

7f4547cd

2008-10-03T07:58:23

preparing the release of 2.7.2 fix the Solaris portability issue * configure.in doc/* NEWS: preparing the release of 2.7.2 * dict.c: fix the Solaris portability issue * parser.c: additional cleanup on #554660 fix * test/ent13 result/ent13* result/noent/ent13*: added the example in the regression test suite. * HTMLparser.c: handle leading BOM in htmlParseElement() Daniel svn path=/trunk/; revision=3799

a57ba4ce

2008-09-25T16:06:18

fix an HTML parsing error on large data sections reported by Mike Day add * HTMLparser.c: fix an HTML parsing error on large data sections reported by Mike Day * test/HTML/utf8bug.html result/HTML/utf8bug.html.err result/HTML/utf8bug.html.sax result/HTML/utf8bug.html: add the reproducer to the test suite daniel svn path=/trunk/; revision=3797

0161e638

2008-08-28T15:36:32

completely different fix for the recursion detection based on entity * parser.c include/libxml/parser.h: completely different fix for the recursion detection based on entity density, big cleanups in the entity parsing code too * result/*.sax*: the parser should not ask for used defined versions of the predefined entities * testrecurse.c: automatic test for entity recursion checks * Makefile.am: added testrecurse * test/recurse/lol* test/recurse/good*: a first set of tests for the recursion Daniel svn path=/trunk/; revision=3783

bf9c1dad

2008-08-26T07:46:42

add the testchar to 'make check' Volker Grabsch pointed out a typo * Makefile.am: add the testchar to 'make check' * xmlschemas.c: Volker Grabsch pointed out a typo * xmlregexp.c: production [19] from XML Schemas regexps were a mistake removed in version REC-xmlschema-2-20041028, Volker Grabsch provided a patch to remove it * test/schemas/regexp-char-ref_0.xml test/schemas/regexp-char-ref_0.xsd test/schemas/regexp-char-ref_1.xsd result/schemas/regexp-char-ref_0_0 result/schemas/regexp-char-ref_1_0: Volker Grabsch also provided regession tests for this Daniel svn path=/trunk/; revision=3776

d7af5553

2008-08-04T15:29:44

rewrite the URI parser to update to rfc3986 (from 2396) removed the error * uri.c include/libxml/uri.h: rewrite the URI parser to update to rfc3986 (from 2396) * test/errors/webdav.xml result/errors/webdav.xml*: removed the error test, 'DAV:' is a correct URI under 3986 * Makefile.am: small cleanup in make check Daniel svn path=/trunk/; revision=3763

37334576

2008-07-31T08:20:02

added a skipped list, insert rmt-ns10-035 improve 'make check' clean up * runxmlconf.c: added a skipped list, insert rmt-ns10-035 * Makefile.am: improve 'make check' * include/libxml/xmlerror.h parser.c: clean up namespace errors checking and reporting, errors when a document is labelled as UTF-16 while it is parsed as UTF-8 and no encoding was given explicitely. * result/errors/webdav.xml.*: some warnings are no recategorized as Namespace errors Daniel svn path=/trunk/; revision=3761

97c9ce2e

2008-03-25T16:52:41

fix various attribute normalisation problems reported by Ashwin this * parser.c: fix various attribute normalisation problems reported by Ashwin * result/c14n/without-comments/example-4 result/c14n/with-comments/example-4: this impacted the result of two c14n tests :-\ * test/att9 test/att10 test/att11 result//att9* result//att10* result//att11*: added 3 specific regression tests coming from the XML spec revision and from Ashwin Daniel svn path=/trunk/; revision=3715

8bf64aef

2008-03-24T20:45:21

fix a problem reported by Ashwin for system parameter entities referenced * parser.c: fix a problem reported by Ashwin for system parameter entities referenced from entities in external subset, add a specific loading routine. * test/valid/dtds/external.ent test/valid/dtds/external2.ent test/valid/t11.xml result/valid/t11.xml*: added the test to the regression suite Daniel svn path=/trunk/; revision=3713

d0d2f090

2008-03-07T16:50:21

fix handling of empty CDATA nodes as reported and discussed around #514181 * xmlsave.c parser.c: fix handling of empty CDATA nodes as reported and discussed around #514181 and associated patches * test/emptycdata.xml result/emptycdata.xml* result/noent/emptycdata.xml: added a specific test in the regression suite. Daniel svn path=/trunk/; revision=3701

57c9db07

2008-03-06T14:37:10

poblem with encoding detection for UTF-16 reported by Ashwin and found by * encoding.c: poblem with encoding detection for UTF-16 reported by Ashwin and found by Bill * test/valid/dtds/utf16b.ent test/valid/dtds/utf16l.ent test/valid/UTF16Entity.xml result/valid/UTF16Entity.xml*: added the example to the regression tests Daniel svn path=/trunk/; revision=3700

041b687e

2008-02-08T10:37:18

apply patch from Andrew Tosh to fix behaviour when '.' is used in a * xmlregexp.c: apply patch from Andrew Tosh to fix behaviour when '.' is used in a posCharGroup * test/schemas/poschargrp0_0.* result/schemas/poschargrp0_0_0*: added the test to the regression suite Daniel svn path=/trunk/; revision=3687

c707d0b7

2008-01-24T14:48:54

fix a memeory leak in internal subset parsing with a fix from Ashwin add * parser.c: fix a memeory leak in internal subset parsing with a fix from Ashwin * test/errors/content1.xml result/errors/content1.xml*: add test to regressions Daniel svn path=/trunk/; revision=3680

c821e03c

2007-08-28T17:33:45

another nasty regexp case fixed. added to regression suite Daniel * xmlregexp.c: another nasty regexp case fixed. * test/regexp/ranges2 result/regexp/ranges2: added to regression suite Daniel svn path=/trunk/; revision=3658

3888f472

2007-08-23T09:29:03

applied patch from Frank Gross fixing Schemas IDC import bug #455953 and * xmlschemas.c test/schemas/*455953* result/schemas/bug455953*: applied patch from Frank Gross fixing Schemas IDC import bug #455953 and also add the test to the regression suite Daniel svn path=/trunk/; revision=3652

da629347

2007-08-01T07:49:06

fixed a parser bug where invalid char in comment may not be detected, * parser.c: fixed a parser bug where invalid char in comment may not be detected, reported by Ashwin Sinha * test/errors/comment1.xml result/errors/comment1.xml*: added the example to the regression suite Daniel svn path=/trunk/; revision=3647

dfac946c

2007-06-12T14:44:32

fixed the push mode when a big comment occurs before an internal subset, * parser.c: fixed the push mode when a big comment occurs before an internal subset, should close bug #438835 * test/comment6.xml result//comment6.xml*: added a special test in the regression suite Daniel svn path=/trunk/; revision=3635

b9e5acc4

2007-06-12T13:43:00

fix bug #414846 where invalid characters in attributes would sometimes not * parser.c: fix bug #414846 where invalid characters in attributes would sometimes not be detected. * test/errors/attr4.xml result/errors/attr4.xml*: added a specific test case to the regression tests Daniel svn path=/trunk/; revision=3634

42720248

2007-04-16T07:02:31

change the way script/style are parsed to not try to detect comments, * HTMLparser.c: change the way script/style are parsed to not try to detect comments, reported by Mike Day * result/HTML/doc3.*: affects the result of that test Daniel svn path=/trunk/; revision=3598

kc3-lang/libxml2/result

result

Log