kmx git

Commit	Date	Message
0ddd63db	2024-02-29T16:40:26	valid: Change error code to XML_ERR_ARGUMENT
b043d959	2024-03-08T12:40:12	tree: Check return value of xmlNodeAddContent
e4e90961	2024-03-07T13:00:14	tree: Prefer xmlGetPropNodeInternal over xmlHasNsProp xmlHasNsProp can cause unreported malloc failures when looking up default attributes. Switch to xmlGetPropNodeInternal when moving attributes. We don't care about default attributes in this case.
fc9a2ca0	2024-03-06T16:02:24	tree: Report more malloc failures
696faeb4	2024-03-05T16:17:57	tree: Rework xmlNodeListGetString Use string buffer to avoid quadratic complexity. Handle entities with xmlBufGetNodeContent. Report malloc failures.
41964548	2024-02-28T12:17:57	tree: Rework xmlTextMerge Return NULL on error. Check for malloc failure. Check that nodes are distinct.
536aa2cd	2024-03-04T16:55:32	tree: Fix adding ids in xmlNewPropInternal Don't try to add ids to NULL document. Report malloc failure from xmlIsID.
a3713f78	2024-02-28T11:44:46	tree: Rework xmlNodeSetName Disallow xmlNodeSetName on DTD nodes. DTD nodes don't store the name in a dictionary. Calling xmlNodeSetName with a DTD node could result in an invalid free. This function doesn't report errors but we can make sure that name isn't set to NULL.
77c71350	2024-02-27T20:21:48	tree: Simplify xmlAddChild with text parent
7d9ffd40	2024-03-06T19:44:00	tree: Report malloc failure in xmlAddNextSibling
d0d6174e	2024-02-29T19:38:29	valid: Rework xmlAddID
7e462425	2024-02-27T20:18:42	tree: Don't allow misuse of xmlAddChild xmlAddChild assumes that the child is unlinked. If the child is already linked, return an error instead of corrupting the tree.
d57c57ed	2024-03-05T14:53:35	tree: Improve argument check in xmlTextConcat
18ebdacf	2024-03-07T13:02:46	tree: Fix error return in xmlGetPropNodeValueInternal
bc7ab5a2	2024-03-02T18:59:51	tree: Rewrite xmlSetTreeDoc Report malloc failures. Fix when called directly on attribute node. Clear 'content' and 'last' and look up new entity for entity reference nodes.
16c29557	2024-03-05T14:52:34	tree: Remove unused node types
f960c60d	2024-03-05T03:25:16	tree: Make namespace comparison more consistent The API allows NULL namespace URIs, so we should match them consistently. Simply use xmlStrEqual which already takes NULL strings into account.
2ba690a7	2024-03-05T16:34:22	tree: Remove more unused node types
d1cc6f7d	2024-03-05T04:34:59	tree: Don't allow NULL name in xmlSetNsProp
2840e33c	2024-03-04T07:34:25	tree: Allocate XML namespace statically
2c214a50	2024-02-27T16:29:52	tree: Fix xmlAddPropSibling with duplicate attributes Look up existing attribute before unlinking new attribute. This makes it easier for the fuzzer to detect which attribute will de deleted if there are multiple attributes with the same name.
2e765083	2024-02-27T16:23:44	tree: Fix indentation in xmlAddPropSibling
16c0374a	2024-02-27T15:31:33	tree: Fix xmlAddSibling with last sibling If the node to be added was already at the correct position, the tree could be corrupted.
74ca2f59	2024-02-27T13:44:54	tree: Move type check in xmlAddChild Avoid aborting halfway after changing parent pointer if node types don't match when adding attributes.
29db9881	2024-02-23T16:59:40	tree: Fix xmlDocSetRootElement with multiple top-level elements Fix xmlDocSetRootElement when setting the original root if multiple top-level elements are present.
4b698dba	2024-02-22T18:13:53	tree: Only allow elements in xmlDocSetRootElement
d5f50602	2024-02-22T16:12:07	tree: Disallow setting content of entity reference nodes The content of entity reference nodes points to the entity declaration and isn't freed. Changing the content would result in a memory leak.
77f2012c	2024-02-22T15:25:05	tree: Rework xmlReconciliateNs
af66a6b5	2024-02-22T13:03:59	tree: Unlink DTD in xmlStaticCopyNodeList Avoid tree corruption when copying within a document.
bb22cfb9	2024-02-22T12:39:42	tree: Unlink DTD in xmlFreeNodeList Avoid dangling next/prev pointers.
186562a1	2024-03-12T19:55:33	parser: Fix detection of duplicate attributes in XML namespace Fixes a regression from commit e0dd330b, resulting in duplicate attributes in the predefined XML namespace not being detected or extraneous default attributes being passed. Fixes #704.
ce8f3d2c	2024-03-10T15:03:41	fuzz: Improve README
723b4de0	2024-03-03T21:57:59	catalog: Fetch XML catalog before dumping Catalog entries seem to be loaded lazily. Should fix #699.
653ef999	2024-03-02T17:02:30	schemas: fix spurious warning about truncated snprintf output Fix warning: xmlschemas.c: In function 'xmlSchemaVAttributesComplex': xmlschemas.c:25506:63: warning: 'snprintf' output may be truncated before the last format character [-Wformat-truncation=] xmlschemas.c:25506:29: note: 'snprintf' output between 3 and 13 bytes into a destination of size 12 On my system (GCC 13.2.1 x86_64) the warning only appears with -O0. counter can't exceed 1000, so there's no real bug.
25afd931	2024-02-29T01:29:42	xmlschemastypes: Remove unreachable if statement Pointer `cur` is created by `value` variable and there is no need to check `cur` for NULL because of `value` is checked in the beginning of function. Found by RASU JSC.
cd94985f	2024-02-29T01:14:06	relaxng: Remove useless if statement
84a71860	2024-02-26T15:14:28	xmlreader: Fix xmlTextReaderConstEncoding Regression from commit f1c1f5c6. Fixes #697.
b55ee729	2024-02-26T13:22:08	html: Regression test for #696 This was already fixed in the master branch, so we only add a test.
a581f651	2024-02-21T12:09:10	tree: Check for integer overflow in xmlStringGetNodeList This function is called with unvalidated strings from functions like xmlNewDocProp, xmlNewDocNode or xmlNodeSetContent, so we have to check for integer overflow after all.
7dc8600a	2024-02-20T12:32:17	SAX2: Report malloc failure in xmlCheckDefaultedAttributes
67e475b7	2024-02-19T11:09:39	http: Improve error message for HTTPS redirects
e314109a	2024-02-16T15:42:38	save: Don't write directly to internal buffer Make sure that OOM errors are reported.
595ee5bc	2024-02-14T13:58:14	dict: Include unistd.h for getentropy
c444c96e	2024-02-13T12:22:28	parser: Report OOM errors even after parser was stopped
9835ec2b	2024-02-13T10:58:19	valid: Fix xmlAddIDSafe in "streaming" mode Make sure that IDs and attributes never reference each other in streaming (XML reader) mode, even when attributes are copied from an entity. Also update lineno. Fixes a short-lived use-after-free.
e97b4d84	2024-02-13T11:37:05	autotools: Remove useless substitution Fixes #689.
4d774612	2024-02-13T11:35:12	parser: Fix column number in attribute values Short-lived regression from 37c6618b.
87bebd25	2024-02-12T16:45:16	xmllint: Return error code if XPath returns empty nodeset Return an error code as before but make it possible to distinguish from real errors. Fixes #690.
a9e73f11	2024-02-11T12:47:09	catalog: Remove Windows hack Shouldn't be necessary after commit 865520f0. Fixes #688.
b53562bd	2024-02-11T12:33:02	examples: Readd xpath1 test This was removed for some reason in fc119e32. Fixes #685.
13962b06	2023-10-15T13:56:34	xmlreader: Clean up error handling Make sure that xmlTextReaderRead returns -1 immediately if the reader is in an error state.
ddda373e	2024-02-06T12:53:03	xmlreader: Make xmlTextReaderValidateEntity return an error code This makes sure that xmlTextReaderRead returns -1 if a memory allocation fails.
2807df9a	2024-02-06T12:07:19	valid: Fix another use-after-free in xmlAddIDSafe Short-lived regression.
2963a097	2024-02-05T15:35:54	xpath: Report malloc failure in xmlXPathTranslateFunction
1a66b176	2023-10-14T22:45:54	[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604.
921ab01e	2024-02-04T14:08:44	c14n: Improve error handling Stop raising meaningless internal errors.
70da4c08	2024-02-04T13:30:32	valid: Fix use-after-free in xmlAddIDSafe Short-lived regression.
d463733f	2024-02-01T19:31:03	fuzz: Reenable malloc failure check when serializing
cf875194	2024-02-01T19:26:42	valid: Deprecate old DTD serialization API
fbe10a46	2024-02-01T19:01:57	save: Move DTD serialization code to xmlsave.c
84e50a0c	2024-02-01T17:02:24	fuzz: Don't check for malloc failures when serializing DTD serialization doesn't report malloc failures yet.
6aae1767	2024-02-01T15:18:26	tree: Fix error condition in xmlNodeListGetString Don't return NULL in case of undeclared entities.
4a8f707b	2024-02-01T13:55:20	Update .gitignore
0d170aca	2024-02-01T11:51:58	io: Report malloc failure in xmlOutputBufferWrite Fixes #676.
2835337a	2024-01-30T14:18:45	doc: Mark `xmllint --xpath` as experimental This feature was poorly thought-out.
6b089473	2024-01-30T13:37:16	doc: Update xmllint man page after fixing #180 Fixes #673.
95f2a174	2024-01-30T13:25:17	parser: Fix crash in xmlParseInNodeContext with HTML documents Ignore namespaces if we have an HTML document with namespaces added manually. Fixes #672.
2e19d0ef	2024-01-26T11:39:51	SAX2: Make sure that OOM errors aren't overwritten
12ce9b5f	2024-01-25T12:52:14	dict: Fix warnings with older clang
8961056f	2024-01-23T00:47:44	parser: Make experimental input API private This needs to be reworked.
63986c45	2024-01-22T21:02:16	parser: Report fatal error if document entity couldn't be loaded Only lower error level when loading entities. Fixes #667.
37d474ff	2024-01-17T14:19:42	xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest Don't return NULL node-sets. Ultimately, we should make sure that obj->nodesetval is always non-NULL even for empty node-sets. See #663.
df618f08	2024-01-15T17:15:02	tests: Add test for issue #661
d636ef1d	2024-01-11T00:43:44	tests: Remove testOOM This was never part of the standard test suite and we now test OOM error handling more comprehensively with fuzz testing.
24059ae9	2024-01-10T18:02:20	autotools: Readd --with-xptr-locs configuration option The option was removed accidentally in 4e4c89a4.
29f4d69e	2024-01-10T16:02:33	xpath: Report malloc failure in xmlXPtrEvalXPtrPart
2cebf209	2024-01-10T15:37:50	gitlab-ci: Disable Python tests on MinGW for now See #658.
57c68759	2024-01-07T20:44:40	SAX2: Limit entity URI length to 2000 bytes Avoid quadratic behavior when loading entities with long URIs multiple times. This limitation could be dropped if we cached external entities.
6dc2fdb2	2024-01-07T14:30:57	parser: Account for full size of non-well-formed entities Account for the full size of the entity if parsing stops because of errors. In our cost model, we have to assume that the entity loader processes the whole entity regardless of its content.
29beef65	2024-01-02T21:50:38	parser: Pop inputs if parsing DTD failed This should provide some statistics in ctxt->sizeentcopy even in the error or recovery case.
02a2038d	2024-01-10T14:17:49	parser: Handle NOCDATA properly when expanding entities Short-lived regression from e1153832.
fd801845	2024-01-07T15:19:58	fuzz: Cap URL size Cap URL size to avoid quadratic behavior when generating error messages.
83c1ae13	2024-01-07T15:40:23	fuzz: Add missing include Fix build failure.
e1153832	2024-01-07T01:29:37	parser: Fix quadratic behavior when copying entities Process the first and last text node with the SAX handler to make the text merging optimization kick in. Fixes #657.
d2b55a7a	2024-01-05T20:31:10	writer: Implement xmlTextWriterClose This function can be used to make sure that closing the output stream succeeded. Fixes #513.
f237e5b9	2024-01-05T15:40:23	parser: Avoid duplicate namespace errors Don't report an extra attribute uniqueness error if a namespace is undeclared. This matches old behavior.
02cc5c36	2024-01-05T04:17:14	parser: Add XML_PARSE_NO_XXE parser option
12f0bb94	2024-01-05T01:14:28	parser: Synchronize more options
3efbe916	2024-01-05T00:11:29	parser: Mark 'token' member as unused in xmlParserCtxt
b82fd81d	2024-01-04T23:25:06	parser: Rework xmlCtxtParseDocument Make xmlCtxtParseDocument take a parser input which can be popped after parsing.
c2b3294f	2024-01-04T21:20:51	fuzz: Abort on invalid UTF-8 The parser should never generate invalid UTF-8 these days even in recovery mode.
df098e3b	2023-12-22T12:02:08	Set LIBXML2_FOUND if it has been properly configured
d7d300ba	2024-01-04T17:50:11	parser: Remove remnants of runtime debugging feature Apparently, this feature was remove long ago. Fixes #651.
8c5848bd	2024-01-04T17:14:31	parser: Make xmlParseContent more useful This is an internal function which isn't really usable without some hacks. See WebKit/Chromium trying to recreate the effects of xmlDetectSAX2 manually, for example. Make xmlParseContent perform late initialization and check whether the content was fully parsed. Also rename xmlDetectSAX2 and document why it's needed.
65c65b65	2024-01-04T13:59:23	tests: Move away from global error handlers
07c05546	2024-01-04T02:48:02	error: Make xmlFormatError public This is a useful function to get a verbose error report. Allows to remove duplicated code from runtest.c. Also reactivate check for schema parser failures.
d0eb5a7e	2024-01-03T18:12:29	parser: Remove xmlErrEncodingInt Convert the last user to xmlFatalErr.
f30b9b23	2024-01-03T18:11:44	fuzz: Add assertion in xmlCopyCharMultibyte This is an internal function that should never receive out-of-range codepoints.
a7356dfe	2024-01-03T18:02:46	parser: Clear invalid entity content This was removed in earlier commits, but we really want to make sure that entity content is syntactically valid.
30d83977	2024-01-04T15:18:14	fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.

0ddd63db

2024-02-29T16:40:26

valid: Change error code to XML_ERR_ARGUMENT

b043d959

2024-03-08T12:40:12

tree: Check return value of xmlNodeAddContent

e4e90961

2024-03-07T13:00:14

tree: Prefer xmlGetPropNodeInternal over xmlHasNsProp xmlHasNsProp can cause unreported malloc failures when looking up default attributes. Switch to xmlGetPropNodeInternal when moving attributes. We don't care about default attributes in this case.

fc9a2ca0

2024-03-06T16:02:24

tree: Report more malloc failures

696faeb4

2024-03-05T16:17:57

tree: Rework xmlNodeListGetString Use string buffer to avoid quadratic complexity. Handle entities with xmlBufGetNodeContent. Report malloc failures.

41964548

2024-02-28T12:17:57

tree: Rework xmlTextMerge Return NULL on error. Check for malloc failure. Check that nodes are distinct.

536aa2cd

2024-03-04T16:55:32

tree: Fix adding ids in xmlNewPropInternal Don't try to add ids to NULL document. Report malloc failure from xmlIsID.

a3713f78

2024-02-28T11:44:46

tree: Rework xmlNodeSetName Disallow xmlNodeSetName on DTD nodes. DTD nodes don't store the name in a dictionary. Calling xmlNodeSetName with a DTD node could result in an invalid free. This function doesn't report errors but we can make sure that name isn't set to NULL.

77c71350

2024-02-27T20:21:48

tree: Simplify xmlAddChild with text parent

7d9ffd40

2024-03-06T19:44:00

tree: Report malloc failure in xmlAddNextSibling

d0d6174e

2024-02-29T19:38:29

valid: Rework xmlAddID

7e462425

2024-02-27T20:18:42

tree: Don't allow misuse of xmlAddChild xmlAddChild assumes that the child is unlinked. If the child is already linked, return an error instead of corrupting the tree.

d57c57ed

2024-03-05T14:53:35

tree: Improve argument check in xmlTextConcat

18ebdacf

2024-03-07T13:02:46

tree: Fix error return in xmlGetPropNodeValueInternal

bc7ab5a2

2024-03-02T18:59:51

tree: Rewrite xmlSetTreeDoc Report malloc failures. Fix when called directly on attribute node. Clear 'content' and 'last' and look up new entity for entity reference nodes.

16c29557

2024-03-05T14:52:34

tree: Remove unused node types

f960c60d

2024-03-05T03:25:16

tree: Make namespace comparison more consistent The API allows NULL namespace URIs, so we should match them consistently. Simply use xmlStrEqual which already takes NULL strings into account.

2ba690a7

2024-03-05T16:34:22

tree: Remove more unused node types

d1cc6f7d

2024-03-05T04:34:59

tree: Don't allow NULL name in xmlSetNsProp

2840e33c

2024-03-04T07:34:25

tree: Allocate XML namespace statically

2c214a50

2024-02-27T16:29:52

tree: Fix xmlAddPropSibling with duplicate attributes Look up existing attribute before unlinking new attribute. This makes it easier for the fuzzer to detect which attribute will de deleted if there are multiple attributes with the same name.

2e765083

2024-02-27T16:23:44

tree: Fix indentation in xmlAddPropSibling

16c0374a

2024-02-27T15:31:33

tree: Fix xmlAddSibling with last sibling If the node to be added was already at the correct position, the tree could be corrupted.

74ca2f59

2024-02-27T13:44:54

tree: Move type check in xmlAddChild Avoid aborting halfway after changing parent pointer if node types don't match when adding attributes.

29db9881

2024-02-23T16:59:40

tree: Fix xmlDocSetRootElement with multiple top-level elements Fix xmlDocSetRootElement when setting the original root if multiple top-level elements are present.

4b698dba

2024-02-22T18:13:53

tree: Only allow elements in xmlDocSetRootElement

d5f50602

2024-02-22T16:12:07

tree: Disallow setting content of entity reference nodes The content of entity reference nodes points to the entity declaration and isn't freed. Changing the content would result in a memory leak.

77f2012c

2024-02-22T15:25:05

tree: Rework xmlReconciliateNs

af66a6b5

2024-02-22T13:03:59

tree: Unlink DTD in xmlStaticCopyNodeList Avoid tree corruption when copying within a document.

bb22cfb9

2024-02-22T12:39:42

tree: Unlink DTD in xmlFreeNodeList Avoid dangling next/prev pointers.

186562a1

2024-03-12T19:55:33

parser: Fix detection of duplicate attributes in XML namespace Fixes a regression from commit e0dd330b, resulting in duplicate attributes in the predefined XML namespace not being detected or extraneous default attributes being passed. Fixes #704.

ce8f3d2c

2024-03-10T15:03:41

fuzz: Improve README

723b4de0

2024-03-03T21:57:59

catalog: Fetch XML catalog before dumping Catalog entries seem to be loaded lazily. Should fix #699.

653ef999

2024-03-02T17:02:30

schemas: fix spurious warning about truncated snprintf output Fix warning: xmlschemas.c: In function 'xmlSchemaVAttributesComplex': xmlschemas.c:25506:63: warning: 'snprintf' output may be truncated before the last format character [-Wformat-truncation=] xmlschemas.c:25506:29: note: 'snprintf' output between 3 and 13 bytes into a destination of size 12 On my system (GCC 13.2.1 x86_64) the warning only appears with -O0. counter can't exceed 1000, so there's no real bug.

25afd931

2024-02-29T01:29:42

xmlschemastypes: Remove unreachable if statement Pointer `cur` is created by `value` variable and there is no need to check `cur` for NULL because of `value` is checked in the beginning of function. Found by RASU JSC.

cd94985f

2024-02-29T01:14:06

relaxng: Remove useless if statement

84a71860

2024-02-26T15:14:28

xmlreader: Fix xmlTextReaderConstEncoding Regression from commit f1c1f5c6. Fixes #697.

b55ee729

2024-02-26T13:22:08

html: Regression test for #696 This was already fixed in the master branch, so we only add a test.

a581f651

2024-02-21T12:09:10

tree: Check for integer overflow in xmlStringGetNodeList This function is called with unvalidated strings from functions like xmlNewDocProp, xmlNewDocNode or xmlNodeSetContent, so we have to check for integer overflow after all.

7dc8600a

2024-02-20T12:32:17

SAX2: Report malloc failure in xmlCheckDefaultedAttributes

67e475b7

2024-02-19T11:09:39

http: Improve error message for HTTPS redirects

e314109a

2024-02-16T15:42:38

save: Don't write directly to internal buffer Make sure that OOM errors are reported.

595ee5bc

2024-02-14T13:58:14

dict: Include unistd.h for getentropy

c444c96e

2024-02-13T12:22:28

parser: Report OOM errors even after parser was stopped

9835ec2b

2024-02-13T10:58:19

valid: Fix xmlAddIDSafe in "streaming" mode Make sure that IDs and attributes never reference each other in streaming (XML reader) mode, even when attributes are copied from an entity. Also update lineno. Fixes a short-lived use-after-free.

e97b4d84

2024-02-13T11:37:05

autotools: Remove useless substitution Fixes #689.

4d774612

2024-02-13T11:35:12

parser: Fix column number in attribute values Short-lived regression from 37c6618b.

87bebd25

2024-02-12T16:45:16

xmllint: Return error code if XPath returns empty nodeset Return an error code as before but make it possible to distinguish from real errors. Fixes #690.

a9e73f11

2024-02-11T12:47:09

catalog: Remove Windows hack Shouldn't be necessary after commit 865520f0. Fixes #688.

b53562bd

2024-02-11T12:33:02

examples: Readd xpath1 test This was removed for some reason in fc119e32. Fixes #685.

13962b06

2023-10-15T13:56:34

xmlreader: Clean up error handling Make sure that xmlTextReaderRead returns -1 immediately if the reader is in an error state.

ddda373e

2024-02-06T12:53:03

xmlreader: Make xmlTextReaderValidateEntity return an error code This makes sure that xmlTextReaderRead returns -1 if a memory allocation fails.

2807df9a

2024-02-06T12:07:19

valid: Fix another use-after-free in xmlAddIDSafe Short-lived regression.

2963a097

2024-02-05T15:35:54

xpath: Report malloc failure in xmlXPathTranslateFunction

1a66b176

2023-10-14T22:45:54

[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604.

921ab01e

2024-02-04T14:08:44

c14n: Improve error handling Stop raising meaningless internal errors.

70da4c08

2024-02-04T13:30:32

valid: Fix use-after-free in xmlAddIDSafe Short-lived regression.

d463733f

2024-02-01T19:31:03

fuzz: Reenable malloc failure check when serializing

cf875194

2024-02-01T19:26:42

valid: Deprecate old DTD serialization API

fbe10a46

2024-02-01T19:01:57

save: Move DTD serialization code to xmlsave.c

84e50a0c

2024-02-01T17:02:24

fuzz: Don't check for malloc failures when serializing DTD serialization doesn't report malloc failures yet.

6aae1767

2024-02-01T15:18:26

tree: Fix error condition in xmlNodeListGetString Don't return NULL in case of undeclared entities.

4a8f707b

2024-02-01T13:55:20

Update .gitignore

0d170aca

2024-02-01T11:51:58

io: Report malloc failure in xmlOutputBufferWrite Fixes #676.

2835337a

2024-01-30T14:18:45

doc: Mark `xmllint --xpath` as experimental This feature was poorly thought-out.

6b089473

2024-01-30T13:37:16

doc: Update xmllint man page after fixing #180 Fixes #673.

95f2a174

2024-01-30T13:25:17

parser: Fix crash in xmlParseInNodeContext with HTML documents Ignore namespaces if we have an HTML document with namespaces added manually. Fixes #672.

2e19d0ef

2024-01-26T11:39:51

SAX2: Make sure that OOM errors aren't overwritten

12ce9b5f

2024-01-25T12:52:14

dict: Fix warnings with older clang

8961056f

2024-01-23T00:47:44

parser: Make experimental input API private This needs to be reworked.

63986c45

2024-01-22T21:02:16

parser: Report fatal error if document entity couldn't be loaded Only lower error level when loading entities. Fixes #667.

37d474ff

2024-01-17T14:19:42

xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest Don't return NULL node-sets. Ultimately, we should make sure that obj->nodesetval is always non-NULL even for empty node-sets. See #663.

df618f08

2024-01-15T17:15:02

tests: Add test for issue #661

d636ef1d

2024-01-11T00:43:44

tests: Remove testOOM This was never part of the standard test suite and we now test OOM error handling more comprehensively with fuzz testing.

24059ae9

2024-01-10T18:02:20

autotools: Readd --with-xptr-locs configuration option The option was removed accidentally in 4e4c89a4.

29f4d69e

2024-01-10T16:02:33

xpath: Report malloc failure in xmlXPtrEvalXPtrPart

2cebf209

2024-01-10T15:37:50

gitlab-ci: Disable Python tests on MinGW for now See #658.

57c68759

2024-01-07T20:44:40

SAX2: Limit entity URI length to 2000 bytes Avoid quadratic behavior when loading entities with long URIs multiple times. This limitation could be dropped if we cached external entities.

6dc2fdb2

2024-01-07T14:30:57

parser: Account for full size of non-well-formed entities Account for the full size of the entity if parsing stops because of errors. In our cost model, we have to assume that the entity loader processes the whole entity regardless of its content.

29beef65

2024-01-02T21:50:38

parser: Pop inputs if parsing DTD failed This should provide some statistics in ctxt->sizeentcopy even in the error or recovery case.

02a2038d

2024-01-10T14:17:49

parser: Handle NOCDATA properly when expanding entities Short-lived regression from e1153832.

fd801845

2024-01-07T15:19:58

fuzz: Cap URL size Cap URL size to avoid quadratic behavior when generating error messages.

83c1ae13

2024-01-07T15:40:23

fuzz: Add missing include Fix build failure.

e1153832

2024-01-07T01:29:37

parser: Fix quadratic behavior when copying entities Process the first and last text node with the SAX handler to make the text merging optimization kick in. Fixes #657.

d2b55a7a

2024-01-05T20:31:10

writer: Implement xmlTextWriterClose This function can be used to make sure that closing the output stream succeeded. Fixes #513.

f237e5b9

2024-01-05T15:40:23

parser: Avoid duplicate namespace errors Don't report an extra attribute uniqueness error if a namespace is undeclared. This matches old behavior.

02cc5c36

2024-01-05T04:17:14

parser: Add XML_PARSE_NO_XXE parser option

12f0bb94

2024-01-05T01:14:28

parser: Synchronize more options

3efbe916

2024-01-05T00:11:29

parser: Mark 'token' member as unused in xmlParserCtxt

b82fd81d

2024-01-04T23:25:06

parser: Rework xmlCtxtParseDocument Make xmlCtxtParseDocument take a parser input which can be popped after parsing.

c2b3294f

2024-01-04T21:20:51

fuzz: Abort on invalid UTF-8 The parser should never generate invalid UTF-8 these days even in recovery mode.

df098e3b

2023-12-22T12:02:08

Set LIBXML2_FOUND if it has been properly configured

d7d300ba

2024-01-04T17:50:11

parser: Remove remnants of runtime debugging feature Apparently, this feature was remove long ago. Fixes #651.

8c5848bd

2024-01-04T17:14:31

parser: Make xmlParseContent more useful This is an internal function which isn't really usable without some hacks. See WebKit/Chromium trying to recreate the effects of xmlDetectSAX2 manually, for example. Make xmlParseContent perform late initialization and check whether the content was fully parsed. Also rename xmlDetectSAX2 and document why it's needed.

65c65b65

2024-01-04T13:59:23

tests: Move away from global error handlers

07c05546

2024-01-04T02:48:02

error: Make xmlFormatError public This is a useful function to get a verbose error report. Allows to remove duplicated code from runtest.c. Also reactivate check for schema parser failures.

d0eb5a7e

2024-01-03T18:12:29

parser: Remove xmlErrEncodingInt Convert the last user to xmlFatalErr.

f30b9b23

2024-01-03T18:11:44

fuzz: Add assertion in xmlCopyCharMultibyte This is an internal function that should never receive out-of-range codepoints.

a7356dfe

2024-01-03T18:02:46

parser: Clear invalid entity content This was removed in earlier commits, but we really want to make sure that entity content is syntactically valid.

30d83977

2024-01-04T15:18:14

fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.

kc3-lang/libxml2

Log