kmx git

Commit	Date	Message
2d97a97a	2019-03-15T16:27:58	Optional recursion limit when parsing XPath expressions Useful to avoid call stack overflows when fuzzing. Note that parsing a parenthesized expression currently consumes more than 10 stack frames, so this limit should be set rather low.
64115ed6	2019-03-18T11:34:26	Optional recursion limit when evaluating XPath expressions Useful to avoid call stack overflows when fuzzing.
852c93a2	2019-03-12T16:12:05	Optional XPath operation limit Optionally limit the maximum numbers of XPath operations when evaluating an expression. Useful to avoid timeouts when fuzzing. The following operations count towards the limit: - XPath operations - Location step iterations - Union operations Enabled by setting opLimit to a non-zero value. Note that it's the user's responsibility to reset opCount. This allows to enforce the operation limit across multiple reuses of an XPath context.
5153c7ba	2019-03-18T11:18:31	Use break statements in xmlXPathCompOpEval This prepares for the next commit.
91d576de	2019-04-09T13:16:50	Make configure.ac work with older pkg-config Older versions of pkg.m4 require the action-if-not-found argument of the PKG_CHECK_MODULES macro to be non-empty. Use a colon (null command) instead of an empty string. Fixes #50.
0f518611	2019-04-08T14:02:11	Fix compilation with --with-minimum Presence of xmlEncodeAttributeEntities doesn't depend on output module. Fixes #52.
b9bdb9db	2019-03-19T17:44:51	Check for integer overflow in xmlXPtrEvalChildSeq Found with libFuzzer and UBSan.
236dd6ab	2019-03-13T18:21:02	Check XPath stack after calling functions Check that there's exactly one return value on the stack after calling XPath functions. Otherwise, functions that corrupt the stack without signaling an error could lead to memory errors. Found with libFuzzer and UBSan.
c494a0ba	2019-03-12T14:45:04	Fix xmllint dump of XPath namespace nodes Starting with commit da35eeae, xmllint uses the xmlNodeDump API to dump XPath nodes. Make sure not to access node->doc which doesn't work with namespace nodes.
30a6533e	2019-03-08T12:15:17	Fix float casts in xmlXPathSubstringFunction Rewrite conversion of double to int in xmlXPathSubstringFunction, adding range checks to avoid undefined behavior. Make sure to add start and length as floating-point numbers before converting to int. Fix a bug when rounding negative start indices. Remove unneeded calls to xmlXPathIs{Inf,NaN} and rely on IEEE math instead. Avoid computing the string length. xmlUTF8Strsub works as expected if the length of the requested substring exceeds the input. Found with libFuzzer and UBSan.
09797c13	2019-03-05T15:14:34	Fix null deref in xmlregexp error path Thanks to Shaobo He for the report.
8161b463	2019-02-28T12:25:05	Remove debug printf in xmlreader.c Fixes #46.
9a82ae30	2019-02-28T12:18:37	Stop defining _REENTRANT on some Win32 platforms The _REENTRANT macro was defined unconditionally on some Win32 builds using the Microsoft C runtime. It shouldn't have an effect under MSVCRT and was presumably only defined because of the LIBXML_THREAD_ENABLED issue fixed with the previous commit.
cf68fe3d	2019-02-27T15:00:14	Always define LIBXML_THREAD_ENABLED when enabled When libxml2 is compiled with threads enabled, have the header file define LIBXML_THREAD_ENABLED even if the subsequent application by itself does not enable threads. Otherwise, the application would see the unthreaded API functions, but these are not exported (where it does make a difference, like on Win32 based platforms).
2c8dc715	2019-02-25T12:00:50	Fix null pointer dereference in xmlTextReaderReadOuterXml Fix a regression caused by commit 39fbfb4f. If xmlTextReaderReadOuterXml is called on a pristine xmlReader, the current node is NULL and must not be dereferenced. Move the call to xmlTextReaderExpand to the start of the function to make sure that we have a valid node. Fixes #43.
a7fe7ee4	2019-02-15T17:28:38	Regenerate NEWS
538d827c	2019-02-15T17:26:38	Change git repo URL
04fbfa3f	2019-02-15T17:20:18	Change bug tracker URL
656df97d	2019-02-15T17:05:16	Remove outdated HTML file
d3de7578	2019-01-15T12:33:48	Fix nanohttp.c on MinGW Commit e3890546 broke nanohttp.c on (old) MinGW. MinGW-w64 wasn't affected. Should fix #36. Thanks to Simon Sobisch for the report.
b48226f7	2019-01-07T17:58:32	Fix memory leaks in xmlParseStartTag2 error paths Found by OSS-Fuzz.
6b49db2c	2019-01-07T17:14:21	Fix memory leak in xmlSAX2StartElement Introduced by a recent commit. Only happens if max depth is exceeded in SAX1 mode. Found by OSS-Fuzz.
26828cb3	2019-01-07T16:52:42	Fix commit "Memory leak in xmlFreeID (xmlreader.c)" The recent commit "Memory leak in xmlFreeID (xmlreader.c)" introduced a double-free.
619534ef	2018-01-23T17:36:23	Fix Windows compiler warning in testC14N.c
57d4329b	2018-01-23T17:33:42	Merge testThreadsWin32.c into testThreads.c Apply the same cross-platform modifications as previously in runtest.c.
7f40ed01	2018-01-23T16:40:36	Fix Python bindings under Windows - Correct linker flags for MinGW-w64 - Adjust PATH to find libxml2.dll when running tests
e8fdf5df	2019-01-01T19:20:22	Fix unused function warning in testapi.c Check whether all param and return types are known before generating functions for param types. Otherwise, unused functions end up in testapi.c.
731b5064	2019-01-01T18:43:02	Add some generated test files to .gitignore
dcae579e	2019-01-01T16:48:40	Remove unneeded function pointer casts
19f0950d	2019-01-01T16:38:42	Fix -Wcast-function-type warnings (GCC 8) Use xmlGenericError instead of fprintf as error handler. It also prints to stderr by default.
8919885f	2019-01-01T16:30:38	Fix -Wformat-truncation warnings (GCC 8)
157cd3ae	2018-11-24T15:46:00	Fix NULL pointer deref in xmlTextReaderValidateEntity Found by OSS-Fuzz.
57a3af56	2018-11-24T12:14:55	Memory leak in xmlFreeTextReader In error cases, there might still be elements in the vstate table. Since vstateVPop in valid.c is private, we have to pop the elements with xmlValidatePopElement. This inspects nodes of the document, so the reader doc must be freed after the clearing the vstate table. Found by OSS-Fuzz.
efe8c093	2018-11-24T11:39:32	Memory leak in xmlFreeID (xmlreader.c) Fix a memory leak in xmlReader's private copy of xmlFreeID. Only affects validation with NODICT. Found by OSS-Fuzz.
f8a8c1f5	2019-01-03T19:14:17	Release of libxml2-2.9.9 * configure.ac doc/news.html doc/xml.html doc/libxml2.xsa: making changes for the release Signed-off-by: Daniel Veillard <veillard@redhat.com>
7c4949af	2019-01-01T19:58:07	Fix "Problem with data in interleave in RelaxNG validation" Fixes commit c8e5f958. https://mail.gnome.org/archives/xml/2018-November/msg00029.html
6fc04d71	2018-11-23T22:56:03	Revert "Support xmlTextReaderNextSibling w/o preparsed doc" This reverts commit bfec41b3de1cbd35e547b57c80ae3a5101f8891c which caused problems with the XML::LibXML Perl bindings. https://mail.gnome.org/archives/xml/2018-November/msg00010.html
a71b98ec	2018-11-05T14:26:26	cleanup: remove some unreachable code
b1f87c0e	2018-11-05T14:20:16	Fix building relative URIs Examples: testURI --relative --base file:///a file:///b New correct result: b Old incorrect result: ../b testURI --relative --base file:///a file:/// New correct result: ./ Old incorrect result: ../ testURI --relative --base file:///a/b file:///a/ New correct result: ./ Old incorrect result: ../../a/
25f13e77	2018-11-05T13:53:00	add --relative to testURI Example: testURI --relative --base file:///a/b/c file:///a/x/y Result: ../x/y
c7461f65	2018-11-03T21:19:13	reader: Fix documentation comment
c64d4efb	2018-10-13T00:12:12	Remove redefined starts and defines inside include elements When including a grammar from another grammar, we need to make sure that any redefines of starts and includes that that grammar does inside any of its include elements are also removed.
46da8fc5	2018-10-12T23:46:24	Allow choice within choice in nameClass in RELAX NG The pattern nameClass allows for nested choice elements, for example <name> <choice> <choice> <name>a</name> <name>b</name> </choice> <name>c</name> </choice> </name> which is semantically equivalent to <name> <choice> <name>a</name> <name>b</name> <name>c</name> </choice> </name> The old code didn’t handle this correctly, as it never expected a choice inside another choice. This patch fixes this by flattening any nested choices. This pattern of nested choice elements comes up in RELAX NG simplification, where all choice elements are rewritten in this nested manner, see section 4.12 of the RELAX NG specification.
4338c310	2018-10-12T22:30:26	Look inside divs for starts and defines inside include RELAX NG allows for div elements inside of include elements. We need to look inside those div elements for start and define elements that may be redefining start and define elements in the included grammar.
3c614191	2018-10-12T22:30:10	Add compile and libxml2-config.cmake to .gitignore
c8e5f958	2018-11-22T18:09:51	Problem with data in interleave in RelaxNG validation Reported in https://mail.gnome.org/archives/xml/2018-October/msg00003.html The issue seems to be that we build groups of what can be matched by the interleave, but that these groups don’t include data, list, and value elements, only element and text elements. This patch extends xmlRelaxNGGetElements so that it can return these elements for us in xmlRelaxNGComputeInterleaves. Then we make sure to updatexmlRelaxNGNodeMatchesList as well so that it accepts the correct types.
3776cb47	2018-11-22T15:27:28	Fix memory leak in xmlSwitchInputEncodingInt error path Found by OSS-Fuzz.
1567b55b	2018-11-22T14:28:58	Set doc on element obtained from freeElems In commit 8c9daf79, a call to xmlFreeNode was added in xmlSAX2StartElementNs. If a node was obtained from the freeElems list, make sure to set the doc, otherwise xmlFreeNode wouldn't realize that the node name might be in the dictionary, causing an invalid free. Note that the issue fixed in commit 8c9daf79 requires commit 0ed6addb and this one to work properly. Found by OSS-Fuzz.
fc27759d	2018-11-06T10:17:35	Fix MSVC build with lzma
d459831c	2018-10-13T16:12:14	Fix HTML serialization with UTF-8 encoding If the encoding is specified as UTF-8, make sure to use a NULL encoding handler.
ee501f54	2018-10-13T15:23:35	Stop using doc->charset outside parser code doc->charset does not specify the in-memory encoding which is always UTF-8.
39fbfb4f	2018-09-25T12:57:04	Use actual doc in xmlTextReaderRead*Xml Otherwise the encoding of the document is ignored and non-ASCII characters are serialized as numeric references even if the encoding is specified as UTF-8.
da35eeae	2018-09-23T01:09:56	Add newlines to 'xmllint --xpath' output Separate nodes in a node-set with newlines and always add a terminating newline. This is a breaking change but the old behavior of dumping text nodes without separator was mostly useless. Also use buffered I/O when dumping node-sets.
73b2417c	2018-09-22T15:45:02	Variables need 'extern' in static lib on Cygwin While the dllimport/dllexport macros now work for Cygwin, using the static library still requires variables to be declared as 'extern'. This is a regression of c65c9e8ee07e2dab0647392c2bd1795a5bc99829, found+fixed by Bruno Haible using static libxml embedded in gettext.
0ed6addb	2018-09-22T15:41:01	Unlink node before freeing it in xmlSAX2StartElement The node may have been added to the document already, so it must be unlinked first. Thanks to David Kilzer for spotting this.
8c9daf79	2018-09-12T13:42:27	Check return value of nodePush in xmlSAX2StartElement If the maximum depth is exceeded, nodePush halts the parser which results in freeing the input buffer since the previous commit. This invalidates the attribute pointers, so the error condition must be checked. Found by OSS-Fuzz.
123234f2	2018-09-11T14:52:07	Free input buffer in xmlHaltParser This avoids miscalculation of available bytes. Thanks to Yunho Kim for the report. Closes: #26
60173c82	2018-09-11T14:08:39	Reset HTML parser input pointers on encoding failure Call xmlBufResetInput before bailing out if switching the encoding fails. Otherwise, the input pointers could be left in an invalid state. Similar to commit f9e7997e803457b714352c4d51a96104ae298d94 for the XML parser. Thanks to Yunho Kim for the report. Closes: #27
dc6d2a49	2018-09-04T17:13:29	Don't run icu_parse_test if EUC-JP is unsupported Closes: #25
b697d7bb	2018-09-04T16:48:15	Fix xmlSchemaValidCtxtPtr reuse memory leak When reusing an xmlSchemaValidCtxtPtr to validate multiple xml documents against the same schema, there is a memory leak in xmlschemas.c in xmlSchemaClearValidCtxt(). The vctxt->idcKeys and associated counters are not cleaned up in xmlSchemaClearValidCtxt() as they are in xmlSchemaFreeValidCtxt(). As a result, vctxt->idcKeys grows with each xmlValidateDoc() call that uses the same context and that memory is never freed. Similarly, vctxt->nbIdcKeys and vctxt->sizeIdcKeys increment and are never reset. Closes: #23
1dafb427	2018-09-03T15:29:50	Don't include SAX.h from globals.h SAX.h contains a legacy interface with several unprefixed symbols like `reference`, causing severe namespace pollution. The globals.h header doesn't need any of these symbols, so remove the #include.
bfec41b3	2018-06-23T12:14:28	Support xmlTextReaderNextSibling w/o preparsed doc This implements missing support for readers that are not based on a preparsed document in xmlTextReaderNextSibling.
d2ef114c	2018-06-23T13:08:46	Fix xmlTextReaderNext with preparsed document This fixes the traversal of parent nodes using xmlTextReaderNext() when the reader is based on a preparsed document (created using xmlReaderWalker(doc)). Without this fix the parser will abort even though there are parent nodes it should traverse to, if it is not currently on an element or attribute node. This is incorrect, since it can be for example on a text node when it needs to enter backtracking.
c65c9e8e	2018-08-31T11:42:14	Really declare dllexport/dllimport for Cygwin Cygwin does not define _WIN32, but still requires dllexport/dllimport tags for when applications use the --disable-auto-import linker flag, probably set by the gl_WOE32_DLL autoconf macro in woe32-dll.m4 file.
33d7ca53	2018-08-24T10:10:02	Merge branch 'patch-2' into 'master' Change dir to $THEDIR after ACLOCAL_PATH check See merge request GNOME/libxml2!6
19f5efd6	2018-08-23T20:42:23	Change dir to $THEDIR after ACLOCAL_PATH check autoreconf creates aclocal.m4 in $srcdir
b6ab8b44	2018-08-19T18:59:10	Improve error message if pkg.m4 couldn't be found Check whether aclocal.m4 contains the pkg.m4 macro package after running autoreconf and print a more helpful error message. Thanks to 林博仁 (Buo-ren Lin) for the initial patch. Closes: #21
173ea684	2018-08-18T14:22:57	Don't instruct user to run make when autogen.sh failed Currently the autogen script will always tell user to run make even when the configure script failed, this patch changes the behavior to only show this message when the configure script terminates without error.
2240fbf5	2018-07-30T13:14:11	Fix infinite loop in LZMA decompression Check the liblzma error code more thoroughly to avoid infinite loops. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 This is CVE-2018-9251 and CVE-2018-14567. Thanks to Dongliang Mu and Simon Wörner for the reports.
a4363749	2018-07-30T12:54:38	Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5 Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 https://bugzilla.redhat.com/show_bug.cgi?id=1595985 This is CVE-2018-14404. Thanks to Guy Inbar for the report.
b7c50b8d	2018-04-17T12:07:08	Remove stray character from comment Fixes bug #795316: https://bugzilla.gnome.org/show_bug.cgi?id=795316
d2293cdb	2018-01-30T15:04:11	Remove a misleading line from xmlCharEncOutput Closes: https://bugzilla.gnome.org/show_bug.cgi?id=793028 It seams this line was accidentally copied over from xmlCharEncOutFunc. In xmlCharEncOutput output is a pointer so incrementing it by ret can point it where it wasn't supposed to be pointing. Luckily the current implementation doesn't dereference the pointer after advancing it. Signed-off-by: Daniel Veillard <veillard@redhat.com>
35e83488	2018-04-18T15:58:42	HTML noscript should not close p For https://bugzilla.gnome.org/show_bug.cgi?id=795343 - HTMLparser.c: noscript should not close <p> but it should close <script>
e61c8217	2018-04-16T20:46:13	Run Travis ASan tests with "sudo: required" See https://github.com/travis-ci/travis-ci/issues/9033
fa33bf31	2017-05-25T00:45:10	Improve restoring of context size and position Restore context size and position where it is modified, not in seemingly random places.
665df41d	2018-04-16T19:37:34	Simplify and harden nodeset filtering If a nodeset to be filtered is empty, it can be returned without popping it from the stack. Make sure to restore the context node in all error paths and never set it to NULL. Save and restore the context node in RANGETO operations.
029d0e96	2017-05-25T01:28:27	Avoid unnecessary backups of the context node
938835e7	2017-05-25T01:21:57	Don't change context node in xmlXPathRoot
e22a83b1	2017-05-25T01:18:36	Stop using XPATH_OP_RESET It only sets the context node to NULL which doesn't seem useful and can even cause bugs like bug #795299: https://bugzilla.gnome.org/show_bug.cgi?id=795299
ebe12882	2018-04-16T18:18:11	Fix inconsistency in xmlXPathIsInf We don't use HUGE_VAL for INFINITY after the most recent fix.
7a1bd7f6	2018-03-17T00:03:24	Revert "Change calls to xmlCharEncInput to set flush false" This reverts commit 6e6ae5daa6cd9640c9a83c1070896273e9b30d14 which broke decoding of larger documents with ICU. See https://bugs.chromium.org/p/chromium/issues/detail?id=820163
7abec671	2018-03-15T19:33:52	NaN and Inf fixes for pre-C99 compilers On some pre-C99 compilers, the NAN and INFINITY macros don't expand to constant expressions. Some MSVC versions complain about floating point division by zero in constants. Thanks to Fabrice Manfroi for the report.
18890f47	2018-03-05T17:09:43	Release of libxml2-2.9.8 * configure.ac doc/* libxml2.syms testapi.c: updated for the new release
d910e99c	2017-11-06T16:20:25	python: remove single use of _PyVerify_fd _PyVerify_fd disappeared from python with: https://hg.python.org/cpython/rev/e88e2049b793 https://bugzilla.gnome.org/show_bug.cgi?id=776815
707ad080	2018-01-23T16:37:54	Fix xmlParserEntityCheck A previous commit removed the check for XML_ERR_ENTITY_LOOP which is required to abort early in case of excessive entity recursion.
ab362ab0	2018-01-22T15:40:05	Halt parser in case of encoding error Should fix crbug.com/793715, although I wasn't able to reproduce the issue.
60dded12	2018-01-22T15:04:58	Clear entity content in case of errors This only affects recovery mode and avoids integer overflow in xmlStringGetNodeList and possibly other nasty surprises. See bug 783052 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3874 https://bugs.chromium.org/p/chromium/issues/detail?id=796804
6e6ae5da	2018-01-02T21:47:35	Change calls to xmlCharEncInput to set flush false when not final call. Having flush incorrectly set to true causes errors for ICU.
1637d612	2018-01-08T19:19:42	Disable pointer-overflow UBSan checks under Travis clang 5 added UBSan checks for pointer overflow which are triggered by an API test.
132af1a0	2018-01-08T18:48:01	Fix buffer over-read in xmlParseNCNameComplex Calling GROW can halt the parser if the buffer grows too large. This will set the buffer to an empty string. Return immediately in this case, otherwise the "current" pointer is advanced leading to a buffer over-read. Found with OSS-Fuzz. See https://oss-fuzz.com/testcase?key=6683819592646656 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5031
ad88b54f	2017-12-08T09:42:31	Improve handling of context input_id For https://bugzilla.gnome.org/show_bug.cgi?id=772726 This was used in xmlsec to detect issues with accessing external entities and prevent them, but was unreliable, based on a patch from Aleksey Sanin * parser.c: make sure input_id is incremented when creating sub-entities for parsing or when parsing out of context
8ac759a6	2017-11-27T18:23:58	Build more test executables on Windows/MSVC Build all test executables required by 'make checktests'.
706926fd	2017-11-27T18:17:38	Fix ICU library filenames on Windows/MSVC Fixes bug 790119.
d4049198	2017-11-27T15:08:00	Add resource file to Windows DLL Add a resource file containing verison information for the Windows DLL. This is only used by the MSVC build for now.
790c230f	2017-11-12T19:19:53	Run Travis tests with -Werror
45efd0b0	2017-11-13T22:05:22	Build with "-Wall -Wextra" Remove warning options that are enabled with "-Wall -Wextra". Disable -Warray-bounds warning that produces a (seemingly) false positive in xpath.c.
2677fbf4	2017-11-27T14:20:31	Fix -Wtautological-pointer-compare warnings Skip tautological pointer comparisons on pthread systems where we don't use the weak symbols hack.
ff628d46	2017-11-13T18:35:51	Stop including ansidecl.h This seems to be an undocumented, internal GCC header added a long time ago. I don't know why it was included, but I think it can be safely removed.
bf3b4563	2017-11-13T18:33:23	Remove unused AC_CHECKs
cb5541c9	2017-11-13T17:08:38	Fix libz and liblzma detection If libz or liblzma are detected with pkg-config, AC_CHECK_HEADERS must not be run because the correct CPPFLAGS aren't set. It is actually not required have separate checks for LIBXML_ZLIB_ENABLED and HAVE_ZLIB_H. Only check for LIBXML_ZLIB_ENABLED and remove HAVE_ZLIB_H macro. Fixes bug 764657, bug 787041.

2d97a97a

2019-03-15T16:27:58

Optional recursion limit when parsing XPath expressions Useful to avoid call stack overflows when fuzzing. Note that parsing a parenthesized expression currently consumes more than 10 stack frames, so this limit should be set rather low.

64115ed6

2019-03-18T11:34:26

Optional recursion limit when evaluating XPath expressions Useful to avoid call stack overflows when fuzzing.

852c93a2

2019-03-12T16:12:05

Optional XPath operation limit Optionally limit the maximum numbers of XPath operations when evaluating an expression. Useful to avoid timeouts when fuzzing. The following operations count towards the limit: - XPath operations - Location step iterations - Union operations Enabled by setting opLimit to a non-zero value. Note that it's the user's responsibility to reset opCount. This allows to enforce the operation limit across multiple reuses of an XPath context.

5153c7ba

2019-03-18T11:18:31

Use break statements in xmlXPathCompOpEval This prepares for the next commit.

91d576de

2019-04-09T13:16:50

Make configure.ac work with older pkg-config Older versions of pkg.m4 require the action-if-not-found argument of the PKG_CHECK_MODULES macro to be non-empty. Use a colon (null command) instead of an empty string. Fixes #50.

0f518611

2019-04-08T14:02:11

Fix compilation with --with-minimum Presence of xmlEncodeAttributeEntities doesn't depend on output module. Fixes #52.

b9bdb9db

2019-03-19T17:44:51

Check for integer overflow in xmlXPtrEvalChildSeq Found with libFuzzer and UBSan.

236dd6ab

2019-03-13T18:21:02

Check XPath stack after calling functions Check that there's exactly one return value on the stack after calling XPath functions. Otherwise, functions that corrupt the stack without signaling an error could lead to memory errors. Found with libFuzzer and UBSan.

c494a0ba

2019-03-12T14:45:04

Fix xmllint dump of XPath namespace nodes Starting with commit da35eeae, xmllint uses the xmlNodeDump API to dump XPath nodes. Make sure not to access node->doc which doesn't work with namespace nodes.

30a6533e

2019-03-08T12:15:17

Fix float casts in xmlXPathSubstringFunction Rewrite conversion of double to int in xmlXPathSubstringFunction, adding range checks to avoid undefined behavior. Make sure to add start and length as floating-point numbers before converting to int. Fix a bug when rounding negative start indices. Remove unneeded calls to xmlXPathIs{Inf,NaN} and rely on IEEE math instead. Avoid computing the string length. xmlUTF8Strsub works as expected if the length of the requested substring exceeds the input. Found with libFuzzer and UBSan.

09797c13

2019-03-05T15:14:34

Fix null deref in xmlregexp error path Thanks to Shaobo He for the report.

8161b463

2019-02-28T12:25:05

Remove debug printf in xmlreader.c Fixes #46.

9a82ae30

2019-02-28T12:18:37

Stop defining _REENTRANT on some Win32 platforms The _REENTRANT macro was defined unconditionally on some Win32 builds using the Microsoft C runtime. It shouldn't have an effect under MSVCRT and was presumably only defined because of the LIBXML_THREAD_ENABLED issue fixed with the previous commit.

cf68fe3d

2019-02-27T15:00:14

Always define LIBXML_THREAD_ENABLED when enabled When libxml2 is compiled with threads enabled, have the header file define LIBXML_THREAD_ENABLED even if the subsequent application by itself does not enable threads. Otherwise, the application would see the unthreaded API functions, but these are not exported (where it does make a difference, like on Win32 based platforms).

2c8dc715

2019-02-25T12:00:50

Fix null pointer dereference in xmlTextReaderReadOuterXml Fix a regression caused by commit 39fbfb4f. If xmlTextReaderReadOuterXml is called on a pristine xmlReader, the current node is NULL and must not be dereferenced. Move the call to xmlTextReaderExpand to the start of the function to make sure that we have a valid node. Fixes #43.

a7fe7ee4

2019-02-15T17:28:38

Regenerate NEWS

538d827c

2019-02-15T17:26:38

Change git repo URL

04fbfa3f

2019-02-15T17:20:18

Change bug tracker URL

656df97d

2019-02-15T17:05:16

Remove outdated HTML file

d3de7578

2019-01-15T12:33:48

Fix nanohttp.c on MinGW Commit e3890546 broke nanohttp.c on (old) MinGW. MinGW-w64 wasn't affected. Should fix #36. Thanks to Simon Sobisch for the report.

b48226f7

2019-01-07T17:58:32

Fix memory leaks in xmlParseStartTag2 error paths Found by OSS-Fuzz.

6b49db2c

2019-01-07T17:14:21

Fix memory leak in xmlSAX2StartElement Introduced by a recent commit. Only happens if max depth is exceeded in SAX1 mode. Found by OSS-Fuzz.

26828cb3

2019-01-07T16:52:42

Fix commit "Memory leak in xmlFreeID (xmlreader.c)" The recent commit "Memory leak in xmlFreeID (xmlreader.c)" introduced a double-free.

619534ef

2018-01-23T17:36:23

Fix Windows compiler warning in testC14N.c

57d4329b

2018-01-23T17:33:42

Merge testThreadsWin32.c into testThreads.c Apply the same cross-platform modifications as previously in runtest.c.

7f40ed01

2018-01-23T16:40:36

Fix Python bindings under Windows - Correct linker flags for MinGW-w64 - Adjust PATH to find libxml2.dll when running tests

e8fdf5df

2019-01-01T19:20:22

Fix unused function warning in testapi.c Check whether all param and return types are known before generating functions for param types. Otherwise, unused functions end up in testapi.c.

731b5064

2019-01-01T18:43:02

Add some generated test files to .gitignore

dcae579e

2019-01-01T16:48:40

Remove unneeded function pointer casts

19f0950d

2019-01-01T16:38:42

Fix -Wcast-function-type warnings (GCC 8) Use xmlGenericError instead of fprintf as error handler. It also prints to stderr by default.

8919885f

2019-01-01T16:30:38

Fix -Wformat-truncation warnings (GCC 8)

157cd3ae

2018-11-24T15:46:00

Fix NULL pointer deref in xmlTextReaderValidateEntity Found by OSS-Fuzz.

57a3af56

2018-11-24T12:14:55

Memory leak in xmlFreeTextReader In error cases, there might still be elements in the vstate table. Since vstateVPop in valid.c is private, we have to pop the elements with xmlValidatePopElement. This inspects nodes of the document, so the reader doc must be freed after the clearing the vstate table. Found by OSS-Fuzz.

efe8c093

2018-11-24T11:39:32

Memory leak in xmlFreeID (xmlreader.c) Fix a memory leak in xmlReader's private copy of xmlFreeID. Only affects validation with NODICT. Found by OSS-Fuzz.

f8a8c1f5

2019-01-03T19:14:17

Release of libxml2-2.9.9 * configure.ac doc/news.html doc/xml.html doc/libxml2.xsa: making changes for the release Signed-off-by: Daniel Veillard <veillard@redhat.com>

7c4949af

2019-01-01T19:58:07

Fix "Problem with data in interleave in RelaxNG validation" Fixes commit c8e5f958. https://mail.gnome.org/archives/xml/2018-November/msg00029.html

6fc04d71

2018-11-23T22:56:03

Revert "Support xmlTextReaderNextSibling w/o preparsed doc" This reverts commit bfec41b3de1cbd35e547b57c80ae3a5101f8891c which caused problems with the XML::LibXML Perl bindings. https://mail.gnome.org/archives/xml/2018-November/msg00010.html

a71b98ec

2018-11-05T14:26:26

cleanup: remove some unreachable code

b1f87c0e

2018-11-05T14:20:16

Fix building relative URIs Examples: testURI --relative --base file:///a file:///b New correct result: b Old incorrect result: ../b testURI --relative --base file:///a file:/// New correct result: ./ Old incorrect result: ../ testURI --relative --base file:///a/b file:///a/ New correct result: ./ Old incorrect result: ../../a/

25f13e77

2018-11-05T13:53:00

add --relative to testURI Example: testURI --relative --base file:///a/b/c file:///a/x/y Result: ../x/y

c7461f65

2018-11-03T21:19:13

reader: Fix documentation comment

c64d4efb

2018-10-13T00:12:12

Remove redefined starts and defines inside include elements When including a grammar from another grammar, we need to make sure that any redefines of starts and includes that that grammar does inside any of its include elements are also removed.

46da8fc5

2018-10-12T23:46:24

Allow choice within choice in nameClass in RELAX NG The pattern nameClass allows for nested choice elements, for example <name> <choice> <choice> <name>a</name> <name>b</name> </choice> <name>c</name> </choice> </name> which is semantically equivalent to <name> <choice> <name>a</name> <name>b</name> <name>c</name> </choice> </name> The old code didn’t handle this correctly, as it never expected a choice inside another choice. This patch fixes this by flattening any nested choices. This pattern of nested choice elements comes up in RELAX NG simplification, where all choice elements are rewritten in this nested manner, see section 4.12 of the RELAX NG specification.

4338c310

2018-10-12T22:30:26

Look inside divs for starts and defines inside include RELAX NG allows for div elements inside of include elements. We need to look inside those div elements for start and define elements that may be redefining start and define elements in the included grammar.

3c614191

2018-10-12T22:30:10

Add compile and libxml2-config.cmake to .gitignore

c8e5f958

2018-11-22T18:09:51

Problem with data in interleave in RelaxNG validation Reported in https://mail.gnome.org/archives/xml/2018-October/msg00003.html The issue seems to be that we build groups of what can be matched by the interleave, but that these groups don’t include data, list, and value elements, only element and text elements. This patch extends xmlRelaxNGGetElements so that it can return these elements for us in xmlRelaxNGComputeInterleaves. Then we make sure to updatexmlRelaxNGNodeMatchesList as well so that it accepts the correct types.

3776cb47

2018-11-22T15:27:28

Fix memory leak in xmlSwitchInputEncodingInt error path Found by OSS-Fuzz.

1567b55b

2018-11-22T14:28:58

Set doc on element obtained from freeElems In commit 8c9daf79, a call to xmlFreeNode was added in xmlSAX2StartElementNs. If a node was obtained from the freeElems list, make sure to set the doc, otherwise xmlFreeNode wouldn't realize that the node name might be in the dictionary, causing an invalid free. Note that the issue fixed in commit 8c9daf79 requires commit 0ed6addb and this one to work properly. Found by OSS-Fuzz.

fc27759d

2018-11-06T10:17:35

Fix MSVC build with lzma

d459831c

2018-10-13T16:12:14

Fix HTML serialization with UTF-8 encoding If the encoding is specified as UTF-8, make sure to use a NULL encoding handler.

ee501f54

2018-10-13T15:23:35

Stop using doc->charset outside parser code doc->charset does not specify the in-memory encoding which is always UTF-8.

39fbfb4f

2018-09-25T12:57:04

Use actual doc in xmlTextReaderRead*Xml Otherwise the encoding of the document is ignored and non-ASCII characters are serialized as numeric references even if the encoding is specified as UTF-8.

da35eeae

2018-09-23T01:09:56

Add newlines to 'xmllint --xpath' output Separate nodes in a node-set with newlines and always add a terminating newline. This is a breaking change but the old behavior of dumping text nodes without separator was mostly useless. Also use buffered I/O when dumping node-sets.

73b2417c

2018-09-22T15:45:02

Variables need 'extern' in static lib on Cygwin While the dllimport/dllexport macros now work for Cygwin, using the static library still requires variables to be declared as 'extern'. This is a regression of c65c9e8ee07e2dab0647392c2bd1795a5bc99829, found+fixed by Bruno Haible using static libxml embedded in gettext.

0ed6addb

2018-09-22T15:41:01

Unlink node before freeing it in xmlSAX2StartElement The node may have been added to the document already, so it must be unlinked first. Thanks to David Kilzer for spotting this.

8c9daf79

2018-09-12T13:42:27

Check return value of nodePush in xmlSAX2StartElement If the maximum depth is exceeded, nodePush halts the parser which results in freeing the input buffer since the previous commit. This invalidates the attribute pointers, so the error condition must be checked. Found by OSS-Fuzz.

123234f2

2018-09-11T14:52:07

Free input buffer in xmlHaltParser This avoids miscalculation of available bytes. Thanks to Yunho Kim for the report. Closes: #26

60173c82

2018-09-11T14:08:39

Reset HTML parser input pointers on encoding failure Call xmlBufResetInput before bailing out if switching the encoding fails. Otherwise, the input pointers could be left in an invalid state. Similar to commit f9e7997e803457b714352c4d51a96104ae298d94 for the XML parser. Thanks to Yunho Kim for the report. Closes: #27

dc6d2a49

2018-09-04T17:13:29

Don't run icu_parse_test if EUC-JP is unsupported Closes: #25

b697d7bb

2018-09-04T16:48:15

Fix xmlSchemaValidCtxtPtr reuse memory leak When reusing an xmlSchemaValidCtxtPtr to validate multiple xml documents against the same schema, there is a memory leak in xmlschemas.c in xmlSchemaClearValidCtxt(). The vctxt->idcKeys and associated counters are not cleaned up in xmlSchemaClearValidCtxt() as they are in xmlSchemaFreeValidCtxt(). As a result, vctxt->idcKeys grows with each xmlValidateDoc() call that uses the same context and that memory is never freed. Similarly, vctxt->nbIdcKeys and vctxt->sizeIdcKeys increment and are never reset. Closes: #23

1dafb427

2018-09-03T15:29:50

Don't include SAX.h from globals.h SAX.h contains a legacy interface with several unprefixed symbols like `reference`, causing severe namespace pollution. The globals.h header doesn't need any of these symbols, so remove the #include.

bfec41b3

2018-06-23T12:14:28

Support xmlTextReaderNextSibling w/o preparsed doc This implements missing support for readers that are not based on a preparsed document in xmlTextReaderNextSibling.

d2ef114c

2018-06-23T13:08:46

Fix xmlTextReaderNext with preparsed document This fixes the traversal of parent nodes using xmlTextReaderNext() when the reader is based on a preparsed document (created using xmlReaderWalker(doc)). Without this fix the parser will abort even though there are parent nodes it should traverse to, if it is not currently on an element or attribute node. This is incorrect, since it can be for example on a text node when it needs to enter backtracking.

c65c9e8e

2018-08-31T11:42:14

Really declare dllexport/dllimport for Cygwin Cygwin does not define _WIN32, but still requires dllexport/dllimport tags for when applications use the --disable-auto-import linker flag, probably set by the gl_WOE32_DLL autoconf macro in woe32-dll.m4 file.

33d7ca53

2018-08-24T10:10:02

Merge branch 'patch-2' into 'master' Change dir to $THEDIR after ACLOCAL_PATH check See merge request GNOME/libxml2!6

19f5efd6

2018-08-23T20:42:23

Change dir to $THEDIR after ACLOCAL_PATH check autoreconf creates aclocal.m4 in $srcdir

b6ab8b44

2018-08-19T18:59:10

Improve error message if pkg.m4 couldn't be found Check whether aclocal.m4 contains the pkg.m4 macro package after running autoreconf and print a more helpful error message. Thanks to 林博仁 (Buo-ren Lin) for the initial patch. Closes: #21

173ea684

2018-08-18T14:22:57

Don't instruct user to run make when autogen.sh failed Currently the autogen script will always tell user to run make even when the configure script failed, this patch changes the behavior to only show this message when the configure script terminates without error.

2240fbf5

2018-07-30T13:14:11

Fix infinite loop in LZMA decompression Check the liblzma error code more thoroughly to avoid infinite loops. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 This is CVE-2018-9251 and CVE-2018-14567. Thanks to Dongliang Mu and Simon Wörner for the reports.

a4363749

2018-07-30T12:54:38

Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5 Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 https://bugzilla.redhat.com/show_bug.cgi?id=1595985 This is CVE-2018-14404. Thanks to Guy Inbar for the report.

b7c50b8d

2018-04-17T12:07:08

Remove stray character from comment Fixes bug #795316: https://bugzilla.gnome.org/show_bug.cgi?id=795316

d2293cdb

2018-01-30T15:04:11

Remove a misleading line from xmlCharEncOutput Closes: https://bugzilla.gnome.org/show_bug.cgi?id=793028 It seams this line was accidentally copied over from xmlCharEncOutFunc. In xmlCharEncOutput output is a pointer so incrementing it by ret can point it where it wasn't supposed to be pointing. Luckily the current implementation doesn't dereference the pointer after advancing it. Signed-off-by: Daniel Veillard <veillard@redhat.com>

35e83488

2018-04-18T15:58:42

HTML noscript should not close p For https://bugzilla.gnome.org/show_bug.cgi?id=795343 - HTMLparser.c: noscript should not close <p> but it should close <script>

e61c8217

2018-04-16T20:46:13

Run Travis ASan tests with "sudo: required" See https://github.com/travis-ci/travis-ci/issues/9033

fa33bf31

2017-05-25T00:45:10

Improve restoring of context size and position Restore context size and position where it is modified, not in seemingly random places.

665df41d

2018-04-16T19:37:34

Simplify and harden nodeset filtering If a nodeset to be filtered is empty, it can be returned without popping it from the stack. Make sure to restore the context node in all error paths and never set it to NULL. Save and restore the context node in RANGETO operations.

029d0e96

2017-05-25T01:28:27

Avoid unnecessary backups of the context node

938835e7

2017-05-25T01:21:57

Don't change context node in xmlXPathRoot

e22a83b1

2017-05-25T01:18:36

Stop using XPATH_OP_RESET It only sets the context node to NULL which doesn't seem useful and can even cause bugs like bug #795299: https://bugzilla.gnome.org/show_bug.cgi?id=795299

ebe12882

2018-04-16T18:18:11

Fix inconsistency in xmlXPathIsInf We don't use HUGE_VAL for INFINITY after the most recent fix.

7a1bd7f6

2018-03-17T00:03:24

Revert "Change calls to xmlCharEncInput to set flush false" This reverts commit 6e6ae5daa6cd9640c9a83c1070896273e9b30d14 which broke decoding of larger documents with ICU. See https://bugs.chromium.org/p/chromium/issues/detail?id=820163

7abec671

2018-03-15T19:33:52

NaN and Inf fixes for pre-C99 compilers On some pre-C99 compilers, the NAN and INFINITY macros don't expand to constant expressions. Some MSVC versions complain about floating point division by zero in constants. Thanks to Fabrice Manfroi for the report.

18890f47

2018-03-05T17:09:43

Release of libxml2-2.9.8 * configure.ac doc/* libxml2.syms testapi.c: updated for the new release

d910e99c

2017-11-06T16:20:25

python: remove single use of _PyVerify_fd _PyVerify_fd disappeared from python with: https://hg.python.org/cpython/rev/e88e2049b793 https://bugzilla.gnome.org/show_bug.cgi?id=776815

707ad080

2018-01-23T16:37:54

Fix xmlParserEntityCheck A previous commit removed the check for XML_ERR_ENTITY_LOOP which is required to abort early in case of excessive entity recursion.

ab362ab0

2018-01-22T15:40:05

Halt parser in case of encoding error Should fix crbug.com/793715, although I wasn't able to reproduce the issue.

60dded12

2018-01-22T15:04:58

Clear entity content in case of errors This only affects recovery mode and avoids integer overflow in xmlStringGetNodeList and possibly other nasty surprises. See bug 783052 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3874 https://bugs.chromium.org/p/chromium/issues/detail?id=796804

6e6ae5da

2018-01-02T21:47:35

Change calls to xmlCharEncInput to set flush false when not final call. Having flush incorrectly set to true causes errors for ICU.

1637d612

2018-01-08T19:19:42

Disable pointer-overflow UBSan checks under Travis clang 5 added UBSan checks for pointer overflow which are triggered by an API test.

132af1a0

2018-01-08T18:48:01

Fix buffer over-read in xmlParseNCNameComplex Calling GROW can halt the parser if the buffer grows too large. This will set the buffer to an empty string. Return immediately in this case, otherwise the "current" pointer is advanced leading to a buffer over-read. Found with OSS-Fuzz. See https://oss-fuzz.com/testcase?key=6683819592646656 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5031

ad88b54f

2017-12-08T09:42:31

Improve handling of context input_id For https://bugzilla.gnome.org/show_bug.cgi?id=772726 This was used in xmlsec to detect issues with accessing external entities and prevent them, but was unreliable, based on a patch from Aleksey Sanin * parser.c: make sure input_id is incremented when creating sub-entities for parsing or when parsing out of context

8ac759a6

2017-11-27T18:23:58

Build more test executables on Windows/MSVC Build all test executables required by 'make checktests'.

706926fd

2017-11-27T18:17:38

Fix ICU library filenames on Windows/MSVC Fixes bug 790119.

d4049198

2017-11-27T15:08:00

Add resource file to Windows DLL Add a resource file containing verison information for the Windows DLL. This is only used by the MSVC build for now.

790c230f

2017-11-12T19:19:53

Run Travis tests with -Werror

45efd0b0

2017-11-13T22:05:22

Build with "-Wall -Wextra" Remove warning options that are enabled with "-Wall -Wextra". Disable -Warray-bounds warning that produces a (seemingly) false positive in xpath.c.

2677fbf4

2017-11-27T14:20:31

Fix -Wtautological-pointer-compare warnings Skip tautological pointer comparisons on pthread systems where we don't use the weak symbols hack.

ff628d46

2017-11-13T18:35:51

Stop including ansidecl.h This seems to be an undocumented, internal GCC header added a long time ago. I don't know why it was included, but I think it can be safely removed.

bf3b4563

2017-11-13T18:33:23

Remove unused AC_CHECKs

cb5541c9

2017-11-13T17:08:38

Fix libz and liblzma detection If libz or liblzma are detected with pkg-config, AC_CHECK_HEADERS must not be run because the correct CPPFLAGS aren't set. It is actually not required have separate checks for LIBXML_ZLIB_ENABLED and HAVE_ZLIB_H. Only check for LIBXML_ZLIB_ENABLED and remove HAVE_ZLIB_H macro. Fixes bug 764657, bug 787041.

kc3-lang/libxml2

Log