kmx git

Commit	Date	Message
2e765083	2024-02-27T16:23:44	tree: Fix indentation in xmlAddPropSibling
16c0374a	2024-02-27T15:31:33	tree: Fix xmlAddSibling with last sibling If the node to be added was already at the correct position, the tree could be corrupted.
29db9881	2024-02-23T16:59:40	tree: Fix xmlDocSetRootElement with multiple top-level elements Fix xmlDocSetRootElement when setting the original root if multiple top-level elements are present.
af66a6b5	2024-02-22T13:03:59	tree: Unlink DTD in xmlStaticCopyNodeList Avoid tree corruption when copying within a document.
bb22cfb9	2024-02-22T12:39:42	tree: Unlink DTD in xmlFreeNodeList Avoid dangling next/prev pointers.
4b698dba	2024-02-22T18:13:53	tree: Only allow elements in xmlDocSetRootElement
74ca2f59	2024-02-27T13:44:54	tree: Move type check in xmlAddChild Avoid aborting halfway after changing parent pointer if node types don't match when adding attributes.
d5f50602	2024-02-22T16:12:07	tree: Disallow setting content of entity reference nodes The content of entity reference nodes points to the entity declaration and isn't freed. Changing the content would result in a memory leak.
77f2012c	2024-02-22T15:25:05	tree: Rework xmlReconciliateNs
186562a1	2024-03-12T19:55:33	parser: Fix detection of duplicate attributes in XML namespace Fixes a regression from commit e0dd330b, resulting in duplicate attributes in the predefined XML namespace not being detected or extraneous default attributes being passed. Fixes #704.
ce8f3d2c	2024-03-10T15:03:41	fuzz: Improve README
723b4de0	2024-03-03T21:57:59	catalog: Fetch XML catalog before dumping Catalog entries seem to be loaded lazily. Should fix #699.
653ef999	2024-03-02T17:02:30	schemas: fix spurious warning about truncated snprintf output Fix warning: xmlschemas.c: In function 'xmlSchemaVAttributesComplex': xmlschemas.c:25506:63: warning: 'snprintf' output may be truncated before the last format character [-Wformat-truncation=] xmlschemas.c:25506:29: note: 'snprintf' output between 3 and 13 bytes into a destination of size 12 On my system (GCC 13.2.1 x86_64) the warning only appears with -O0. counter can't exceed 1000, so there's no real bug.
25afd931	2024-02-29T01:29:42	xmlschemastypes: Remove unreachable if statement Pointer `cur` is created by `value` variable and there is no need to check `cur` for NULL because of `value` is checked in the beginning of function. Found by RASU JSC.
cd94985f	2024-02-29T01:14:06	relaxng: Remove useless if statement
84a71860	2024-02-26T15:14:28	xmlreader: Fix xmlTextReaderConstEncoding Regression from commit f1c1f5c6. Fixes #697.
b55ee729	2024-02-26T13:22:08	html: Regression test for #696 This was already fixed in the master branch, so we only add a test.
a581f651	2024-02-21T12:09:10	tree: Check for integer overflow in xmlStringGetNodeList This function is called with unvalidated strings from functions like xmlNewDocProp, xmlNewDocNode or xmlNodeSetContent, so we have to check for integer overflow after all.
7dc8600a	2024-02-20T12:32:17	SAX2: Report malloc failure in xmlCheckDefaultedAttributes
67e475b7	2024-02-19T11:09:39	http: Improve error message for HTTPS redirects
e314109a	2024-02-16T15:42:38	save: Don't write directly to internal buffer Make sure that OOM errors are reported.
595ee5bc	2024-02-14T13:58:14	dict: Include unistd.h for getentropy
c444c96e	2024-02-13T12:22:28	parser: Report OOM errors even after parser was stopped
9835ec2b	2024-02-13T10:58:19	valid: Fix xmlAddIDSafe in "streaming" mode Make sure that IDs and attributes never reference each other in streaming (XML reader) mode, even when attributes are copied from an entity. Also update lineno. Fixes a short-lived use-after-free.
e97b4d84	2024-02-13T11:37:05	autotools: Remove useless substitution Fixes #689.
4d774612	2024-02-13T11:35:12	parser: Fix column number in attribute values Short-lived regression from 37c6618b.
87bebd25	2024-02-12T16:45:16	xmllint: Return error code if XPath returns empty nodeset Return an error code as before but make it possible to distinguish from real errors. Fixes #690.
a9e73f11	2024-02-11T12:47:09	catalog: Remove Windows hack Shouldn't be necessary after commit 865520f0. Fixes #688.
b53562bd	2024-02-11T12:33:02	examples: Readd xpath1 test This was removed for some reason in fc119e32. Fixes #685.
13962b06	2023-10-15T13:56:34	xmlreader: Clean up error handling Make sure that xmlTextReaderRead returns -1 immediately if the reader is in an error state.
ddda373e	2024-02-06T12:53:03	xmlreader: Make xmlTextReaderValidateEntity return an error code This makes sure that xmlTextReaderRead returns -1 if a memory allocation fails.
2807df9a	2024-02-06T12:07:19	valid: Fix another use-after-free in xmlAddIDSafe Short-lived regression.
2963a097	2024-02-05T15:35:54	xpath: Report malloc failure in xmlXPathTranslateFunction
1a66b176	2023-10-14T22:45:54	[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604.
921ab01e	2024-02-04T14:08:44	c14n: Improve error handling Stop raising meaningless internal errors.
70da4c08	2024-02-04T13:30:32	valid: Fix use-after-free in xmlAddIDSafe Short-lived regression.
d463733f	2024-02-01T19:31:03	fuzz: Reenable malloc failure check when serializing
cf875194	2024-02-01T19:26:42	valid: Deprecate old DTD serialization API
fbe10a46	2024-02-01T19:01:57	save: Move DTD serialization code to xmlsave.c
84e50a0c	2024-02-01T17:02:24	fuzz: Don't check for malloc failures when serializing DTD serialization doesn't report malloc failures yet.
6aae1767	2024-02-01T15:18:26	tree: Fix error condition in xmlNodeListGetString Don't return NULL in case of undeclared entities.
4a8f707b	2024-02-01T13:55:20	Update .gitignore
0d170aca	2024-02-01T11:51:58	io: Report malloc failure in xmlOutputBufferWrite Fixes #676.
2835337a	2024-01-30T14:18:45	doc: Mark `xmllint --xpath` as experimental This feature was poorly thought-out.
6b089473	2024-01-30T13:37:16	doc: Update xmllint man page after fixing #180 Fixes #673.
95f2a174	2024-01-30T13:25:17	parser: Fix crash in xmlParseInNodeContext with HTML documents Ignore namespaces if we have an HTML document with namespaces added manually. Fixes #672.
2e19d0ef	2024-01-26T11:39:51	SAX2: Make sure that OOM errors aren't overwritten
12ce9b5f	2024-01-25T12:52:14	dict: Fix warnings with older clang
8961056f	2024-01-23T00:47:44	parser: Make experimental input API private This needs to be reworked.
63986c45	2024-01-22T21:02:16	parser: Report fatal error if document entity couldn't be loaded Only lower error level when loading entities. Fixes #667.
37d474ff	2024-01-17T14:19:42	xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest Don't return NULL node-sets. Ultimately, we should make sure that obj->nodesetval is always non-NULL even for empty node-sets. See #663.
df618f08	2024-01-15T17:15:02	tests: Add test for issue #661
d636ef1d	2024-01-11T00:43:44	tests: Remove testOOM This was never part of the standard test suite and we now test OOM error handling more comprehensively with fuzz testing.
24059ae9	2024-01-10T18:02:20	autotools: Readd --with-xptr-locs configuration option The option was removed accidentally in 4e4c89a4.
29f4d69e	2024-01-10T16:02:33	xpath: Report malloc failure in xmlXPtrEvalXPtrPart
2cebf209	2024-01-10T15:37:50	gitlab-ci: Disable Python tests on MinGW for now See #658.
57c68759	2024-01-07T20:44:40	SAX2: Limit entity URI length to 2000 bytes Avoid quadratic behavior when loading entities with long URIs multiple times. This limitation could be dropped if we cached external entities.
6dc2fdb2	2024-01-07T14:30:57	parser: Account for full size of non-well-formed entities Account for the full size of the entity if parsing stops because of errors. In our cost model, we have to assume that the entity loader processes the whole entity regardless of its content.
29beef65	2024-01-02T21:50:38	parser: Pop inputs if parsing DTD failed This should provide some statistics in ctxt->sizeentcopy even in the error or recovery case.
02a2038d	2024-01-10T14:17:49	parser: Handle NOCDATA properly when expanding entities Short-lived regression from e1153832.
fd801845	2024-01-07T15:19:58	fuzz: Cap URL size Cap URL size to avoid quadratic behavior when generating error messages.
83c1ae13	2024-01-07T15:40:23	fuzz: Add missing include Fix build failure.
e1153832	2024-01-07T01:29:37	parser: Fix quadratic behavior when copying entities Process the first and last text node with the SAX handler to make the text merging optimization kick in. Fixes #657.
d2b55a7a	2024-01-05T20:31:10	writer: Implement xmlTextWriterClose This function can be used to make sure that closing the output stream succeeded. Fixes #513.
f237e5b9	2024-01-05T15:40:23	parser: Avoid duplicate namespace errors Don't report an extra attribute uniqueness error if a namespace is undeclared. This matches old behavior.
02cc5c36	2024-01-05T04:17:14	parser: Add XML_PARSE_NO_XXE parser option
12f0bb94	2024-01-05T01:14:28	parser: Synchronize more options
3efbe916	2024-01-05T00:11:29	parser: Mark 'token' member as unused in xmlParserCtxt
b82fd81d	2024-01-04T23:25:06	parser: Rework xmlCtxtParseDocument Make xmlCtxtParseDocument take a parser input which can be popped after parsing.
c2b3294f	2024-01-04T21:20:51	fuzz: Abort on invalid UTF-8 The parser should never generate invalid UTF-8 these days even in recovery mode.
df098e3b	2023-12-22T12:02:08	Set LIBXML2_FOUND if it has been properly configured
d7d300ba	2024-01-04T17:50:11	parser: Remove remnants of runtime debugging feature Apparently, this feature was remove long ago. Fixes #651.
8c5848bd	2024-01-04T17:14:31	parser: Make xmlParseContent more useful This is an internal function which isn't really usable without some hacks. See WebKit/Chromium trying to recreate the effects of xmlDetectSAX2 manually, for example. Make xmlParseContent perform late initialization and check whether the content was fully parsed. Also rename xmlDetectSAX2 and document why it's needed.
65c65b65	2024-01-04T13:59:23	tests: Move away from global error handlers
07c05546	2024-01-04T02:48:02	error: Make xmlFormatError public This is a useful function to get a verbose error report. Allows to remove duplicated code from runtest.c. Also reactivate check for schema parser failures.
d0eb5a7e	2024-01-03T18:12:29	parser: Remove xmlErrEncodingInt Convert the last user to xmlFatalErr.
f30b9b23	2024-01-03T18:11:44	fuzz: Add assertion in xmlCopyCharMultibyte This is an internal function that should never receive out-of-range codepoints.
a7356dfe	2024-01-03T18:02:46	parser: Clear invalid entity content This was removed in earlier commits, but we really want to make sure that entity content is syntactically valid.
30d83977	2024-01-04T15:18:14	fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.
ca5965d5	2024-01-02T21:49:43	save: Report more malloc failures
2c9cd0b6	2024-01-02T18:51:24	fuzz: Abort on internal errors
661ef936	2024-01-02T18:50:59	valid: Fix some error codes
0821efc8	2024-01-02T18:33:57	encoding: Check whether encoding handlers support input/output The "HTML" encoding handler doesn't support input which could lead to a wrong error report.
85f99023	2024-01-02T17:52:43	parser: Fix buffer size checks Don't test size of remaining data. This causes false positives with memory buffers. Also impose XML_MAX_HUGE_LENGTH limit when parsing with XML_PARSE_HUGE.
e8fb3d63	2024-01-02T17:45:54	parser: Convert some "internal errors" to meaningful codes
9912c369	2024-01-02T17:23:59	SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
5cb4b05c	2024-01-02T17:16:22	parser: Lower maximum entity nesting depth Limit entity nesting depth to 20 or 40 with XML_PARSE_HUGE. Change error code to XML_ERR_RESOURCE_LIMIT.
a2cc7f5f	2024-01-02T17:02:21	parser: Set depth limit to 2048 with XML_PARSE_HUGE Deeply nested documents can cause performance problems, so the nesting depth should always be limited to a reasonable value. Also remove the global xmlParserMaxDepth setting which isn't thread-safe and seems unused.
875bb084	2023-09-07T03:25:45	parser: Implement xmlCtxtSetOptions Surprisingly, some options can only be enabled with xmlCtxtUseOptions and it's impossible to unset them. Add a new API function xmlCtxtSetOptions which sets or clears all options. Finally document all parser options. Make sure to synchronize option bits and struct members.
33ec407a	2023-09-07T03:33:09	parser: Always prefer option members over bitmask If an option has an extra member in xmlParserCtxt, it takes precedence over the value from the options bitmask. Fix a few places where this was ignored.
22fd571f	2023-09-06T22:15:20	parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set It's a bad idea to modify members of the SAX handler struct for option state management. Ideally, ctxt->options should be the preferred source of truth.
37c6618b	2023-12-30T02:50:34	parser: Rework parsing of attribute and entity values Don't use a separate function to handle "complex" attributes. Validate UTF-8 byte sequences without decoding. This should improve performance considerably when parsing multi-byte UTF-8 sequences. Use a string buffer to avoid unnecessary allocations and copying when expanding entities. Normalize attribute values in a single pass while expanding entities. Be more lenient in recovery mode. If no entity substitution was requested, validate entities without expanding. Fixes #596. Also fixes #655.
4dcc2d74	2024-01-02T14:04:44	save: Output U+FFFD replacement characters This degrades more gracefully and helps to diagnose errors. We stop raising errors for now, since there's no way to report malloc failures during error handling yet.
2b79f106	2023-12-29T21:07:04	parser: Simplify entity size accounting
08d9b258	2023-12-29T15:20:56	parser: Support namespace scope in NsData struct The previous approach of recreating the NsData struct was flawed.
5de48d12	2023-12-29T14:41:40	parser: Simplify error handling when parsing entities
f0dc52d0	2023-12-29T06:00:20	parser: Move cleanup of element stacks to xmlParseContent
a1ed589b	2023-12-29T23:12:06	parser: Avoid unwanted expansion of parameter entities Remove PE handling from xmlSkipBlankChars and add a separate version that handles PEs. Only call xmlSkipBlankCharsPE when parsing DTD constructs. This should make sure that PEs don't get expanded accidentally, for example in text declarations.
16b0dbc1	2023-12-29T18:47:30	parser: Fix XML_ERR_UNSUPPORTED_ENCODING errors Commit 45157261 added the check in the wrong place. Also allow unsupported encoding in xmlNewInputInternal. Fixes #654.
e45a4d71	2023-12-29T00:00:21	io: Always forward IO errors to global handler The HTTP module raises errors without context. This won't be fixed, so send them to the global error handler.

2e765083

2024-02-27T16:23:44

tree: Fix indentation in xmlAddPropSibling

16c0374a

2024-02-27T15:31:33

tree: Fix xmlAddSibling with last sibling If the node to be added was already at the correct position, the tree could be corrupted.

29db9881

2024-02-23T16:59:40

tree: Fix xmlDocSetRootElement with multiple top-level elements Fix xmlDocSetRootElement when setting the original root if multiple top-level elements are present.

af66a6b5

2024-02-22T13:03:59

tree: Unlink DTD in xmlStaticCopyNodeList Avoid tree corruption when copying within a document.

bb22cfb9

2024-02-22T12:39:42

tree: Unlink DTD in xmlFreeNodeList Avoid dangling next/prev pointers.

4b698dba

2024-02-22T18:13:53

tree: Only allow elements in xmlDocSetRootElement

74ca2f59

2024-02-27T13:44:54

tree: Move type check in xmlAddChild Avoid aborting halfway after changing parent pointer if node types don't match when adding attributes.

d5f50602

2024-02-22T16:12:07

tree: Disallow setting content of entity reference nodes The content of entity reference nodes points to the entity declaration and isn't freed. Changing the content would result in a memory leak.

77f2012c

2024-02-22T15:25:05

tree: Rework xmlReconciliateNs

186562a1

2024-03-12T19:55:33

parser: Fix detection of duplicate attributes in XML namespace Fixes a regression from commit e0dd330b, resulting in duplicate attributes in the predefined XML namespace not being detected or extraneous default attributes being passed. Fixes #704.

ce8f3d2c

2024-03-10T15:03:41

fuzz: Improve README

723b4de0

2024-03-03T21:57:59

catalog: Fetch XML catalog before dumping Catalog entries seem to be loaded lazily. Should fix #699.

653ef999

2024-03-02T17:02:30

schemas: fix spurious warning about truncated snprintf output Fix warning: xmlschemas.c: In function 'xmlSchemaVAttributesComplex': xmlschemas.c:25506:63: warning: 'snprintf' output may be truncated before the last format character [-Wformat-truncation=] xmlschemas.c:25506:29: note: 'snprintf' output between 3 and 13 bytes into a destination of size 12 On my system (GCC 13.2.1 x86_64) the warning only appears with -O0. counter can't exceed 1000, so there's no real bug.

25afd931

2024-02-29T01:29:42

xmlschemastypes: Remove unreachable if statement Pointer `cur` is created by `value` variable and there is no need to check `cur` for NULL because of `value` is checked in the beginning of function. Found by RASU JSC.

cd94985f

2024-02-29T01:14:06

relaxng: Remove useless if statement

84a71860

2024-02-26T15:14:28

xmlreader: Fix xmlTextReaderConstEncoding Regression from commit f1c1f5c6. Fixes #697.

b55ee729

2024-02-26T13:22:08

html: Regression test for #696 This was already fixed in the master branch, so we only add a test.

a581f651

2024-02-21T12:09:10

tree: Check for integer overflow in xmlStringGetNodeList This function is called with unvalidated strings from functions like xmlNewDocProp, xmlNewDocNode or xmlNodeSetContent, so we have to check for integer overflow after all.

7dc8600a

2024-02-20T12:32:17

SAX2: Report malloc failure in xmlCheckDefaultedAttributes

67e475b7

2024-02-19T11:09:39

http: Improve error message for HTTPS redirects

e314109a

2024-02-16T15:42:38

save: Don't write directly to internal buffer Make sure that OOM errors are reported.

595ee5bc

2024-02-14T13:58:14

dict: Include unistd.h for getentropy

c444c96e

2024-02-13T12:22:28

parser: Report OOM errors even after parser was stopped

9835ec2b

2024-02-13T10:58:19

valid: Fix xmlAddIDSafe in "streaming" mode Make sure that IDs and attributes never reference each other in streaming (XML reader) mode, even when attributes are copied from an entity. Also update lineno. Fixes a short-lived use-after-free.

e97b4d84

2024-02-13T11:37:05

autotools: Remove useless substitution Fixes #689.

4d774612

2024-02-13T11:35:12

parser: Fix column number in attribute values Short-lived regression from 37c6618b.

87bebd25

2024-02-12T16:45:16

xmllint: Return error code if XPath returns empty nodeset Return an error code as before but make it possible to distinguish from real errors. Fixes #690.

a9e73f11

2024-02-11T12:47:09

catalog: Remove Windows hack Shouldn't be necessary after commit 865520f0. Fixes #688.

b53562bd

2024-02-11T12:33:02

examples: Readd xpath1 test This was removed for some reason in fc119e32. Fixes #685.

13962b06

2023-10-15T13:56:34

xmlreader: Clean up error handling Make sure that xmlTextReaderRead returns -1 immediately if the reader is in an error state.

ddda373e

2024-02-06T12:53:03

xmlreader: Make xmlTextReaderValidateEntity return an error code This makes sure that xmlTextReaderRead returns -1 if a memory allocation fails.

2807df9a

2024-02-06T12:07:19

valid: Fix another use-after-free in xmlAddIDSafe Short-lived regression.

2963a097

2024-02-05T15:35:54

xpath: Report malloc failure in xmlXPathTranslateFunction

1a66b176

2023-10-14T22:45:54

[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604.

921ab01e

2024-02-04T14:08:44

c14n: Improve error handling Stop raising meaningless internal errors.

70da4c08

2024-02-04T13:30:32

valid: Fix use-after-free in xmlAddIDSafe Short-lived regression.

d463733f

2024-02-01T19:31:03

fuzz: Reenable malloc failure check when serializing

cf875194

2024-02-01T19:26:42

valid: Deprecate old DTD serialization API

fbe10a46

2024-02-01T19:01:57

save: Move DTD serialization code to xmlsave.c

84e50a0c

2024-02-01T17:02:24

fuzz: Don't check for malloc failures when serializing DTD serialization doesn't report malloc failures yet.

6aae1767

2024-02-01T15:18:26

tree: Fix error condition in xmlNodeListGetString Don't return NULL in case of undeclared entities.

4a8f707b

2024-02-01T13:55:20

Update .gitignore

0d170aca

2024-02-01T11:51:58

io: Report malloc failure in xmlOutputBufferWrite Fixes #676.

2835337a

2024-01-30T14:18:45

doc: Mark `xmllint --xpath` as experimental This feature was poorly thought-out.

6b089473

2024-01-30T13:37:16

doc: Update xmllint man page after fixing #180 Fixes #673.

95f2a174

2024-01-30T13:25:17

parser: Fix crash in xmlParseInNodeContext with HTML documents Ignore namespaces if we have an HTML document with namespaces added manually. Fixes #672.

2e19d0ef

2024-01-26T11:39:51

SAX2: Make sure that OOM errors aren't overwritten

12ce9b5f

2024-01-25T12:52:14

dict: Fix warnings with older clang

8961056f

2024-01-23T00:47:44

parser: Make experimental input API private This needs to be reworked.

63986c45

2024-01-22T21:02:16

parser: Report fatal error if document entity couldn't be loaded Only lower error level when loading entities. Fixes #667.

37d474ff

2024-01-17T14:19:42

xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest Don't return NULL node-sets. Ultimately, we should make sure that obj->nodesetval is always non-NULL even for empty node-sets. See #663.

df618f08

2024-01-15T17:15:02

tests: Add test for issue #661

d636ef1d

2024-01-11T00:43:44

tests: Remove testOOM This was never part of the standard test suite and we now test OOM error handling more comprehensively with fuzz testing.

24059ae9

2024-01-10T18:02:20

autotools: Readd --with-xptr-locs configuration option The option was removed accidentally in 4e4c89a4.

29f4d69e

2024-01-10T16:02:33

xpath: Report malloc failure in xmlXPtrEvalXPtrPart

2cebf209

2024-01-10T15:37:50

gitlab-ci: Disable Python tests on MinGW for now See #658.

57c68759

2024-01-07T20:44:40

SAX2: Limit entity URI length to 2000 bytes Avoid quadratic behavior when loading entities with long URIs multiple times. This limitation could be dropped if we cached external entities.

6dc2fdb2

2024-01-07T14:30:57

parser: Account for full size of non-well-formed entities Account for the full size of the entity if parsing stops because of errors. In our cost model, we have to assume that the entity loader processes the whole entity regardless of its content.

29beef65

2024-01-02T21:50:38

parser: Pop inputs if parsing DTD failed This should provide some statistics in ctxt->sizeentcopy even in the error or recovery case.

02a2038d

2024-01-10T14:17:49

parser: Handle NOCDATA properly when expanding entities Short-lived regression from e1153832.

fd801845

2024-01-07T15:19:58

fuzz: Cap URL size Cap URL size to avoid quadratic behavior when generating error messages.

83c1ae13

2024-01-07T15:40:23

fuzz: Add missing include Fix build failure.

e1153832

2024-01-07T01:29:37

parser: Fix quadratic behavior when copying entities Process the first and last text node with the SAX handler to make the text merging optimization kick in. Fixes #657.

d2b55a7a

2024-01-05T20:31:10

writer: Implement xmlTextWriterClose This function can be used to make sure that closing the output stream succeeded. Fixes #513.

f237e5b9

2024-01-05T15:40:23

parser: Avoid duplicate namespace errors Don't report an extra attribute uniqueness error if a namespace is undeclared. This matches old behavior.

02cc5c36

2024-01-05T04:17:14

parser: Add XML_PARSE_NO_XXE parser option

12f0bb94

2024-01-05T01:14:28

parser: Synchronize more options

3efbe916

2024-01-05T00:11:29

parser: Mark 'token' member as unused in xmlParserCtxt

b82fd81d

2024-01-04T23:25:06

parser: Rework xmlCtxtParseDocument Make xmlCtxtParseDocument take a parser input which can be popped after parsing.

c2b3294f

2024-01-04T21:20:51

fuzz: Abort on invalid UTF-8 The parser should never generate invalid UTF-8 these days even in recovery mode.

df098e3b

2023-12-22T12:02:08

Set LIBXML2_FOUND if it has been properly configured

d7d300ba

2024-01-04T17:50:11

parser: Remove remnants of runtime debugging feature Apparently, this feature was remove long ago. Fixes #651.

8c5848bd

2024-01-04T17:14:31

parser: Make xmlParseContent more useful This is an internal function which isn't really usable without some hacks. See WebKit/Chromium trying to recreate the effects of xmlDetectSAX2 manually, for example. Make xmlParseContent perform late initialization and check whether the content was fully parsed. Also rename xmlDetectSAX2 and document why it's needed.

65c65b65

2024-01-04T13:59:23

tests: Move away from global error handlers

07c05546

2024-01-04T02:48:02

error: Make xmlFormatError public This is a useful function to get a verbose error report. Allows to remove duplicated code from runtest.c. Also reactivate check for schema parser failures.

d0eb5a7e

2024-01-03T18:12:29

parser: Remove xmlErrEncodingInt Convert the last user to xmlFatalErr.

f30b9b23

2024-01-03T18:11:44

fuzz: Add assertion in xmlCopyCharMultibyte This is an internal function that should never receive out-of-range codepoints.

a7356dfe

2024-01-03T18:02:46

parser: Clear invalid entity content This was removed in earlier commits, but we really want to make sure that entity content is syntactically valid.

30d83977

2024-01-04T15:18:14

fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.

ca5965d5

2024-01-02T21:49:43

save: Report more malloc failures

2c9cd0b6

2024-01-02T18:51:24

fuzz: Abort on internal errors

661ef936

2024-01-02T18:50:59

valid: Fix some error codes

0821efc8

2024-01-02T18:33:57

encoding: Check whether encoding handlers support input/output The "HTML" encoding handler doesn't support input which could lead to a wrong error report.

85f99023

2024-01-02T17:52:43

parser: Fix buffer size checks Don't test size of remaining data. This causes false positives with memory buffers. Also impose XML_MAX_HUGE_LENGTH limit when parsing with XML_PARSE_HUGE.

e8fb3d63

2024-01-02T17:45:54

parser: Convert some "internal errors" to meaningful codes

9912c369

2024-01-02T17:23:59

SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE

5cb4b05c

2024-01-02T17:16:22

parser: Lower maximum entity nesting depth Limit entity nesting depth to 20 or 40 with XML_PARSE_HUGE. Change error code to XML_ERR_RESOURCE_LIMIT.

a2cc7f5f

2024-01-02T17:02:21

parser: Set depth limit to 2048 with XML_PARSE_HUGE Deeply nested documents can cause performance problems, so the nesting depth should always be limited to a reasonable value. Also remove the global xmlParserMaxDepth setting which isn't thread-safe and seems unused.

875bb084

2023-09-07T03:25:45

parser: Implement xmlCtxtSetOptions Surprisingly, some options can only be enabled with xmlCtxtUseOptions and it's impossible to unset them. Add a new API function xmlCtxtSetOptions which sets or clears all options. Finally document all parser options. Make sure to synchronize option bits and struct members.

33ec407a

2023-09-07T03:33:09

parser: Always prefer option members over bitmask If an option has an extra member in xmlParserCtxt, it takes precedence over the value from the options bitmask. Fix a few places where this was ignored.

22fd571f

2023-09-06T22:15:20

parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set It's a bad idea to modify members of the SAX handler struct for option state management. Ideally, ctxt->options should be the preferred source of truth.

37c6618b

2023-12-30T02:50:34

parser: Rework parsing of attribute and entity values Don't use a separate function to handle "complex" attributes. Validate UTF-8 byte sequences without decoding. This should improve performance considerably when parsing multi-byte UTF-8 sequences. Use a string buffer to avoid unnecessary allocations and copying when expanding entities. Normalize attribute values in a single pass while expanding entities. Be more lenient in recovery mode. If no entity substitution was requested, validate entities without expanding. Fixes #596. Also fixes #655.

4dcc2d74

2024-01-02T14:04:44

save: Output U+FFFD replacement characters This degrades more gracefully and helps to diagnose errors. We stop raising errors for now, since there's no way to report malloc failures during error handling yet.

2b79f106

2023-12-29T21:07:04

parser: Simplify entity size accounting

08d9b258

2023-12-29T15:20:56

parser: Support namespace scope in NsData struct The previous approach of recreating the NsData struct was flawed.

5de48d12

2023-12-29T14:41:40

parser: Simplify error handling when parsing entities

f0dc52d0

2023-12-29T06:00:20

parser: Move cleanup of element stacks to xmlParseContent

a1ed589b

2023-12-29T23:12:06

parser: Avoid unwanted expansion of parameter entities Remove PE handling from xmlSkipBlankChars and add a separate version that handles PEs. Only call xmlSkipBlankCharsPE when parsing DTD constructs. This should make sure that PEs don't get expanded accidentally, for example in text declarations.

16b0dbc1

2023-12-29T18:47:30

parser: Fix XML_ERR_UNSUPPORTED_ENCODING errors Commit 45157261 added the check in the wrong place. Also allow unsupported encoding in xmlNewInputInternal. Fixes #654.

e45a4d71

2023-12-29T00:00:21

io: Always forward IO errors to global handler The HTTP module raises errors without context. This won't be fixed, so send them to the global error handler.

kc3-lang/libxml2

Log