kmx git

Commit	Date	Message
e8fb3d63	2024-01-02T17:45:54	parser: Convert some "internal errors" to meaningful codes
37c6618b	2023-12-30T02:50:34	parser: Rework parsing of attribute and entity values Don't use a separate function to handle "complex" attributes. Validate UTF-8 byte sequences without decoding. This should improve performance considerably when parsing multi-byte UTF-8 sequences. Use a string buffer to avoid unnecessary allocations and copying when expanding entities. Normalize attribute values in a single pass while expanding entities. Be more lenient in recovery mode. If no entity substitution was requested, validate entities without expanding. Fixes #596. Also fixes #655.
d944a415	2023-12-26T02:10:35	parser: Fix in-parameter-entity and in-external-dtd checks Use in ctxt->input->entity instead of ctxt->inputNr to determine whether we are inside a parameter entity. Stop using ctxt->external to check whether we're in an external DTD. This is signaled by ctxt->inSubset == 2.
7d446e97	2023-12-08T12:13:49	parser: Fix namespaces redefined from default attributes This regressed in commit e0dd330b. Also fixes a long-standing issue where namespaces from default attributes weren't added if they match an existing namespace. Fixes #643.
b76d81da	2023-10-06T11:50:29	parser: Fix regression when push parsing parameter entities Short-lived regression from 834b8123. Also shrink parameter entity buffers when push parsing.
0ba22c05	2023-10-05T22:05:04	parser: Support encoded external PEs in entity values Corner case which was never supported.
bbd918b2	2023-08-29T15:56:37	parser: Fix detection of null bytes Also suppress misleading extra errors. Fixes #122.
cb1b8b85	2023-04-10T13:06:18	xmlValidatePopElement() can return invalid value (-1) Covered by: test/VC/ElementValid5 This only affects XML Reader API with LIBXML_REGEXP_ENABLED and LIBXML_VALID_ENABLED turned on. * result/VC/ElementValid5.rdr: - Update result to add missing error message. * python/tests/reader2.py: * result/VC/ElementValid6.rdr: * result/VC/ElementValid7.rdr: * result/valid/781333.xml.err.rdr: - Update result to fix grammar issue. * valid.c: (xmlValidatePopElement): - Check return value of xmlRegExecPushString() to handle -1, and assign 'ret = 0;' to return 0 from xmlValidatePopElement(). This change affects xmlTextReaderValidatePop() from xmlreader.c. - Fix grammar of error message by changing 'child' to 'children'.
74aa61e0	2023-01-22T13:09:03	parser: Halt parser on DTD errors If we try to continue parsing after an error in the internal or external subset, entity expansion accounting gets more complicated. Simply halt the parser. Found with libFuzzer.
f1c32b4c	2020-07-09T03:19:13	Allow missing result files in runtest Treat missing files as empty.
48b03c84	2022-04-03T20:36:38	Remove major parts of old test suite Remove all the parts of the old test suite which are covered by runtest.c for quite some time. The following test programs are removed: - testC14N - testHTML - testReader - testRelax - testSAX - testSchemas - testURI - testXPath This also removes a few results of unimportant tests only run by the old test suite.
f480f750	2022-02-03T14:43:17	Update NewsML DTD in test suite Switch to version 1.2 which has a clearer license. Fixes #291.
d85245f9	2022-01-16T21:39:04	Fix regression with PEs in external DTD Fix a regression introduced with commit a28f7d87. In some cases, parameter entity references in external DTDs wouldn't be expanded. Fixes #306.
01411e7c	2021-02-08T20:58:32	Check for invalid redeclarations of predefined entities Implement section "4.6 Predefined Entities" of the XML 1.0 spec and check whether redeclarations of predefined entities match the original definitions. Note that some test cases declared <!ENTITY lt "<"> But the XML spec clearly states that this is illegal: > If the entities lt or amp are declared, they MUST be declared as > internal entities whose replacement text is a character reference to > the respective character (less-than sign or ampersand) being escaped; > the double escaping is REQUIRED for these entities so that references > to them produce a well-formed result. Also fixes #217 but the connection is only tangential. The integer overflow discovered by fuzzing was more related to the fact that various parts of the parser disagreed on whether to prefer predefined entities over their redeclarations. The whole situation is a mess and even depends on legacy parser options. But now that redeclarations are validated, it shouldn't make a difference. As noted in the added comment, this is also one of the cases where overly defensive checks can hide interesting logic bugs from fuzzers.
2a350ee9	2019-09-30T17:04:54	Large batch of typo fixes Closes #109.
c51e38cb	2019-09-30T13:50:02	Make xmlParseConditionalSections non-recursive Avoid call stack overflow in deeply nested conditional sections. Found by OSS-Fuzz.
872fea94	2017-06-19T00:24:12	Get rid of "blanks wrapper" for parameter entities Now that replacement of parameter entities goes exclusively through xmlSkipBlankChars, we can account for the surrounding space characters there and remove the "blanks wrapper" hack.
5f440d8c	2017-06-12T14:32:34	Rework entity boundary checks Make sure to finish all entities in the internal subset. Nevertheless, readd a sanity check in xmlParseStartTag2 that was lost in my previous commit. Also add a sanity check in xmlPopInput. Popping an input unexpectedly was the source of many recent memory bugs. The check doesn't mitigate such issues but helps with diagnosis. Always base entity boundary checks on the input ID, not the input pointer. The pointer could have been reallocated to the old address. Always throw a well-formedness error if a boundary check fails. In a few places, a validity error was thrown. Fix a few error codes and improve indentation.
932cc989	2017-06-03T02:01:29	Fix buffer size checks in xmlSnprintfElementContent xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). Thanks to Marcel Böhme and Thuan Pham for the report.
e2663054	2017-06-05T15:37:17	Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= The NEXTL macro used to call xmlParserHandlePEReference. When parsing "complex" names inside the DTD, this could result in entity expansion which created a new input buffer. The fix is to simply remove the call to xmlParserHandlePEReference from the NEXTL macro. This is safe because no users of the macro require expansion of parameter entities. - xmlParseNameComplex - xmlParseNCNameComplex - xmlParseNmtoken The percent sign is not allowed in names, which are grammatical tokens. - xmlParseEntityValue Parameter-entity references in entity values are expanded but this happens in a separate step in this function. - xmlParseSystemLiteral Parameter-entity references are ignored in the system literal. - xmlParseAttValueComplex - xmlParseCharDataComplex - xmlParseCommentComplex - xmlParsePI - xmlParseCDSect Parameter-entity references are ignored outside the DTD. - xmlLoadEntityContent This function is only called from xmlStringLenDecodeEntities and entities are replaced in a separate step immediately after the function call. This bug could also be triggered with an internal subset and double entity expansion. This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== When parsing Names inside an expanded parameter entity with the XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the GROW macro if the input buffer was exhausted. At the end of the parameter entity's replacement text, this function would then call xmlPopInput which invalidated the input buffer. There should be no need to invoke GROW in this situation because the buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, at least for UTF-8, in xmlCurrentChar. This also matches the code path executed when XML_PARSE_OLD10 is not set. This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size.
a7a94612	2016-02-09T12:55:29	Heap-based buffer overread in xmlNextChar For https://bugzilla.gnome.org/show_bug.cgi?id=759671 when the end of the internal subset isn't properly detected xmlParseInternalSubset should just return instead of trying to process input further.
ef709ce2	2015-09-10T19:41:41	Fix the spurious ID already defined error For https://bugzilla.gnome.org/show_bug.cgi?id=737840 the fix for 724903 introduced a regression on external entities carrying IDs, revert that patch in part and add a specific test to avoid readding it
483272f3	2013-03-27T13:37:14	Added a regression tests from bug 694228 data Provided by Mark Rowe <mrowe@apple.com>
a7982ce2	2012-10-25T15:39:39	Adding streaming validation to runtest checks
e7bf892d	2012-07-30T20:09:25	Improve error reporting on parser errors The extra string was being dismissed when provided. * parser.c: handle bot case properly * result/: this changes a few error reports
cb3549e3	2011-11-11T11:25:07	Improve the error report on undefined REFs Use the tree node to provide the error context instead of the parser input which is not relevant anymore, based on a suggestion by François Delyon <f.delyon@satimage.fr>
a721612e	2009-08-21T18:22:58	446613 small validation bug mixed content with NS * valid.c: fix a bug when valdating mixed content lists and some name use namespaces prefixes. * result/valid/notes.xml* test/valid/dtds/notes.dtd * test/valid/notes.xml: add the test case to the regression suite
8bf64aef	2008-03-24T20:45:21	fix a problem reported by Ashwin for system parameter entities referenced * parser.c: fix a problem reported by Ashwin for system parameter entities referenced from entities in external subset, add a specific loading routine. * test/valid/dtds/external.ent test/valid/dtds/external2.ent test/valid/t11.xml result/valid/t11.xml*: added the test to the regression suite Daniel svn path=/trunk/; revision=3713
57c9db07	2008-03-06T14:37:10	poblem with encoding detection for UTF-16 reported by Ashwin and found by * encoding.c: poblem with encoding detection for UTF-16 reported by Ashwin and found by Bill * test/valid/dtds/utf16b.ent test/valid/dtds/utf16l.ent test/valid/UTF16Entity.xml result/valid/UTF16Entity.xml*: added the example to the regression tests Daniel svn path=/trunk/; revision=3700
96688263	2005-08-23T18:14:12	fixed bug #170489 reported by Jirka Kosek added the test to the regression * parser.c: fixed bug #170489 reported by Jirka Kosek * test/valid/objednavka.xml test/valid/dtds/objednavka.dtd result/valid/objednavka*: added the test to the regression suite. Daniel
4119d1c6	2004-06-24T02:24:44	implemented bugfix from Massimo Morara for DTD dumping problem. added * valid.c: implemented bugfix from Massimo Morara for DTD dumping problem. * test/valid/t10.xml, result/valid/t10.: added regression for above configure.in: small change for my profile settings
d4532558	2003-11-25T18:29:55	fixed #127877, never output " in element content this changes the * entities.c: fixed #127877, never output " in element content * result/isolat3 result/slashdot16.xml result/noent/isolat3 result/noent/slashdot16.xml result/valid/REC-xml-19980210.xml result/valid/index.xml result/valid/xlink.xml: this changes the output of a few tests Daniel
e70c877c	2003-11-25T07:21:18	swapped the attribute defaulting and attribute checking parts of parsing a * parser.c: swapped the attribute defaulting and attribute checking parts of parsing a new element start, fixes bug #127772 * result/valid/127772.* test/valid/127772.xml test/valid/dtds/127772.dtd: added the example in the regression tests Daniel
05bcb7ed	2003-10-19T14:26:34	fixed to not send NULL to %s printing cleaning up some of the regression * HTMLparser.c: fixed to not send NULL to %s printing * python/tests/error.py result/HTML/doc3.htm.err result/HTML/test3.html.err result/HTML/wired.html.err result/valid/t8.xml.err result/valid/t8a.xml.err: cleaning up some of the regression tests error Daniel
d96f6d34	2003-10-07T21:25:12	cleaning up XPath error reporting that time. applied the two patches for * error.c include/libxml/xmlerror.h include/libxml/xpath.h include/libxml/xpathInternals.h xpath.c: cleaning up XPath error reporting that time. * threads.c: applied the two patches for TLS threads on Windows from Jesse Pelton * parser.c: tiny safety patch for xmlStrPrintf() make sure the return is always zero terminated. Should also help detecting passing wrong buffer size easilly. * result/VC/* result/valid/rss.xml.err result/valid/xlink.xml.err: updated the results to follow the errors string generated by last commit. Daniel
bb5ababa	2003-10-03T22:21:51	more cleanup in make tests more work in the transition to the new error * Makefile.am: more cleanup in make tests * error.c valid.c parser.c include/libxml/xmlerror.h: more work in the transition to the new error reporting strategy. * python/tests/reader2.py result/VC/* result/valid/*: few changes in the strings generated by the validation output Daniel
2b8c4a15	2003-10-02T22:28:19	changed 'make tests' to use a concise output, scrolling to see where thing * Makefile.am: changed 'make tests' to use a concise output, scrolling to see where thing broke wasn't pleasant * configure.in: some beta4 preparation, but not ready yet * error.c globals.c include/libxml/globals.h include/libxml/xmlerror.h: new error handling code, last error informations are stored in the parsing context or a global variable, new APIs to handle the xmlErrorPtr type. * parser.c parserInternals.c valid.c : started migrating to the new error handling code, it's a royal pain. * include/libxml/parser.h include/libxml/parserInternals.h: moved the definition of xmlNewParserCtxt() * parser.c: small potential buffer access problem in push code provided by Justin Fletcher * result/.sax result/VC/PENesting result/namespaces/* result/valid/*.err: some error messages were sligthly changed. Daniel
d9e9c9d8	2003-09-18T22:03:46	fixing namespace DTD validations the output of defaulted namespaces is * SAX2.c: fixing namespace DTD validations * result/valid/ns2.xml result/valid/ns.xml: the output of defaulted namespaces is slightly different now. * Makefile.am: report the memory used in Timingtests (as well as time) Daniel
bdbe0d4e	2003-09-14T19:56:14	factoring of more error handling code, serious size reduction and more * parser.c include/libxml/xmlerror.h: factoring of more error handling code, serious size reduction and more lisibility of the resulting code. * parserInternals.c parser.c include/libxml/parserInternals.h include/libxml/parser.h: changing the way VC:Proper Group/PE Nesting checks are done, use a counter for entities. Entities where freed and reallocated at the same address failing the check. * tree.c: avoid a warning * result/valid/* result/VC/*: this slightly changes some validation error messages. Daniel
7b68df97	2003-08-03T22:58:54	fixed bug #118712 about mixed content, and namespaced element names. added * valid.c: fixed bug #118712 about mixed content, and namespaced element names. * test/valid/mixed_ns.xml result/valid/mixed_ns*: added a check in the regression tests Daniel
8265a18a	2003-06-13T10:05:56	do not generate " for " outside of attributes this changes the output * entities.c: do not generate " for " outside of attributes * result//*: this changes the output of some tests Daniel
3b811174	2003-05-14T02:53:43	Updated testfiles for error.c fix
f431eb81	2003-04-22T08:37:26	applied the patch provided by Brent Hendricks fixing #105992 and * SAX.c test/valid/ns* test/result/ns*: applied the patch provided by Brent Hendricks fixing #105992 and integrated the examples in the testsuite. Daniel
ef8dd7be	2003-03-23T12:02:56	fixing bug #108976 get the ID/REFs to reference the ID in the document * parser.c: fixing bug #108976 get the ID/REFs to reference the ID in the document content and not in the entity copy * SAX.c include/libxml/parser.h: more checking of the ID/REF stuff, better solution for #107208 * xmlregexp.c: removed a direct printf, dohhh * xmlreader.c: fixed a bug on streaming validation of empty elements in entities * result/VC/ElementValid8 test/VCM/v20.xml result/valid/xhtml1.xhtml: cleanup of the validation tests * test/valid/id* test/valid/dtds/destfoo.ent result/valid/id*: added more ID/IDREF tests to the suite Daniel
d5c2f92d	2002-11-21T14:10:52	modified the existing APIs to handle XHTML1 serialization rules * tree.c include/libxml/tree.h: modified the existing APIs to handle XHTML1 serialization rules automatically, also add xmlIsXHTML() to libxml2 API. Some tweaking to make sure libxslt serialization uses it when needed without changing the library API. * test/xhtml1 result/noent/xhtml1 result/valid/xhtml1.xhtml result/xhtml1: added a new test specifically for xhtml1 output and updated the result of one XHTML1 test Daniel
90d68fbb	2002-09-26T16:10:21	fixed bug #92518 validation error were not covering namespace * SAX.c valid.c include/libxml/valid.h: fixed bug #92518 validation error were not covering namespace declarations. * result/valid/dia.xml test/valid/dia.xml: the test wasn't valid, it was missing the attribute declaration for the namespace * result/VC/NS3: the fix now report breakages in that test Daniel
76575769	2002-09-05T14:21:15	working on better error reporting of validity errors, especially providing * error.c valid.c: working on better error reporting of validity errors, especially providing an accurate context. * result/valid/xlink.xml.err result/valid/rss.xml.err: better error reports in those cases. Daniel
58e44c9d	2002-08-02T22:19:49	adding a new API for Christian Glahn: xmlParseBalancedChunkMemoryRecover * parser.c include/libxml/parser.h: adding a new API for Christian Glahn: xmlParseBalancedChunkMemoryRecover * valid.c: patch from Rick Jones for some grammar cleanup in validation messages * result/VC/* result/valid/*: this slightly change some of the regression tests outputs Daniel
f5582f15	2002-06-11T10:08:16	applied a couple of patches from Peter Jacobi to start to get rid of * parser.c: applied a couple of patches from Peter Jacobi to start to get rid of ctxt->token, with a possible significant speed improvement to be gained once done. Better compliance with PE references constructs in DTDs too. * test/valid/t[0-9]* result/valid/t[0-9]*: added a set of tests from Peter too Daniel
6f4561a4	2002-03-25T12:10:14	Never commit without running "make tests" :-( fix a couple of stupidities * valid.c SAX.c: Never commit without running "make tests" :-( fix a couple of stupidities in the previous commit * result/*: a few changes in some attribute order result of previous commit. Daniel
be480fbb	2001-11-08T23:36:42	trying to fix namespaces + validation problems for good, closing #63619 in * valid.c include/libxml/tree.h: trying to fix namespaces + validation problems for good, closing #63619 in the process * result/valid/dia.xml test/valid/dia.xml: the Dia test was wrong in this respect, fixed it. Daniel
5151c06f	2001-10-23T13:10:19	fixed an erroneous validation bug when PE refs occurs in external parsed * parser.c: fixed an erroneous validation bug when PE refs occurs in external parsed entities referenced from the internals subset * test/valid/index.xml test/valid/dtds/nitf-2-5.dtd test/valid/dtds/NewsMLv1.0.dtd result/valid/index.xml: added the associated testcase, it's a nice one. HTMLparser.c: generate the DTD node as HTML still ... * HTMLtree.c: fixed errors in Set/GetMetaEncoding Daniel
ce2c2f09	2001-10-18T14:57:24	fixed a very serious (looping) validation bug Daniel * parser.c valid.c result/valid/rss.xml result/valid/rss.xml.err: fixed a very serious (looping) validation bug Daniel
8534905f	2001-04-20T13:48:21	- valid.c: removed a state explosion exhibited by RSS - test/valid/rss.xml result/valid/rss.xml*: added the testcase from bug #51872 Daniel
2be30641	2001-03-27T00:32:28	- error.c: applied the context output patch of the error handling submitted by Chuck Griffith - error/VC/*: this slightly change some error logs Daniel
2f36224e	2001-03-02T17:36:21	- parser.c: one must report spaces even if the Dtd element content proves that this is not part of the element content. - result/valid/*.xml: this changed the ouptu slightly Daniel
32bc74ef	2000-07-14T14:49:25	- doc/encoding.html doc/xml.html: added I18N doc - encoding.[ch] HTMLtree.[ch] parser.c HTMLparser.c: I18N encoding improvements, both parser and filters, added ASCII & HTML, fixed the ISO-Latin-1 one - xmllint.c testHTML.c: added/made visible --encode - debugXML.c : cleanup - most .c files: applied patches due to warning on Windows and when using Sun Pro cc compiler - xpath.c : cleanup memleaks - nanoftp.c : added a TESTING preprocessor flag for standalong compile so that people can report bugs more easilly - nanohttp.c : ditched socklen_t which was a portability mess and replaced it with unsigned int. - tree.[ch]: added xmlHasProp() - TODO: updated - test/ : added more test for entities, NS, encoding, HTML, wap - configure.in: preparing for 2.2.0 release Daniel
75c29218	2000-03-14T18:33:47	Added TODO, desactivated memory debug, ran make tests, daniel.
cf46199c	2000-03-14T18:30:20	This is the 2.0.0-beta, lots and lots and lots of changes Have a look at http://xmlsoft.org/upgrade.html Daniel
686d6b6a	2000-01-03T11:08:02	- added xmlRemoveProp - changed the way Windows socket stuff get included - removed an indetermination xmLDecl/PI(xml...) - xmlNewNs wasn't checking for double definition - fixed a problem with dist-hook duplicates - fixed the loading of external entities APIs, now xmlLoadExternalEntity() is used everywhere - now the xhtml spec validates with the xhtml DTD. - error.c: fixed crashes in case of no input stream - added the xhtml spec and dtds to the validation tests and results Daniel
7f858502	1999-11-17T17:32:38	Attribute nomarlization closing bug #3597 Small fixes in encoding.c First bits of real progressive parsing, Daniel
7c1206fc	1999-10-14T09:10:25	Revamped HTML parsing, lots of bug fixes for HTML stuff, Added xmlValidGetValidElements and xmlValidGetPotentialChildren, Completed and cleaned up the tests, Added doc for new modules gnome-xml-xmlmemory.html and gnome-xml-nanohttp.html, Daniel
7d2c276a	1999-10-11T15:09:51	Fixed probles in some HTML tag autoclose, XML output bug on mixed-content and fixed the related output for tests, Daniel.
b96e6438	1999-08-29T21:02:19	Release 1.6, lot of fixes, more validation, code cleanup, added namespace on attributes, Daniel.
424af391	1999-08-10T19:10:03	Added and updated all the results for 1.5.0, Daniel

e8fb3d63

2024-01-02T17:45:54

parser: Convert some "internal errors" to meaningful codes

37c6618b

2023-12-30T02:50:34

parser: Rework parsing of attribute and entity values Don't use a separate function to handle "complex" attributes. Validate UTF-8 byte sequences without decoding. This should improve performance considerably when parsing multi-byte UTF-8 sequences. Use a string buffer to avoid unnecessary allocations and copying when expanding entities. Normalize attribute values in a single pass while expanding entities. Be more lenient in recovery mode. If no entity substitution was requested, validate entities without expanding. Fixes #596. Also fixes #655.

d944a415

2023-12-26T02:10:35

parser: Fix in-parameter-entity and in-external-dtd checks Use in ctxt->input->entity instead of ctxt->inputNr to determine whether we are inside a parameter entity. Stop using ctxt->external to check whether we're in an external DTD. This is signaled by ctxt->inSubset == 2.

7d446e97

2023-12-08T12:13:49

parser: Fix namespaces redefined from default attributes This regressed in commit e0dd330b. Also fixes a long-standing issue where namespaces from default attributes weren't added if they match an existing namespace. Fixes #643.

b76d81da

2023-10-06T11:50:29

parser: Fix regression when push parsing parameter entities Short-lived regression from 834b8123. Also shrink parameter entity buffers when push parsing.

0ba22c05

2023-10-05T22:05:04

parser: Support encoded external PEs in entity values Corner case which was never supported.

bbd918b2

2023-08-29T15:56:37

parser: Fix detection of null bytes Also suppress misleading extra errors. Fixes #122.

cb1b8b85

2023-04-10T13:06:18

xmlValidatePopElement() can return invalid value (-1) Covered by: test/VC/ElementValid5 This only affects XML Reader API with LIBXML_REGEXP_ENABLED and LIBXML_VALID_ENABLED turned on. * result/VC/ElementValid5.rdr: - Update result to add missing error message. * python/tests/reader2.py: * result/VC/ElementValid6.rdr: * result/VC/ElementValid7.rdr: * result/valid/781333.xml.err.rdr: - Update result to fix grammar issue. * valid.c: (xmlValidatePopElement): - Check return value of xmlRegExecPushString() to handle -1, and assign 'ret = 0;' to return 0 from xmlValidatePopElement(). This change affects xmlTextReaderValidatePop() from xmlreader.c. - Fix grammar of error message by changing 'child' to 'children'.

74aa61e0

2023-01-22T13:09:03

parser: Halt parser on DTD errors If we try to continue parsing after an error in the internal or external subset, entity expansion accounting gets more complicated. Simply halt the parser. Found with libFuzzer.

f1c32b4c

2020-07-09T03:19:13

Allow missing result files in runtest Treat missing files as empty.

48b03c84

2022-04-03T20:36:38

Remove major parts of old test suite Remove all the parts of the old test suite which are covered by runtest.c for quite some time. The following test programs are removed: - testC14N - testHTML - testReader - testRelax - testSAX - testSchemas - testURI - testXPath This also removes a few results of unimportant tests only run by the old test suite.

f480f750

2022-02-03T14:43:17

Update NewsML DTD in test suite Switch to version 1.2 which has a clearer license. Fixes #291.

d85245f9

2022-01-16T21:39:04

Fix regression with PEs in external DTD Fix a regression introduced with commit a28f7d87. In some cases, parameter entity references in external DTDs wouldn't be expanded. Fixes #306.

01411e7c

2021-02-08T20:58:32

Check for invalid redeclarations of predefined entities Implement section "4.6 Predefined Entities" of the XML 1.0 spec and check whether redeclarations of predefined entities match the original definitions. Note that some test cases declared <!ENTITY lt "<"> But the XML spec clearly states that this is illegal: > If the entities lt or amp are declared, they MUST be declared as > internal entities whose replacement text is a character reference to > the respective character (less-than sign or ampersand) being escaped; > the double escaping is REQUIRED for these entities so that references > to them produce a well-formed result. Also fixes #217 but the connection is only tangential. The integer overflow discovered by fuzzing was more related to the fact that various parts of the parser disagreed on whether to prefer predefined entities over their redeclarations. The whole situation is a mess and even depends on legacy parser options. But now that redeclarations are validated, it shouldn't make a difference. As noted in the added comment, this is also one of the cases where overly defensive checks can hide interesting logic bugs from fuzzers.

2a350ee9

2019-09-30T17:04:54

Large batch of typo fixes Closes #109.

c51e38cb

2019-09-30T13:50:02

Make xmlParseConditionalSections non-recursive Avoid call stack overflow in deeply nested conditional sections. Found by OSS-Fuzz.

872fea94

2017-06-19T00:24:12

Get rid of "blanks wrapper" for parameter entities Now that replacement of parameter entities goes exclusively through xmlSkipBlankChars, we can account for the surrounding space characters there and remove the "blanks wrapper" hack.

5f440d8c

2017-06-12T14:32:34

Rework entity boundary checks Make sure to finish all entities in the internal subset. Nevertheless, readd a sanity check in xmlParseStartTag2 that was lost in my previous commit. Also add a sanity check in xmlPopInput. Popping an input unexpectedly was the source of many recent memory bugs. The check doesn't mitigate such issues but helps with diagnosis. Always base entity boundary checks on the input ID, not the input pointer. The pointer could have been reallocated to the old address. Always throw a well-formedness error if a boundary check fails. In a few places, a validity error was thrown. Fix a few error codes and improve indentation.

932cc989

2017-06-03T02:01:29

Fix buffer size checks in xmlSnprintfElementContent xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). Thanks to Marcel Böhme and Thuan Pham for the report.

e2663054

2017-06-05T15:37:17

Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= The NEXTL macro used to call xmlParserHandlePEReference. When parsing "complex" names inside the DTD, this could result in entity expansion which created a new input buffer. The fix is to simply remove the call to xmlParserHandlePEReference from the NEXTL macro. This is safe because no users of the macro require expansion of parameter entities. - xmlParseNameComplex - xmlParseNCNameComplex - xmlParseNmtoken The percent sign is not allowed in names, which are grammatical tokens. - xmlParseEntityValue Parameter-entity references in entity values are expanded but this happens in a separate step in this function. - xmlParseSystemLiteral Parameter-entity references are ignored in the system literal. - xmlParseAttValueComplex - xmlParseCharDataComplex - xmlParseCommentComplex - xmlParsePI - xmlParseCDSect Parameter-entity references are ignored outside the DTD. - xmlLoadEntityContent This function is only called from xmlStringLenDecodeEntities and entities are replaced in a separate step immediately after the function call. This bug could also be triggered with an internal subset and double entity expansion. This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== When parsing Names inside an expanded parameter entity with the XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the GROW macro if the input buffer was exhausted. At the end of the parameter entity's replacement text, this function would then call xmlPopInput which invalidated the input buffer. There should be no need to invoke GROW in this situation because the buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, at least for UTF-8, in xmlCurrentChar. This also matches the code path executed when XML_PARSE_OLD10 is not set. This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size.

a7a94612

2016-02-09T12:55:29

Heap-based buffer overread in xmlNextChar For https://bugzilla.gnome.org/show_bug.cgi?id=759671 when the end of the internal subset isn't properly detected xmlParseInternalSubset should just return instead of trying to process input further.

ef709ce2

2015-09-10T19:41:41

Fix the spurious ID already defined error For https://bugzilla.gnome.org/show_bug.cgi?id=737840 the fix for 724903 introduced a regression on external entities carrying IDs, revert that patch in part and add a specific test to avoid readding it

483272f3

2013-03-27T13:37:14

Added a regression tests from bug 694228 data Provided by Mark Rowe <mrowe@apple.com>

a7982ce2

2012-10-25T15:39:39

Adding streaming validation to runtest checks

e7bf892d

2012-07-30T20:09:25

Improve error reporting on parser errors The extra string was being dismissed when provided. * parser.c: handle bot case properly * result/: this changes a few error reports

cb3549e3

2011-11-11T11:25:07

Improve the error report on undefined REFs Use the tree node to provide the error context instead of the parser input which is not relevant anymore, based on a suggestion by François Delyon <f.delyon@satimage.fr>

a721612e

2009-08-21T18:22:58

446613 small validation bug mixed content with NS * valid.c: fix a bug when valdating mixed content lists and some name use namespaces prefixes. * result/valid/notes.xml* test/valid/dtds/notes.dtd * test/valid/notes.xml: add the test case to the regression suite

8bf64aef

2008-03-24T20:45:21

fix a problem reported by Ashwin for system parameter entities referenced * parser.c: fix a problem reported by Ashwin for system parameter entities referenced from entities in external subset, add a specific loading routine. * test/valid/dtds/external.ent test/valid/dtds/external2.ent test/valid/t11.xml result/valid/t11.xml*: added the test to the regression suite Daniel svn path=/trunk/; revision=3713

57c9db07

2008-03-06T14:37:10

poblem with encoding detection for UTF-16 reported by Ashwin and found by * encoding.c: poblem with encoding detection for UTF-16 reported by Ashwin and found by Bill * test/valid/dtds/utf16b.ent test/valid/dtds/utf16l.ent test/valid/UTF16Entity.xml result/valid/UTF16Entity.xml*: added the example to the regression tests Daniel svn path=/trunk/; revision=3700

96688263

2005-08-23T18:14:12

fixed bug #170489 reported by Jirka Kosek added the test to the regression * parser.c: fixed bug #170489 reported by Jirka Kosek * test/valid/objednavka.xml test/valid/dtds/objednavka.dtd result/valid/objednavka*: added the test to the regression suite. Daniel

4119d1c6

2004-06-24T02:24:44

implemented bugfix from Massimo Morara for DTD dumping problem. added * valid.c: implemented bugfix from Massimo Morara for DTD dumping problem. * test/valid/t10.xml, result/valid/t10.*: added regression for above * configure.in: small change for my profile settings

d4532558

2003-11-25T18:29:55

fixed #127877, never output " in element content this changes the * entities.c: fixed #127877, never output " in element content * result/isolat3 result/slashdot16.xml result/noent/isolat3 result/noent/slashdot16.xml result/valid/REC-xml-19980210.xml result/valid/index.xml result/valid/xlink.xml: this changes the output of a few tests Daniel

e70c877c

2003-11-25T07:21:18

swapped the attribute defaulting and attribute checking parts of parsing a * parser.c: swapped the attribute defaulting and attribute checking parts of parsing a new element start, fixes bug #127772 * result/valid/127772.* test/valid/127772.xml test/valid/dtds/127772.dtd: added the example in the regression tests Daniel

05bcb7ed

2003-10-19T14:26:34

fixed to not send NULL to %s printing cleaning up some of the regression * HTMLparser.c: fixed to not send NULL to %s printing * python/tests/error.py result/HTML/doc3.htm.err result/HTML/test3.html.err result/HTML/wired.html.err result/valid/t8.xml.err result/valid/t8a.xml.err: cleaning up some of the regression tests error Daniel

d96f6d34

2003-10-07T21:25:12

cleaning up XPath error reporting that time. applied the two patches for * error.c include/libxml/xmlerror.h include/libxml/xpath.h include/libxml/xpathInternals.h xpath.c: cleaning up XPath error reporting that time. * threads.c: applied the two patches for TLS threads on Windows from Jesse Pelton * parser.c: tiny safety patch for xmlStrPrintf() make sure the return is always zero terminated. Should also help detecting passing wrong buffer size easilly. * result/VC/* result/valid/rss.xml.err result/valid/xlink.xml.err: updated the results to follow the errors string generated by last commit. Daniel

bb5ababa

2003-10-03T22:21:51

more cleanup in make tests more work in the transition to the new error * Makefile.am: more cleanup in make tests * error.c valid.c parser.c include/libxml/xmlerror.h: more work in the transition to the new error reporting strategy. * python/tests/reader2.py result/VC/* result/valid/*: few changes in the strings generated by the validation output Daniel

2b8c4a15

2003-10-02T22:28:19

changed 'make tests' to use a concise output, scrolling to see where thing * Makefile.am: changed 'make tests' to use a concise output, scrolling to see where thing broke wasn't pleasant * configure.in: some beta4 preparation, but not ready yet * error.c globals.c include/libxml/globals.h include/libxml/xmlerror.h: new error handling code, last error informations are stored in the parsing context or a global variable, new APIs to handle the xmlErrorPtr type. * parser.c parserInternals.c valid.c : started migrating to the new error handling code, it's a royal pain. * include/libxml/parser.h include/libxml/parserInternals.h: moved the definition of xmlNewParserCtxt() * parser.c: small potential buffer access problem in push code provided by Justin Fletcher * result/*.sax result/VC/PENesting* result/namespaces/* result/valid/*.err: some error messages were sligthly changed. Daniel

d9e9c9d8

2003-09-18T22:03:46

fixing namespace DTD validations the output of defaulted namespaces is * SAX2.c: fixing namespace DTD validations * result/valid/ns2.xml result/valid/ns.xml: the output of defaulted namespaces is slightly different now. * Makefile.am: report the memory used in Timingtests (as well as time) Daniel

bdbe0d4e

2003-09-14T19:56:14

factoring of more error handling code, serious size reduction and more * parser.c include/libxml/xmlerror.h: factoring of more error handling code, serious size reduction and more lisibility of the resulting code. * parserInternals.c parser.c include/libxml/parserInternals.h include/libxml/parser.h: changing the way VC:Proper Group/PE Nesting checks are done, use a counter for entities. Entities where freed and reallocated at the same address failing the check. * tree.c: avoid a warning * result/valid/* result/VC/*: this slightly changes some validation error messages. Daniel

7b68df97

2003-08-03T22:58:54

fixed bug #118712 about mixed content, and namespaced element names. added * valid.c: fixed bug #118712 about mixed content, and namespaced element names. * test/valid/mixed_ns.xml result/valid/mixed_ns*: added a check in the regression tests Daniel

8265a18a

2003-06-13T10:05:56

do not generate " for " outside of attributes this changes the output * entities.c: do not generate " for " outside of attributes * result//*: this changes the output of some tests Daniel

3b811174

2003-05-14T02:53:43

Updated testfiles for error.c fix

f431eb81

2003-04-22T08:37:26

applied the patch provided by Brent Hendricks fixing #105992 and * SAX.c test/valid/ns* test/result/ns*: applied the patch provided by Brent Hendricks fixing #105992 and integrated the examples in the testsuite. Daniel

ef8dd7be

2003-03-23T12:02:56

fixing bug #108976 get the ID/REFs to reference the ID in the document * parser.c: fixing bug #108976 get the ID/REFs to reference the ID in the document content and not in the entity copy * SAX.c include/libxml/parser.h: more checking of the ID/REF stuff, better solution for #107208 * xmlregexp.c: removed a direct printf, dohhh * xmlreader.c: fixed a bug on streaming validation of empty elements in entities * result/VC/ElementValid8 test/VCM/v20.xml result/valid/xhtml1.xhtml: cleanup of the validation tests * test/valid/id* test/valid/dtds/destfoo.ent result/valid/id*: added more ID/IDREF tests to the suite Daniel

d5c2f92d

2002-11-21T14:10:52

modified the existing APIs to handle XHTML1 serialization rules * tree.c include/libxml/tree.h: modified the existing APIs to handle XHTML1 serialization rules automatically, also add xmlIsXHTML() to libxml2 API. Some tweaking to make sure libxslt serialization uses it when needed without changing the library API. * test/xhtml1 result/noent/xhtml1 result/valid/xhtml1.xhtml result/xhtml1: added a new test specifically for xhtml1 output and updated the result of one XHTML1 test Daniel

90d68fbb

2002-09-26T16:10:21

fixed bug #92518 validation error were not covering namespace * SAX.c valid.c include/libxml/valid.h: fixed bug #92518 validation error were not covering namespace declarations. * result/valid/dia.xml test/valid/dia.xml: the test wasn't valid, it was missing the attribute declaration for the namespace * result/VC/NS3: the fix now report breakages in that test Daniel

76575769

2002-09-05T14:21:15

working on better error reporting of validity errors, especially providing * error.c valid.c: working on better error reporting of validity errors, especially providing an accurate context. * result/valid/xlink.xml.err result/valid/rss.xml.err: better error reports in those cases. Daniel

58e44c9d

2002-08-02T22:19:49

adding a new API for Christian Glahn: xmlParseBalancedChunkMemoryRecover * parser.c include/libxml/parser.h: adding a new API for Christian Glahn: xmlParseBalancedChunkMemoryRecover * valid.c: patch from Rick Jones for some grammar cleanup in validation messages * result/VC/* result/valid/*: this slightly change some of the regression tests outputs Daniel

f5582f15

2002-06-11T10:08:16

applied a couple of patches from Peter Jacobi to start to get rid of * parser.c: applied a couple of patches from Peter Jacobi to start to get rid of ctxt->token, with a possible significant speed improvement to be gained once done. Better compliance with PE references constructs in DTDs too. * test/valid/t[0-9]* result/valid/t[0-9]*: added a set of tests from Peter too Daniel

6f4561a4

2002-03-25T12:10:14

Never commit without running "make tests" :-( fix a couple of stupidities * valid.c SAX.c: Never commit without running "make tests" :-( fix a couple of stupidities in the previous commit * result/*: a few changes in some attribute order result of previous commit. Daniel

be480fbb

2001-11-08T23:36:42

trying to fix namespaces + validation problems for good, closing #63619 in * valid.c include/libxml/tree.h: trying to fix namespaces + validation problems for good, closing #63619 in the process * result/valid/dia.xml test/valid/dia.xml: the Dia test was wrong in this respect, fixed it. Daniel

5151c06f

2001-10-23T13:10:19

fixed an erroneous validation bug when PE refs occurs in external parsed * parser.c: fixed an erroneous validation bug when PE refs occurs in external parsed entities referenced from the internals subset * test/valid/index.xml test/valid/dtds/nitf-2-5.dtd test/valid/dtds/NewsMLv1.0.dtd result/valid/index.xml*: added the associated testcase, it's a nice one. * HTMLparser.c: generate the DTD node as HTML still ... * HTMLtree.c: fixed errors in Set/GetMetaEncoding Daniel

ce2c2f09

2001-10-18T14:57:24

fixed a very serious (looping) validation bug Daniel * parser.c valid.c result/valid/rss.xml result/valid/rss.xml.err: fixed a very serious (looping) validation bug Daniel

8534905f

2001-04-20T13:48:21

- valid.c: removed a state explosion exhibited by RSS - test/valid/rss.xml result/valid/rss.xml*: added the testcase from bug #51872 Daniel

2be30641

2001-03-27T00:32:28

- error.c: applied the context output patch of the error handling submitted by Chuck Griffith - error/VC/*: this slightly change some error logs Daniel

2f36224e

2001-03-02T17:36:21

- parser.c: one must report spaces even if the Dtd element content proves that this is not part of the element content. - result/valid/*.xml: this changed the ouptu slightly Daniel

32bc74ef

2000-07-14T14:49:25

- doc/encoding.html doc/xml.html: added I18N doc - encoding.[ch] HTMLtree.[ch] parser.c HTMLparser.c: I18N encoding improvements, both parser and filters, added ASCII & HTML, fixed the ISO-Latin-1 one - xmllint.c testHTML.c: added/made visible --encode - debugXML.c : cleanup - most .c files: applied patches due to warning on Windows and when using Sun Pro cc compiler - xpath.c : cleanup memleaks - nanoftp.c : added a TESTING preprocessor flag for standalong compile so that people can report bugs more easilly - nanohttp.c : ditched socklen_t which was a portability mess and replaced it with unsigned int. - tree.[ch]: added xmlHasProp() - TODO: updated - test/ : added more test for entities, NS, encoding, HTML, wap - configure.in: preparing for 2.2.0 release Daniel

75c29218

2000-03-14T18:33:47

Added TODO, desactivated memory debug, ran make tests, daniel.

cf46199c

2000-03-14T18:30:20

This is the 2.0.0-beta, lots and lots and lots of changes Have a look at http://xmlsoft.org/upgrade.html Daniel

686d6b6a

2000-01-03T11:08:02

- added xmlRemoveProp - changed the way Windows socket stuff get included - removed an indetermination xmLDecl/PI(xml...) - xmlNewNs wasn't checking for double definition - fixed a problem with dist-hook duplicates - fixed the loading of external entities APIs, now xmlLoadExternalEntity() is used everywhere - now the xhtml spec validates with the xhtml DTD. - error.c: fixed crashes in case of no input stream - added the xhtml spec and dtds to the validation tests and results Daniel

7f858502

1999-11-17T17:32:38

Attribute nomarlization closing bug #3597 Small fixes in encoding.c First bits of real progressive parsing, Daniel

7c1206fc

1999-10-14T09:10:25

Revamped HTML parsing, lots of bug fixes for HTML stuff, Added xmlValidGetValidElements and xmlValidGetPotentialChildren, Completed and cleaned up the tests, Added doc for new modules gnome-xml-xmlmemory.html and gnome-xml-nanohttp.html, Daniel

7d2c276a

1999-10-11T15:09:51

Fixed probles in some HTML tag autoclose, XML output bug on mixed-content and fixed the related output for tests, Daniel.

b96e6438

1999-08-29T21:02:19

Release 1.6, lot of fixes, more validation, code cleanup, added namespace on attributes, Daniel.

424af391

1999-08-10T19:10:03

Added and updated all the results for 1.5.0, Daniel

kc3-lang/libxml2/result/valid

result/valid

Log