kmx git

Commit	Date	Message
c1bddd4c	2023-12-23T01:09:17	parser: Mark 'length' member of xmlParserInput as unused
c73de050	2023-12-23T04:50:47	include: Move non-generated parts from xmlversion.h.in xmlexports.h originally only included symbol visibility macros but it's a good place for other macros as well.
955c177f	2023-12-23T00:58:36	parser: Stop using 'directory' struct member This was only used as a pointless fallback for URI resolution.
229e5ff7	2023-12-21T18:09:42	io: Remove support for HTTP POST This feature is unlikely to be used these days.
b2dbcc43	2023-12-19T13:33:59	io: Rework default callbacks Register a dummy callback struct for default callbacks. Handle them in a separate function which will later allow to return meaningful error codes.
23345a1c	2023-12-19T19:52:28	io: Report IO errors through xmlCtxtErrIO This is also a new public API function to be used in external entity loaders.
1ef35663	2023-12-19T19:36:35	io: Always use unbuffered input Before, we often used unbuffered input via the lzma or gzip handlers, more or less inadvertently. Change the default file handlers from buffered (stdc FILE) to unbuffered (POSIX fds).
2829a21a	2023-12-18T19:43:55	xinclude: Improve error handling Introduce xmlXIncludeSetErrorHandler allowing to set a structured error handler for an XInclude context and forwarding errors from parser. Remove arguments from memory error handlers. Use xmlRaiseMemoryError.
954b8984	2023-12-18T19:39:38	xpath: Improve error handling Introduce xmlXPathSetErrorHandler allowing to set a structured error handler for an XPath context. Remove arguments from memory error handlers. Use xmlRaiseMemoryError. Remove TODO, STRANGE and CHECK_CTXT macros. Remove remaining uses of xmlGenericError.
54c70ed5	2023-12-18T19:31:29	parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.
5d2dbe79	2023-12-14T13:37:25	parser: Fix build --without-output Fixes #647
c2bbeed1	2023-12-12T23:51:32	io: Fix memory lifetime issue with input buffers xmlParserInputBufferCreateMem must make a copy of the buffer. This fixes a regression from 2.11 which could cause reads from freed memory depending on the use case. Undeprecate xmlParserInputBufferCreateStatic which can avoid copying the whole buffer.
157df344	2023-12-10T18:23:53	xmlreader: Report malloc failures Fix many places where malloc failures aren't reported. Introduce a new API function xmlTextReaderGetLastError.
78eab7a1	2023-12-10T18:15:59	xinclude: Report malloc failures Fix many places where malloc failures aren't reported. Introduce a new API function xmlXIncludeGetLastError.
f19a9510	2023-12-10T17:50:22	parser: Report malloc failures Fix many places where malloc failures aren't reported. Make xmlErrMemory public. This is useful for custom external entity loaders. Introduce new API function xmlSwitchEncodingName. Change the way how we store whether the the parser is stopped. This used to be signaled by setting ctxt->instate to XML_PARSER_EOF which was misdesigned and error-prone. Set ctxt->disableSAX to 2 instead and introduce a macro PARSER_STOPPED. Also stop to remove parser inputs in xmlHaltParser. This allows to remove many checks of ctxt->instate. Introduce xmlErrParser to handle errors if a parser context is available.
0d97e439	2023-12-10T17:14:57	save: Report malloc failures Fix places where malloc failures aren't report. Introduce a new API function xmlSaveFinish which returns an error code.
aca16fb3	2023-12-10T16:37:43	tree: Report malloc failures Fix many places where malloc failures aren't reported. Make some API function return an error code. Changing the return type from void to int is technically an ABI break but should be safe on most platforms. - xmlNodeSetContent - xmlNodeSetContentLen - xmlNodeAddContent - xmlNodeAddContentLen - xmlNodeSetBase Introduce new API functions that return a separate error code if a memory allocation fails. - xmlNodeGetAttrValue - xmlNodeGetBaseSafe - xmlGetNsListSafe Introduce private functions xmlTreeEnsureXMLDecl and xmlSplitQName4. Don't report low-level errors to the global error handler. Fix tree Introduce xmlGetNsListSafe Fix tree
e34a49b7	2023-12-10T16:29:31	valid: Improve addition and deletion of IDs Introduce a new API function xmlAddIDSafe that returns a separate error code if a memory allocation fails. Store a pointer to the ID struct in xmlAttr so attributes can be freed without allocating memory. It's impossible to report malloc failures in deallocation code.
e1560990	2023-12-10T15:30:47	pattern: Report malloc failures Fix places where malloc failures aren't reported. Introduce a new API function xmlPatternCompileSafe that returns a separate error code if a memory allocation fails.
a1f7ecae	2023-12-10T15:25:42	entities: Report malloc failures Fix places where malloc failures aren't reported. Introduce new API function xmlAddEntity that returns separate error codes. Don't invoke global error handler for low-level errors which should be handled by higher layers. Invalid redelcaration warnings will be fixed later.
f313848b	2023-12-10T15:14:15	hash: Report malloc failures Introduce new API functions that return a separate error code if a memory allocation fails. - xmlHashAdd - xmlHashCopySafe
bd5ad030	2023-12-10T14:56:21	encoding: Report malloc failures Introduce new API functions that return a separate error code if a memory allocation fails. - xmlOpenCharEncodingHandler - xmlLookupCharEncodingHandler Fix a few places where malloc failures weren't reported.
da996c8d	2023-12-10T14:46:59	uri: Report malloc failures Fix many places where malloc failures weren't reported, for example after calling xmlStrdup. Introduce new public API functions that return a separate error code if a memory allocation fails: - xmlParseURISafe - xmlBuildURISafe - xmlBuildRelativeURISafe Update the fuzzer to check whether malloc failures are reported.
df0b540b	2023-12-07T14:40:13	include: Rename XML_EMPTY helper macro Avoid name clash with downstream projects.
a9738e31	2023-12-07T14:15:29	include: Move declaration of xmlInitGlobals Fix downstream build issues after reworking globals.h.
52703ffd	2023-12-07T12:04:02	include: Add missing includes
9122ad0c	2023-12-06T19:56:50	include: Move globals from xmlsave.h to parser.h Fix downstream build issues after reworking globals.h.
c011e760	2023-12-06T01:09:31	globals: Remove unused globals from thread storage Setting these deprecated globals hasn't had an effect for a long time. Make them constants. This reduces the size of per-thread storage from ~700 to ~250 bytes.
1c7f4c70	2023-11-27T12:10:09	nanohttp: Deprecate public API The long-term plan is to remove the built-in HTTP client. There are still a few downstream projects that use libxml2's client for other purposes. These users should get deprecation warnings now.
7d6969d9	2023-11-23T15:48:52	Remove Trio Trio is a rather old cross-platform printf library which was bundled with libxml2. It was needed for ancient pre-C99 systems without snprintf and should be safe to remove these days.
ff6c3188	2023-11-23T15:22:59	include: Remove useless 'const' from function arguments
6bc86405	2023-11-09T02:04:15	Avoid EDG deprecation warnings for LCC compiler
aca37d8c	2023-11-20T15:20:37	parser: Only enable SAX2 if there are SAX2 element handlers This reverts part of commit 235b15a5 for backward compatibility and adds some comments trying to clarify the whole mess. Fixes #623.
61034116	2023-10-24T15:02:36	error: Make more xmlError structs constant Prepare for future changes, see 45470611.
253f260b	2023-10-18T20:06:35	threads: Fix --with-thread-alloc Fixes #606.
713ded60	2023-10-06T10:43:38	entities: Make xmlFreeEntity public
e0dd330b	2023-09-29T00:18:44	parser: Use hash tables to avoid quadratic behavior Use a hash table to lookup namespaces by prefix. The hash table stores an index into the namespace table. Auxiliary data for namespaces is stored in a separate array along the main namespace table. Use a hash table to verify attribute uniqueness. The hash table stores an index into the attribute table. Reuse hash value from the dictionary to avoid computing them twice. See #346.
b31813e6	2023-09-28T15:34:08	include: Add more missing stdio.h includes
84e1ffc8	2023-09-22T15:44:17	doc: Don't document internal macros in xmlversion.h
b94283fb	2023-09-22T14:23:27	regexp: Add missing include
45470611	2023-09-21T23:52:52	error: Make xmlGetLastError return a const error This is a slight break of the API, but users really shouldn't modify the global error struct. The goal is to make xmlLastError use static buffers for its strings eventually. This should warn people if they're abusing the struct.
8c084ebd	2023-09-21T22:57:33	doc: Make apibuild.py happy
72262030	2023-09-21T14:52:14	parser: Readd some includes to parser.h and xmlreader.h Fix backward compatibility.
9fc5090c	2023-09-16T19:58:42	hash: Clean up libxml/hash.h Rename variables, fix subincludes, whitespace.
da274bfa	2023-09-21T01:29:40	build: Fix build when certain modules are disabled
9b5cce7a	2023-09-21T00:44:50	include: Remove more unnecessary includes
d6ba4033	2023-09-20T20:49:59	globals: Move remaining declarations to correct places globals.h is now deprecated. Sanity is restored.
1117fae0	2023-09-20T19:20:41	include: Remove unneeded includes
736327df	2023-09-20T19:09:15	include: Break inclusion cycle between tree.h and xmlregexp.h
11a1839d	2023-09-20T17:54:48	globals: Move remaining globals back to correct header files This undoes a lot of damage.
7909ff08	2023-09-20T17:38:26	include: Remove unnecessary includes - Don't include tree.h from encoding.h - Don't include parser.h from xmlIO.h
eb985d6f	2023-09-20T17:17:49	globals: Move error globals back to xmlerror.c
d1336fd3	2023-09-20T17:00:50	globals: Move malloc hooks back to xmlmemory.h
a77f9ab8	2023-09-20T16:57:22	globals: Don't include SAX2.h from globals.h
2e6c49a7	2023-09-20T14:43:14	globals: Don't store xmlParserVersion in global state This is a constant.
0830fcfa	2023-09-20T14:30:12	globals: Deprecate xmlLastError The last error should be accessed with xmlGetLastError.
db8b9722	2023-09-20T13:56:16	parser: Deprecate global parser options Note that setting global options has no effect anyway when using any of the modern parser API functions which take an option argument like xmlReadMemory or when using xmlCtxtUseOptions. Global options only have an effect when using old API functions xmlParse* or xmlSAXParse* or when using an xmlParserCtxt without calling xmlCtxtUseOptions. Unfortunately, many downstream projects still modify global parser options often without realizing that it has no effect. If necessary, switch to the modern API. Then you can safely remove all code that changes global options. Here's a list of deprecated functions and global variables together with the corresponding parser options. - xmlSubstituteEntitiesDefault, xmlSubstituteEntitiesDefaultValue Parser option XML_PARSE_NOENT - xmlKeepBlanksDefault, xmlKeepBlanksDefaultValue Inverse of parser option XML_PARSE_NOBLANKS - xmlPedanticParserDefault, xmlPedanticParserDefaultValue Parser option XML_PARSE_PEDANTIC - xmlLineNumbersDefault, xmlLineNumbersDefaultValue Always enabled by new API - xmlDoValidityCheckingDefaultValue Parser option XML_PARSE_DTDVALID - xmlGetWarningsDefaultValue Inverse of parser option XML_PARSE_NOWARNING - xmlLoadExtDtdDefaultValue Parser options XML_PARSE_DTDLOAD and XML_PARSE_DTDATTR
868b94b8	2023-09-20T13:10:29	globals: Reformat libxml/globals.h
bbf08608	2023-09-20T13:05:02	globals: Move buffer callback declarations to xmlIO.h
dc3382ef	2023-09-20T12:58:03	globals: Move xmlRegisterNodeDefault to tree.c Code in globals.c must not try to access globals itself since the accessor macros aren't defined and we would only see the main variable.
e7b6ca15	2023-09-18T13:25:06	globals: Rework global state destruction on Windows If DllMain is used, rely on it working as expected. The old code seemed to attempt to free global state of other threads if, for some reason, the DllMain mechanism didn't work. In a static build, register a destructor with RegisterWaitForSingleObject. Make public functions xmlGetGlobalState and xmlInitializeGlobalState no-ops. Move initialization and registration of global state objects to xmlInitGlobalState. Lookup global state with xmlGetThreadLocalStorage which can be inlined nicely. Also cleanup global state when using TLS. xmlLastError must be reset.
39a275a5	2023-09-18T21:25:35	globals: Define globals using macros Declare and define globals and helper functions by (ab)using the preprocessor.
bf6bd161	2023-09-18T19:53:31	globals: Introduce xmlCheckThreadLocalStorage Checks whether (emulated) thread-local storage could be allocated.
89f49767	2023-09-18T18:44:32	globals: Make xmlGlobalState private This removes a public struct but it seems impossible to use its members in a sensible way from external code.
4e1c13eb	2023-09-18T14:45:10	debug: Remove debugging code This is barely useful these days and only clutters the code base.
c19771c1	2023-09-18T00:54:39	globals: Move code from threads.c to globals.c Move all code that handles globals to the place where it belongs.
2a4b8114	2023-09-17T23:16:49	globals: Rename members of xmlGlobalState This is a deliberate first step to remove some internals from the public API and to avoid issues when redefining tokens.
778cca38	2023-08-20T22:50:57	legacy: Add stubs for disabled modules When legacy support is requested, always enable stubs for FTP and XPointer location modules which were removed from the standard configuration. Going forward, the --with-legacy configuration option should be used to provide maximum ABI compatibility. Fixes #433.
ed3bd052	2023-08-20T20:48:10	parser: Allow to set maximum amplification factor
f1c1f5c6	2023-08-16T19:43:02	parser: Revert change to doc->encoding Fixes #579.
ec7be506	2023-08-08T15:19:46	parser: Rework encoding detection Introduce XML_INPUT_HAS_ENCODING flag for xmlParserInput which is set when xmlSwitchEncoding is called. The parser can use the flag to reliably detect whether an encoding was already set via user override, BOM or other auto-detection. In this case, the encoding declaration won't be used to switch the encoding. Before, an inscrutable mix of ctxt->charset, ctxt->input->encoding and ctxt->input->buf->encoder was used. Introduce private helper functions to switch encodings used by both the XML and HTML parser: - xmlDetectEncoding which skips over the BOM, allowing to remove the BOM checks from other encoding functions. - xmlSetDeclaredEncoding, replacing htmlCheckEncodingDirect, which warns about encoding mismatches. If users override the encoding, store the declared instead of the actual encoding in xmlDoc. In this case, the actual encoding is known and the raw value from the doc is more useful. Also use the input flags to store the ISO-8859-1 fallback state. Restrict the fallback to cases where no encoding was specified. (The fallback is only useful in recovery mode and these days broken UTF-8 is probably more likely than ISO-8859-1, so it might eventually be removed completely.) The 'charset' member of xmlParserCtxt is now unused. The 'encoding' member of xmlParserInput is now unused. The 'standalone' member of xmlParserInput is renamed to 'flags'. A new parser state XML_PARSER_XML_DECL is added for the push parser.
b8961df6	2023-05-09T03:25:24	SAX: Always validate xml:ids The behavior shouldn't depend on mostly random configuration options.
8d5e33ef	2023-05-03T20:42:10	Fix compiler warning on GCC < 8 -Wcast-function-type is only available since GCC 8.
3ff6abbf	2023-02-22T17:11:20	encoding: Rework error codes Use an enum instead of magic numbers. Fix a few error codes. Simplify handling of "space" and "partial" errors. See #506.
fa993130	2023-04-30T12:57:09	xpath: Remove remaining references to valueFrame Fixes #529.
3ffcc03b	2023-03-13T19:38:41	parser: Deprecate more internal functions
98840d40	2023-03-21T19:07:12	parser: Rework EBCDIC code page detection To detect EBCDIC code pages, we used to switch the encoding twice and had to be very careful not to decode data after the XML declaration before the second switch. This relied on a hard-coded expected size of the XML declaration and was complicated and unreliable. Now we convert the first 200 bytes to EBCDIC-US and parse the encoding declaration manually.
f8efa589	2023-03-14T13:55:06	malloc-fail: Handle malloc failures in xmlSchemaInitTypes Note that this changes the return value of public function xmlSchemaInitTypes from void to int. This shouldn't break the ABI on most platforms. Found when investigating #500.
d7daf9fd	2023-03-14T13:02:36	xmllint: Fix use-after-free with --maxmem Fixes #498.
e7c3a4ca	2023-03-13T19:19:46	parser: Deprecate some parser input functions
48379394	2023-03-13T17:11:27	malloc-fail: Stop using XPath stack frames There's too much code which assumes that if ctxt->value is non-null, a value can be successfully popped off the stack. This assumption can break with stack frames when malloc fails. Instead of trying to fix all call sites, remove the stack frame logic. It only offered very little protection against misbehaving extension functions. We already check the stack size after a function call which should be enough. Found by OSS-Fuzz.
bd63d730	2023-03-12T17:40:55	html: Impose some length limits Impose length limits on names, attribute values, PIs and comments, similar to the XML parser.
b51478dc	2023-02-24T16:21:17	Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" This reverts commit 6a12be77c6a94c374ab7476087edcee2ba41d9b4. There's too much code reading ctxt->value directly and making the wrong assumptions.
6a12be77	2023-01-31T12:46:30	malloc-fail: Avoid use-after-free after unsuccessful valuePush In xpath.c there's a lot of code like: valuePush(ctxt, xmlCacheNewX()); ... valuePop(ctxt); If xmlCacheNewX fails, no value will be pushed on the stack. If there's no error check in between, valuePop will pop an unrelated value which can lead to use-after-free errors. Instead of trying to fix all call sites, we simply stop popping values if an error was signaled. This requires to change the CHECK_TYPE macro which is often used to determine whether a value can be safely popped. Found with libFuzzer, see #344.
59b33661	2022-12-27T14:15:51	error: Limit number of parser errors Reporting errors is expensive and some abusive test cases can generate an error for each invalid input byte. This causes the parser to spend most of the time with error handling. Limit the number of errors and warnings to 100.
b47ebf04	2022-12-21T00:02:47	parser: Deprecate xmlString*DecodeEntities These are internal functions.
ce76ebfd	2022-12-19T20:56:23	entities: Stop counting entities This was only used in the old version of xmlParserEntityCheck.
463bbeec	2022-12-19T18:39:45	entities: Rework entity amplification checks This commit implements robust detection of entity amplification attacks, better known as the "billion laughs" attack. We now limit the size of the document after substitution of entities to 10 times the size before expansion. This guarantees linear behavior by definition. There already was a similar check before, but the accounting of "sizeentities" (size of external entities) and "sizeentcopy" (size of all copies created by entity references) wasn't accurate. We also need saturation arithmetic since we're historically limited to "unsigned long" which is 32-bit on many platforms. A maximum of 10 MB of substitutions is always allowed. This should make use cases like DITA work which have caused problems in the past. The old checks based on the number of entities were removed. This is accounted for by adding a fixed cost to each entity reference. Entity amplification checks are now enabled even if XML_PARSE_HUGE is set. This option is mainly used to allow larger text nodes. Most users were unaware that it also disabled entity expansion checks. Some of the limits might be adjusted later. If this change turns out to affect legitimate use cases, we can add a separate parser option to disable the checks. Fixes #294. Fixes #345.
f34f184f	2022-12-19T15:24:53	entities: Add "flags" member to struct xmlEntity This will hold various flags and eventually replace the "checked" member.
a6debffd	2022-12-08T03:37:24	xmlexports.h: Disable docs for internal macro XMLPUBLIC
3b6cc47a	2022-12-08T02:51:52	xmlexports.h: Remove LIBXML_FASTCALL optimization This was an experimental and undocumented micro-optimization for Windows which apparently required different calling conventions for variable-argument functions, making it impossible to maintain without domain knowledge.
ce9baf94	2022-12-08T02:48:27	Remove XMLCALL and XMLCDECL macros from public headers
c73d464a	2022-11-24T15:00:03	threads: Deprecate some internal functions
707ade22	2022-11-22T14:56:58	Visual Studio builds: Allow silencing deprecation warnings Define XML_IGNORE_DEPRECATION_WARNINGS and the corresponding XML_POP_WARNINGS for Visual Studio, and consequently define XML_IGNORE_FPTR_CAST_WARNINGS so that we do not get a compiler warning on Visual Studio by doing a __pragma(warning(pop)) without a corresponding __pragma(warning(push)). Also correct the documentation a bit for XML_POP_WARNINGS.
b9590d5d	2022-11-18T11:23:23	Visual Studio: Define XML_DEPRECATED We can mark APIs as deprecated using __declspec(deprecated) with Visual Studio 2005 and later, so add a definition of that so that we can help users avoid using deprecated APIs when using Visual Studio as well. For the existing GCC definition, check whether we are on GCC 3.1+ before enabling the definition.
68a6518c	2022-11-15T18:23:33	parser: Rewrite push parser boundary checks Remove inaccurate xmlParseCheckTransition check. Remove non-incremental xmlParseGetLasts check. Add functions that check for several boundary constructs more accurately, keeping track of progress in ctxt->checkIndex. Fixes #439.
2059df53	2022-11-14T22:27:58	buf: Deprecate static/immutable buffers
b693905f	2022-11-04T14:50:39	doc: Remove xmlDllMain from documentation and version script This is a Windows-only symbol.
a9669679	2022-09-09T01:44:00	error: Don't use initGenericErrorDefaultFunc The code in xmlInitParser did only set the error handler if it was NULL which should never happen.
0d901258	2022-09-04T16:41:43	Fix Windows compiler warnings in python/types.c

c1bddd4c

2023-12-23T01:09:17

parser: Mark 'length' member of xmlParserInput as unused

c73de050

2023-12-23T04:50:47

include: Move non-generated parts from xmlversion.h.in xmlexports.h originally only included symbol visibility macros but it's a good place for other macros as well.

955c177f

2023-12-23T00:58:36

parser: Stop using 'directory' struct member This was only used as a pointless fallback for URI resolution.

229e5ff7

2023-12-21T18:09:42

io: Remove support for HTTP POST This feature is unlikely to be used these days.

b2dbcc43

2023-12-19T13:33:59

io: Rework default callbacks Register a dummy callback struct for default callbacks. Handle them in a separate function which will later allow to return meaningful error codes.

23345a1c

2023-12-19T19:52:28

io: Report IO errors through xmlCtxtErrIO This is also a new public API function to be used in external entity loaders.

1ef35663

2023-12-19T19:36:35

io: Always use unbuffered input Before, we often used unbuffered input via the lzma or gzip handlers, more or less inadvertently. Change the default file handlers from buffered (stdc FILE) to unbuffered (POSIX fds).

2829a21a

2023-12-18T19:43:55

xinclude: Improve error handling Introduce xmlXIncludeSetErrorHandler allowing to set a structured error handler for an XInclude context and forwarding errors from parser. Remove arguments from memory error handlers. Use xmlRaiseMemoryError.

954b8984

2023-12-18T19:39:38

xpath: Improve error handling Introduce xmlXPathSetErrorHandler allowing to set a structured error handler for an XPath context. Remove arguments from memory error handlers. Use xmlRaiseMemoryError. Remove TODO, STRANGE and CHECK_CTXT macros. Remove remaining uses of xmlGenericError.

54c70ed5

2023-12-18T19:31:29

parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.

5d2dbe79

2023-12-14T13:37:25

parser: Fix build --without-output Fixes #647

c2bbeed1

2023-12-12T23:51:32

io: Fix memory lifetime issue with input buffers xmlParserInputBufferCreateMem must make a copy of the buffer. This fixes a regression from 2.11 which could cause reads from freed memory depending on the use case. Undeprecate xmlParserInputBufferCreateStatic which can avoid copying the whole buffer.

157df344

2023-12-10T18:23:53

xmlreader: Report malloc failures Fix many places where malloc failures aren't reported. Introduce a new API function xmlTextReaderGetLastError.

78eab7a1

2023-12-10T18:15:59

xinclude: Report malloc failures Fix many places where malloc failures aren't reported. Introduce a new API function xmlXIncludeGetLastError.

f19a9510

2023-12-10T17:50:22

parser: Report malloc failures Fix many places where malloc failures aren't reported. Make xmlErrMemory public. This is useful for custom external entity loaders. Introduce new API function xmlSwitchEncodingName. Change the way how we store whether the the parser is stopped. This used to be signaled by setting ctxt->instate to XML_PARSER_EOF which was misdesigned and error-prone. Set ctxt->disableSAX to 2 instead and introduce a macro PARSER_STOPPED. Also stop to remove parser inputs in xmlHaltParser. This allows to remove many checks of ctxt->instate. Introduce xmlErrParser to handle errors if a parser context is available.

0d97e439

2023-12-10T17:14:57

save: Report malloc failures Fix places where malloc failures aren't report. Introduce a new API function xmlSaveFinish which returns an error code.

aca16fb3

2023-12-10T16:37:43

tree: Report malloc failures Fix many places where malloc failures aren't reported. Make some API function return an error code. Changing the return type from void to int is technically an ABI break but should be safe on most platforms. - xmlNodeSetContent - xmlNodeSetContentLen - xmlNodeAddContent - xmlNodeAddContentLen - xmlNodeSetBase Introduce new API functions that return a separate error code if a memory allocation fails. - xmlNodeGetAttrValue - xmlNodeGetBaseSafe - xmlGetNsListSafe Introduce private functions xmlTreeEnsureXMLDecl and xmlSplitQName4. Don't report low-level errors to the global error handler. Fix tree Introduce xmlGetNsListSafe Fix tree

e34a49b7

2023-12-10T16:29:31

valid: Improve addition and deletion of IDs Introduce a new API function xmlAddIDSafe that returns a separate error code if a memory allocation fails. Store a pointer to the ID struct in xmlAttr so attributes can be freed without allocating memory. It's impossible to report malloc failures in deallocation code.

e1560990

2023-12-10T15:30:47

pattern: Report malloc failures Fix places where malloc failures aren't reported. Introduce a new API function xmlPatternCompileSafe that returns a separate error code if a memory allocation fails.

a1f7ecae

2023-12-10T15:25:42

entities: Report malloc failures Fix places where malloc failures aren't reported. Introduce new API function xmlAddEntity that returns separate error codes. Don't invoke global error handler for low-level errors which should be handled by higher layers. Invalid redelcaration warnings will be fixed later.

f313848b

2023-12-10T15:14:15

hash: Report malloc failures Introduce new API functions that return a separate error code if a memory allocation fails. - xmlHashAdd - xmlHashCopySafe

bd5ad030

2023-12-10T14:56:21

encoding: Report malloc failures Introduce new API functions that return a separate error code if a memory allocation fails. - xmlOpenCharEncodingHandler - xmlLookupCharEncodingHandler Fix a few places where malloc failures weren't reported.

da996c8d

2023-12-10T14:46:59

uri: Report malloc failures Fix many places where malloc failures weren't reported, for example after calling xmlStrdup. Introduce new public API functions that return a separate error code if a memory allocation fails: - xmlParseURISafe - xmlBuildURISafe - xmlBuildRelativeURISafe Update the fuzzer to check whether malloc failures are reported.

df0b540b

2023-12-07T14:40:13

include: Rename XML_EMPTY helper macro Avoid name clash with downstream projects.

a9738e31

2023-12-07T14:15:29

include: Move declaration of xmlInitGlobals Fix downstream build issues after reworking globals.h.

52703ffd

2023-12-07T12:04:02

include: Add missing includes

9122ad0c

2023-12-06T19:56:50

include: Move globals from xmlsave.h to parser.h Fix downstream build issues after reworking globals.h.

c011e760

2023-12-06T01:09:31

globals: Remove unused globals from thread storage Setting these deprecated globals hasn't had an effect for a long time. Make them constants. This reduces the size of per-thread storage from ~700 to ~250 bytes.

1c7f4c70

2023-11-27T12:10:09

nanohttp: Deprecate public API The long-term plan is to remove the built-in HTTP client. There are still a few downstream projects that use libxml2's client for other purposes. These users should get deprecation warnings now.

7d6969d9

2023-11-23T15:48:52

Remove Trio Trio is a rather old cross-platform printf library which was bundled with libxml2. It was needed for ancient pre-C99 systems without snprintf and should be safe to remove these days.

ff6c3188

2023-11-23T15:22:59

include: Remove useless 'const' from function arguments

6bc86405

2023-11-09T02:04:15

Avoid EDG deprecation warnings for LCC compiler

aca37d8c

2023-11-20T15:20:37

parser: Only enable SAX2 if there are SAX2 element handlers This reverts part of commit 235b15a5 for backward compatibility and adds some comments trying to clarify the whole mess. Fixes #623.

61034116

2023-10-24T15:02:36

error: Make more xmlError structs constant Prepare for future changes, see 45470611.

253f260b

2023-10-18T20:06:35

threads: Fix --with-thread-alloc Fixes #606.

713ded60

2023-10-06T10:43:38

entities: Make xmlFreeEntity public

e0dd330b

2023-09-29T00:18:44

parser: Use hash tables to avoid quadratic behavior Use a hash table to lookup namespaces by prefix. The hash table stores an index into the namespace table. Auxiliary data for namespaces is stored in a separate array along the main namespace table. Use a hash table to verify attribute uniqueness. The hash table stores an index into the attribute table. Reuse hash value from the dictionary to avoid computing them twice. See #346.

b31813e6

2023-09-28T15:34:08

include: Add more missing stdio.h includes

84e1ffc8

2023-09-22T15:44:17

doc: Don't document internal macros in xmlversion.h

b94283fb

2023-09-22T14:23:27

regexp: Add missing include

45470611

2023-09-21T23:52:52

error: Make xmlGetLastError return a const error This is a slight break of the API, but users really shouldn't modify the global error struct. The goal is to make xmlLastError use static buffers for its strings eventually. This should warn people if they're abusing the struct.

8c084ebd

2023-09-21T22:57:33

doc: Make apibuild.py happy

72262030

2023-09-21T14:52:14

parser: Readd some includes to parser.h and xmlreader.h Fix backward compatibility.

9fc5090c

2023-09-16T19:58:42

hash: Clean up libxml/hash.h Rename variables, fix subincludes, whitespace.

da274bfa

2023-09-21T01:29:40

build: Fix build when certain modules are disabled

9b5cce7a

2023-09-21T00:44:50

include: Remove more unnecessary includes

d6ba4033

2023-09-20T20:49:59

globals: Move remaining declarations to correct places globals.h is now deprecated. Sanity is restored.

1117fae0

2023-09-20T19:20:41

include: Remove unneeded includes

736327df

2023-09-20T19:09:15

include: Break inclusion cycle between tree.h and xmlregexp.h

11a1839d

2023-09-20T17:54:48

globals: Move remaining globals back to correct header files This undoes a lot of damage.

7909ff08

2023-09-20T17:38:26

include: Remove unnecessary includes - Don't include tree.h from encoding.h - Don't include parser.h from xmlIO.h

eb985d6f

2023-09-20T17:17:49

globals: Move error globals back to xmlerror.c

d1336fd3

2023-09-20T17:00:50

globals: Move malloc hooks back to xmlmemory.h

a77f9ab8

2023-09-20T16:57:22

globals: Don't include SAX2.h from globals.h

2e6c49a7

2023-09-20T14:43:14

globals: Don't store xmlParserVersion in global state This is a constant.

0830fcfa

2023-09-20T14:30:12

globals: Deprecate xmlLastError The last error should be accessed with xmlGetLastError.

db8b9722

2023-09-20T13:56:16

parser: Deprecate global parser options Note that setting global options has no effect anyway when using any of the modern parser API functions which take an option argument like xmlReadMemory or when using xmlCtxtUseOptions. Global options only have an effect when using old API functions xmlParse* or xmlSAXParse* or when using an xmlParserCtxt without calling xmlCtxtUseOptions. Unfortunately, many downstream projects still modify global parser options often without realizing that it has no effect. If necessary, switch to the modern API. Then you can safely remove all code that changes global options. Here's a list of deprecated functions and global variables together with the corresponding parser options. - xmlSubstituteEntitiesDefault, xmlSubstituteEntitiesDefaultValue Parser option XML_PARSE_NOENT - xmlKeepBlanksDefault, xmlKeepBlanksDefaultValue Inverse of parser option XML_PARSE_NOBLANKS - xmlPedanticParserDefault, xmlPedanticParserDefaultValue Parser option XML_PARSE_PEDANTIC - xmlLineNumbersDefault, xmlLineNumbersDefaultValue Always enabled by new API - xmlDoValidityCheckingDefaultValue Parser option XML_PARSE_DTDVALID - xmlGetWarningsDefaultValue Inverse of parser option XML_PARSE_NOWARNING - xmlLoadExtDtdDefaultValue Parser options XML_PARSE_DTDLOAD and XML_PARSE_DTDATTR

868b94b8

2023-09-20T13:10:29

globals: Reformat libxml/globals.h

bbf08608

2023-09-20T13:05:02

globals: Move buffer callback declarations to xmlIO.h

dc3382ef

2023-09-20T12:58:03

globals: Move xmlRegisterNodeDefault to tree.c Code in globals.c must not try to access globals itself since the accessor macros aren't defined and we would only see the main variable.

e7b6ca15

2023-09-18T13:25:06

globals: Rework global state destruction on Windows If DllMain is used, rely on it working as expected. The old code seemed to attempt to free global state of other threads if, for some reason, the DllMain mechanism didn't work. In a static build, register a destructor with RegisterWaitForSingleObject. Make public functions xmlGetGlobalState and xmlInitializeGlobalState no-ops. Move initialization and registration of global state objects to xmlInitGlobalState. Lookup global state with xmlGetThreadLocalStorage which can be inlined nicely. Also cleanup global state when using TLS. xmlLastError must be reset.

39a275a5

2023-09-18T21:25:35

globals: Define globals using macros Declare and define globals and helper functions by (ab)using the preprocessor.

bf6bd161

2023-09-18T19:53:31

globals: Introduce xmlCheckThreadLocalStorage Checks whether (emulated) thread-local storage could be allocated.

89f49767

2023-09-18T18:44:32

globals: Make xmlGlobalState private This removes a public struct but it seems impossible to use its members in a sensible way from external code.

4e1c13eb

2023-09-18T14:45:10

debug: Remove debugging code This is barely useful these days and only clutters the code base.

c19771c1

2023-09-18T00:54:39

globals: Move code from threads.c to globals.c Move all code that handles globals to the place where it belongs.

2a4b8114

2023-09-17T23:16:49

globals: Rename members of xmlGlobalState This is a deliberate first step to remove some internals from the public API and to avoid issues when redefining tokens.

778cca38

2023-08-20T22:50:57

legacy: Add stubs for disabled modules When legacy support is requested, always enable stubs for FTP and XPointer location modules which were removed from the standard configuration. Going forward, the --with-legacy configuration option should be used to provide maximum ABI compatibility. Fixes #433.

ed3bd052

2023-08-20T20:48:10

parser: Allow to set maximum amplification factor

f1c1f5c6

2023-08-16T19:43:02

parser: Revert change to doc->encoding Fixes #579.

ec7be506

2023-08-08T15:19:46

parser: Rework encoding detection Introduce XML_INPUT_HAS_ENCODING flag for xmlParserInput which is set when xmlSwitchEncoding is called. The parser can use the flag to reliably detect whether an encoding was already set via user override, BOM or other auto-detection. In this case, the encoding declaration won't be used to switch the encoding. Before, an inscrutable mix of ctxt->charset, ctxt->input->encoding and ctxt->input->buf->encoder was used. Introduce private helper functions to switch encodings used by both the XML and HTML parser: - xmlDetectEncoding which skips over the BOM, allowing to remove the BOM checks from other encoding functions. - xmlSetDeclaredEncoding, replacing htmlCheckEncodingDirect, which warns about encoding mismatches. If users override the encoding, store the declared instead of the actual encoding in xmlDoc. In this case, the actual encoding is known and the raw value from the doc is more useful. Also use the input flags to store the ISO-8859-1 fallback state. Restrict the fallback to cases where no encoding was specified. (The fallback is only useful in recovery mode and these days broken UTF-8 is probably more likely than ISO-8859-1, so it might eventually be removed completely.) The 'charset' member of xmlParserCtxt is now unused. The 'encoding' member of xmlParserInput is now unused. The 'standalone' member of xmlParserInput is renamed to 'flags'. A new parser state XML_PARSER_XML_DECL is added for the push parser.

b8961df6

2023-05-09T03:25:24

SAX: Always validate xml:ids The behavior shouldn't depend on mostly random configuration options.

8d5e33ef

2023-05-03T20:42:10

Fix compiler warning on GCC < 8 -Wcast-function-type is only available since GCC 8.

3ff6abbf

2023-02-22T17:11:20

encoding: Rework error codes Use an enum instead of magic numbers. Fix a few error codes. Simplify handling of "space" and "partial" errors. See #506.

fa993130

2023-04-30T12:57:09

xpath: Remove remaining references to valueFrame Fixes #529.

3ffcc03b

2023-03-13T19:38:41

parser: Deprecate more internal functions

98840d40

2023-03-21T19:07:12

parser: Rework EBCDIC code page detection To detect EBCDIC code pages, we used to switch the encoding twice and had to be very careful not to decode data after the XML declaration before the second switch. This relied on a hard-coded expected size of the XML declaration and was complicated and unreliable. Now we convert the first 200 bytes to EBCDIC-US and parse the encoding declaration manually.

f8efa589

2023-03-14T13:55:06

malloc-fail: Handle malloc failures in xmlSchemaInitTypes Note that this changes the return value of public function xmlSchemaInitTypes from void to int. This shouldn't break the ABI on most platforms. Found when investigating #500.

d7daf9fd

2023-03-14T13:02:36

xmllint: Fix use-after-free with --maxmem Fixes #498.

e7c3a4ca

2023-03-13T19:19:46

parser: Deprecate some parser input functions

48379394

2023-03-13T17:11:27

malloc-fail: Stop using XPath stack frames There's too much code which assumes that if ctxt->value is non-null, a value can be successfully popped off the stack. This assumption can break with stack frames when malloc fails. Instead of trying to fix all call sites, remove the stack frame logic. It only offered very little protection against misbehaving extension functions. We already check the stack size after a function call which should be enough. Found by OSS-Fuzz.

bd63d730

2023-03-12T17:40:55

html: Impose some length limits Impose length limits on names, attribute values, PIs and comments, similar to the XML parser.

b51478dc

2023-02-24T16:21:17

Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" This reverts commit 6a12be77c6a94c374ab7476087edcee2ba41d9b4. There's too much code reading ctxt->value directly and making the wrong assumptions.

6a12be77

2023-01-31T12:46:30

malloc-fail: Avoid use-after-free after unsuccessful valuePush In xpath.c there's a lot of code like: valuePush(ctxt, xmlCacheNewX()); ... valuePop(ctxt); If xmlCacheNewX fails, no value will be pushed on the stack. If there's no error check in between, valuePop will pop an unrelated value which can lead to use-after-free errors. Instead of trying to fix all call sites, we simply stop popping values if an error was signaled. This requires to change the CHECK_TYPE macro which is often used to determine whether a value can be safely popped. Found with libFuzzer, see #344.

59b33661

2022-12-27T14:15:51

error: Limit number of parser errors Reporting errors is expensive and some abusive test cases can generate an error for each invalid input byte. This causes the parser to spend most of the time with error handling. Limit the number of errors and warnings to 100.

b47ebf04

2022-12-21T00:02:47

parser: Deprecate xmlString*DecodeEntities These are internal functions.

ce76ebfd

2022-12-19T20:56:23

entities: Stop counting entities This was only used in the old version of xmlParserEntityCheck.

463bbeec

2022-12-19T18:39:45

entities: Rework entity amplification checks This commit implements robust detection of entity amplification attacks, better known as the "billion laughs" attack. We now limit the size of the document after substitution of entities to 10 times the size before expansion. This guarantees linear behavior by definition. There already was a similar check before, but the accounting of "sizeentities" (size of external entities) and "sizeentcopy" (size of all copies created by entity references) wasn't accurate. We also need saturation arithmetic since we're historically limited to "unsigned long" which is 32-bit on many platforms. A maximum of 10 MB of substitutions is always allowed. This should make use cases like DITA work which have caused problems in the past. The old checks based on the number of entities were removed. This is accounted for by adding a fixed cost to each entity reference. Entity amplification checks are now enabled even if XML_PARSE_HUGE is set. This option is mainly used to allow larger text nodes. Most users were unaware that it also disabled entity expansion checks. Some of the limits might be adjusted later. If this change turns out to affect legitimate use cases, we can add a separate parser option to disable the checks. Fixes #294. Fixes #345.

f34f184f

2022-12-19T15:24:53

entities: Add "flags" member to struct xmlEntity This will hold various flags and eventually replace the "checked" member.

a6debffd

2022-12-08T03:37:24

xmlexports.h: Disable docs for internal macro XMLPUBLIC

3b6cc47a

2022-12-08T02:51:52

xmlexports.h: Remove LIBXML_FASTCALL optimization This was an experimental and undocumented micro-optimization for Windows which apparently required different calling conventions for variable-argument functions, making it impossible to maintain without domain knowledge.

ce9baf94

2022-12-08T02:48:27

Remove XMLCALL and XMLCDECL macros from public headers

c73d464a

2022-11-24T15:00:03

threads: Deprecate some internal functions

707ade22

2022-11-22T14:56:58

Visual Studio builds: Allow silencing deprecation warnings Define XML_IGNORE_DEPRECATION_WARNINGS and the corresponding XML_POP_WARNINGS for Visual Studio, and consequently define XML_IGNORE_FPTR_CAST_WARNINGS so that we do not get a compiler warning on Visual Studio by doing a __pragma(warning(pop)) without a corresponding __pragma(warning(push)). Also correct the documentation a bit for XML_POP_WARNINGS.

b9590d5d

2022-11-18T11:23:23

Visual Studio: Define XML_DEPRECATED We can mark APIs as deprecated using __declspec(deprecated) with Visual Studio 2005 and later, so add a definition of that so that we can help users avoid using deprecated APIs when using Visual Studio as well. For the existing GCC definition, check whether we are on GCC 3.1+ before enabling the definition.

68a6518c

2022-11-15T18:23:33

parser: Rewrite push parser boundary checks Remove inaccurate xmlParseCheckTransition check. Remove non-incremental xmlParseGetLasts check. Add functions that check for several boundary constructs more accurately, keeping track of progress in ctxt->checkIndex. Fixes #439.

2059df53

2022-11-14T22:27:58

buf: Deprecate static/immutable buffers

b693905f

2022-11-04T14:50:39

doc: Remove xmlDllMain from documentation and version script This is a Windows-only symbol.

a9669679

2022-09-09T01:44:00

error: Don't use initGenericErrorDefaultFunc The code in xmlInitParser did only set the error handler if it was NULL which should never happen.

0d901258

2022-09-04T16:41:43

Fix Windows compiler warnings in python/types.c

kc3-lang/libxml2/include/libxml

include/libxml

Log