kmx git

Commit	Date	Message
3a64f394	2023-08-08T15:19:25	html: Remove some debugging code in htmlParseTryOrFinish
58de9d31	2023-08-03T12:00:55	valid: Fix c1->parent pointer in xmlCopyDocElementContent Fixes #572.
75693281	2023-07-21T14:50:30	malloc-fail: Fix memory leak in xmlCompileAttributeTest Found by OSS-Fuzz, see #344.
90bcbcfc	2023-07-20T21:08:01	parser: Fix potential use-after-free in xmlParseCharDataInternal Return immediately if a SAX handler stops the parser. Fixes #569.
88447447	2023-06-23T23:04:30	parser: Fix typo in previous commit
9d0541dd	2023-06-22T18:06:53	parser: Make xmlSwitchEncoding always skip the BOM Chromium calls xmlSwitchEncoding from the start document handler and relies on this function to skip the BOM. Commit 98840d40 changed the behavior when switching to UTF-16 since inspecting the input buffer at this point is fragile. Revert part of the commit to also skip a potential (decoded UTF-8) BOM when switching to UTF-16. Make sure that we do this only at the start of an input stream to avoid U-FEFF characters being lost. BOM handling should ultimately be moved to the parsing code to avoid such bugs. See https://bugs.chromium.org/p/chromium/issues/detail?id=1451026
2473b485	2023-06-21T14:15:02	autotools: fix Python module file ext for cygwin/msys2 both use .dll, not .pyd
5f54bac9	2023-06-10T10:50:02	testapi: test_xmlSAXDefaultVersion() leaves xmlSAX2DefaultVersionValue set to 1 with LIBXML_SAX1_ENABLED Add code to save and to restore the default value of xmlSAX2DefaultVersionValue. Fixes #554.
b236b7a5	2023-06-08T21:53:05	parser: Halt parser when growing buffer results in OOM Fix short-lived regression from previous commit. It might be safer to make xmlBufSetInputBaseCur use the original buffer even in case of errors. Found by OSS-Fuzz.
20f5c734	2023-06-07T14:05:34	parser: Recover more input from encoding errors Don't halt the parser in xmlParserGrow to allow more input to be recovered in case of encoding errors. Fixes #543.
db21cd5d	2023-06-06T14:25:30	malloc-fail: Handle malloc failures in xmlAddEncodingAlias Avoid memory errors if an allocation fails. See #344. Fixes #553.
305a75cc	2023-06-06T13:15:46	malloc-fail: Fix null-deref with xmllint --copy See #344. Fixes #552.
6273df6c	2023-05-30T12:30:27	xpath: Ignore entity ref nodes when computing node hash XPath queries only work reliably if entities are substituted. Nevertheless, it's possible to query a document with entity reference nodes. xmllint even deletes entities when the `--dropdtd` option is passed, resulting in dangling pointers, so it's best to skip entity reference nodes to avoid a use-after-free. Fixes #550.
e2f21c22	2023-05-25T13:01:48	win32: Deprecate old Windows build system
1e8ab697	2023-05-25T03:03:33	gitlab-ci: Lower _XOPEN_SOURCE value
cb8ccb10	2023-05-25T03:07:57	testapi: Don't set http_proxy environment variable We already disable network access, so this has no effect.
9fd57df8	2023-05-25T02:37:57	autotools: Improve iconv check Use a custom test program which includes iconv.h, so we can check whether the possibly redefined symbols in this header file match the symbols in the iconv library. Should fix #547.
c3c6cc62	2023-05-24T20:08:33	runtest: Fix compilation without LIBXML_HTML_ENABLED Fixes #545.
981093ab	2023-05-18T19:23:58	test: Add push parser tests for split UTF-8 sequences
e0f3016f	2023-05-18T17:31:44	parser: Fix regression when push parsing UTF-8 sequences Partial UTF-8 sequences are allowed when push parsing. Fixes #542.
687a2b71	2023-05-08T17:05:13	xinclude: Lower initial table size when fuzzing We don't have test cases with many documents, so set the initial table size to 1 when fuzzing, so there is a chance to detect reallocation issues.
c40cbf07	2023-05-08T17:03:00	malloc-fail: Fix null deref after xmlXIncludeNewRef See #344.
105ce73d	2023-05-08T16:45:28	xinclude: Fix false positives in inclusion loop detection xmlXIncludeRecurseDoc can realloc the cache.
bdb5667a	2023-05-10T18:13:47	autotools: Fix ICU detection Fixes #540.
9dae389c	2023-05-09T13:28:06	parser: Fix "huge input lookup" error with push parser Fix parsing of larger documents without XML_PARSE_HUGE. Should fix #538.
b8961df6	2023-05-09T03:25:24	SAX: Always validate xml:ids The behavior shouldn't depend on mostly random configuration options.
f24ffddb	2023-05-08T23:33:04	Stop using sprintf Switch remaining users to snprintf.
01723fc6	2023-05-08T23:12:33	xpath: Fix build without LIBXML_XPATH_ENABLED Move static function declaration into XPATH block. Also move comparison functions. Fixes #537.
235b15a5	2023-05-08T17:58:02	SAX: Always initialize SAX1 element handlers Follow-up to commit d0c3f01e. A parser context will be initialized to SAX version 2, but this can be overridden with XML_PARSE_SAX1 later, so we must initialize the SAX1 element handlers as well. Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so we don't switch to SAX1 if the SAX2 element handlers are NULL.
34630630	2023-05-05T17:34:57	autoconf: fix iconv library paths and pass cflags when building executables See 0f77167f for prior related work
d0c3f01e	2023-05-06T17:47:37	parser: Fix old SAX1 parser with custom callbacks For some reason, xmlCtxtUseOptionsInternal set the start and end element SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1 was specified. This means that custom SAX handlers could never work with that flag because these functions would receive the wrong user data argument and crash immediately. Fixes #535.
06a2c251	2023-05-06T15:28:13	hash: Fix possible startup crash with old libxslt versions Call xmlInitParser in xmlHashCreate to make it work if the library wasn't initialized yet. Otherwise, exsltRegisterAll from libxslt 1.1.24 or older might cause a crash. See #534.
a800b7e0	2023-05-04T12:47:00	regexp: Fix null deref in xmlFAFinishReduceEpsilonTransitions Short-lived regression found by OSS-Fuzz.
8d5e33ef	2023-05-03T20:42:10	Fix compiler warning on GCC < 8 -Wcast-function-type is only available since GCC 8.
d6882f64	2023-05-03T18:33:20	threads: Fix startup crash with weak symbol hack Fix another issue when running with older libc, threads and libpthread not linked in.
7f3f3f11	2023-05-03T03:20:14	dict: Raise MAX_DICT_HASH limit This fixes quadratic behavior with large dictionaries. Also rework testdict.c to support tests with larger dictionaries.
11a95279	2023-05-02T13:32:24	win32: Don't depend on removed .def file Fixes broken build after 21cec82b. Fixes #532.
c613ab14	2023-05-02T00:32:50	regexp: Fix mistake in previous commit The `ret = 0` line should have been deleted. Fixes #531.
a06eaa61	2023-03-09T06:58:24	regexp: Fix determinism checks Swap arguments in initial call to xmlFARecurseDeterminism. Fix the check whether we revisit the initial state in xmlFARecurseDeterminism. If there are transitions with equal atoms and targets but different counters, treat the regex as deterministic but mark the transitions as non-deterministic internally. Don't overwrite zero return value of xmlFAComputesDeterminism with non-zero value from xmlFARecurseDeterminism. Most of these errors lead to non-deterministic regexes not being detected which typically isn't an issue. The improved code may break users who relied on buggy behavior or cause other bugs to become visible. Fixes #469.
e301865e	2023-03-09T05:34:38	regexp: Fix checks for eliminated transitions 'to' can be set to -1 or -2 when eliminating transitions, so check for all negative values.
90759c59	2023-03-09T16:34:11	regexp: Simplify xmlFAReduceEpsilonTransitions
9f7b1142	2023-03-09T05:25:09	regexp: Fix cycle check in xmlFAReduceEpsilonTransitions The visited flag must only be reset after the first call to xmlFAReduceEpsilonTransitions has finished. Visiting states multiple times could lead to unnecessary processing of duplicate transitions. Similar to 68eadabd.
4f49017e	2023-04-30T21:26:55	tests: Test streaming schema validation
d88763cc	2023-04-30T21:26:03	schemas: Fix filename in xmlSchemaValidateFile Make sure that filename appears in error messages.
165f3436	2023-04-30T21:24:50	schemas: Fix line numbers in streaming validation
57d88da6	2023-04-30T21:30:21	schemas: Fix memory leak in xmlSchemaValidateStream Regressed in 9a82b94a. Fixes #530.
0ffc2d82	2023-04-30T20:28:47	runtest: Skip element name in schema error messages This makes sure that memory and streaming tests will report the same messages.
550eaac6	2023-04-30T19:40:43	writer: Add error check in xmlTextWriterEndDocument
2f12e3a9	2023-04-30T18:46:05	encoding: Stop calling xmlEncodingErr This invokes the global error handler which should be avoided.
b230861d	2023-04-30T18:38:16	xmlIO: Remove some calls to xmlIOErr The xmlIOErr functions use the global error handler and should be avoided if possible.
320f5084	2023-04-30T18:25:09	parser: Improve handling of encoding and IO errors Make sure that xmlCharEncInput, xmlParserInputBufferPush and xmlParserInputBufferGrow set the correct error code in the xmlParserInputBuffer. Handle errors when calling these functions.
fc69cf56	2023-04-30T17:51:29	parser: Move xmlFatalErr to parserInternals.c
3ff6abbf	2023-02-22T17:11:20	encoding: Rework error codes Use an enum instead of magic numbers. Fix a few error codes. Simplify handling of "space" and "partial" errors. See #506.
b463b38b	2023-04-30T16:19:28	.gitignore: Split up and rearrange .gitignore files
0260de55	2023-04-30T16:00:44	.gitignore: Add runsuite.log
886bf4e6	2023-04-30T15:35:47	Stop calling xmlMemoryDump This was used to check for memory leaks but could potentially create a .memdump file. These days, there are better ways to check for memory leaks.
fc119e32	2023-04-30T15:28:12	examples: Don't call xmlCleanupParser and xmlMemoryDump xmlCleanupParser is dangerous and shouldn't be called in most cases. Being part of the examples led many people to use it incorrectly. xmlMemoryDump is an obsolete way to test for memory leaks.
3da09318	2023-04-30T13:16:12	libxml.m4: Fix "possibly undefined macro" error See #527.
fdc9cfaa	2023-04-30T13:02:31	cmake: Fix va_copy detection va_copy is defined by the standard as a macro, so check_function_exists will not detect it; check_symbol_exists will. Fixes #528.
fa993130	2023-04-30T12:57:09	xpath: Remove remaining references to valueFrame Fixes #529.
a5bc4605	2023-04-29T20:43:54	cmake: Link with --undefined-version
a8fe4900	2023-04-29T20:17:38	autoconf: Only use --undefined-version with version scripts
85d4aba4	2023-04-29T19:48:50	libxml.m4: Fix quoting Should fix #527.
d8f6e760	2023-04-29T19:12:23	Link with --undefined-version lld 16 defaults to --no-undefined-version but the version script can contain symbols disabled by configuration options. See #473.
131c2dec	2023-04-29T18:57:50	libxml2.syms: Revert removal of version information Removing version information caused problems when relinking with shared libraries depending on libxml2. It also broke the ABI on Android. Revert libxml2.syms to the 2.10.0 version. Fixes #526.
8979d739	2023-04-28T20:22:05	Clean up .gitignore Remove stuff which probably shouldn't be ignored.
e07f765f	2023-04-28T14:51:06	Bump version to 2.12.0
f296934a	2023-04-26T22:11:09	Release v2.11.0
6e12409b	2023-04-26T21:21:31	Regenerate docs and testapi.c
2df2562e	2023-04-26T21:17:21	autoconf: Add AC_LANG_SOURCE to fix warning
107e00a5	2023-04-26T20:36:33	libxml2.syms: Remove LIBXML2_2.11.0 version node This was never part of a public release and can be removed after commit bbb2b8f1.
3ffcc03b	2023-03-13T19:38:41	parser: Deprecate more internal functions
b51b99ef	2023-04-21T02:56:10	testchar: Fix return value in testUserEncoding
db32b09d	2023-04-20T16:22:11	xmllint: Validate --maxmem integer option Fixes #520.
250faf3c	2023-04-20T12:35:21	parser: Fix regression in xmlParserNodeInfo accounting Commit 62150ed2 broke begin_pos and begin_line when extra node info was recorded. Fixes #523.
eca1116b	2023-04-20T13:52:16	testchar: Add test for memory pull parser with encoding
9282b084	2023-04-19T21:55:24	parser: Fix regression in memory pull parser with encoding Revert another change from commit 98840d40. Decode the whole buffer when reading from memory and switching to the initial encoding. Add some comments about potential improvements.
1db3567c	2023-04-19T12:19:36	autoconf: Warn about outdated C compilers
33fb297b	2023-04-15T16:53:00	encoding: Fix compiler warning in ICU build
86105c04	2023-04-15T18:04:03	Fix use-after-free in xmlParseContentInternal() * parser.c: (xmlParseCharData): - Check if the parser has stopped before advancing `ctxt->input->cur`. This only occurs if a custom SAX error handler calls xmlStopParser() on fatal errors. Fixes #518.
a19fa11e	2023-04-13T15:11:47	parser: Fix regression when switching input encodings Revert some changes from commit 98840d40. WebKit/Chromium can actually switch from ISO-8859-1 to UTF-16 in the middle of parsing. This is a bad idea, but we have to keep supporting this use case.
b4d46cee	2023-04-12T15:10:01	parser: Remove first line handling in xmlParseChunk After reworking EBCDIC detection, this isn't necessary.
921796b0	2023-04-12T13:43:28	parser: Don't grow push parser buffers This should fix a short-lived regression when push parsing with encodings.
547edbf1	2023-04-07T11:49:27	[CVE-2023-29469] Hashing of empty dict strings isn't deterministic When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results. This could lead to various logic or memory errors, including double frees. For consistency the seed is also taken into account, but this shouldn't have an impact on security. Found by OSS-Fuzz. Fixes #510.
e4f85f1b	2023-04-07T11:46:35	[CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType Fix a null pointer dereference when parsing (invalid) XML schemas. Thanks to Robby Simpson for the report! Fixes #491.
cb1b8b85	2023-04-10T13:06:18	xmlValidatePopElement() can return invalid value (-1) Covered by: test/VC/ElementValid5 This only affects XML Reader API with LIBXML_REGEXP_ENABLED and LIBXML_VALID_ENABLED turned on. * result/VC/ElementValid5.rdr: - Update result to add missing error message. * python/tests/reader2.py: * result/VC/ElementValid6.rdr: * result/VC/ElementValid7.rdr: * result/valid/781333.xml.err.rdr: - Update result to fix grammar issue. * valid.c: (xmlValidatePopElement): - Check return value of xmlRegExecPushString() to handle -1, and assign 'ret = 0;' to return 0 from xmlValidatePopElement(). This change affects xmlTextReaderValidatePop() from xmlreader.c. - Fix grammar of error message by changing 'child' to 'children'.
d7d0bc65	2023-03-31T16:47:48	SAX2: Ignore namespaces in HTML documents In commit 21ca8829, we started to ignore namespaces in HTML element names but we still called xmlSplitQName, effectively stripping the namespace prefix. This would cause elements like <o:p> being parsed as <p>. Now we leave the name untouched. Fixes #508.
0e42adce	2023-03-30T13:53:24	parser: Halt parser if switching encodings fails Avoids buffer overread in htmlParseHTMLAttribute. Found by OSS-Fuzz.
1061537e	2023-03-26T22:40:54	malloc-fail: Fix buffer overread with HTML doctype declarations Found by OSS-Fuzz, see #344.
a6b9e55a	2023-03-26T15:42:02	encoding: Fix error code in asciiToUTF8 Use correct error code when invalid ASCII bytes are encountered. Found by OSS-Fuzz.
36602292	2023-03-26T14:11:31	parser: Fix buffer overread in xmlDetectEBCDIC Short-lived regression found by OSS-Fuzz.
7fbd454d	2023-03-21T13:26:36	parser: Grow input buffer earlier when reading characters Make more bytes available after invoking CUR_CHAR or NEXT.
98840d40	2023-03-21T19:07:12	parser: Rework EBCDIC code page detection To detect EBCDIC code pages, we used to switch the encoding twice and had to be very careful not to decode data after the XML declaration before the second switch. This relied on a hard-coded expected size of the XML declaration and was complicated and unreliable. Now we convert the first 200 bytes to EBCDIC-US and parse the encoding declaration manually.
3eb9f5ca	2023-03-21T13:19:31	parser: Limit name length in xmlParseEncName
04d1bedd	2023-03-21T13:08:44	parser: Rework shrinking of input buffers Don't try to grow the input buffer in xmlParserShrink. This makes sure that no memory allocations are made and the function always succeeds. Remove unnecessary invocations of SHRINK. Invoke SHRINK at the end of DTD parsing loops. Shrink before growing.
44ecefc8	2023-03-20T15:52:38	malloc-fail: Fix buffer overread after htmlParseScript Found by OSS-Fuzz, see #344.
b1319c90	2023-03-18T16:34:01	malloc-fail: Check for malloc failures when creating XPath strings Prevent null derefs. Found by OSS-Fuzz, see #344.
067986fa	2023-03-18T14:44:28	parser: Fix regressions from previous commits - Fix memory leak in xmlParseNmtoken. - Fix buffer overread after htmlParseCharDataInternal.
9ef2a9ab	2023-03-17T14:06:28	html: Rely on CUR_CHAR to grow the input buffer - Remove useless invocations of GROW. - Add some error checks. - Fix invocations of SHRINK.
3e85d7b7	2023-03-17T13:15:35	parser: Rely on CUR_CHAR/NEXT to grow the input buffer The input buffer is now grown reliably when calling CUR_CHAR (xmlCurrentChar) or NEXT (xmlNextChar). This allows to remove many other invocations of GROW.

3a64f394

2023-08-08T15:19:25

html: Remove some debugging code in htmlParseTryOrFinish

58de9d31

2023-08-03T12:00:55

valid: Fix c1->parent pointer in xmlCopyDocElementContent Fixes #572.

75693281

2023-07-21T14:50:30

malloc-fail: Fix memory leak in xmlCompileAttributeTest Found by OSS-Fuzz, see #344.

90bcbcfc

2023-07-20T21:08:01

parser: Fix potential use-after-free in xmlParseCharDataInternal Return immediately if a SAX handler stops the parser. Fixes #569.

88447447

2023-06-23T23:04:30

parser: Fix typo in previous commit

9d0541dd

2023-06-22T18:06:53

parser: Make xmlSwitchEncoding always skip the BOM Chromium calls xmlSwitchEncoding from the start document handler and relies on this function to skip the BOM. Commit 98840d40 changed the behavior when switching to UTF-16 since inspecting the input buffer at this point is fragile. Revert part of the commit to also skip a potential (decoded UTF-8) BOM when switching to UTF-16. Make sure that we do this only at the start of an input stream to avoid U-FEFF characters being lost. BOM handling should ultimately be moved to the parsing code to avoid such bugs. See https://bugs.chromium.org/p/chromium/issues/detail?id=1451026

2473b485

2023-06-21T14:15:02

autotools: fix Python module file ext for cygwin/msys2 both use .dll, not .pyd

5f54bac9

2023-06-10T10:50:02

testapi: test_xmlSAXDefaultVersion() leaves xmlSAX2DefaultVersionValue set to 1 with LIBXML_SAX1_ENABLED Add code to save and to restore the default value of xmlSAX2DefaultVersionValue. Fixes #554.

b236b7a5

2023-06-08T21:53:05

parser: Halt parser when growing buffer results in OOM Fix short-lived regression from previous commit. It might be safer to make xmlBufSetInputBaseCur use the original buffer even in case of errors. Found by OSS-Fuzz.

20f5c734

2023-06-07T14:05:34

parser: Recover more input from encoding errors Don't halt the parser in xmlParserGrow to allow more input to be recovered in case of encoding errors. Fixes #543.

db21cd5d

2023-06-06T14:25:30

malloc-fail: Handle malloc failures in xmlAddEncodingAlias Avoid memory errors if an allocation fails. See #344. Fixes #553.

305a75cc

2023-06-06T13:15:46

malloc-fail: Fix null-deref with xmllint --copy See #344. Fixes #552.

6273df6c

2023-05-30T12:30:27

xpath: Ignore entity ref nodes when computing node hash XPath queries only work reliably if entities are substituted. Nevertheless, it's possible to query a document with entity reference nodes. xmllint even deletes entities when the `--dropdtd` option is passed, resulting in dangling pointers, so it's best to skip entity reference nodes to avoid a use-after-free. Fixes #550.

e2f21c22

2023-05-25T13:01:48

win32: Deprecate old Windows build system

1e8ab697

2023-05-25T03:03:33

gitlab-ci: Lower _XOPEN_SOURCE value

cb8ccb10

2023-05-25T03:07:57

testapi: Don't set http_proxy environment variable We already disable network access, so this has no effect.

9fd57df8

2023-05-25T02:37:57

autotools: Improve iconv check Use a custom test program which includes iconv.h, so we can check whether the possibly redefined symbols in this header file match the symbols in the iconv library. Should fix #547.

c3c6cc62

2023-05-24T20:08:33

runtest: Fix compilation without LIBXML_HTML_ENABLED Fixes #545.

981093ab

2023-05-18T19:23:58

test: Add push parser tests for split UTF-8 sequences

e0f3016f

2023-05-18T17:31:44

parser: Fix regression when push parsing UTF-8 sequences Partial UTF-8 sequences are allowed when push parsing. Fixes #542.

687a2b71

2023-05-08T17:05:13

xinclude: Lower initial table size when fuzzing We don't have test cases with many documents, so set the initial table size to 1 when fuzzing, so there is a chance to detect reallocation issues.

c40cbf07

2023-05-08T17:03:00

malloc-fail: Fix null deref after xmlXIncludeNewRef See #344.

105ce73d

2023-05-08T16:45:28

xinclude: Fix false positives in inclusion loop detection xmlXIncludeRecurseDoc can realloc the cache.

bdb5667a

2023-05-10T18:13:47

autotools: Fix ICU detection Fixes #540.

9dae389c

2023-05-09T13:28:06

parser: Fix "huge input lookup" error with push parser Fix parsing of larger documents without XML_PARSE_HUGE. Should fix #538.

b8961df6

2023-05-09T03:25:24

SAX: Always validate xml:ids The behavior shouldn't depend on mostly random configuration options.

f24ffddb

2023-05-08T23:33:04

Stop using sprintf Switch remaining users to snprintf.

01723fc6

2023-05-08T23:12:33

xpath: Fix build without LIBXML_XPATH_ENABLED Move static function declaration into XPATH block. Also move comparison functions. Fixes #537.

235b15a5

2023-05-08T17:58:02

SAX: Always initialize SAX1 element handlers Follow-up to commit d0c3f01e. A parser context will be initialized to SAX version 2, but this can be overridden with XML_PARSE_SAX1 later, so we must initialize the SAX1 element handlers as well. Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so we don't switch to SAX1 if the SAX2 element handlers are NULL.

34630630

2023-05-05T17:34:57

autoconf: fix iconv library paths and pass cflags when building executables See 0f77167f for prior related work

d0c3f01e

2023-05-06T17:47:37

parser: Fix old SAX1 parser with custom callbacks For some reason, xmlCtxtUseOptionsInternal set the start and end element SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1 was specified. This means that custom SAX handlers could never work with that flag because these functions would receive the wrong user data argument and crash immediately. Fixes #535.

06a2c251

2023-05-06T15:28:13

hash: Fix possible startup crash with old libxslt versions Call xmlInitParser in xmlHashCreate to make it work if the library wasn't initialized yet. Otherwise, exsltRegisterAll from libxslt 1.1.24 or older might cause a crash. See #534.

a800b7e0

2023-05-04T12:47:00

regexp: Fix null deref in xmlFAFinishReduceEpsilonTransitions Short-lived regression found by OSS-Fuzz.

8d5e33ef

2023-05-03T20:42:10

Fix compiler warning on GCC < 8 -Wcast-function-type is only available since GCC 8.

d6882f64

2023-05-03T18:33:20

threads: Fix startup crash with weak symbol hack Fix another issue when running with older libc, threads and libpthread not linked in.

7f3f3f11

2023-05-03T03:20:14

dict: Raise MAX_DICT_HASH limit This fixes quadratic behavior with large dictionaries. Also rework testdict.c to support tests with larger dictionaries.

11a95279

2023-05-02T13:32:24

win32: Don't depend on removed .def file Fixes broken build after 21cec82b. Fixes #532.

c613ab14

2023-05-02T00:32:50

regexp: Fix mistake in previous commit The `ret = 0` line should have been deleted. Fixes #531.

a06eaa61

2023-03-09T06:58:24

regexp: Fix determinism checks Swap arguments in initial call to xmlFARecurseDeterminism. Fix the check whether we revisit the initial state in xmlFARecurseDeterminism. If there are transitions with equal atoms and targets but different counters, treat the regex as deterministic but mark the transitions as non-deterministic internally. Don't overwrite zero return value of xmlFAComputesDeterminism with non-zero value from xmlFARecurseDeterminism. Most of these errors lead to non-deterministic regexes not being detected which typically isn't an issue. The improved code may break users who relied on buggy behavior or cause other bugs to become visible. Fixes #469.

e301865e

2023-03-09T05:34:38

regexp: Fix checks for eliminated transitions 'to' can be set to -1 or -2 when eliminating transitions, so check for all negative values.

90759c59

2023-03-09T16:34:11

regexp: Simplify xmlFAReduceEpsilonTransitions

9f7b1142

2023-03-09T05:25:09

regexp: Fix cycle check in xmlFAReduceEpsilonTransitions The visited flag must only be reset after the first call to xmlFAReduceEpsilonTransitions has finished. Visiting states multiple times could lead to unnecessary processing of duplicate transitions. Similar to 68eadabd.

4f49017e

2023-04-30T21:26:55

tests: Test streaming schema validation

d88763cc

2023-04-30T21:26:03

schemas: Fix filename in xmlSchemaValidateFile Make sure that filename appears in error messages.

165f3436

2023-04-30T21:24:50

schemas: Fix line numbers in streaming validation

57d88da6

2023-04-30T21:30:21

schemas: Fix memory leak in xmlSchemaValidateStream Regressed in 9a82b94a. Fixes #530.

0ffc2d82

2023-04-30T20:28:47

runtest: Skip element name in schema error messages This makes sure that memory and streaming tests will report the same messages.

550eaac6

2023-04-30T19:40:43

writer: Add error check in xmlTextWriterEndDocument

2f12e3a9

2023-04-30T18:46:05

encoding: Stop calling xmlEncodingErr This invokes the global error handler which should be avoided.

b230861d

2023-04-30T18:38:16

xmlIO: Remove some calls to xmlIOErr The xmlIOErr functions use the global error handler and should be avoided if possible.

320f5084

2023-04-30T18:25:09

parser: Improve handling of encoding and IO errors Make sure that xmlCharEncInput, xmlParserInputBufferPush and xmlParserInputBufferGrow set the correct error code in the xmlParserInputBuffer. Handle errors when calling these functions.

fc69cf56

2023-04-30T17:51:29

parser: Move xmlFatalErr to parserInternals.c

3ff6abbf

2023-02-22T17:11:20

encoding: Rework error codes Use an enum instead of magic numbers. Fix a few error codes. Simplify handling of "space" and "partial" errors. See #506.

b463b38b

2023-04-30T16:19:28

.gitignore: Split up and rearrange .gitignore files

0260de55

2023-04-30T16:00:44

.gitignore: Add runsuite.log

886bf4e6

2023-04-30T15:35:47

Stop calling xmlMemoryDump This was used to check for memory leaks but could potentially create a .memdump file. These days, there are better ways to check for memory leaks.

fc119e32

2023-04-30T15:28:12

examples: Don't call xmlCleanupParser and xmlMemoryDump xmlCleanupParser is dangerous and shouldn't be called in most cases. Being part of the examples led many people to use it incorrectly. xmlMemoryDump is an obsolete way to test for memory leaks.

3da09318

2023-04-30T13:16:12

libxml.m4: Fix "possibly undefined macro" error See #527.

fdc9cfaa

2023-04-30T13:02:31

cmake: Fix va_copy detection va_copy is defined by the standard as a macro, so check_function_exists will not detect it; check_symbol_exists will. Fixes #528.

fa993130

2023-04-30T12:57:09

xpath: Remove remaining references to valueFrame Fixes #529.

a5bc4605

2023-04-29T20:43:54

cmake: Link with --undefined-version

a8fe4900

2023-04-29T20:17:38

autoconf: Only use --undefined-version with version scripts

85d4aba4

2023-04-29T19:48:50

libxml.m4: Fix quoting Should fix #527.

d8f6e760

2023-04-29T19:12:23

Link with --undefined-version lld 16 defaults to --no-undefined-version but the version script can contain symbols disabled by configuration options. See #473.

131c2dec

2023-04-29T18:57:50

libxml2.syms: Revert removal of version information Removing version information caused problems when relinking with shared libraries depending on libxml2. It also broke the ABI on Android. Revert libxml2.syms to the 2.10.0 version. Fixes #526.

8979d739

2023-04-28T20:22:05

Clean up .gitignore Remove stuff which probably shouldn't be ignored.

e07f765f

2023-04-28T14:51:06

Bump version to 2.12.0

f296934a

2023-04-26T22:11:09

Release v2.11.0

6e12409b

2023-04-26T21:21:31

Regenerate docs and testapi.c

2df2562e

2023-04-26T21:17:21

autoconf: Add AC_LANG_SOURCE to fix warning

107e00a5

2023-04-26T20:36:33

libxml2.syms: Remove LIBXML2_2.11.0 version node This was never part of a public release and can be removed after commit bbb2b8f1.

3ffcc03b

2023-03-13T19:38:41

parser: Deprecate more internal functions

b51b99ef

2023-04-21T02:56:10

testchar: Fix return value in testUserEncoding

db32b09d

2023-04-20T16:22:11

xmllint: Validate --maxmem integer option Fixes #520.

250faf3c

2023-04-20T12:35:21

parser: Fix regression in xmlParserNodeInfo accounting Commit 62150ed2 broke begin_pos and begin_line when extra node info was recorded. Fixes #523.

eca1116b

2023-04-20T13:52:16

testchar: Add test for memory pull parser with encoding

9282b084

2023-04-19T21:55:24

parser: Fix regression in memory pull parser with encoding Revert another change from commit 98840d40. Decode the whole buffer when reading from memory and switching to the initial encoding. Add some comments about potential improvements.

1db3567c

2023-04-19T12:19:36

autoconf: Warn about outdated C compilers

33fb297b

2023-04-15T16:53:00

encoding: Fix compiler warning in ICU build

86105c04

2023-04-15T18:04:03

Fix use-after-free in xmlParseContentInternal() * parser.c: (xmlParseCharData): - Check if the parser has stopped before advancing `ctxt->input->cur`. This only occurs if a custom SAX error handler calls xmlStopParser() on fatal errors. Fixes #518.

a19fa11e

2023-04-13T15:11:47

parser: Fix regression when switching input encodings Revert some changes from commit 98840d40. WebKit/Chromium can actually switch from ISO-8859-1 to UTF-16 in the middle of parsing. This is a bad idea, but we have to keep supporting this use case.

b4d46cee

2023-04-12T15:10:01

parser: Remove first line handling in xmlParseChunk After reworking EBCDIC detection, this isn't necessary.

921796b0

2023-04-12T13:43:28

parser: Don't grow push parser buffers This should fix a short-lived regression when push parsing with encodings.

547edbf1

2023-04-07T11:49:27

[CVE-2023-29469] Hashing of empty dict strings isn't deterministic When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results. This could lead to various logic or memory errors, including double frees. For consistency the seed is also taken into account, but this shouldn't have an impact on security. Found by OSS-Fuzz. Fixes #510.

e4f85f1b

2023-04-07T11:46:35

[CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType Fix a null pointer dereference when parsing (invalid) XML schemas. Thanks to Robby Simpson for the report! Fixes #491.

cb1b8b85

2023-04-10T13:06:18

xmlValidatePopElement() can return invalid value (-1) Covered by: test/VC/ElementValid5 This only affects XML Reader API with LIBXML_REGEXP_ENABLED and LIBXML_VALID_ENABLED turned on. * result/VC/ElementValid5.rdr: - Update result to add missing error message. * python/tests/reader2.py: * result/VC/ElementValid6.rdr: * result/VC/ElementValid7.rdr: * result/valid/781333.xml.err.rdr: - Update result to fix grammar issue. * valid.c: (xmlValidatePopElement): - Check return value of xmlRegExecPushString() to handle -1, and assign 'ret = 0;' to return 0 from xmlValidatePopElement(). This change affects xmlTextReaderValidatePop() from xmlreader.c. - Fix grammar of error message by changing 'child' to 'children'.

d7d0bc65

2023-03-31T16:47:48

SAX2: Ignore namespaces in HTML documents In commit 21ca8829, we started to ignore namespaces in HTML element names but we still called xmlSplitQName, effectively stripping the namespace prefix. This would cause elements like <o:p> being parsed as <p>. Now we leave the name untouched. Fixes #508.

0e42adce

2023-03-30T13:53:24

parser: Halt parser if switching encodings fails Avoids buffer overread in htmlParseHTMLAttribute. Found by OSS-Fuzz.

1061537e

2023-03-26T22:40:54

malloc-fail: Fix buffer overread with HTML doctype declarations Found by OSS-Fuzz, see #344.

a6b9e55a

2023-03-26T15:42:02

encoding: Fix error code in asciiToUTF8 Use correct error code when invalid ASCII bytes are encountered. Found by OSS-Fuzz.

36602292

2023-03-26T14:11:31

parser: Fix buffer overread in xmlDetectEBCDIC Short-lived regression found by OSS-Fuzz.

7fbd454d

2023-03-21T13:26:36

parser: Grow input buffer earlier when reading characters Make more bytes available after invoking CUR_CHAR or NEXT.

98840d40

2023-03-21T19:07:12

parser: Rework EBCDIC code page detection To detect EBCDIC code pages, we used to switch the encoding twice and had to be very careful not to decode data after the XML declaration before the second switch. This relied on a hard-coded expected size of the XML declaration and was complicated and unreliable. Now we convert the first 200 bytes to EBCDIC-US and parse the encoding declaration manually.

3eb9f5ca

2023-03-21T13:19:31

parser: Limit name length in xmlParseEncName

04d1bedd

2023-03-21T13:08:44

parser: Rework shrinking of input buffers Don't try to grow the input buffer in xmlParserShrink. This makes sure that no memory allocations are made and the function always succeeds. Remove unnecessary invocations of SHRINK. Invoke SHRINK at the end of DTD parsing loops. Shrink before growing.

44ecefc8

2023-03-20T15:52:38

malloc-fail: Fix buffer overread after htmlParseScript Found by OSS-Fuzz, see #344.

b1319c90

2023-03-18T16:34:01

malloc-fail: Check for malloc failures when creating XPath strings Prevent null derefs. Found by OSS-Fuzz, see #344.

067986fa

2023-03-18T14:44:28

parser: Fix regressions from previous commits - Fix memory leak in xmlParseNmtoken. - Fix buffer overread after htmlParseCharDataInternal.

9ef2a9ab

2023-03-17T14:06:28

html: Rely on CUR_CHAR to grow the input buffer - Remove useless invocations of GROW. - Add some error checks. - Fix invocations of SHRINK.

3e85d7b7

2023-03-17T13:15:35

parser: Rely on CUR_CHAR/NEXT to grow the input buffer The input buffer is now grown reliably when calling CUR_CHAR (xmlCurrentChar) or NEXT (xmlNextChar). This allows to remove many other invocations of GROW.

kc3-lang/libxml2

Log