kmx git

Commit	Date	Message
43b511fa	2023-11-26T14:31:39	parser: Make CRLF increment line number Partial revert of cb927e85 fixing CRLFs not incrementing the line number. This requires to rework xmlParseQNameHashed. The original implementation prompted the change to xmlCurrentChar which really shouldn't modify the 'cur' pointer as side effect. But the NEXTL macro relies on this behavior. Ultimately, we should reintroduce the change to xmlCurrentChar and fix the NEXTL macro. This will lead to single CRs incrementing the line number as well which seems more consistent. Fixes #628.
455c61d6	2023-11-23T15:59:41	Remove VMS support This was last updated 10 years ago and is most likely broken.
7d6969d9	2023-11-23T15:48:52	Remove Trio Trio is a rather old cross-platform printf library which was bundled with libxml2. It was needed for ancient pre-C99 systems without snprintf and should be safe to remove these days.
f5d4d33b	2023-11-23T15:25:54	tests: Regenerate testapi.c
e42faa6d	2023-11-23T15:25:04	tests: Remove special handling of const pointers in gentest.py
ff6c3188	2023-11-23T15:22:59	include: Remove useless 'const' from function arguments
a3971573	2023-11-22T08:25:27	Don't let gentest.py cast types to 'const somethingPtr' to avoid -Wignored-qualifiers
873c1711	2023-11-22T08:23:00	Avoid EDG -Wignored-qualifiers warnings on wrong 'const ' to ' const' conversions
6bc86405	2023-11-09T02:04:15	Avoid EDG deprecation warnings for LCC compiler
c1e9f761	2023-11-09T01:44:09	Avoid EDG -Woverflow warnings on truncating conversions by manually truncating operand
595c19a5	2023-11-08T23:59:56	Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by conversion from unsigned int to int
f8394adf	2023-11-08T23:52:27	Avoid using no_sanitize attribute on EDG even if compiler shows as GCC
19b9c59b	2023-11-22T08:25:56	Regenerate testapi.c
f3c24112	2023-11-22T02:00:00	autotools: Stop checking for snprintf This works around a bug when cross-compiling to 32-bit MinGW: https://sourceforge.net/p/mingw-w64/bugs/935/ This means that we don't fall back to the bundled Trio library if snprintf couldn't be detected. Trio support is completely untested, most likely broken and will be removed soon. Fixes #625.
a2b5c90a	2023-11-21T14:35:54	hash: Fix deletion of entries during scan Functions like xmlCleanSpecialAttr scan a hash table and possibly delete entries in the callback. xmlHashScanFull must detect such deletions and rescan the entry. This regressed when rewriting the hash table code in 4a513d56. Fixes #626.
aca37d8c	2023-11-20T15:20:37	parser: Only enable SAX2 if there are SAX2 element handlers This reverts part of commit 235b15a5 for backward compatibility and adds some comments trying to clarify the whole mess. Fixes #623.
272cb223	2023-11-20T14:22:18	dict: Fix '__thread' before 'static' When used with extern or static, __thread must appear immediately after the other storage class specifier. Fixes #621.
62d318f8	2023-11-18T14:21:45	fix: more pthread weak references in globals.c
1ac88300	2023-11-18T12:21:38	fix: pthread weak references in globals.c Linking executables will fail on systems with glibc < 2.34 without declaring these symbols as weak references. In commit c19771c1f13de9196f98260d142d8c8672eb5733 these references were moved to globals.c from threads.c, but the `#pragma weak` declarations were lost in the process. Also removing unneeded weak declarations from threads.c.
f92ea2cc	2023-11-18T14:36:41	tests: Fix build with older MSVC Regressed in 9b5cce7a. Fixes #620.
3669316a	2023-11-16T13:34:03	Bump version
5e9b167d	2023-11-16T13:20:16	Release v2.12.0
529df196	2023-11-15T12:10:25	parser: Don't overwrite error state in xmlParseTextDecl Fixes a null deref in xmlLoadEntityContent found by OSS-Fuzz.
da703eaa	2023-11-05T02:03:05	schemas: Fix reallocation in xmlSchemaXPathProcessHistory See #614.
70cc45b8	2023-11-05T00:49:40	parser: Improve attribute hash table There's no need to grow the hash table dynamically. The size is known which simplifies the implementation.
58598494	2023-11-04T23:47:33	parser: Fix combination of hash values This bug resulted in a stuck bit in hash values which can have a severe performance impact.
a31e1b06	2023-11-04T20:21:54	SAX2: Fix quadratic behavior in xmlSAX2AttributeNs The last missing piece to make parsing of attributes O(n).
a40c32ac	2023-11-04T19:07:37	doc: Regenerate documentation
c6820894	2023-11-04T19:06:04	tests: Regenerate testapi.c
a7b03795	2023-11-04T19:04:23	doc: Minor fixes for apibuild.py
56944c51	2023-11-04T18:54:21	python: Make sure to distribute new files Add pyproject.toml and tests/setup_test.py to Makefile.am.
7a2d412f	2023-10-31T20:15:38	parser: Copy default namespace in xmlParseBalancedChunkMemory
e0c2f14d	2023-10-31T13:53:15	parser: Copy namespaces in xmlParseBalancedChunkMemory Reenable copying of namespaces but don't set SAX data. This should match the old behavior.
89d19534	2023-10-28T03:04:59	encoding: Fix decoding of large chunks After 95e81a36, we must support XML_ENC_ERR_SPACE when using built-in encoding handlers. Should fix #610.
0c18af83	2023-10-24T15:37:36	Update NEWS
61034116	2023-10-24T15:02:36	error: Make more xmlError structs constant Prepare for future changes, see 45470611.
6f78efb0	2023-10-23T10:16:34	python: Make it compatible with python3.12 Python 3.12 removes distutils so it's mandatory to use setuptools with python >= 3.12. This patch prints a message when trying to run the setup.py script with a python >= 3.12 without setuptools and try to use the setuptools import by default. This patch also creates a new file, pyproject.toml [1], to prepare for building in modern systems. [1] https://peps.python.org/pep-0517/
5221fcd4	2023-10-22T16:32:08	tests: Also test xmlNextChar in testchar.c
02856674	2023-10-22T15:56:46	parser: Remove redundant IS_CHAR check in xmlCurrentChar
c082ef46	2023-08-09T16:59:36	parser: Stop switching to ISO-8859-1 on encoding errors Use U+FFFD Replacement Character if invalid UTF-8 is encountered in recovery mode. Also rewrite xmlNextChar and xmlCurrentChar. Fixes #598.
a9ada183	2023-10-22T13:56:55	tests: Start with testparser.c for extra tests Several issues require customized tests. Start with a test that push parses large documents. See #539.
572ecc17	2023-10-22T13:59:55	parser: Fix buffer shrinking when push parsing Short-lived regression from b76d81da.
253f260b	2023-10-18T20:06:35	threads: Fix --with-thread-alloc Fixes #606.
4f132bcd	2023-10-14T22:49:29	fuzz: Raise rss_limit_mb
c13a0191	2023-10-14T22:48:12	fuzz: Test xmlTextReaderRead after EOF or failure
e019d97f	2023-10-14T22:47:20	fuzz: Test XML_PARSE_XINCLUDE \| XML_PARSE_VALID
86ef190e	2023-10-14T22:43:25	parser: Fix stack handling in xmlParseTryOrFinish After commit e0dd330b, this latent bug could cause use-after-free errors in rare circumstances like using the reader API with recovery and XIncludes.
7dfcea03	2023-10-11T14:19:04	dict: Fix integer overflow in xmlDictAddString Short-lived regression. Older versions didn't check for integer overflow, but limited name length to INT_MAX / 2. Reintroduce this limit. Found by OSS-Fuzz.
fef12ed8	2023-10-11T13:32:54	buf: Also reset input in error case Avoid dangling pointers if memory allocation failed. This could cause a use-after-free after recent changes. Found by OSS-Fuzz.
514ab399	2023-10-11T13:25:49	parser: Don't overwrite error state in xmlParseTextDecl If a memory allocation fails, this could cause a null deref after recent changes. Found by OSS-Fuzz.
821a0370	2023-10-09T15:20:00	parser: Fix memory leak in xmlLoadEntityContent Found by OSS-Fuzz.
4fc5340e	2023-10-08T14:17:46	parser: Also grow comment buffer if SAX is disabled Fix short-lived regression from 8afd321a, found by OSS-Fuzz.
36374bc9	2023-10-08T14:08:44	parser: Fix error handling in xmlLoadEntityContent Backup more members of context struct. Fix small accounting error.
b76d81da	2023-10-06T11:50:29	parser: Fix regression when push parsing parameter entities Short-lived regression from 834b8123. Also shrink parameter entity buffers when push parsing.
134d2ad8	2023-10-06T00:31:44	parser: Protect against quadratic default attribute expansion
7615fae6	2023-10-05T23:52:55	parser: Make XML_PARSE_NSCLEAN option work again
0ba22c05	2023-10-05T22:05:04	parser: Support encoded external PEs in entity values Corner case which was never supported.
8afd321a	2023-10-05T22:02:56	parser: Missing checks for disableSAX
6337a14a	2023-10-06T10:44:38	tests: Handle entities in SAX tests
713ded60	2023-10-06T10:43:38	entities: Make xmlFreeEntity public
97e99f41	2023-10-05T17:11:24	parser: Acknowledge that entities with namespaces are broken Entities which reference out-of-scope namespace have always been broken. xmlParseBalancedChunkMemoryInternal tried to reuse the namespaces currently in scope but these namespaces were ignored by the SAX handler. Besides, there could be different namespaces in scope when expanding the entity again. For example: <!DOCTYPE doc [ <!ENTITY ent "<ns:elem/>"> ]> <doc> <decl1 xmlns:ns="urn:ns1"> &ent; </decl1> <decl2 xmlns:ns="urn:ns2"> &ent; </decl2> </doc> Add some comments outlining possible solutions to this problem. For now, we stop copying namespaces to the temporary parser context in xmlParseBalancedChunkMemoryInternal. This has never really worked and the recent changes contained a partial fix which uncovered other problems like a use-after-free with the XML Reader interface, found by OSS-Fuzz.
b8e03e13	2023-10-02T15:07:55	examples: Don't use sprintf Avoids warnings on macOS.
1734d27d	2023-10-02T15:04:18	encoding: Suppress -Wcast-align warnings
71aae4e9	2023-10-02T14:42:51	dict: Compare strings with strncmp Using memcmp can result in OOB reads. Short-lived regression found by OSS-Fuzz.
eb69c1d3	2023-10-02T12:16:05	parser: Fix initialization of namespace data Move initialization to xmlInitSAXParserCtxt. Also add missing XML_HIDDEN to xmlParserNsFree. Fixes #597.
fc496793	2023-10-02T12:05:36	parser: Fix error handling in xmlParseQNameHashed Short-lived regression found by OSS-Fuzz.
6dd87f5e	2023-09-30T17:11:25	malloc-fail: Fix memory leak in xmlParseBalancedChunkMemoryInternal Short-lived regression found by OSS-Fuzz.
f0a703da	2023-09-30T17:05:47	dict: Fix null-deref with empty subdict Short lived regression found by OSS-Fuzz.
61e29b69	2023-09-30T17:02:46	malloc-fail: Grow hash tables before making allocations Fix short-lived memory leak found by OSS-Fuzz.
80a0580f	2023-09-30T15:47:46	xinclude: Expand comment about fuzz timeouts
fa481873	2023-09-30T14:45:53	fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer There a no plans to fix quadratic behavior in the legacy SAX1 interface.
5c150acc	2023-09-29T16:07:45	doc: Add notes about runtest to MAINTAINERS.md
06e2f3a4	2023-09-29T13:18:34	legacy: Add private declarations for stubs Required after 8c084ebd.
0533daf5	2023-09-29T02:45:20	encoding: Fix infinite loop in xmlCharEncInput Short-lived regression from 95e81a36.
e0dd330b	2023-09-29T00:18:44	parser: Use hash tables to avoid quadratic behavior Use a hash table to lookup namespaces by prefix. The hash table stores an index into the namespace table. Auxiliary data for namespaces is stored in a separate array along the main namespace table. Use a hash table to verify attribute uniqueness. The hash table stores an index into the attribute table. Reuse hash value from the dictionary to avoid computing them twice. See #346.
e48f3d8e	2023-09-27T16:47:37	tests: Add more tests for redefined attributes
a873191c	2023-09-25T14:51:35	parser: Introduce xmlParseQNameHashed
cb927e85	2023-09-25T14:35:43	parser: Don't skip CR in xmlCurrentChar Skip over carriage returns later in xmlNextChar.
19161bab	2023-09-25T14:00:48	dict: Internal API to look up hash values
d147f564	2023-09-11T05:37:55	dict: Rewrite dictionary hash table code Rewrite the dictionary hash table to use open addressing with Robin Hood probing. See previous commit.
4a513d56	2023-09-16T19:12:25	hash: Rewrite hash table code This is a complete rewrite of the code in hash.c Move from a chained hash table implementation to open addressing with Robin Hood probing. This allows to increase the maximum fill factor and further reduce the growth factor, saving considerable amounts of memory without sacrificing performance. To make this work, hash values are now cached in the table entry also avoiding many key comparisons. Tables are created lazily with a smaller minimum size. Insertion functions now report an error if growing the table resulted in a memory allocation failure. Some string comparisons were optimized to call directly into libc instead of using the xmlstring API. The length of inserted keys is computed along with the hash improving allocation performance. Bounds checking was made more robust. In dictionary-based mode, unneeded interning of strings is avoided.
4f221a77	2023-09-12T19:08:07	hash: Add hash table tests Make sure to properly test removal from hash tables.
1425d8f6	2023-09-16T19:08:10	dict: Separate RNG code
42a0bc6d	2023-09-16T19:45:30	tests: Add ATTRIBUTE_NO_SANITIZE_INTEGER macro
845bd99f	2023-09-25T00:19:28	string: Fix UTF-8 validation in xmlGetUTF8Char
3e7673bc	2023-09-23T17:31:55	malloc-fail: Report malloc failure in xmlFARegExec
b31813e6	2023-09-28T15:34:08	include: Add more missing stdio.h includes
b8961a75	2023-09-27T17:22:17	parser: Fix reinitialization
c7ff438b	2023-09-10T13:00:31	cmake: Only use pkg-config for .pc files, not for building binaries Using `pkg_check_modules(FOO IMPORTED_TARGET foo)` with `target_link_libraries()` leads to `INTERFACE_LINK_LIBRARIES` in the resulting export file having `\$<LINK_ONLY:PkgConfig::FOO>` rather than the currently expected `\$<LINK_ONLY:FOO::FOO>`, leading to breakage. This can be worked around like so: target_link_libraries(UseFoo PUBLIC "$<BUILD_INTERFACE:PkgConfig::FOO>" INTERFACE "$<INSTALL_INTERFACE:FOO::FOO>" ) However, following some discussion, it is preferable to primarily use find modules as before and only use `pkg_check_modules` for correctly populating the .pc file. Also move `find_package()` calls earlier so that builds fail faster when dependencies are missing.
9d534522	2023-09-10T13:50:18	cmake: Check whether static linking dependencies found in config files If they were required when building libxml2 then they will also be required when statically linking against it. Failing to find them will just lead to undefined references later so detect this early.
8617d8aa	2023-09-10T13:07:49	cmake: Find threads dep early as it may be needed for later checks
b7d56ef7	2023-09-22T17:03:56	malloc-fail: Report malloc failure in xmlRegEpxFromParse Also check whether malloc failures are reported when fuzzing.
d94f0b0b	2023-09-22T15:46:11	doc: Update MAINTAINERS and NEWS
84e1ffc8	2023-09-22T15:44:17	doc: Don't document internal macros in xmlversion.h
b9db3d7d	2023-09-22T15:45:20	parser: Simplify xmlStringCurrentChar Start to move away from using this function.
f98fa863	2023-09-22T15:25:40	regexp: Fix status codes and handle invalid UTF-8 Fixes #561.
b94283fb	2023-09-22T14:23:27	regexp: Add missing include
bc4e82ff	2023-09-22T13:37:28	globals: Don't use thread-local storage on Darwin It seems that thread-local storage destructors are run before pthread thread-specific data destructors on Darwin, defeating our scheme to use TSD to clean up TLS. Here's an example program that reports a use-after-free when compiled with `-fsanitize=address` on macOS: #include <pthread.h> typedef struct { int v; } my_struct; static _Thread_local my_struct tls; pthread_key_t key; void dtor(void tsd) { my_struct s = (my_struct ) tsd; / * This will crash ASan, apparently because * TLS has already been freed. / s->v = 1; } void thread(void *p) { pthread_setspecific(key, &tls); return NULL; } int main(void) { pthread_key_create(&key, dtor); pthread_t handle; pthread_create(&handle, NULL, thread, NULL); pthread_join(handle, NULL); return 0; }
45470611	2023-09-21T23:52:52	error: Make xmlGetLastError return a const error This is a slight break of the API, but users really shouldn't modify the global error struct. The goal is to make xmlLastError use static buffers for its strings eventually. This should warn people if they're abusing the struct.
fc26934e	2023-09-21T23:29:18	memory: Fix memory debugging with Windows threads On Windows, malloc hooks can be called after the final call to xmlCleanupParser in various tests. This means that xmlMemMutex can still be accessed if memory debugging is enabled, so the mutex should not be cleaned. This also means that tests may report spurious memory leaks on Windows. The old implementation avoided the issue by keeping track of all global state objects in a doubly linked list, so they could be cleaned during xmlCleanupParser. But as far as I can tell all memory will be freed eventually, so this is mostly an issue with our test suite.

43b511fa

2023-11-26T14:31:39

parser: Make CRLF increment line number Partial revert of cb927e85 fixing CRLFs not incrementing the line number. This requires to rework xmlParseQNameHashed. The original implementation prompted the change to xmlCurrentChar which really shouldn't modify the 'cur' pointer as side effect. But the NEXTL macro relies on this behavior. Ultimately, we should reintroduce the change to xmlCurrentChar and fix the NEXTL macro. This will lead to single CRs incrementing the line number as well which seems more consistent. Fixes #628.

455c61d6

2023-11-23T15:59:41

Remove VMS support This was last updated 10 years ago and is most likely broken.

7d6969d9

2023-11-23T15:48:52

Remove Trio Trio is a rather old cross-platform printf library which was bundled with libxml2. It was needed for ancient pre-C99 systems without snprintf and should be safe to remove these days.

f5d4d33b

2023-11-23T15:25:54

tests: Regenerate testapi.c

e42faa6d

2023-11-23T15:25:04

tests: Remove special handling of const pointers in gentest.py

ff6c3188

2023-11-23T15:22:59

include: Remove useless 'const' from function arguments

a3971573

2023-11-22T08:25:27

Don't let gentest.py cast types to 'const somethingPtr' to avoid -Wignored-qualifiers

873c1711

2023-11-22T08:23:00

Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const' conversions

6bc86405

2023-11-09T02:04:15

Avoid EDG deprecation warnings for LCC compiler

c1e9f761

2023-11-09T01:44:09

Avoid EDG -Woverflow warnings on truncating conversions by manually truncating operand

595c19a5

2023-11-08T23:59:56

Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by conversion from unsigned int to int

f8394adf

2023-11-08T23:52:27

Avoid using no_sanitize attribute on EDG even if compiler shows as GCC

19b9c59b

2023-11-22T08:25:56

Regenerate testapi.c

f3c24112

2023-11-22T02:00:00

autotools: Stop checking for snprintf This works around a bug when cross-compiling to 32-bit MinGW: https://sourceforge.net/p/mingw-w64/bugs/935/ This means that we don't fall back to the bundled Trio library if snprintf couldn't be detected. Trio support is completely untested, most likely broken and will be removed soon. Fixes #625.

a2b5c90a

2023-11-21T14:35:54

hash: Fix deletion of entries during scan Functions like xmlCleanSpecialAttr scan a hash table and possibly delete entries in the callback. xmlHashScanFull must detect such deletions and rescan the entry. This regressed when rewriting the hash table code in 4a513d56. Fixes #626.

aca37d8c

2023-11-20T15:20:37

parser: Only enable SAX2 if there are SAX2 element handlers This reverts part of commit 235b15a5 for backward compatibility and adds some comments trying to clarify the whole mess. Fixes #623.

272cb223

2023-11-20T14:22:18

dict: Fix '__thread' before 'static' When used with extern or static, __thread must appear immediately after the other storage class specifier. Fixes #621.

62d318f8

2023-11-18T14:21:45

fix: more pthread weak references in globals.c

1ac88300

2023-11-18T12:21:38

fix: pthread weak references in globals.c Linking executables will fail on systems with glibc < 2.34 without declaring these symbols as weak references. In commit c19771c1f13de9196f98260d142d8c8672eb5733 these references were moved to globals.c from threads.c, but the `#pragma weak` declarations were lost in the process. Also removing unneeded weak declarations from threads.c.

f92ea2cc

2023-11-18T14:36:41

tests: Fix build with older MSVC Regressed in 9b5cce7a. Fixes #620.

3669316a

2023-11-16T13:34:03

Bump version

5e9b167d

2023-11-16T13:20:16

Release v2.12.0

529df196

2023-11-15T12:10:25

parser: Don't overwrite error state in xmlParseTextDecl Fixes a null deref in xmlLoadEntityContent found by OSS-Fuzz.

da703eaa

2023-11-05T02:03:05

schemas: Fix reallocation in xmlSchemaXPathProcessHistory See #614.

70cc45b8

2023-11-05T00:49:40

parser: Improve attribute hash table There's no need to grow the hash table dynamically. The size is known which simplifies the implementation.

58598494

2023-11-04T23:47:33

parser: Fix combination of hash values This bug resulted in a stuck bit in hash values which can have a severe performance impact.

a31e1b06

2023-11-04T20:21:54

SAX2: Fix quadratic behavior in xmlSAX2AttributeNs The last missing piece to make parsing of attributes O(n).

a40c32ac

2023-11-04T19:07:37

doc: Regenerate documentation

c6820894

2023-11-04T19:06:04

tests: Regenerate testapi.c

a7b03795

2023-11-04T19:04:23

doc: Minor fixes for apibuild.py

56944c51

2023-11-04T18:54:21

python: Make sure to distribute new files Add pyproject.toml and tests/setup_test.py to Makefile.am.

7a2d412f

2023-10-31T20:15:38

parser: Copy default namespace in xmlParseBalancedChunkMemory

e0c2f14d

2023-10-31T13:53:15

parser: Copy namespaces in xmlParseBalancedChunkMemory Reenable copying of namespaces but don't set SAX data. This should match the old behavior.

89d19534

2023-10-28T03:04:59

encoding: Fix decoding of large chunks After 95e81a36, we must support XML_ENC_ERR_SPACE when using built-in encoding handlers. Should fix #610.

0c18af83

2023-10-24T15:37:36

Update NEWS

61034116

2023-10-24T15:02:36

error: Make more xmlError structs constant Prepare for future changes, see 45470611.

6f78efb0

2023-10-23T10:16:34

python: Make it compatible with python3.12 Python 3.12 removes distutils so it's mandatory to use setuptools with python >= 3.12. This patch prints a message when trying to run the setup.py script with a python >= 3.12 without setuptools and try to use the setuptools import by default. This patch also creates a new file, pyproject.toml [1], to prepare for building in modern systems. [1] https://peps.python.org/pep-0517/

5221fcd4

2023-10-22T16:32:08

tests: Also test xmlNextChar in testchar.c

02856674

2023-10-22T15:56:46

parser: Remove redundant IS_CHAR check in xmlCurrentChar

c082ef46

2023-08-09T16:59:36

parser: Stop switching to ISO-8859-1 on encoding errors Use U+FFFD Replacement Character if invalid UTF-8 is encountered in recovery mode. Also rewrite xmlNextChar and xmlCurrentChar. Fixes #598.

a9ada183

2023-10-22T13:56:55

tests: Start with testparser.c for extra tests Several issues require customized tests. Start with a test that push parses large documents. See #539.

572ecc17

2023-10-22T13:59:55

parser: Fix buffer shrinking when push parsing Short-lived regression from b76d81da.

253f260b

2023-10-18T20:06:35

threads: Fix --with-thread-alloc Fixes #606.

4f132bcd

2023-10-14T22:49:29

fuzz: Raise rss_limit_mb

c13a0191

2023-10-14T22:48:12

fuzz: Test xmlTextReaderRead after EOF or failure

e019d97f

2023-10-14T22:47:20

fuzz: Test XML_PARSE_XINCLUDE | XML_PARSE_VALID

86ef190e

2023-10-14T22:43:25

parser: Fix stack handling in xmlParseTryOrFinish After commit e0dd330b, this latent bug could cause use-after-free errors in rare circumstances like using the reader API with recovery and XIncludes.

7dfcea03

2023-10-11T14:19:04

dict: Fix integer overflow in xmlDictAddString Short-lived regression. Older versions didn't check for integer overflow, but limited name length to INT_MAX / 2. Reintroduce this limit. Found by OSS-Fuzz.

fef12ed8

2023-10-11T13:32:54

buf: Also reset input in error case Avoid dangling pointers if memory allocation failed. This could cause a use-after-free after recent changes. Found by OSS-Fuzz.

514ab399

2023-10-11T13:25:49

parser: Don't overwrite error state in xmlParseTextDecl If a memory allocation fails, this could cause a null deref after recent changes. Found by OSS-Fuzz.

821a0370

2023-10-09T15:20:00

parser: Fix memory leak in xmlLoadEntityContent Found by OSS-Fuzz.

4fc5340e

2023-10-08T14:17:46

parser: Also grow comment buffer if SAX is disabled Fix short-lived regression from 8afd321a, found by OSS-Fuzz.

36374bc9

2023-10-08T14:08:44

parser: Fix error handling in xmlLoadEntityContent Backup more members of context struct. Fix small accounting error.

b76d81da

2023-10-06T11:50:29

parser: Fix regression when push parsing parameter entities Short-lived regression from 834b8123. Also shrink parameter entity buffers when push parsing.

134d2ad8

2023-10-06T00:31:44

parser: Protect against quadratic default attribute expansion

7615fae6

2023-10-05T23:52:55

parser: Make XML_PARSE_NSCLEAN option work again

0ba22c05

2023-10-05T22:05:04

parser: Support encoded external PEs in entity values Corner case which was never supported.

8afd321a

2023-10-05T22:02:56

parser: Missing checks for disableSAX

6337a14a

2023-10-06T10:44:38

tests: Handle entities in SAX tests

713ded60

2023-10-06T10:43:38

entities: Make xmlFreeEntity public

97e99f41

2023-10-05T17:11:24

parser: Acknowledge that entities with namespaces are broken Entities which reference out-of-scope namespace have always been broken. xmlParseBalancedChunkMemoryInternal tried to reuse the namespaces currently in scope but these namespaces were ignored by the SAX handler. Besides, there could be different namespaces in scope when expanding the entity again. For example: <!DOCTYPE doc [ <!ENTITY ent "<ns:elem/>"> ]> <doc> <decl1 xmlns:ns="urn:ns1"> &ent; </decl1> <decl2 xmlns:ns="urn:ns2"> &ent; </decl2> </doc> Add some comments outlining possible solutions to this problem. For now, we stop copying namespaces to the temporary parser context in xmlParseBalancedChunkMemoryInternal. This has never really worked and the recent changes contained a partial fix which uncovered other problems like a use-after-free with the XML Reader interface, found by OSS-Fuzz.

b8e03e13

2023-10-02T15:07:55

examples: Don't use sprintf Avoids warnings on macOS.

1734d27d

2023-10-02T15:04:18

encoding: Suppress -Wcast-align warnings

71aae4e9

2023-10-02T14:42:51

dict: Compare strings with strncmp Using memcmp can result in OOB reads. Short-lived regression found by OSS-Fuzz.

eb69c1d3

2023-10-02T12:16:05

parser: Fix initialization of namespace data Move initialization to xmlInitSAXParserCtxt. Also add missing XML_HIDDEN to xmlParserNsFree. Fixes #597.

fc496793

2023-10-02T12:05:36

parser: Fix error handling in xmlParseQNameHashed Short-lived regression found by OSS-Fuzz.

6dd87f5e

2023-09-30T17:11:25

malloc-fail: Fix memory leak in xmlParseBalancedChunkMemoryInternal Short-lived regression found by OSS-Fuzz.

f0a703da

2023-09-30T17:05:47

dict: Fix null-deref with empty subdict Short lived regression found by OSS-Fuzz.

61e29b69

2023-09-30T17:02:46

malloc-fail: Grow hash tables before making allocations Fix short-lived memory leak found by OSS-Fuzz.

80a0580f

2023-09-30T15:47:46

xinclude: Expand comment about fuzz timeouts

fa481873

2023-09-30T14:45:53

fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer There a no plans to fix quadratic behavior in the legacy SAX1 interface.

5c150acc

2023-09-29T16:07:45

doc: Add notes about runtest to MAINTAINERS.md

06e2f3a4

2023-09-29T13:18:34

legacy: Add private declarations for stubs Required after 8c084ebd.

0533daf5

2023-09-29T02:45:20

encoding: Fix infinite loop in xmlCharEncInput Short-lived regression from 95e81a36.

e0dd330b

2023-09-29T00:18:44

parser: Use hash tables to avoid quadratic behavior Use a hash table to lookup namespaces by prefix. The hash table stores an index into the namespace table. Auxiliary data for namespaces is stored in a separate array along the main namespace table. Use a hash table to verify attribute uniqueness. The hash table stores an index into the attribute table. Reuse hash value from the dictionary to avoid computing them twice. See #346.

e48f3d8e

2023-09-27T16:47:37

tests: Add more tests for redefined attributes

a873191c

2023-09-25T14:51:35

parser: Introduce xmlParseQNameHashed

cb927e85

2023-09-25T14:35:43

parser: Don't skip CR in xmlCurrentChar Skip over carriage returns later in xmlNextChar.

19161bab

2023-09-25T14:00:48

dict: Internal API to look up hash values

d147f564

2023-09-11T05:37:55

dict: Rewrite dictionary hash table code Rewrite the dictionary hash table to use open addressing with Robin Hood probing. See previous commit.

4a513d56

2023-09-16T19:12:25

hash: Rewrite hash table code This is a complete rewrite of the code in hash.c Move from a chained hash table implementation to open addressing with Robin Hood probing. This allows to increase the maximum fill factor and further reduce the growth factor, saving considerable amounts of memory without sacrificing performance. To make this work, hash values are now cached in the table entry also avoiding many key comparisons. Tables are created lazily with a smaller minimum size. Insertion functions now report an error if growing the table resulted in a memory allocation failure. Some string comparisons were optimized to call directly into libc instead of using the xmlstring API. The length of inserted keys is computed along with the hash improving allocation performance. Bounds checking was made more robust. In dictionary-based mode, unneeded interning of strings is avoided.

4f221a77

2023-09-12T19:08:07

hash: Add hash table tests Make sure to properly test removal from hash tables.

1425d8f6

2023-09-16T19:08:10

dict: Separate RNG code

42a0bc6d

2023-09-16T19:45:30

tests: Add ATTRIBUTE_NO_SANITIZE_INTEGER macro

845bd99f

2023-09-25T00:19:28

string: Fix UTF-8 validation in xmlGetUTF8Char

3e7673bc

2023-09-23T17:31:55

malloc-fail: Report malloc failure in xmlFARegExec

b31813e6

2023-09-28T15:34:08

include: Add more missing stdio.h includes

b8961a75

2023-09-27T17:22:17

parser: Fix reinitialization

c7ff438b

2023-09-10T13:00:31

cmake: Only use pkg-config for .pc files, not for building binaries Using `pkg_check_modules(FOO IMPORTED_TARGET foo)` with `target_link_libraries()` leads to `INTERFACE_LINK_LIBRARIES` in the resulting export file having `\$<LINK_ONLY:PkgConfig::FOO>` rather than the currently expected `\$<LINK_ONLY:FOO::FOO>`, leading to breakage. This can be worked around like so: target_link_libraries(UseFoo PUBLIC "$<BUILD_INTERFACE:PkgConfig::FOO>" INTERFACE "$<INSTALL_INTERFACE:FOO::FOO>" ) However, following some discussion, it is preferable to primarily use find modules as before and only use `pkg_check_modules` for correctly populating the .pc file. Also move `find_package()` calls earlier so that builds fail faster when dependencies are missing.

9d534522

2023-09-10T13:50:18

cmake: Check whether static linking dependencies found in config files If they were required when building libxml2 then they will also be required when statically linking against it. Failing to find them will just lead to undefined references later so detect this early.

8617d8aa

2023-09-10T13:07:49

cmake: Find threads dep early as it may be needed for later checks

b7d56ef7

2023-09-22T17:03:56

malloc-fail: Report malloc failure in xmlRegEpxFromParse Also check whether malloc failures are reported when fuzzing.

d94f0b0b

2023-09-22T15:46:11

doc: Update MAINTAINERS and NEWS

84e1ffc8

2023-09-22T15:44:17

doc: Don't document internal macros in xmlversion.h

b9db3d7d

2023-09-22T15:45:20

parser: Simplify xmlStringCurrentChar Start to move away from using this function.

f98fa863

2023-09-22T15:25:40

regexp: Fix status codes and handle invalid UTF-8 Fixes #561.

b94283fb

2023-09-22T14:23:27

regexp: Add missing include

bc4e82ff

2023-09-22T13:37:28

globals: Don't use thread-local storage on Darwin It seems that thread-local storage destructors are run before pthread thread-specific data destructors on Darwin, defeating our scheme to use TSD to clean up TLS. Here's an example program that reports a use-after-free when compiled with `-fsanitize=address` on macOS: #include <pthread.h> typedef struct { int v; } my_struct; static _Thread_local my_struct tls; pthread_key_t key; void dtor(void *tsd) { my_struct *s = (my_struct *) tsd; /* * This will crash ASan, apparently because * TLS has already been freed. */ s->v = 1; } void *thread(void *p) { pthread_setspecific(key, &tls); return NULL; } int main(void) { pthread_key_create(&key, dtor); pthread_t handle; pthread_create(&handle, NULL, thread, NULL); pthread_join(handle, NULL); return 0; }

45470611

2023-09-21T23:52:52

error: Make xmlGetLastError return a const error This is a slight break of the API, but users really shouldn't modify the global error struct. The goal is to make xmlLastError use static buffers for its strings eventually. This should warn people if they're abusing the struct.

fc26934e

2023-09-21T23:29:18

memory: Fix memory debugging with Windows threads On Windows, malloc hooks can be called after the final call to xmlCleanupParser in various tests. This means that xmlMemMutex can still be accessed if memory debugging is enabled, so the mutex should not be cleaned. This also means that tests may report spurious memory leaks on Windows. The old implementation avoided the issue by keeping track of all global state objects in a doubly linked list, so they could be cleaned during xmlCleanupParser. But as far as I can tell all memory will be freed eventually, so this is mostly an issue with our test suite.

kc3-lang/libxml2

Log