kmx git

Commit	Date	Message
44ecefc8	2023-03-20T15:52:38	malloc-fail: Fix buffer overread after htmlParseScript Found by OSS-Fuzz, see #344.
b1319c90	2023-03-18T16:34:01	malloc-fail: Check for malloc failures when creating XPath strings Prevent null derefs. Found by OSS-Fuzz, see #344.
067986fa	2023-03-18T14:44:28	parser: Fix regressions from previous commits - Fix memory leak in xmlParseNmtoken. - Fix buffer overread after htmlParseCharDataInternal.
9ef2a9ab	2023-03-17T14:06:28	html: Rely on CUR_CHAR to grow the input buffer - Remove useless invocations of GROW. - Add some error checks. - Fix invocations of SHRINK.
3e85d7b7	2023-03-17T13:15:35	parser: Rely on CUR_CHAR/NEXT to grow the input buffer The input buffer is now grown reliably when calling CUR_CHAR (xmlCurrentChar) or NEXT (xmlNextChar). This allows to remove many other invocations of GROW.
62f199ed	2023-03-17T12:40:46	malloc-fail: Add error check in htmlParseHTMLAttribute This function must return NULL is an error occurs. Found by OSS-Fuzz, see #344.
c81d0d04	2023-03-17T12:39:35	malloc-fail: Add more error checks when parsing names xmlParseName and similar functions must return NULL if an error occurs. Found by OSS-Fuzz, see #344.
8090e585	2023-03-17T12:27:07	malloc-fail: Fix buffer overread in htmlParseScript Found by OSS-Fuzz, see #344.
1a91392c	2023-03-16T17:48:57	parser: More fixes to xmlParserGrow xmlHaltParser must be called after reporting an error. Switch to xmlBufSetInputBaseCur.
08f9d319	2023-03-16T17:01:05	valid: Make xmlValidateElement non-recursive Fixes call stack overflows when validating deeply nested documents. Found by OSS-Fuzz.
ca2bfece	2023-03-15T16:18:11	malloc-fail: Fix buffer overread when reading from input Found by OSS-Fuzz, see #344.
4b3452d1	2023-03-15T16:56:36	html: Fix quadratic behavior in htmlParseTryOrFinish Fix check for end of script content. Found by OSS-Fuzz.
14c62e0d	2023-03-15T16:22:13	html: Use NEXTL in htmlParseHTMLAttribute This is more efficient than NEXT.
b167c731	2023-03-14T14:42:36	parser: Fix short-lived regression causing infinite loops Fix 3eb6bf03. We really have to halt the parser, so the input buffer gets reset.
1a6a9d68	2023-03-14T14:19:03	xzlib: Fix implicit sign change in xz_open
f8efa589	2023-03-14T13:55:06	malloc-fail: Handle malloc failures in xmlSchemaInitTypes Note that this changes the return value of public function xmlSchemaInitTypes from void to int. This shouldn't break the ABI on most platforms. Found when investigating #500.
64b76f81	2023-03-14T13:17:20	xmllint: Fix memory leak with --pattern --stream Fixes #499.
d7daf9fd	2023-03-14T13:02:36	xmllint: Fix use-after-free with --maxmem Fixes #498.
e7c3a4ca	2023-03-13T19:19:46	parser: Deprecate some parser input functions
2099441f	2023-03-13T17:51:13	parser: Stop calling xmlParserInputShrink Introduce xmlParserShrink which takes a parser context to simplify error handling.
48379394	2023-03-13T17:11:27	malloc-fail: Stop using XPath stack frames There's too much code which assumes that if ctxt->value is non-null, a value can be successfully popped off the stack. This assumption can break with stack frames when malloc fails. Instead of trying to fix all call sites, remove the stack frame logic. It only offered very little protection against misbehaving extension functions. We already check the stack size after a function call which should be enough. Found by OSS-Fuzz.
457fc622	2023-03-13T16:51:14	malloc-fail: Fix null deref in xmlParserInputShrink Found by OSS-Fuzz.
5f4ec41b	2023-03-12T19:47:07	fuzz: Add valid.options
cabde70f	2023-03-12T19:07:23	parser: Simplify calculation of available buffer space
b75976e0	2023-03-12T19:06:19	parser: Use size_t when subtracting input buffer pointers Avoid integer overflows.
9a6ca816	2023-03-12T19:03:11	parser: Check for integer overflow when updating checkIndex Unfortunately, checkIndex is a long, not a size_t. Check for integer overflow before updating the value.
bd63d730	2023-03-12T17:40:55	html: Impose some length limits Impose length limits on names, attribute values, PIs and comments, similar to the XML parser.
3eb6bf03	2023-03-12T16:47:15	parser: Stop calling xmlParserInputGrow Introduce xmlParserGrow which takes a parser context to simplify error handling.
f6fddb78	2023-03-12T16:20:31	fuzz: Also test init function of URI fuzzer
4eba9f9c	2023-03-12T16:15:54	fuzz: Separate fuzzer for DTD validation
a57a7549	2023-03-12T16:06:19	valid: Allow xmlFreeValidCtxt(NULL)
21cec82b	2023-03-10T17:25:44	win32: Remove broken libxml2.def.src Fixes #472.
8c2e508b	2023-03-12T14:45:14	gitlab-ci: Enable all "integer" sanitizers
207ebdfd	2023-03-12T14:43:01	malloc-fail: Fix out-of-bounds read in xmlGROW Short-lived regression from 56cc2211.
bd6fa2c1	2023-03-09T22:33:19	malloc-fail: Fix memory leak in xmlXPathRegisterNs Found by OSS-Fuzz.
56cc2211	2023-03-09T22:27:58	parser: Merge xmlParserInputGrow into xmlGROW Simplifies the code and makes error handling easier.
14604a44	2023-03-09T22:10:44	malloc-fail: Fix out-of-bounds read in xmlCurrentChar Found by OSS-Fuzz.
42322eba	2023-03-08T13:59:03	fuzz: Inject random malloc failures Fixes #344.
7cd26762	2023-03-08T14:03:44	fuzz: Add maxAlloc item to static seed corpus
541b1e28	2023-03-08T13:59:00	fuzz: Support variable integer sizes in fuzz data Also switch to big-endian.
3f69fc80	2023-03-08T13:58:49	parser: Tighten expansion limits - Lower the amount of expansion which is always allowed from 10MB to 1MB. - Lower the maximum amplification factor from 10 to 5. - Lower the "fixed cost" from 50 to 20.
73bd5d52	2023-03-05T14:11:55	malloc-fail: Fix type confusion after xmlSchemaFixupTypeAttributeUses Found with libFuzzer, see #344.
767ae50b	2023-03-05T14:11:24	malloc-fail: Fix null deref after xmlSchemaItemList{Add,Insert} Found with libFuzzer, see #344.
19b197b6	2023-03-05T14:10:56	malloc-fail: Fix null deref after xmlSchemaCompareDates Found with libFuzzer, see #344.
961a4f35	2023-03-05T14:10:41	malloc-fail: Fix memory leak in xmlSchemaParseUnion Also report malloc failure from xmlStrndup. Found with libFuzzer, see #344.
260d6b8d	2023-03-05T14:10:26	malloc-fail: Fix another memory leak in xmlSchemaBucketCreate Found with libFuzzer, see #344.
31844c74	2023-03-05T14:10:08	malloc-fail: Fix null deref in xmlSchemaParseUnion Found with libFuzzer, see #344.
9afb6c5f	2023-03-05T14:09:49	malloc-fail: Fix memory leak in WXS_ADD_{LOCAL,GLOBAL} It's somewhat dangerous to add the cleanup code to a macro, but otherwise we'd have to fix all the call sites. Found with libFuzzer, see #344.
a5787229	2023-03-05T14:09:34	malloc-fail: Fix memory leak in xmlSchemaBucketCreate Found with libFuzzer, see #344.
e15838ab	2023-03-05T14:09:14	malloc-fail: Fix null deref in xmlSchemaParseWildcardNs Found with libFuzzer, see #344.
ba290a86	2023-03-05T14:08:57	malloc-fail: Fix memory leak in xmlSchemaItemListAddSize Found with libFuzzer, see #344.
0263b357	2023-03-05T14:08:35	malloc-fail: Fix null deref in xmlGet{Min,Max}Occurs Also report memory error in xmlSchemaGetNodeContent. Found with libFuzzer, see #344.
7762e8ed	2023-03-05T14:08:15	malloc-fail: Fix null deref in xmlSchemaValAtomicType Found with libFuzzer, see #344.
112340c6	2023-03-05T14:07:57	malloc-fail: Fix null deref in xmlSchemaInitTypes Found with libFuzzer, see #344.
cfbc1f48	2023-03-05T14:06:51	malloc-fail: Fix memory leak in xmlSchemaParse Found with libFuzzer, see #344.
dbc893f5	2023-03-03T13:02:11	malloc-fail: Fix memory leak in xmlCopyNamespaceList Found with libFuzzer, see #344.
282b75f1	2023-02-28T12:14:33	malloc-fail: Fix memory leak in xmlXPathNameFunction Found with libFuzzer, see #344.
f560065f	2023-02-28T21:16:12	fuzz: Fix duplicate detection in fuzzEntityRecorder Store a non-NULL value in the hash.
791a1e80	2023-02-28T19:14:57	fuzz: Set filename in xmlFuzzEntityLoader
cbd9c6c5	2023-02-28T19:14:22	fuzz: Allow xmlFuzzReadString(NULL)
aa6b7ed1	2023-02-17T14:54:13	fuzz: Fix Makefile dependencies
524654ed	2023-02-26T17:19:47	xpath: Fix harmless integer overflow in xmlXPathTranslateFunction
8608b71f	2023-02-26T15:17:15	Revert "xpath: Fix popping of values in xmlXPathPopNodeset" This reverts commit 47b0e0a620d1e0e657b858986e3ebde80d4645b4.
bc9f372c	2023-02-26T18:00:30	malloc-fail: Fix memory leak in xmlXPathDistinctSorted Found with libFuzzer, see #344.
6f9604f0	2023-02-26T16:09:50	malloc-fail: Fix memory leak in xmlXPathCacheNewNodeSet Found with libFuzzer, see #344.
4499143a	2023-02-26T15:43:50	malloc-fail: Check for malloc failure in xmlHashAddEntry Found with libFuzzer, see #344.
a442d16a	2023-02-26T14:48:23	malloc-fail: Fix memory leak in xmlGetNsList Found with libFuzzer, see #344.
44947afb	2023-02-26T14:41:35	malloc-fail: Fix null deref after xmlPointerListAddSize Found with libFuzzer, see #344.
70b21c9f	2023-02-26T14:33:16	malloc-fail: Fix null deref in xmlXPathCompiledEvalInternal Found with libFuzzer, see #344.
0f112d02	2023-02-24T18:00:03	malloc-fail: Fix use-after-free related to xmlXPathNodeSetFilter Found with libFuzzer, see #344.
a3e11b38	2023-02-25T16:05:24	malloc-fail: Fix memory leak in xmlXPathEqualNodeSetFloat Found with libFuzzer, see #344.
b51478dc	2023-02-24T16:21:17	Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" This reverts commit 6a12be77c6a94c374ab7476087edcee2ba41d9b4. There's too much code reading ctxt->value directly and making the wrong assumptions.
f931178e	2023-02-24T12:45:01	cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is enabled
47b0e0a6	2023-02-23T15:43:15	xpath: Fix popping of values in xmlXPathPopNodeset After 6a12be77, valuePop can fail even if ctxt->value is non-NULL. If it turns out that too much code relies on this assumption, a better fix is needed.
359313c1	2023-02-23T14:26:32	threads: Really fix crash with weak pthread symbols Fix more regressions from 7010d877 and 71931233. Fixes #488.
ae8a12f1	2023-02-22T14:25:29	schematron: Use logical and
4f0a0fb7	2023-02-22T14:24:24	xinclude: Fix include guard
1eb2ca9f	2023-02-21T15:39:44	relaxng: Remove useless if statement ctxt and define are non-NULL at this point. Fixes #482.
0ce1f842	2023-02-21T15:38:04	schemas: Remove useless if statement bucket->origTargetNamespace is always NULL in this branch. Fixes #481.
a509694c	2023-02-21T15:35:57	pattern: Merge identical branches Fixes #479.
85057e51	2023-02-21T15:24:19	regexp: Add sanity check in xmlRegCalloc2 These arguments should be non-zero, but add a sanity check to avoid division by zero. Fixes #450.
c9e4c6d4	2023-02-21T15:22:01	catalog: Fix memory leaks Fixes #377.
7bd77873	2023-02-20T10:56:03	threads: Fix crash with weak pthread symbols Regressed in 7010d877. Should fix #488.
5d55315e	2023-02-18T17:29:07	parser: Fix OOB read when formatting error message Don't try to print characters beyond the end of the buffer. Found by OSS-Fuzz.
1743c4c3	2023-02-17T15:53:07	malloc-fail: Fix OOB read after xmlRegGetCounter Found with libFuzzer, see #344.
40bc1c69	2023-02-17T15:40:32	malloc-fail: Fix memory leak in xmlFAParseCharProp Found with libFuzzer, see #344.
e64653c0	2023-02-17T15:20:33	malloc-fail: Fix leak of xmlRegAtom Found with libFuzzer, see #344.
ed615967	2023-02-17T15:23:42	malloc-fail: Fix memory leak in xmlRegexpCompile Found with libFuzzer, see #344.
53d1cc98	2023-02-16T15:09:32	malloc-fail: Fix error code in htmlParseChunk Found with libFuzzer, see #344.
15b0ed08	2023-02-16T15:09:02	malloc-fail: Fix infinite loop in htmlParseDocTypeDecl Found with libFuzzer, see #344.
041789d9	2023-02-16T15:02:08	malloc-fail: Fix null deref in htmlnamePush Found with libFuzzer, see #344.
0ec9c910	2023-02-16T14:57:24	malloc-fail: Fix infinite loop in htmlParseStartTag Found with libFuzzer, see #344.
04c29551	2023-02-16T14:53:29	malloc-fail: Fix infinite loop in htmlParseContentInternal Found with libFuzzer, see #344.
f3e62035	2023-02-16T14:49:06	malloc-fail: Fix memory leak in htmlCreatePushParserCtxt Found with libFuzzer, see #344.
fc256953	2023-02-16T14:47:41	malloc-fail: Fix memory leak in htmlCreateMemoryParserCtxt Found with libFuzzer, see #344.
643b4e90	2023-02-16T14:45:06	malloc-fail: Fix infinite loop in htmlParseStartTag Found with libFuzzer, see #344.
ec05f04d	2023-02-16T12:40:02	malloc-fail: Fix memory leak in xmlXIncludeLoadTxt Found with libFuzzer, see #344.
c02df686	2023-02-16T12:10:36	malloc-fail: Fix memory leak in xmlXIncludeLoadDoc Found with libFuzzer, see #344.
bc7740b3	2023-02-16T11:45:58	malloc-fail: Fix memory leak in xmlCopyPropList Found with libFuzzer, see #344.
8d22e065	2023-02-15T14:41:11	malloc-fail: Fix memory leak after calling xmlXPathNodeSetMerge Destroy the first argument in xmlXPathNodeSetMerge if the function fails. This is somewhat dangerous but matches the expectations of users. Found with libFuzzer, see #344.

44ecefc8

2023-03-20T15:52:38

malloc-fail: Fix buffer overread after htmlParseScript Found by OSS-Fuzz, see #344.

b1319c90

2023-03-18T16:34:01

malloc-fail: Check for malloc failures when creating XPath strings Prevent null derefs. Found by OSS-Fuzz, see #344.

067986fa

2023-03-18T14:44:28

parser: Fix regressions from previous commits - Fix memory leak in xmlParseNmtoken. - Fix buffer overread after htmlParseCharDataInternal.

9ef2a9ab

2023-03-17T14:06:28

html: Rely on CUR_CHAR to grow the input buffer - Remove useless invocations of GROW. - Add some error checks. - Fix invocations of SHRINK.

3e85d7b7

2023-03-17T13:15:35

parser: Rely on CUR_CHAR/NEXT to grow the input buffer The input buffer is now grown reliably when calling CUR_CHAR (xmlCurrentChar) or NEXT (xmlNextChar). This allows to remove many other invocations of GROW.

62f199ed

2023-03-17T12:40:46

malloc-fail: Add error check in htmlParseHTMLAttribute This function must return NULL is an error occurs. Found by OSS-Fuzz, see #344.

c81d0d04

2023-03-17T12:39:35

malloc-fail: Add more error checks when parsing names xmlParseName and similar functions must return NULL if an error occurs. Found by OSS-Fuzz, see #344.

8090e585

2023-03-17T12:27:07

malloc-fail: Fix buffer overread in htmlParseScript Found by OSS-Fuzz, see #344.

1a91392c

2023-03-16T17:48:57

parser: More fixes to xmlParserGrow xmlHaltParser must be called after reporting an error. Switch to xmlBufSetInputBaseCur.

08f9d319

2023-03-16T17:01:05

valid: Make xmlValidateElement non-recursive Fixes call stack overflows when validating deeply nested documents. Found by OSS-Fuzz.

ca2bfece

2023-03-15T16:18:11

malloc-fail: Fix buffer overread when reading from input Found by OSS-Fuzz, see #344.

4b3452d1

2023-03-15T16:56:36

html: Fix quadratic behavior in htmlParseTryOrFinish Fix check for end of script content. Found by OSS-Fuzz.

14c62e0d

2023-03-15T16:22:13

html: Use NEXTL in htmlParseHTMLAttribute This is more efficient than NEXT.

b167c731

2023-03-14T14:42:36

parser: Fix short-lived regression causing infinite loops Fix 3eb6bf03. We really have to halt the parser, so the input buffer gets reset.

1a6a9d68

2023-03-14T14:19:03

xzlib: Fix implicit sign change in xz_open

f8efa589

2023-03-14T13:55:06

malloc-fail: Handle malloc failures in xmlSchemaInitTypes Note that this changes the return value of public function xmlSchemaInitTypes from void to int. This shouldn't break the ABI on most platforms. Found when investigating #500.

64b76f81

2023-03-14T13:17:20

xmllint: Fix memory leak with --pattern --stream Fixes #499.

d7daf9fd

2023-03-14T13:02:36

xmllint: Fix use-after-free with --maxmem Fixes #498.

e7c3a4ca

2023-03-13T19:19:46

parser: Deprecate some parser input functions

2099441f

2023-03-13T17:51:13

parser: Stop calling xmlParserInputShrink Introduce xmlParserShrink which takes a parser context to simplify error handling.

48379394

2023-03-13T17:11:27

malloc-fail: Stop using XPath stack frames There's too much code which assumes that if ctxt->value is non-null, a value can be successfully popped off the stack. This assumption can break with stack frames when malloc fails. Instead of trying to fix all call sites, remove the stack frame logic. It only offered very little protection against misbehaving extension functions. We already check the stack size after a function call which should be enough. Found by OSS-Fuzz.

457fc622

2023-03-13T16:51:14

malloc-fail: Fix null deref in xmlParserInputShrink Found by OSS-Fuzz.

5f4ec41b

2023-03-12T19:47:07

fuzz: Add valid.options

cabde70f

2023-03-12T19:07:23

parser: Simplify calculation of available buffer space

b75976e0

2023-03-12T19:06:19

parser: Use size_t when subtracting input buffer pointers Avoid integer overflows.

9a6ca816

2023-03-12T19:03:11

parser: Check for integer overflow when updating checkIndex Unfortunately, checkIndex is a long, not a size_t. Check for integer overflow before updating the value.

bd63d730

2023-03-12T17:40:55

html: Impose some length limits Impose length limits on names, attribute values, PIs and comments, similar to the XML parser.

3eb6bf03

2023-03-12T16:47:15

parser: Stop calling xmlParserInputGrow Introduce xmlParserGrow which takes a parser context to simplify error handling.

f6fddb78

2023-03-12T16:20:31

fuzz: Also test init function of URI fuzzer

4eba9f9c

2023-03-12T16:15:54

fuzz: Separate fuzzer for DTD validation

a57a7549

2023-03-12T16:06:19

valid: Allow xmlFreeValidCtxt(NULL)

21cec82b

2023-03-10T17:25:44

win32: Remove broken libxml2.def.src Fixes #472.

8c2e508b

2023-03-12T14:45:14

gitlab-ci: Enable all "integer" sanitizers

207ebdfd

2023-03-12T14:43:01

malloc-fail: Fix out-of-bounds read in xmlGROW Short-lived regression from 56cc2211.

bd6fa2c1

2023-03-09T22:33:19

malloc-fail: Fix memory leak in xmlXPathRegisterNs Found by OSS-Fuzz.

56cc2211

2023-03-09T22:27:58

parser: Merge xmlParserInputGrow into xmlGROW Simplifies the code and makes error handling easier.

14604a44

2023-03-09T22:10:44

malloc-fail: Fix out-of-bounds read in xmlCurrentChar Found by OSS-Fuzz.

42322eba

2023-03-08T13:59:03

fuzz: Inject random malloc failures Fixes #344.

7cd26762

2023-03-08T14:03:44

fuzz: Add maxAlloc item to static seed corpus

541b1e28

2023-03-08T13:59:00

fuzz: Support variable integer sizes in fuzz data Also switch to big-endian.

3f69fc80

2023-03-08T13:58:49

parser: Tighten expansion limits - Lower the amount of expansion which is always allowed from 10MB to 1MB. - Lower the maximum amplification factor from 10 to 5. - Lower the "fixed cost" from 50 to 20.

73bd5d52

2023-03-05T14:11:55

malloc-fail: Fix type confusion after xmlSchemaFixupTypeAttributeUses Found with libFuzzer, see #344.

767ae50b

2023-03-05T14:11:24

malloc-fail: Fix null deref after xmlSchemaItemList{Add,Insert} Found with libFuzzer, see #344.

19b197b6

2023-03-05T14:10:56

malloc-fail: Fix null deref after xmlSchemaCompareDates Found with libFuzzer, see #344.

961a4f35

2023-03-05T14:10:41

malloc-fail: Fix memory leak in xmlSchemaParseUnion Also report malloc failure from xmlStrndup. Found with libFuzzer, see #344.

260d6b8d

2023-03-05T14:10:26

malloc-fail: Fix another memory leak in xmlSchemaBucketCreate Found with libFuzzer, see #344.

31844c74

2023-03-05T14:10:08

malloc-fail: Fix null deref in xmlSchemaParseUnion Found with libFuzzer, see #344.

9afb6c5f

2023-03-05T14:09:49

malloc-fail: Fix memory leak in WXS_ADD_{LOCAL,GLOBAL} It's somewhat dangerous to add the cleanup code to a macro, but otherwise we'd have to fix all the call sites. Found with libFuzzer, see #344.

a5787229

2023-03-05T14:09:34

malloc-fail: Fix memory leak in xmlSchemaBucketCreate Found with libFuzzer, see #344.

e15838ab

2023-03-05T14:09:14

malloc-fail: Fix null deref in xmlSchemaParseWildcardNs Found with libFuzzer, see #344.

ba290a86

2023-03-05T14:08:57

malloc-fail: Fix memory leak in xmlSchemaItemListAddSize Found with libFuzzer, see #344.

0263b357

2023-03-05T14:08:35

malloc-fail: Fix null deref in xmlGet{Min,Max}Occurs Also report memory error in xmlSchemaGetNodeContent. Found with libFuzzer, see #344.

7762e8ed

2023-03-05T14:08:15

malloc-fail: Fix null deref in xmlSchemaValAtomicType Found with libFuzzer, see #344.

112340c6

2023-03-05T14:07:57

malloc-fail: Fix null deref in xmlSchemaInitTypes Found with libFuzzer, see #344.

cfbc1f48

2023-03-05T14:06:51

malloc-fail: Fix memory leak in xmlSchemaParse Found with libFuzzer, see #344.

dbc893f5

2023-03-03T13:02:11

malloc-fail: Fix memory leak in xmlCopyNamespaceList Found with libFuzzer, see #344.

282b75f1

2023-02-28T12:14:33

malloc-fail: Fix memory leak in xmlXPathNameFunction Found with libFuzzer, see #344.

f560065f

2023-02-28T21:16:12

fuzz: Fix duplicate detection in fuzzEntityRecorder Store a non-NULL value in the hash.

791a1e80

2023-02-28T19:14:57

fuzz: Set filename in xmlFuzzEntityLoader

cbd9c6c5

2023-02-28T19:14:22

fuzz: Allow xmlFuzzReadString(NULL)

aa6b7ed1

2023-02-17T14:54:13

fuzz: Fix Makefile dependencies

524654ed

2023-02-26T17:19:47

xpath: Fix harmless integer overflow in xmlXPathTranslateFunction

8608b71f

2023-02-26T15:17:15

Revert "xpath: Fix popping of values in xmlXPathPopNodeset" This reverts commit 47b0e0a620d1e0e657b858986e3ebde80d4645b4.

bc9f372c

2023-02-26T18:00:30

malloc-fail: Fix memory leak in xmlXPathDistinctSorted Found with libFuzzer, see #344.

6f9604f0

2023-02-26T16:09:50

malloc-fail: Fix memory leak in xmlXPathCacheNewNodeSet Found with libFuzzer, see #344.

4499143a

2023-02-26T15:43:50

malloc-fail: Check for malloc failure in xmlHashAddEntry Found with libFuzzer, see #344.

a442d16a

2023-02-26T14:48:23

malloc-fail: Fix memory leak in xmlGetNsList Found with libFuzzer, see #344.

44947afb

2023-02-26T14:41:35

malloc-fail: Fix null deref after xmlPointerListAddSize Found with libFuzzer, see #344.

70b21c9f

2023-02-26T14:33:16

malloc-fail: Fix null deref in xmlXPathCompiledEvalInternal Found with libFuzzer, see #344.

0f112d02

2023-02-24T18:00:03

malloc-fail: Fix use-after-free related to xmlXPathNodeSetFilter Found with libFuzzer, see #344.

a3e11b38

2023-02-25T16:05:24

malloc-fail: Fix memory leak in xmlXPathEqualNodeSetFloat Found with libFuzzer, see #344.

b51478dc

2023-02-24T16:21:17

Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" This reverts commit 6a12be77c6a94c374ab7476087edcee2ba41d9b4. There's too much code reading ctxt->value directly and making the wrong assumptions.

f931178e

2023-02-24T12:45:01

cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is enabled

47b0e0a6

2023-02-23T15:43:15

xpath: Fix popping of values in xmlXPathPopNodeset After 6a12be77, valuePop can fail even if ctxt->value is non-NULL. If it turns out that too much code relies on this assumption, a better fix is needed.

359313c1

2023-02-23T14:26:32

threads: Really fix crash with weak pthread symbols Fix more regressions from 7010d877 and 71931233. Fixes #488.

ae8a12f1

2023-02-22T14:25:29

schematron: Use logical and

4f0a0fb7

2023-02-22T14:24:24

xinclude: Fix include guard

1eb2ca9f

2023-02-21T15:39:44

relaxng: Remove useless if statement ctxt and define are non-NULL at this point. Fixes #482.

0ce1f842

2023-02-21T15:38:04

schemas: Remove useless if statement bucket->origTargetNamespace is always NULL in this branch. Fixes #481.

a509694c

2023-02-21T15:35:57

pattern: Merge identical branches Fixes #479.

85057e51

2023-02-21T15:24:19

regexp: Add sanity check in xmlRegCalloc2 These arguments should be non-zero, but add a sanity check to avoid division by zero. Fixes #450.

c9e4c6d4

2023-02-21T15:22:01

catalog: Fix memory leaks Fixes #377.

7bd77873

2023-02-20T10:56:03

threads: Fix crash with weak pthread symbols Regressed in 7010d877. Should fix #488.

5d55315e

2023-02-18T17:29:07

parser: Fix OOB read when formatting error message Don't try to print characters beyond the end of the buffer. Found by OSS-Fuzz.

1743c4c3

2023-02-17T15:53:07

malloc-fail: Fix OOB read after xmlRegGetCounter Found with libFuzzer, see #344.

40bc1c69

2023-02-17T15:40:32

malloc-fail: Fix memory leak in xmlFAParseCharProp Found with libFuzzer, see #344.

e64653c0

2023-02-17T15:20:33

malloc-fail: Fix leak of xmlRegAtom Found with libFuzzer, see #344.

ed615967

2023-02-17T15:23:42

malloc-fail: Fix memory leak in xmlRegexpCompile Found with libFuzzer, see #344.

53d1cc98

2023-02-16T15:09:32

malloc-fail: Fix error code in htmlParseChunk Found with libFuzzer, see #344.

15b0ed08

2023-02-16T15:09:02

malloc-fail: Fix infinite loop in htmlParseDocTypeDecl Found with libFuzzer, see #344.

041789d9

2023-02-16T15:02:08

malloc-fail: Fix null deref in htmlnamePush Found with libFuzzer, see #344.

0ec9c910

2023-02-16T14:57:24

malloc-fail: Fix infinite loop in htmlParseStartTag Found with libFuzzer, see #344.

04c29551

2023-02-16T14:53:29

malloc-fail: Fix infinite loop in htmlParseContentInternal Found with libFuzzer, see #344.

f3e62035

2023-02-16T14:49:06

malloc-fail: Fix memory leak in htmlCreatePushParserCtxt Found with libFuzzer, see #344.

fc256953

2023-02-16T14:47:41

malloc-fail: Fix memory leak in htmlCreateMemoryParserCtxt Found with libFuzzer, see #344.

643b4e90

2023-02-16T14:45:06

malloc-fail: Fix infinite loop in htmlParseStartTag Found with libFuzzer, see #344.

ec05f04d

2023-02-16T12:40:02

malloc-fail: Fix memory leak in xmlXIncludeLoadTxt Found with libFuzzer, see #344.

c02df686

2023-02-16T12:10:36

malloc-fail: Fix memory leak in xmlXIncludeLoadDoc Found with libFuzzer, see #344.

bc7740b3

2023-02-16T11:45:58

malloc-fail: Fix memory leak in xmlCopyPropList Found with libFuzzer, see #344.

8d22e065

2023-02-15T14:41:11

malloc-fail: Fix memory leak after calling xmlXPathNodeSetMerge Destroy the first argument in xmlXPathNodeSetMerge if the function fails. This is somewhat dangerous but matches the expectations of users. Found with libFuzzer, see #344.

kc3-lang/libxml2

Log