kmx git

Commit	Date	Message
80a0580f	2023-09-30T15:47:46	xinclude: Expand comment about fuzz timeouts
b9db3d7d	2023-09-22T15:45:20	parser: Simplify xmlStringCurrentChar Start to move away from using this function.
699299ca	2023-09-20T18:54:39	globals: Stop including globals.h
4e1c13eb	2023-09-18T14:45:10	debug: Remove debugging code This is barely useful these days and only clutters the code base.
4aa08c80	2023-09-08T14:52:22	xinclude: Fix 'last' pointer in xmlXIncludeCopyNode Also set the 'last' pointer for the root node. Fixes https://gitlab.gnome.org/GNOME/libxslt/-/issues/93
687a2b71	2023-05-08T17:05:13	xinclude: Lower initial table size when fuzzing We don't have test cases with many documents, so set the initial table size to 1 when fuzzing, so there is a chance to detect reallocation issues.
c40cbf07	2023-05-08T17:03:00	malloc-fail: Fix null deref after xmlXIncludeNewRef See #344.
105ce73d	2023-05-08T16:45:28	xinclude: Fix false positives in inclusion loop detection xmlXIncludeRecurseDoc can realloc the cache.
ec05f04d	2023-02-16T12:40:02	malloc-fail: Fix memory leak in xmlXIncludeLoadTxt Found with libFuzzer, see #344.
c02df686	2023-02-16T12:10:36	malloc-fail: Fix memory leak in xmlXIncludeLoadDoc Found with libFuzzer, see #344.
3b59fdf0	2023-02-15T13:28:24	malloc-fail: Fix memory leak in xmlXIncludeAddNode Found with libFuzzer, see #344.
e20f4d7a	2023-02-13T14:38:05	xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt Also make text inclusions work with memory buffers, for example when using a custom entity loader, and fix a memory leak in case of invalid characters. Fixes #483.
a96312db	2023-02-03T14:55:53	xinclude: Avoid timeouts when fuzzing Fix the check for maximum number of inclusions.
be0ec005	2023-02-03T14:37:49	xinclude: Abort immediately if max depth was exceeded Avoids resource exhaustion if the maximum recursion depth was exceeded. Note that the XInclude engine offers no protection against other "billion laughs"-style amplification attacks as long as they stay below the maximum depth.
dc2dde1a	2023-02-04T15:00:54	malloc-fail: Fix null deref in xmlXIncludeLoadTxt Found with libFuzzer, see #344.
a3749551	2023-02-03T14:00:13	malloc-fail: Fix reallocation in xmlXIncludeNewRef Avoid null deref. Found with libFuzzer, see #344.
5a19e216	2022-11-02T16:13:27	malloc-fail: Fix use-after-free in xmlXIncludeAddNode Found with libFuzzer, see #344.
b456e3bb	2022-10-30T20:28:20	xinclude: Always allow XPtr expressions in external documents
f14529ba	2022-10-30T12:32:14	xinclude: Fix more memory leaks in xmlXIncludeLoadDoc
eef0a739	2022-10-30T12:21:20	xinclude: Implement "streaming" mode When using xmlreader, XPointer expressions in XIncludes simply cannot work. Expressions can reference nodes which weren't parsed yet or which were already deleted. After fixing nested XIncludes, we reference includes which were parsed previously. When streaming, these nodes could have been deleted, leading to use-after-free errors. Disallow XPointer expressions and truncate the include table in streaming mode.
7e078cc1	2022-10-30T12:03:51	xinclude: Clean up xmlXIncludeDoProcess Only scan new includes in the second pass. Always reset the "replace" flag. This only matters if xmlXIncludeDoProcess is called multiple times on the same document which currently only happens when called from xmlreader.
075cee9e	2022-10-29T15:38:16	xinclude: Fix memory leak when fuzzing This only affects the fuzzing build mode.
b59ff587	2022-10-28T20:08:02	xinclude: Fix memory leak in xmlXIncludeLoadDoc Regressed in a recent commit.
20e2fb4c	2022-10-23T17:52:29	xinclude: Avoid creation of subcontexts Don't create subcontext in xmlXIncludeRecurseDoc. Save and restore 'doc' and 'incTab' instead. Make xmlXIncludeLoadFallback call xmlXIncludeCopyNode which seems safer than xmlXIncludeDoProcess since the latter may modify the document. This should also be more performant since we need to copy the whole fallback subtree anyway. Also make sure to avoid replacements in fallback elements in xmlXIncludeDoProcess.
010b682f	2022-10-23T16:02:48	xinclude: Rework XInclude cache Use a single cache stored in the "root" context, avoiding cache misses in some scenarios. Separate the cache from the "include" table. Rework recursion check.
3b68aa47	2022-10-23T16:54:22	xinclude: Remove unused 'doc' argument from xmlXIncludeDoProcess
0b09f132	2022-10-23T14:59:31	xinclude: Remove unused member 'url' from xmlXIncludeCtxt
966f5ebd	2022-10-23T14:14:39	xinclude: Remove inefficient refcounting scheme xinclude.c used to implement a refcounting mechanism for documents which could result in documents being freed too early and reloaded. We really should keep parsed and processed documents around for as long as possible to avoid reprocessing.
fe0194d5	2022-10-23T13:57:33	xinlucde: Pass xmlXIncludeRefPtrs directly Stop passing indices into the include table.
0fc5be0a	2022-10-23T13:55:29	xinclude: Remove dead code in xmlXIncludeLoadDoc The include table was already scanned for entries with a matching URI a couple of lines before.
2fc8d123	2022-10-22T19:08:43	xinclude: Make xmlXIncludeCopyNode non-recursive Avoid call stack overflows. Also switch to xmlStaticCopyNode which avoids duplicate namespace definitions.
bc32c386	2022-10-22T17:48:25	xinclude: Don't pass documents to xmlXIncludeCopyNode Extract the root element directly in xmlXIncludeCopyXPointer.
46e4cfb6	2022-10-22T19:20:20	xinclude: Remove unused source and target arguments source is unused, target is always ctxt->doc.
d2ed1e4f	2022-10-22T16:50:18	xinclude: Limit recursion depth This avoids call stack overflows.
34496f26	2022-10-22T16:09:21	xinclude: Test for inclusion loops
bad30e2b	2022-10-21T17:27:23	xinclude: Copy included docs with xmlDocCopyNode All includes should already be expanded after calling xmlXIncludeRecurseDoc, so there's no need to invoke the more costly xmlXIncludeCopyNodeList. Now xmlXIncludeCopyNode is only used to copy XPointer fragments.
bc267cb9	2022-10-22T02:19:22	xinclude: Expand includes in xmlXIncludeCopyNode This should make nested includes work reliably. Fixes #424.
5e4b751f	2022-10-22T02:17:39	xinclude: Make xmlXIncludeCopyNode return a node list Convert callers of xmlXIncludeCopyNode to handle node lists.
64eaf4d4	2022-10-21T16:05:29	xinclude: Make xmlXIncludeCopyNode iterate all descendants
5f664ab2	2022-10-21T16:17:48	xinclude: Rework xmlXIncludePreProcessNode Rename xmlXIncludePreProcessNode to xmlXIncludeExpandNode. Search the include table for an already existing entry. Also load the included items in xmlXIncludeExpandNode and remove the second phase in xmlXIncludeDoProcess.
4d7524af	2022-10-21T16:46:38	xinclude: Ignore XML_XINCLUDE_START in xmlXIncludeCopyXPointer The XPath engine shouldn't return such nodes anyway.
938105b5	2022-10-21T15:56:12	Revert "xinclude: Fix regression with nested includes" This reverts commit 7f04e297318b1b908cec20711f74f75625afed7f which caused memory errors. See #424.
7f04e297	2022-10-18T18:40:00	xinclude: Fix regression with nested includes This reverts commits 74dcc10b and 87d20b55. Fixes #424.
6843fc72	2022-09-01T02:58:00	Remove or annotate char casts
0f568c0b	2022-08-26T01:22:33	Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.
3e7b4f37	2022-05-20T23:28:25	Avoid calling xmlSetTreeDoc Create text nodes with xmlNewDocText or set the document directly to avoid xmlSetTreeDoc being called when the node is inserted.
0aa8652e	2022-05-20T14:54:49	Use xmlNewDocText in xmlXIncludeCopyRange Otherwise, the initial node of the copy could be a text node with a NULL document. This results in the NULL document being propagated to copies of other nodes, losing information about the dictionary in which node data is stored, and freeing a dict-allocated string. See discussion in !175.
67070107	2022-04-20T23:17:14	Add configuration flag for XPointer locations support Add a new configuration flag that controls whether the outdated support for XPointer locations (ranges and points) is enabled. --with-xptr-locs # Autotools LIBXML2_WITH_XPTR_LOCS # CMake The latest spec for what it essentially an XPath extension seems to be this working draft from 2002: https://www.w3.org/TR/xptr-xpointer/ The xpointer() scheme is listed as "being reviewed" in the XPointer registry since at least 2006. libxml2 seems to be the only modern software that tries to implement this spec, but the code has many bugs and quality issues. The flag defaults to "off" and support for this extensions has to be requested explicitly. The relevant API functions are deprecated.
41afa89f	2022-04-10T14:09:29	Fix short-lived regression in xmlStaticCopyNode Commit 7618a3b1 didn't account for coalesced text nodes. I think it would be better if xmlStaticCopyNode didn't try to coalesce text nodes at all. This code path can only be triggered if some other code doesn't coalesce text nodes properly. In this case, OSS-Fuzz found such behavior in xinclude.c.
4a8c71eb	2022-03-04T03:35:57	Remove DOCBparser This code has been broken and deprecated since version 2.6.0, released in 2003. Because of a bug in commit 961b535c, DOCBparser.c was never compiled since 2012. I couldn't find a Debian package using any of its symbols, so it seems safe to remove this module.
bc06a522	2022-03-02T02:57:49	Fix recursion check in xinclude.c Compare the included URL with the document's URL to detect local inclusions. Fixes #348.
346c3a93	2022-02-20T18:46:42	Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.
8f5ccada	2021-07-07T19:24:36	xmlAddChild() and xmlAddNextSibling() may not attach their second argument Use the return value of xmlAddChild() and xmlAddNextSibling() instead of the second argument directly. Found by OSS-Fuzz. Fixes #316
1098c30a	2021-04-22T19:26:28	Fix user-after-free with `xmllint --xinclude --dropdtd` The --dropdtd option can leave dangling pointers in entity reference nodes. Make sure to skip these nodes when processing XIncludes. This also avoids scanning entity declarations and even modifying them inadvertently during XInclude processing. Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. Fixes #237.
847a3a11	2020-09-28T12:28:29	Fix use-after-free when XIncluding text from Reader The XML Reader can free text nodes coming from the XInclude engine before parsing has finished. Cache a copy of the text string, not the included node to avoid use after free. Found by OSS-Fuzz.
3fcf3193	2020-08-22T00:43:18	Fix regression introduced with commit d88df4b Revert the commit and use a different approach. Found by OSS-Fuzz.
87d20b55	2020-08-19T13:52:08	Fix regression introduced with commit 74dcc10b The code wasn't dead after all, but I can see no reason in delaying the XPointer evaluation. This could lead to nodes included earlier appearing in XPointer results.
fbb7fa9a	2020-08-19T13:13:20	Fix memory leak in xmlXIncludeAddNode error paths Found by OSS-Fuzz.
19cae17f	2020-08-19T13:07:28	Revert "Fix quadratic runtime in xi:fallback processing" This reverts commit 27119ec33c9f6b9830efa1e0da0acfa353dfa55a. Not copying fallback children didn't fix up namespaces and could lead to use-after-free errors. Found by OSS-Fuzz.
d63cfeca	2020-08-17T15:40:06	Add TODO comment in xinclude.c Add some thoughts on the major remaining problems with the XInclude implementation.
74dcc10b	2020-08-17T03:24:56	Remove dead code in xinclude.c 'doc' is checked for NULL in xmlXIncludeLoadDoc, so several code paths can be eliminated.
2c747129	2020-08-17T00:54:12	Fix error reporting with xi:fallback When reporting errors, don't use href of xi:include if xi:fallback was used. I think this can only be reproduced with "xmllint --postvalid", see the original bug report: https://bugzilla.gnome.org/show_bug.cgi?id=152623
27119ec3	2020-08-17T00:05:19	Fix quadratic runtime in xi:fallback processing Copying the tree would lead to runtime quadratic in nested fallback depth, similar to naive string concatenation.
d88df4bd	2020-08-16T23:38:48	Fix corner case with empty xi:fallback xi:fallback could become empty after recursive expansion. Use a flag to track whether nodes should be skipped.
dba82a8c	2020-08-16T23:02:20	Fix XInclude regression introduced with recent commit The change to xmlXIncludeLoadFallback in commit 11b57459 could process already freed nodes if text nodes were merged after deleting nodes with an empty fallback. Found by OSS-Fuzz.
6c128fd5	2020-06-05T13:43:45	Fuzz XInclude engine
1abf2967	2020-08-06T17:51:57	Fix exponential runtime and memory in xi:fallback processing When creating XML_XINCLUDE_START nodes, the children of the original xi:include node must be freed, otherwise fallback content is copied twice, doubling runtime and memory consumption for each nested xi:fallback/xi:include pair. Found with libFuzzer.
11b57459	2020-08-07T18:39:19	Don't process siblings of root in xmlXIncludeProcess xmlXIncludeDoProcess would follow the siblings of the tree root and also expand these nodes. When using an XML reader, this could lead to siblings of the current node being expanded without having been parsed completely.
0f9817c7	2020-06-10T16:34:52	Don't recurse into xi:include children in xmlXIncludeDoProcess Otherwise, nested xi:include nodes might result in a use-after-free if XML_PARSE_NOXINCNODE is specified. Found with libFuzzer and ASan.
5725c115	2020-06-10T15:11:40	Fix memory leak in xmlXIncludeIncludeNode error paths Found with libFuzzer and ASan.
ff009f99	2020-05-30T15:32:25	Fix memory leak in xmlXIncludeLoadDoc error path Found by OSS-Fuzz.
20c60886	2020-03-08T17:19:42	Fix typos Resolves #133.
2a350ee9	2019-09-30T17:04:54	Large batch of typo fixes Closes #109.
e91cbcf6	2019-09-20T12:44:17	Don't read external entities or XIncludes from stdin The file input callbacks try to read from stdin if "-" is passed as URL. This should never be done when loading indirect resources like external entities or XIncludes. Unfortunately, the stdin substitution happens deep inside the IO code, so we simply replace "-" with "./-" in specific locations. This issue also affects other users of the library like libxslt. Ideally, stdin should only be substituted on explicit request. But more intrusive changes could break existing code. Closes #90 and #102.
e32afd3f	2019-09-13T15:45:21	Fix error message when processing XIncludes with fallbacks Fixes bug #616491 https://bugzilla.gnome.org/show_bug.cgi?id=616491 Based on merge request !41
a6a57867	2019-08-13T20:08:53	Fix memory leak in xmlXIncludeLoadTxt
e03f0a19	2017-11-09T16:42:47	Fix hash callback signatures Make sure that all parameters and return values of hash callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Fixes bug 784861.
4472c3a5	2016-05-13T15:13:17	Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.
41586ca6	2013-06-17T13:01:33	Fix compilation with minimum and xinclude. xinclude needs xmlAddNextSibling(). Compile out use of xmlLocationSetPtr when xptr is disabled. Include xpath header.
0b86537d	2013-05-06T10:20:18	Remove premature XInclude check on URI being relative As it gives false negatives, see https://mail.gnome.org/archives/xml/2013-April/msg00023.html
f8e3db04	2012-09-11T13:26:36	Big space and tab cleanup Remove all space before tabs and space and tabs at end of lines.
dce1c8ba	2012-08-17T20:42:52	Patch for xinclude of text using multibyte characters for bug https://bugzilla.gnome.org/show_bug.cgi?id=633166 When you xinclude a text file, reading portions (by 4000 bytes) of the buffer incorrectly handled the situation when the end comes across portions of the bytes in a multibyte character.
3e62adbe	2012-08-09T14:24:02	Adding various checks on node type though the API Specifially checking against namespace nodes before accessing node pointers
345ee8b6	2012-07-16T14:40:37	Convert XInclude to the new input buffers A few xmlBuffer...() calls changed to their xmlBuf...() counterparts
4cf7325e	2012-05-10T20:59:33	xinclude with parse="text" does not use the entity loader For https://bugzilla.gnome.org/show_bug.cgi?id=552479 The code for xinclude parse="text" was not using the registered entity loader, defeating attempts to control loading of files.
06c93b75	2010-03-15T16:08:44	Remove a few warnings
594e5dfb	2009-09-07T14:58:47	Chasing dead assignments reported by clang-scan * SAX2.c dict.c error.c hash.c nanohttp.c parser.c python/libxml.c relaxng.c runtest.c tree.c valid.c xinclude.c xmlregexp.c xmlsave.c xmlschemas.c xpath.c xpointer.c: mostly removing unneded affectations, but this led to a few real bugs and some part not yet understood (relaxng/interleave)
cb6f525f	2009-08-25T19:24:15	584220 xpointer(/) and xinclude problems * xinclude.c: xpointer(/) in xinclude could lead to sub-document nodes and also fixed the code to inherit the dictionary from the embedding document
b9590e9c	2009-08-24T19:45:54	440226 Add xmlXIncludeProcessTreeFlagsData API * xinclude.c include/libxml/xinclude.h: new function similar to xmlXIncludeProcessFlagsData but operating on a subtree
54bd29b7	2008-08-26T07:26:55	patch based on Wieant Nielander contribution to add the option of not * include/libxml/parser.h xinclude.c xmllint.c: patch based on Wieant Nielander contribution to add the option of not doing URI base fixup in XInclude Daniel svn path=/trunk/; revision=3775
37d2d16c	2008-03-14T10:54:00	patch from Vasily Chekalkin fixes memory leaks, should fix 512647 Daniel * parser.c xinclude.c: patch from Vasily Chekalkin fixes memory leaks, should fix 512647 Daniel svn path=/trunk/; revision=3706
b242b088	2008-02-08T09:56:31	applied patch from Florent Guilian to remove an useless mutex in the * dict.c: applied patch from Florent Guilian to remove an useless mutex in the xmlDict structure. older, not commited ... * SAX2.c: another leak reported by Ashwin * xinclude.c: fixed the behaviour when XIncluding a fragment of the current document, patch from Chris Ryan Daniel svn path=/trunk/; revision=3686
b0a94e8b	2007-07-18T18:04:55	applied patch from bug #454608 from Patrik Fimml. Fixes bug #454608. * xinclude.c: applied patch from bug #454608 from Patrik Fimml. Fixes bug #454608. svn path=/trunk/; revision=3644
53ce98cd	2007-02-13T00:37:20	fixed problem with invalid char encountered during text include (reported * xinclude.c: fixed problem with invalid char encountered during text include (reported on xslt mailing list) svn path=/trunk/; revision=3583
a658582e	2006-12-04T09:21:28	anothe XInclude user data propagation patch from Michael Day Daniel * xinclude.c: anothe XInclude user data propagation patch from Michael Day Daniel
681e904e	2006-09-29T09:16:00	fixed a comment applied a patch from Michael Day to add a new function * xmlsave.c: fixed a comment * xinclude.c include/libxml/xinclude.h: applied a patch from Michael Day to add a new function providing the _private field for the generated parser contexts xmlXIncludeProcessFlagsData() Daniel
bf630c0d	2006-06-06T08:21:41	fix bug #343968, include='text' can't lead to a recursion. Daniel * xinclude.c: fix bug #343968, include='text' can't lead to a recursion. Daniel
11ce4004	2006-03-10T00:36:23	end of first pass on coverity reports. Daniel * runtest.c schematron.c testAutomata.c tree.c valid.c xinclude.c xmlcatalog.c xmlreader.c xmlregexp.c xpath.c: end of first pass on coverity reports. Daniel
e0fd93f5	2005-08-10T13:39:10	fixed bug #302302, nasty but the fix is rather simple. Daniel * xinclude.c: fixed bug #302302, nasty but the fix is rather simple. Daniel
24505b0f	2005-07-28T23:49:35	a lot of small cleanups based on Linus' sparse check output. Daniel * HTMLparser.c SAX2.c encoding.c globals.c parser.c relaxng.c runsuite.c runtest.c schematron.c testHTML.c testReader.c testRegexp.c testSAX.c testThreads.c valid.c xinclude.c xmlIO.c xmllint.c xmlmodule.c xmlschemas.c xpath.c xpointer.c: a lot of small cleanups based on Linus' sparse check output. Daniel

80a0580f

2023-09-30T15:47:46

xinclude: Expand comment about fuzz timeouts

b9db3d7d

2023-09-22T15:45:20

parser: Simplify xmlStringCurrentChar Start to move away from using this function.

699299ca

2023-09-20T18:54:39

globals: Stop including globals.h

4e1c13eb

2023-09-18T14:45:10

debug: Remove debugging code This is barely useful these days and only clutters the code base.

4aa08c80

2023-09-08T14:52:22

xinclude: Fix 'last' pointer in xmlXIncludeCopyNode Also set the 'last' pointer for the root node. Fixes https://gitlab.gnome.org/GNOME/libxslt/-/issues/93

687a2b71

2023-05-08T17:05:13

xinclude: Lower initial table size when fuzzing We don't have test cases with many documents, so set the initial table size to 1 when fuzzing, so there is a chance to detect reallocation issues.

c40cbf07

2023-05-08T17:03:00

malloc-fail: Fix null deref after xmlXIncludeNewRef See #344.

105ce73d

2023-05-08T16:45:28

xinclude: Fix false positives in inclusion loop detection xmlXIncludeRecurseDoc can realloc the cache.

ec05f04d

2023-02-16T12:40:02

malloc-fail: Fix memory leak in xmlXIncludeLoadTxt Found with libFuzzer, see #344.

c02df686

2023-02-16T12:10:36

malloc-fail: Fix memory leak in xmlXIncludeLoadDoc Found with libFuzzer, see #344.

3b59fdf0

2023-02-15T13:28:24

malloc-fail: Fix memory leak in xmlXIncludeAddNode Found with libFuzzer, see #344.

e20f4d7a

2023-02-13T14:38:05

xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt Also make text inclusions work with memory buffers, for example when using a custom entity loader, and fix a memory leak in case of invalid characters. Fixes #483.

a96312db

2023-02-03T14:55:53

xinclude: Avoid timeouts when fuzzing Fix the check for maximum number of inclusions.

be0ec005

2023-02-03T14:37:49

xinclude: Abort immediately if max depth was exceeded Avoids resource exhaustion if the maximum recursion depth was exceeded. Note that the XInclude engine offers no protection against other "billion laughs"-style amplification attacks as long as they stay below the maximum depth.

dc2dde1a

2023-02-04T15:00:54

malloc-fail: Fix null deref in xmlXIncludeLoadTxt Found with libFuzzer, see #344.

a3749551

2023-02-03T14:00:13

malloc-fail: Fix reallocation in xmlXIncludeNewRef Avoid null deref. Found with libFuzzer, see #344.

5a19e216

2022-11-02T16:13:27

malloc-fail: Fix use-after-free in xmlXIncludeAddNode Found with libFuzzer, see #344.

b456e3bb

2022-10-30T20:28:20

xinclude: Always allow XPtr expressions in external documents

f14529ba

2022-10-30T12:32:14

xinclude: Fix more memory leaks in xmlXIncludeLoadDoc

eef0a739

2022-10-30T12:21:20

xinclude: Implement "streaming" mode When using xmlreader, XPointer expressions in XIncludes simply cannot work. Expressions can reference nodes which weren't parsed yet or which were already deleted. After fixing nested XIncludes, we reference includes which were parsed previously. When streaming, these nodes could have been deleted, leading to use-after-free errors. Disallow XPointer expressions and truncate the include table in streaming mode.

7e078cc1

2022-10-30T12:03:51

xinclude: Clean up xmlXIncludeDoProcess Only scan new includes in the second pass. Always reset the "replace" flag. This only matters if xmlXIncludeDoProcess is called multiple times on the same document which currently only happens when called from xmlreader.

075cee9e

2022-10-29T15:38:16

xinclude: Fix memory leak when fuzzing This only affects the fuzzing build mode.

b59ff587

2022-10-28T20:08:02

xinclude: Fix memory leak in xmlXIncludeLoadDoc Regressed in a recent commit.

20e2fb4c

2022-10-23T17:52:29

xinclude: Avoid creation of subcontexts Don't create subcontext in xmlXIncludeRecurseDoc. Save and restore 'doc' and 'incTab' instead. Make xmlXIncludeLoadFallback call xmlXIncludeCopyNode which seems safer than xmlXIncludeDoProcess since the latter may modify the document. This should also be more performant since we need to copy the whole fallback subtree anyway. Also make sure to avoid replacements in fallback elements in xmlXIncludeDoProcess.

010b682f

2022-10-23T16:02:48

xinclude: Rework XInclude cache Use a single cache stored in the "root" context, avoiding cache misses in some scenarios. Separate the cache from the "include" table. Rework recursion check.

3b68aa47

2022-10-23T16:54:22

xinclude: Remove unused 'doc' argument from xmlXIncludeDoProcess

0b09f132

2022-10-23T14:59:31

xinclude: Remove unused member 'url' from xmlXIncludeCtxt

966f5ebd

2022-10-23T14:14:39

xinclude: Remove inefficient refcounting scheme xinclude.c used to implement a refcounting mechanism for documents which could result in documents being freed too early and reloaded. We really should keep parsed and processed documents around for as long as possible to avoid reprocessing.

fe0194d5

2022-10-23T13:57:33

xinlucde: Pass xmlXIncludeRefPtrs directly Stop passing indices into the include table.

0fc5be0a

2022-10-23T13:55:29

xinclude: Remove dead code in xmlXIncludeLoadDoc The include table was already scanned for entries with a matching URI a couple of lines before.

2fc8d123

2022-10-22T19:08:43

xinclude: Make xmlXIncludeCopyNode non-recursive Avoid call stack overflows. Also switch to xmlStaticCopyNode which avoids duplicate namespace definitions.

bc32c386

2022-10-22T17:48:25

xinclude: Don't pass documents to xmlXIncludeCopyNode Extract the root element directly in xmlXIncludeCopyXPointer.

46e4cfb6

2022-10-22T19:20:20

xinclude: Remove unused source and target arguments source is unused, target is always ctxt->doc.

d2ed1e4f

2022-10-22T16:50:18

xinclude: Limit recursion depth This avoids call stack overflows.

34496f26

2022-10-22T16:09:21

xinclude: Test for inclusion loops

bad30e2b

2022-10-21T17:27:23

xinclude: Copy included docs with xmlDocCopyNode All includes should already be expanded after calling xmlXIncludeRecurseDoc, so there's no need to invoke the more costly xmlXIncludeCopyNodeList. Now xmlXIncludeCopyNode is only used to copy XPointer fragments.

bc267cb9

2022-10-22T02:19:22

xinclude: Expand includes in xmlXIncludeCopyNode This should make nested includes work reliably. Fixes #424.

5e4b751f

2022-10-22T02:17:39

xinclude: Make xmlXIncludeCopyNode return a node list Convert callers of xmlXIncludeCopyNode to handle node lists.

64eaf4d4

2022-10-21T16:05:29

xinclude: Make xmlXIncludeCopyNode iterate all descendants

5f664ab2

2022-10-21T16:17:48

xinclude: Rework xmlXIncludePreProcessNode Rename xmlXIncludePreProcessNode to xmlXIncludeExpandNode. Search the include table for an already existing entry. Also load the included items in xmlXIncludeExpandNode and remove the second phase in xmlXIncludeDoProcess.

4d7524af

2022-10-21T16:46:38

xinclude: Ignore XML_XINCLUDE_START in xmlXIncludeCopyXPointer The XPath engine shouldn't return such nodes anyway.

938105b5

2022-10-21T15:56:12

Revert "xinclude: Fix regression with nested includes" This reverts commit 7f04e297318b1b908cec20711f74f75625afed7f which caused memory errors. See #424.

7f04e297

2022-10-18T18:40:00

xinclude: Fix regression with nested includes This reverts commits 74dcc10b and 87d20b55. Fixes #424.

6843fc72

2022-09-01T02:58:00

Remove or annotate char casts

0f568c0b

2022-08-26T01:22:33

Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.

3e7b4f37

2022-05-20T23:28:25

Avoid calling xmlSetTreeDoc Create text nodes with xmlNewDocText or set the document directly to avoid xmlSetTreeDoc being called when the node is inserted.

0aa8652e

2022-05-20T14:54:49

Use xmlNewDocText in xmlXIncludeCopyRange Otherwise, the initial node of the copy could be a text node with a NULL document. This results in the NULL document being propagated to copies of other nodes, losing information about the dictionary in which node data is stored, and freeing a dict-allocated string. See discussion in !175.

67070107

2022-04-20T23:17:14

Add configuration flag for XPointer locations support Add a new configuration flag that controls whether the outdated support for XPointer locations (ranges and points) is enabled. --with-xptr-locs # Autotools LIBXML2_WITH_XPTR_LOCS # CMake The latest spec for what it essentially an XPath extension seems to be this working draft from 2002: https://www.w3.org/TR/xptr-xpointer/ The xpointer() scheme is listed as "being reviewed" in the XPointer registry since at least 2006. libxml2 seems to be the only modern software that tries to implement this spec, but the code has many bugs and quality issues. The flag defaults to "off" and support for this extensions has to be requested explicitly. The relevant API functions are deprecated.

41afa89f

2022-04-10T14:09:29

Fix short-lived regression in xmlStaticCopyNode Commit 7618a3b1 didn't account for coalesced text nodes. I think it would be better if xmlStaticCopyNode didn't try to coalesce text nodes at all. This code path can only be triggered if some other code doesn't coalesce text nodes properly. In this case, OSS-Fuzz found such behavior in xinclude.c.

4a8c71eb

2022-03-04T03:35:57

Remove DOCBparser This code has been broken and deprecated since version 2.6.0, released in 2003. Because of a bug in commit 961b535c, DOCBparser.c was never compiled since 2012. I couldn't find a Debian package using any of its symbols, so it seems safe to remove this module.

bc06a522

2022-03-02T02:57:49

Fix recursion check in xinclude.c Compare the included URL with the document's URL to detect local inclusions. Fixes #348.

346c3a93

2022-02-20T18:46:42

Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.

8f5ccada

2021-07-07T19:24:36

xmlAddChild() and xmlAddNextSibling() may not attach their second argument Use the return value of xmlAddChild() and xmlAddNextSibling() instead of the second argument directly. Found by OSS-Fuzz. Fixes #316

1098c30a

2021-04-22T19:26:28

Fix user-after-free with `xmllint --xinclude --dropdtd` The --dropdtd option can leave dangling pointers in entity reference nodes. Make sure to skip these nodes when processing XIncludes. This also avoids scanning entity declarations and even modifying them inadvertently during XInclude processing. Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. Fixes #237.

847a3a11

2020-09-28T12:28:29

Fix use-after-free when XIncluding text from Reader The XML Reader can free text nodes coming from the XInclude engine before parsing has finished. Cache a copy of the text string, not the included node to avoid use after free. Found by OSS-Fuzz.

3fcf3193

2020-08-22T00:43:18

Fix regression introduced with commit d88df4b Revert the commit and use a different approach. Found by OSS-Fuzz.

87d20b55

2020-08-19T13:52:08

Fix regression introduced with commit 74dcc10b The code wasn't dead after all, but I can see no reason in delaying the XPointer evaluation. This could lead to nodes included earlier appearing in XPointer results.

fbb7fa9a

2020-08-19T13:13:20

Fix memory leak in xmlXIncludeAddNode error paths Found by OSS-Fuzz.

19cae17f

2020-08-19T13:07:28

Revert "Fix quadratic runtime in xi:fallback processing" This reverts commit 27119ec33c9f6b9830efa1e0da0acfa353dfa55a. Not copying fallback children didn't fix up namespaces and could lead to use-after-free errors. Found by OSS-Fuzz.

d63cfeca

2020-08-17T15:40:06

Add TODO comment in xinclude.c Add some thoughts on the major remaining problems with the XInclude implementation.

74dcc10b

2020-08-17T03:24:56

Remove dead code in xinclude.c 'doc' is checked for NULL in xmlXIncludeLoadDoc, so several code paths can be eliminated.

2c747129

2020-08-17T00:54:12

Fix error reporting with xi:fallback When reporting errors, don't use href of xi:include if xi:fallback was used. I think this can only be reproduced with "xmllint --postvalid", see the original bug report: https://bugzilla.gnome.org/show_bug.cgi?id=152623

27119ec3

2020-08-17T00:05:19

Fix quadratic runtime in xi:fallback processing Copying the tree would lead to runtime quadratic in nested fallback depth, similar to naive string concatenation.

d88df4bd

2020-08-16T23:38:48

Fix corner case with empty xi:fallback xi:fallback could become empty after recursive expansion. Use a flag to track whether nodes should be skipped.

dba82a8c

2020-08-16T23:02:20

Fix XInclude regression introduced with recent commit The change to xmlXIncludeLoadFallback in commit 11b57459 could process already freed nodes if text nodes were merged after deleting nodes with an empty fallback. Found by OSS-Fuzz.

6c128fd5

2020-06-05T13:43:45

Fuzz XInclude engine

1abf2967

2020-08-06T17:51:57

Fix exponential runtime and memory in xi:fallback processing When creating XML_XINCLUDE_START nodes, the children of the original xi:include node must be freed, otherwise fallback content is copied twice, doubling runtime and memory consumption for each nested xi:fallback/xi:include pair. Found with libFuzzer.

11b57459

2020-08-07T18:39:19

Don't process siblings of root in xmlXIncludeProcess xmlXIncludeDoProcess would follow the siblings of the tree root and also expand these nodes. When using an XML reader, this could lead to siblings of the current node being expanded without having been parsed completely.

0f9817c7

2020-06-10T16:34:52

Don't recurse into xi:include children in xmlXIncludeDoProcess Otherwise, nested xi:include nodes might result in a use-after-free if XML_PARSE_NOXINCNODE is specified. Found with libFuzzer and ASan.

5725c115

2020-06-10T15:11:40

Fix memory leak in xmlXIncludeIncludeNode error paths Found with libFuzzer and ASan.

ff009f99

2020-05-30T15:32:25

Fix memory leak in xmlXIncludeLoadDoc error path Found by OSS-Fuzz.

20c60886

2020-03-08T17:19:42

Fix typos Resolves #133.

2a350ee9

2019-09-30T17:04:54

Large batch of typo fixes Closes #109.

e91cbcf6

2019-09-20T12:44:17

Don't read external entities or XIncludes from stdin The file input callbacks try to read from stdin if "-" is passed as URL. This should never be done when loading indirect resources like external entities or XIncludes. Unfortunately, the stdin substitution happens deep inside the IO code, so we simply replace "-" with "./-" in specific locations. This issue also affects other users of the library like libxslt. Ideally, stdin should only be substituted on explicit request. But more intrusive changes could break existing code. Closes #90 and #102.

e32afd3f

2019-09-13T15:45:21

Fix error message when processing XIncludes with fallbacks Fixes bug #616491 https://bugzilla.gnome.org/show_bug.cgi?id=616491 Based on merge request !41

a6a57867

2019-08-13T20:08:53

Fix memory leak in xmlXIncludeLoadTxt

e03f0a19

2017-11-09T16:42:47

Fix hash callback signatures Make sure that all parameters and return values of hash callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Fixes bug 784861.

4472c3a5

2016-05-13T15:13:17

Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.

41586ca6

2013-06-17T13:01:33

Fix compilation with minimum and xinclude. xinclude needs xmlAddNextSibling(). Compile out use of xmlLocationSetPtr when xptr is disabled. Include xpath header.

0b86537d

2013-05-06T10:20:18

Remove premature XInclude check on URI being relative As it gives false negatives, see https://mail.gnome.org/archives/xml/2013-April/msg00023.html

f8e3db04

2012-09-11T13:26:36

Big space and tab cleanup Remove all space before tabs and space and tabs at end of lines.

dce1c8ba

2012-08-17T20:42:52

Patch for xinclude of text using multibyte characters for bug https://bugzilla.gnome.org/show_bug.cgi?id=633166 When you xinclude a text file, reading portions (by 4000 bytes) of the buffer incorrectly handled the situation when the end comes across portions of the bytes in a multibyte character.

3e62adbe

2012-08-09T14:24:02

Adding various checks on node type though the API Specifially checking against namespace nodes before accessing node pointers

345ee8b6

2012-07-16T14:40:37

Convert XInclude to the new input buffers A few xmlBuffer...() calls changed to their xmlBuf...() counterparts

4cf7325e

2012-05-10T20:59:33

xinclude with parse="text" does not use the entity loader For https://bugzilla.gnome.org/show_bug.cgi?id=552479 The code for xinclude parse="text" was not using the registered entity loader, defeating attempts to control loading of files.

06c93b75

2010-03-15T16:08:44

Remove a few warnings

594e5dfb

2009-09-07T14:58:47

Chasing dead assignments reported by clang-scan * SAX2.c dict.c error.c hash.c nanohttp.c parser.c python/libxml.c relaxng.c runtest.c tree.c valid.c xinclude.c xmlregexp.c xmlsave.c xmlschemas.c xpath.c xpointer.c: mostly removing unneded affectations, but this led to a few real bugs and some part not yet understood (relaxng/interleave)

cb6f525f

2009-08-25T19:24:15

584220 xpointer(/) and xinclude problems * xinclude.c: xpointer(/) in xinclude could lead to sub-document nodes and also fixed the code to inherit the dictionary from the embedding document

b9590e9c

2009-08-24T19:45:54

440226 Add xmlXIncludeProcessTreeFlagsData API * xinclude.c include/libxml/xinclude.h: new function similar to xmlXIncludeProcessFlagsData but operating on a subtree

54bd29b7

2008-08-26T07:26:55

patch based on Wieant Nielander contribution to add the option of not * include/libxml/parser.h xinclude.c xmllint.c: patch based on Wieant Nielander contribution to add the option of not doing URI base fixup in XInclude Daniel svn path=/trunk/; revision=3775

37d2d16c

2008-03-14T10:54:00

patch from Vasily Chekalkin fixes memory leaks, should fix 512647 Daniel * parser.c xinclude.c: patch from Vasily Chekalkin fixes memory leaks, should fix 512647 Daniel svn path=/trunk/; revision=3706

b242b088

2008-02-08T09:56:31

applied patch from Florent Guilian to remove an useless mutex in the * dict.c: applied patch from Florent Guilian to remove an useless mutex in the xmlDict structure. older, not commited ... * SAX2.c: another leak reported by Ashwin * xinclude.c: fixed the behaviour when XIncluding a fragment of the current document, patch from Chris Ryan Daniel svn path=/trunk/; revision=3686

b0a94e8b

2007-07-18T18:04:55

applied patch from bug #454608 from Patrik Fimml. Fixes bug #454608. * xinclude.c: applied patch from bug #454608 from Patrik Fimml. Fixes bug #454608. svn path=/trunk/; revision=3644

53ce98cd

2007-02-13T00:37:20

fixed problem with invalid char encountered during text include (reported * xinclude.c: fixed problem with invalid char encountered during text include (reported on xslt mailing list) svn path=/trunk/; revision=3583

a658582e

2006-12-04T09:21:28

anothe XInclude user data propagation patch from Michael Day Daniel * xinclude.c: anothe XInclude user data propagation patch from Michael Day Daniel

681e904e

2006-09-29T09:16:00

fixed a comment applied a patch from Michael Day to add a new function * xmlsave.c: fixed a comment * xinclude.c include/libxml/xinclude.h: applied a patch from Michael Day to add a new function providing the _private field for the generated parser contexts xmlXIncludeProcessFlagsData() Daniel

bf630c0d

2006-06-06T08:21:41

fix bug #343968, include='text' can't lead to a recursion. Daniel * xinclude.c: fix bug #343968, include='text' can't lead to a recursion. Daniel

11ce4004

2006-03-10T00:36:23

end of first pass on coverity reports. Daniel * runtest.c schematron.c testAutomata.c tree.c valid.c xinclude.c xmlcatalog.c xmlreader.c xmlregexp.c xpath.c: end of first pass on coverity reports. Daniel

e0fd93f5

2005-08-10T13:39:10

fixed bug #302302, nasty but the fix is rather simple. Daniel * xinclude.c: fixed bug #302302, nasty but the fix is rather simple. Daniel

24505b0f

2005-07-28T23:49:35

a lot of small cleanups based on Linus' sparse check output. Daniel * HTMLparser.c SAX2.c encoding.c globals.c parser.c relaxng.c runsuite.c runtest.c schematron.c testHTML.c testReader.c testRegexp.c testSAX.c testThreads.c valid.c xinclude.c xmlIO.c xmllint.c xmlmodule.c xmlschemas.c xpath.c xpointer.c: a lot of small cleanups based on Linus' sparse check output. Daniel

kc3-lang/libxml2/xinclude.c

xinclude.c

Log