kmx git

Commit	Date	Message
3ffcc03b	2023-03-13T19:38:41	parser: Deprecate more internal functions
98840d40	2023-03-21T19:07:12	parser: Rework EBCDIC code page detection To detect EBCDIC code pages, we used to switch the encoding twice and had to be very careful not to decode data after the XML declaration before the second switch. This relied on a hard-coded expected size of the XML declaration and was complicated and unreliable. Now we convert the first 200 bytes to EBCDIC-US and parse the encoding declaration manually.
f8efa589	2023-03-14T13:55:06	malloc-fail: Handle malloc failures in xmlSchemaInitTypes Note that this changes the return value of public function xmlSchemaInitTypes from void to int. This shouldn't break the ABI on most platforms. Found when investigating #500.
d7daf9fd	2023-03-14T13:02:36	xmllint: Fix use-after-free with --maxmem Fixes #498.
e7c3a4ca	2023-03-13T19:19:46	parser: Deprecate some parser input functions
48379394	2023-03-13T17:11:27	malloc-fail: Stop using XPath stack frames There's too much code which assumes that if ctxt->value is non-null, a value can be successfully popped off the stack. This assumption can break with stack frames when malloc fails. Instead of trying to fix all call sites, remove the stack frame logic. It only offered very little protection against misbehaving extension functions. We already check the stack size after a function call which should be enough. Found by OSS-Fuzz.
bd63d730	2023-03-12T17:40:55	html: Impose some length limits Impose length limits on names, attribute values, PIs and comments, similar to the XML parser.
b51478dc	2023-02-24T16:21:17	Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" This reverts commit 6a12be77c6a94c374ab7476087edcee2ba41d9b4. There's too much code reading ctxt->value directly and making the wrong assumptions.
6a12be77	2023-01-31T12:46:30	malloc-fail: Avoid use-after-free after unsuccessful valuePush In xpath.c there's a lot of code like: valuePush(ctxt, xmlCacheNewX()); ... valuePop(ctxt); If xmlCacheNewX fails, no value will be pushed on the stack. If there's no error check in between, valuePop will pop an unrelated value which can lead to use-after-free errors. Instead of trying to fix all call sites, we simply stop popping values if an error was signaled. This requires to change the CHECK_TYPE macro which is often used to determine whether a value can be safely popped. Found with libFuzzer, see #344.
59b33661	2022-12-27T14:15:51	error: Limit number of parser errors Reporting errors is expensive and some abusive test cases can generate an error for each invalid input byte. This causes the parser to spend most of the time with error handling. Limit the number of errors and warnings to 100.
b47ebf04	2022-12-21T00:02:47	parser: Deprecate xmlString*DecodeEntities These are internal functions.
ce76ebfd	2022-12-19T20:56:23	entities: Stop counting entities This was only used in the old version of xmlParserEntityCheck.
463bbeec	2022-12-19T18:39:45	entities: Rework entity amplification checks This commit implements robust detection of entity amplification attacks, better known as the "billion laughs" attack. We now limit the size of the document after substitution of entities to 10 times the size before expansion. This guarantees linear behavior by definition. There already was a similar check before, but the accounting of "sizeentities" (size of external entities) and "sizeentcopy" (size of all copies created by entity references) wasn't accurate. We also need saturation arithmetic since we're historically limited to "unsigned long" which is 32-bit on many platforms. A maximum of 10 MB of substitutions is always allowed. This should make use cases like DITA work which have caused problems in the past. The old checks based on the number of entities were removed. This is accounted for by adding a fixed cost to each entity reference. Entity amplification checks are now enabled even if XML_PARSE_HUGE is set. This option is mainly used to allow larger text nodes. Most users were unaware that it also disabled entity expansion checks. Some of the limits might be adjusted later. If this change turns out to affect legitimate use cases, we can add a separate parser option to disable the checks. Fixes #294. Fixes #345.
f34f184f	2022-12-19T15:24:53	entities: Add "flags" member to struct xmlEntity This will hold various flags and eventually replace the "checked" member.
a6debffd	2022-12-08T03:37:24	xmlexports.h: Disable docs for internal macro XMLPUBLIC
3b6cc47a	2022-12-08T02:51:52	xmlexports.h: Remove LIBXML_FASTCALL optimization This was an experimental and undocumented micro-optimization for Windows which apparently required different calling conventions for variable-argument functions, making it impossible to maintain without domain knowledge.
ce9baf94	2022-12-08T02:48:27	Remove XMLCALL and XMLCDECL macros from public headers
c73d464a	2022-11-24T15:00:03	threads: Deprecate some internal functions
707ade22	2022-11-22T14:56:58	Visual Studio builds: Allow silencing deprecation warnings Define XML_IGNORE_DEPRECATION_WARNINGS and the corresponding XML_POP_WARNINGS for Visual Studio, and consequently define XML_IGNORE_FPTR_CAST_WARNINGS so that we do not get a compiler warning on Visual Studio by doing a __pragma(warning(pop)) without a corresponding __pragma(warning(push)). Also correct the documentation a bit for XML_POP_WARNINGS.
b9590d5d	2022-11-18T11:23:23	Visual Studio: Define XML_DEPRECATED We can mark APIs as deprecated using __declspec(deprecated) with Visual Studio 2005 and later, so add a definition of that so that we can help users avoid using deprecated APIs when using Visual Studio as well. For the existing GCC definition, check whether we are on GCC 3.1+ before enabling the definition.
68a6518c	2022-11-15T18:23:33	parser: Rewrite push parser boundary checks Remove inaccurate xmlParseCheckTransition check. Remove non-incremental xmlParseGetLasts check. Add functions that check for several boundary constructs more accurately, keeping track of progress in ctxt->checkIndex. Fixes #439.
2059df53	2022-11-14T22:27:58	buf: Deprecate static/immutable buffers
b693905f	2022-11-04T14:50:39	doc: Remove xmlDllMain from documentation and version script This is a Windows-only symbol.
a9669679	2022-09-09T01:44:00	error: Don't use initGenericErrorDefaultFunc The code in xmlInitParser did only set the error handler if it was NULL which should never happen.
0d901258	2022-09-04T16:41:43	Fix Windows compiler warnings in python/types.c
1e60c768	2022-09-04T01:49:41	Remove HAVE_WIN32_THREADS configuration flag Check for LIBXML_THREAD_ENABLED and _WIN32 instead.
59f2f60e	2022-09-02T00:27:57	Remove "runtime debugging" This doesn't seem useful as configuration option.
65dc8a63	2022-09-01T00:13:19	Make xmlNewSAXParserCtx take a const sax handler Also improve documentation.
39dfb048	2022-08-26T02:41:15	Don't forget to install xmlversion.h Fixes 7f7961df.
0f568c0b	2022-08-26T01:22:33	Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.
48f84ea8	2022-08-25T21:31:08	Remove internal macros from parserInternals.h Replace MOVETO_ENDTAG with code that updates line and column numbers.
58fc89e8	2022-08-25T20:57:30	Deprecate internal parser functions
a308c0cd	2022-08-25T20:18:16	Deprecate old HTML SAX API
51035c53	2022-08-25T19:53:04	Generate deprecation warnings for old SAX API
7f7961df	2022-08-25T13:47:16	Remove generated files from distribution - libxml2.spec - libxml-2.0.pc - xml2-config - include/libxml/xmlversion.h - python/libxml2.py - python/libxml2-export.c - python/libxml2-py.c - python/libxml2-py.h - python/libxml2class.py - python/libxml2class.txt - python/setup.py
34a050cd	2022-08-24T16:35:58	Move some HTML functions to correct header file
9a82b94a	2022-08-24T04:21:58	Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt Add API functions to create a parser context with a custom SAX handler without having to mess with ctxt->sax manually.
92bb889b	2022-08-24T00:03:44	Don't index anything in DOC_DISABLE sections Somewhat misleadingly, the DOC_DISABLE directive only disabled warnings. Now we really stop the documentation generator from indexing. This results in additional warnings for xmlThrDef* functions. This should be fixed by documenting or deprecating them.
75b5bc2b	2022-08-23T20:57:49	Deprecate some global variables Most of these should be completely unused.
5264fa11	2022-08-18T20:17:27	Fix warnings from apibuild.py
e986d09c	2022-07-15T14:02:26	Skip incorrectly opened HTML comments Commit 4fd69f3e fixed handling of '<' characters not followed by an ASCII letter. But a '<!' sequence followed by invalid characters should be treated as bogus comment and skipped. Fixes #380.
e9270ef0	2022-05-06T10:44:03	fix Schematron spelling
67070107	2022-04-20T23:17:14	Add configuration flag for XPointer locations support Add a new configuration flag that controls whether the outdated support for XPointer locations (ranges and points) is enabled. --with-xptr-locs # Autotools LIBXML2_WITH_XPTR_LOCS # CMake The latest spec for what it essentially an XPath extension seems to be this working draft from 2002: https://www.w3.org/TR/xptr-xpointer/ The xpointer() scheme is listed as "being reviewed" in the XPointer registry since at least 2006. libxml2 seems to be the only modern software that tries to implement this spec, but the code has many bugs and quality issues. The flag defaults to "off" and support for this extensions has to be requested explicitly. The relevant API functions are deprecated.
aab584dc	2022-03-06T23:23:43	Clean up encoding switching code - Remove xmlSwitchToEncodingInt which was basically just a wrapper around xmlSwitchInputEncodingInt. - Simplify xmlSwitchEncoding. - Improve error handling in xmlSwitchInputEncodingInt. - Deprecate xmlSwitchInputEncoding.
2070ade6	2022-03-06T23:19:04	Undeprecate schema init functions These functions aren't called from xmlInitParser, so it's better to keep them public for now.
40483d0c	2022-03-06T13:55:48	Deprecate module init and cleanup functions These functions shouldn't be part of the public API. Most init functions are only thread-safe when called from xmlInitParser. Global variables should only be cleaned up by calling xmlCleanupParser.
4a8c71eb	2022-03-04T03:35:57	Remove DOCBparser This code has been broken and deprecated since version 2.6.0, released in 2003. Because of a bug in commit 961b535c, DOCBparser.c was never compiled since 2012. I couldn't find a Debian package using any of its symbols, so it seems safe to remove this module.
ebb17970	2022-03-04T02:31:59	Remove unneeded #includes
d7b287b9	2021-07-17T14:36:53	htmlParseComment: handle abruptly-closed comments See guidance provided on abrutply-closed comments here: https://html.spec.whatwg.org/multipage/parsing.html#parse-error-abrupt-closing-of-empty-comment
b66ce0bb	2022-03-01T12:39:02	Don't include ICU headers in public headers There's no need to make these implementation details public.
2489c1d0	2022-02-28T22:42:10	Remove useless __CYGWIN__ checks From what I can tell, some really early Cygwin versions from around 1998-2000 used to erroneously define _WIN32. This was eventually fixed, but these days, the `defined(_WIN32) && !defined(__CYGWIN__)` idiom is unnecessary. Now, we only check for __CYGWIN__ in xmlexports.h when deciding whether to use __declspec.
004fe9de	2022-02-20T19:02:31	Deprecate IDREF-related functions in valid.h These functions are only needed internally for validation. xmlGetRefs is inherently unsafe because the ref table isn't updated if attributes are removed (unlike the ids table). None of the Ubuntu 20.04 packages depending on libxml2 use any of these functions (except xmlFreeRefTable in libxslt), so it seems perfectly safe to deprecate them. Remove xmlIsRef and xmlRemoveRef from the Python bindings.
61de9297	2022-02-20T20:59:14	Deprecate all functions in DOCBparser.h
cf4893f7	2022-02-20T19:56:41	Deprecate legacy functions
9e0ca5a1	2022-02-20T19:29:01	Deprecate all functions in nanoftp.h
a2fe74c0	2022-02-20T18:19:27	Add XML_DEPRECATED macro __attribute__((deprecated)) is available since at least GCC 3.1, so an exact version check is probably unnecessary.
d7cb33cf	2022-01-13T17:06:14	Rework validation context flags Use a bitmask instead of magic values to - keep track whether the validation context is part of a parser context - keep track whether xmlValidateDtdFinal was called This allows to add addtional flags later. Note that this deliberately changes the name of a public struct member, assuming that this was always private data never to be used by client code.
b041d829	2022-02-16T19:55:30	Remove xmlwin32version.h This file was undocumented and never used anywhere. Maybe users were supposed to rename this file to xmlversion.h manually. These days, both CMake and win32/configure.js generate xmlversion.h from xmlversion.h.in, just like the Autotools build.
7fe9addc	2022-02-13T23:29:51	Remove CVS and SVN-related code
7d4060d2	2021-05-16T18:00:21	Add missing file xmlwin32version.h.in to EXTRA_DIST
ce00c36e	2021-05-08T21:20:05	Store per-element parser state in a struct Make the parser context's "pushTab" point to an array of structs instead of void pointers. This avoids casting unrelated types to void pointers, improving readability and portability, and allows for more efficient packing. Ultimately, the struct could be extended to include the contents of "nameTab" and "spaceTab", further simplifying the code. Historically, "pushTab" was only used by the push parser (hence the name), so the change to the public headers should be safe. Also remove an unused parameter from xmlParseEndTag2.
fb08d9fe	2021-03-20T22:02:26	Fix include order in c14n.h - Include xmlversion.h before testing feature flags. - Include libxml headers before extern "C". Fixes #226.
1fe38530	2020-12-16T15:27:13	Remove temporary members from struct _xmlXPathContext These values are hardcoded now and the struct members, while public, were recently introduced and never part of an official release.
acdc2ff3	2020-06-04T23:02:08	Simplify xmlexports.h All the compiler switches essentially set the same macros. The only exception was MSVC which omitted the "extern" keyword for exported variables. This in turn broke clang-cl. This commit rewrites and simplifies the whole header. Closes #163.
438e595a	2020-08-09T14:43:53	Stop counting nbChars in parser context The value was inaccurate and never used.
20c60886	2020-03-08T17:19:42	Fix typos Resolves #133.
c2e09f44	2020-02-11T11:32:23	Add xmlPopOutputCallbacks Add function to pop a single set of output callbacks from the stack. This was only implemented for input callbacks before. Fixes #135.
74a8a91f	2019-09-30T17:58:59	Fix a few more typos ("fonction")
2a350ee9	2019-09-30T17:04:54	Large batch of typo fixes Closes #109.
d56184a0	2019-09-26T12:11:39	Disable xmlExp regex code This is apparently another regex engine that was never used, see commit 81a8ec6.
37189c08	2019-07-08T12:18:24	dict.h: gcc 2.95 doesn't allow multiple storage classes This is a partial revert of commit c71f9305. I'm not sure what issue this commit was trying to solve but it seems to be related to a circular dependency. It might be related to tree.h being included from dict.h which is unnecessary. Resolves !22.
2d97a97a	2019-03-15T16:27:58	Optional recursion limit when parsing XPath expressions Useful to avoid call stack overflows when fuzzing. Note that parsing a parenthesized expression currently consumes more than 10 stack frames, so this limit should be set rather low.
64115ed6	2019-03-18T11:34:26	Optional recursion limit when evaluating XPath expressions Useful to avoid call stack overflows when fuzzing.
852c93a2	2019-03-12T16:12:05	Optional XPath operation limit Optionally limit the maximum numbers of XPath operations when evaluating an expression. Useful to avoid timeouts when fuzzing. The following operations count towards the limit: - XPath operations - Location step iterations - Union operations Enabled by setting opLimit to a non-zero value. Note that it's the user's responsibility to reset opCount. This allows to enforce the operation limit across multiple reuses of an XPath context.
9a82ae30	2019-02-28T12:18:37	Stop defining _REENTRANT on some Win32 platforms The _REENTRANT macro was defined unconditionally on some Win32 builds using the Microsoft C runtime. It shouldn't have an effect under MSVCRT and was presumably only defined because of the LIBXML_THREAD_ENABLED issue fixed with the previous commit.
cf68fe3d	2019-02-27T15:00:14	Always define LIBXML_THREAD_ENABLED when enabled When libxml2 is compiled with threads enabled, have the header file define LIBXML_THREAD_ENABLED even if the subsequent application by itself does not enable threads. Otherwise, the application would see the unthreaded API functions, but these are not exported (where it does make a difference, like on Win32 based platforms).
ee501f54	2018-10-13T15:23:35	Stop using doc->charset outside parser code doc->charset does not specify the in-memory encoding which is always UTF-8.
73b2417c	2018-09-22T15:45:02	Variables need 'extern' in static lib on Cygwin While the dllimport/dllexport macros now work for Cygwin, using the static library still requires variables to be declared as 'extern'. This is a regression of c65c9e8ee07e2dab0647392c2bd1795a5bc99829, found+fixed by Bruno Haible using static libxml embedded in gettext.
1dafb427	2018-09-03T15:29:50	Don't include SAX.h from globals.h SAX.h contains a legacy interface with several unprefixed symbols like `reference`, causing severe namespace pollution. The globals.h header doesn't need any of these symbols, so remove the #include.
c65c9e8e	2018-08-31T11:42:14	Really declare dllexport/dllimport for Cygwin Cygwin does not define _WIN32, but still requires dllexport/dllimport tags for when applications use the --disable-auto-import linker flag, probably set by the gl_WOE32_DLL autoconf macro in woe32-dll.m4 file.
ff628d46	2017-11-13T18:35:51	Stop including ansidecl.h This seems to be an undocumented, internal GCC header added a long time ago. I don't know why it was included, but I think it can be safely removed.
4dd6d7a5	2017-11-09T17:28:00	Fix list callback signatures Make sure that all parameters and return values of list callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Also change the `user` parameter type from `const void ` to `void `.
e03f0a19	2017-11-09T16:42:47	Fix hash callback signatures Make sure that all parameters and return values of hash callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Fixes bug 784861.
0b19f236	2017-10-25T18:11:12	Fixed ICU to set flush correctly and provide pivot buffer. By always setting flush=TRUE when doing multiple reads, ICU will not correctly handle truncated utf8 chars across read boundaries. The fix is to set flush=TRUE only on final read, and to provide a pivot buffer which is maintained by libxml between calls to ucnv_convertEx.
882a165a	2017-10-21T14:04:20	Fix preprocessor conditional in threads.h Make sure that the preprocessor conditions and types for xmlDllMain match exactly in threads.h and threads.c.
e3890546	2017-10-09T00:20:01	Fix the Windows header mess Don't include windows.h and wsockcompat.h from config.h but only when needed. Don't define _WINSOCKAPI_ manually. This was apparently done to stop windows.h from including winsock.h which is a problem if winsock2.h wasn't included first. But on MinGW, this causes compiler warnings. Define WIN32_LEAN_AND_MEAN instead which has the same effect. Always use the compiler-defined _WIN32 macro instead of WIN32.
8bbe4508	2017-06-17T16:15:09	Spelling and grammar fixes Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other misspellings.
576912fa	2017-06-17T15:59:13	Make HTML parser functions take const pointers The 'cur' parameter of htmlParseDoc and htmlSAXParseDoc should be 'const xmlChar *'. Fixes bug 770650.
030b1f7a	2017-06-06T15:53:42	Revert "Add an XML_PARSE_NOXXE flag to block all entities loading even local" This reverts commit 2304078555896cf1638c628f50326aeef6f0e0d0. The new flag doesn't work and the change even broke the XML_PARSE_NONET option.
23040785	2017-04-07T16:45:56	Add an XML_PARSE_NOXXE flag to block all entities loading even local For https://bugzilla.gnome.org/show_bug.cgi?id=772726 * include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE * elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine * include/libxml/xmlerror.h: new error raised * xmllint.c: adds --noxxe flag to activate the option
4472c3a5	2016-05-13T15:13:17	Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.
c71f9305	2016-05-02T16:21:47	dict.h: Move xmlDictPtr definition before includes to allow direct inclusion.
91ac664f	2016-04-26T14:47:56	Fix OOB write in xmlXPathEmptyNodeSet xmlXPathEmptyNodeSet would write a NULL pointer just beyond the end of the nodeTab array. This macro isn't used in libxml2, but in some of the math functions in libexslt where it can result in heap corruption and denial of service. Found by afl-fuzz and ASan.
cad102b8	2016-04-15T22:41:24	Do normalize string-based datatype value in RelaxNG facet checking Original patch is from Jan Pokorný <jpokorny redhat com> https://mail.gnome.org/archives/xml/2013-November/msg00028.html Improve it according to reviews and add test files.
bb654feb	2016-04-13T16:56:07	Fix typos: dictio{ nn -> n }ar{y,ies} Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
b02a167a	2015-04-14T13:51:01	Silence clang's -Wunknown-attribute Clang doesn't have perfect feature compatibility with GCC, unfortunately. https://bugzilla.gnome.org/show_bug.cgi?id=747870
213f1fe0	2015-04-14T17:41:48	CVE-2015-1819 Enforce the reader to run in constant memory One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect.
7a72f4af	2014-10-13T16:23:24	Fix a couple of issues raised by make dist
95ebe53b	2014-10-13T16:06:21	Fix and add const qualifiers For https://bugzilla.gnome.org/show_bug.cgi?id=689483 It seems there are functions that do use the const qualifier for some of the arguments, but it seems that there are a lot of functions that don't use it and probably should. So I created a patch against 2.9.0 that makes as much as possible const in tree.h, and changed other files as needed. There were a lot of cases like "const xmlNodePtr node". This doesn't actually do anything, there the pointer is constant not the object it points to. So I changed those to "const xmlNode *node". I also removed some consts, mostly in the Copy functions, because those functions can actually modify the doc or node they copy from
77b5b464	2014-02-10T10:32:45	Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). Fix compilation with minimum and legacy.

3ffcc03b

2023-03-13T19:38:41

parser: Deprecate more internal functions

98840d40

2023-03-21T19:07:12

parser: Rework EBCDIC code page detection To detect EBCDIC code pages, we used to switch the encoding twice and had to be very careful not to decode data after the XML declaration before the second switch. This relied on a hard-coded expected size of the XML declaration and was complicated and unreliable. Now we convert the first 200 bytes to EBCDIC-US and parse the encoding declaration manually.

f8efa589

2023-03-14T13:55:06

malloc-fail: Handle malloc failures in xmlSchemaInitTypes Note that this changes the return value of public function xmlSchemaInitTypes from void to int. This shouldn't break the ABI on most platforms. Found when investigating #500.

d7daf9fd

2023-03-14T13:02:36

xmllint: Fix use-after-free with --maxmem Fixes #498.

e7c3a4ca

2023-03-13T19:19:46

parser: Deprecate some parser input functions

48379394

2023-03-13T17:11:27

malloc-fail: Stop using XPath stack frames There's too much code which assumes that if ctxt->value is non-null, a value can be successfully popped off the stack. This assumption can break with stack frames when malloc fails. Instead of trying to fix all call sites, remove the stack frame logic. It only offered very little protection against misbehaving extension functions. We already check the stack size after a function call which should be enough. Found by OSS-Fuzz.

bd63d730

2023-03-12T17:40:55

html: Impose some length limits Impose length limits on names, attribute values, PIs and comments, similar to the XML parser.

b51478dc

2023-02-24T16:21:17

Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" This reverts commit 6a12be77c6a94c374ab7476087edcee2ba41d9b4. There's too much code reading ctxt->value directly and making the wrong assumptions.

6a12be77

2023-01-31T12:46:30

malloc-fail: Avoid use-after-free after unsuccessful valuePush In xpath.c there's a lot of code like: valuePush(ctxt, xmlCacheNewX()); ... valuePop(ctxt); If xmlCacheNewX fails, no value will be pushed on the stack. If there's no error check in between, valuePop will pop an unrelated value which can lead to use-after-free errors. Instead of trying to fix all call sites, we simply stop popping values if an error was signaled. This requires to change the CHECK_TYPE macro which is often used to determine whether a value can be safely popped. Found with libFuzzer, see #344.

59b33661

2022-12-27T14:15:51

error: Limit number of parser errors Reporting errors is expensive and some abusive test cases can generate an error for each invalid input byte. This causes the parser to spend most of the time with error handling. Limit the number of errors and warnings to 100.

b47ebf04

2022-12-21T00:02:47

parser: Deprecate xmlString*DecodeEntities These are internal functions.

ce76ebfd

2022-12-19T20:56:23

entities: Stop counting entities This was only used in the old version of xmlParserEntityCheck.

463bbeec

2022-12-19T18:39:45

entities: Rework entity amplification checks This commit implements robust detection of entity amplification attacks, better known as the "billion laughs" attack. We now limit the size of the document after substitution of entities to 10 times the size before expansion. This guarantees linear behavior by definition. There already was a similar check before, but the accounting of "sizeentities" (size of external entities) and "sizeentcopy" (size of all copies created by entity references) wasn't accurate. We also need saturation arithmetic since we're historically limited to "unsigned long" which is 32-bit on many platforms. A maximum of 10 MB of substitutions is always allowed. This should make use cases like DITA work which have caused problems in the past. The old checks based on the number of entities were removed. This is accounted for by adding a fixed cost to each entity reference. Entity amplification checks are now enabled even if XML_PARSE_HUGE is set. This option is mainly used to allow larger text nodes. Most users were unaware that it also disabled entity expansion checks. Some of the limits might be adjusted later. If this change turns out to affect legitimate use cases, we can add a separate parser option to disable the checks. Fixes #294. Fixes #345.

f34f184f

2022-12-19T15:24:53

entities: Add "flags" member to struct xmlEntity This will hold various flags and eventually replace the "checked" member.

a6debffd

2022-12-08T03:37:24

xmlexports.h: Disable docs for internal macro XMLPUBLIC

3b6cc47a

2022-12-08T02:51:52

xmlexports.h: Remove LIBXML_FASTCALL optimization This was an experimental and undocumented micro-optimization for Windows which apparently required different calling conventions for variable-argument functions, making it impossible to maintain without domain knowledge.

ce9baf94

2022-12-08T02:48:27

Remove XMLCALL and XMLCDECL macros from public headers

c73d464a

2022-11-24T15:00:03

threads: Deprecate some internal functions

707ade22

2022-11-22T14:56:58

Visual Studio builds: Allow silencing deprecation warnings Define XML_IGNORE_DEPRECATION_WARNINGS and the corresponding XML_POP_WARNINGS for Visual Studio, and consequently define XML_IGNORE_FPTR_CAST_WARNINGS so that we do not get a compiler warning on Visual Studio by doing a __pragma(warning(pop)) without a corresponding __pragma(warning(push)). Also correct the documentation a bit for XML_POP_WARNINGS.

b9590d5d

2022-11-18T11:23:23

Visual Studio: Define XML_DEPRECATED We can mark APIs as deprecated using __declspec(deprecated) with Visual Studio 2005 and later, so add a definition of that so that we can help users avoid using deprecated APIs when using Visual Studio as well. For the existing GCC definition, check whether we are on GCC 3.1+ before enabling the definition.

68a6518c

2022-11-15T18:23:33

parser: Rewrite push parser boundary checks Remove inaccurate xmlParseCheckTransition check. Remove non-incremental xmlParseGetLasts check. Add functions that check for several boundary constructs more accurately, keeping track of progress in ctxt->checkIndex. Fixes #439.

2059df53

2022-11-14T22:27:58

buf: Deprecate static/immutable buffers

b693905f

2022-11-04T14:50:39

doc: Remove xmlDllMain from documentation and version script This is a Windows-only symbol.

a9669679

2022-09-09T01:44:00

error: Don't use initGenericErrorDefaultFunc The code in xmlInitParser did only set the error handler if it was NULL which should never happen.

0d901258

2022-09-04T16:41:43

Fix Windows compiler warnings in python/types.c

1e60c768

2022-09-04T01:49:41

Remove HAVE_WIN32_THREADS configuration flag Check for LIBXML_THREAD_ENABLED and _WIN32 instead.

59f2f60e

2022-09-02T00:27:57

Remove "runtime debugging" This doesn't seem useful as configuration option.

65dc8a63

2022-09-01T00:13:19

Make xmlNewSAXParserCtx take a const sax handler Also improve documentation.

39dfb048

2022-08-26T02:41:15

Don't forget to install xmlversion.h Fixes 7f7961df.

0f568c0b

2022-08-26T01:22:33

Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.

48f84ea8

2022-08-25T21:31:08

Remove internal macros from parserInternals.h Replace MOVETO_ENDTAG with code that updates line and column numbers.

58fc89e8

2022-08-25T20:57:30

Deprecate internal parser functions

a308c0cd

2022-08-25T20:18:16

Deprecate old HTML SAX API

51035c53

2022-08-25T19:53:04

Generate deprecation warnings for old SAX API

7f7961df

2022-08-25T13:47:16

Remove generated files from distribution - libxml2.spec - libxml-2.0.pc - xml2-config - include/libxml/xmlversion.h - python/libxml2.py - python/libxml2-export.c - python/libxml2-py.c - python/libxml2-py.h - python/libxml2class.py - python/libxml2class.txt - python/setup.py

34a050cd

2022-08-24T16:35:58

Move some HTML functions to correct header file

9a82b94a

2022-08-24T04:21:58

Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt Add API functions to create a parser context with a custom SAX handler without having to mess with ctxt->sax manually.

92bb889b

2022-08-24T00:03:44

Don't index anything in DOC_DISABLE sections Somewhat misleadingly, the DOC_DISABLE directive only disabled warnings. Now we really stop the documentation generator from indexing. This results in additional warnings for xmlThrDef* functions. This should be fixed by documenting or deprecating them.

75b5bc2b

2022-08-23T20:57:49

Deprecate some global variables Most of these should be completely unused.

5264fa11

2022-08-18T20:17:27

Fix warnings from apibuild.py

e986d09c

2022-07-15T14:02:26

Skip incorrectly opened HTML comments Commit 4fd69f3e fixed handling of '<' characters not followed by an ASCII letter. But a '<!' sequence followed by invalid characters should be treated as bogus comment and skipped. Fixes #380.

e9270ef0

2022-05-06T10:44:03

fix Schematron spelling

67070107

2022-04-20T23:17:14

Add configuration flag for XPointer locations support Add a new configuration flag that controls whether the outdated support for XPointer locations (ranges and points) is enabled. --with-xptr-locs # Autotools LIBXML2_WITH_XPTR_LOCS # CMake The latest spec for what it essentially an XPath extension seems to be this working draft from 2002: https://www.w3.org/TR/xptr-xpointer/ The xpointer() scheme is listed as "being reviewed" in the XPointer registry since at least 2006. libxml2 seems to be the only modern software that tries to implement this spec, but the code has many bugs and quality issues. The flag defaults to "off" and support for this extensions has to be requested explicitly. The relevant API functions are deprecated.

aab584dc

2022-03-06T23:23:43

Clean up encoding switching code - Remove xmlSwitchToEncodingInt which was basically just a wrapper around xmlSwitchInputEncodingInt. - Simplify xmlSwitchEncoding. - Improve error handling in xmlSwitchInputEncodingInt. - Deprecate xmlSwitchInputEncoding.

2070ade6

2022-03-06T23:19:04

Undeprecate schema init functions These functions aren't called from xmlInitParser, so it's better to keep them public for now.

40483d0c

2022-03-06T13:55:48

Deprecate module init and cleanup functions These functions shouldn't be part of the public API. Most init functions are only thread-safe when called from xmlInitParser. Global variables should only be cleaned up by calling xmlCleanupParser.

4a8c71eb

2022-03-04T03:35:57

Remove DOCBparser This code has been broken and deprecated since version 2.6.0, released in 2003. Because of a bug in commit 961b535c, DOCBparser.c was never compiled since 2012. I couldn't find a Debian package using any of its symbols, so it seems safe to remove this module.

ebb17970

2022-03-04T02:31:59

Remove unneeded #includes

d7b287b9

2021-07-17T14:36:53

htmlParseComment: handle abruptly-closed comments See guidance provided on abrutply-closed comments here: https://html.spec.whatwg.org/multipage/parsing.html#parse-error-abrupt-closing-of-empty-comment

b66ce0bb

2022-03-01T12:39:02

Don't include ICU headers in public headers There's no need to make these implementation details public.

2489c1d0

2022-02-28T22:42:10

Remove useless __CYGWIN__ checks From what I can tell, some really early Cygwin versions from around 1998-2000 used to erroneously define _WIN32. This was eventually fixed, but these days, the `defined(_WIN32) && !defined(__CYGWIN__)` idiom is unnecessary. Now, we only check for __CYGWIN__ in xmlexports.h when deciding whether to use __declspec.

004fe9de

2022-02-20T19:02:31

Deprecate IDREF-related functions in valid.h These functions are only needed internally for validation. xmlGetRefs is inherently unsafe because the ref table isn't updated if attributes are removed (unlike the ids table). None of the Ubuntu 20.04 packages depending on libxml2 use any of these functions (except xmlFreeRefTable in libxslt), so it seems perfectly safe to deprecate them. Remove xmlIsRef and xmlRemoveRef from the Python bindings.

61de9297

2022-02-20T20:59:14

Deprecate all functions in DOCBparser.h

cf4893f7

2022-02-20T19:56:41

Deprecate legacy functions

9e0ca5a1

2022-02-20T19:29:01

Deprecate all functions in nanoftp.h

a2fe74c0

2022-02-20T18:19:27

Add XML_DEPRECATED macro __attribute__((deprecated)) is available since at least GCC 3.1, so an exact version check is probably unnecessary.

d7cb33cf

2022-01-13T17:06:14

Rework validation context flags Use a bitmask instead of magic values to - keep track whether the validation context is part of a parser context - keep track whether xmlValidateDtdFinal was called This allows to add addtional flags later. Note that this deliberately changes the name of a public struct member, assuming that this was always private data never to be used by client code.

b041d829

2022-02-16T19:55:30

Remove xmlwin32version.h This file was undocumented and never used anywhere. Maybe users were supposed to rename this file to xmlversion.h manually. These days, both CMake and win32/configure.js generate xmlversion.h from xmlversion.h.in, just like the Autotools build.

7fe9addc

2022-02-13T23:29:51

Remove CVS and SVN-related code

7d4060d2

2021-05-16T18:00:21

Add missing file xmlwin32version.h.in to EXTRA_DIST

ce00c36e

2021-05-08T21:20:05

Store per-element parser state in a struct Make the parser context's "pushTab" point to an array of structs instead of void pointers. This avoids casting unrelated types to void pointers, improving readability and portability, and allows for more efficient packing. Ultimately, the struct could be extended to include the contents of "nameTab" and "spaceTab", further simplifying the code. Historically, "pushTab" was only used by the push parser (hence the name), so the change to the public headers should be safe. Also remove an unused parameter from xmlParseEndTag2.

fb08d9fe

2021-03-20T22:02:26

Fix include order in c14n.h - Include xmlversion.h before testing feature flags. - Include libxml headers before extern "C". Fixes #226.

1fe38530

2020-12-16T15:27:13

Remove temporary members from struct _xmlXPathContext These values are hardcoded now and the struct members, while public, were recently introduced and never part of an official release.

acdc2ff3

2020-06-04T23:02:08

Simplify xmlexports.h All the compiler switches essentially set the same macros. The only exception was MSVC which omitted the "extern" keyword for exported variables. This in turn broke clang-cl. This commit rewrites and simplifies the whole header. Closes #163.

438e595a

2020-08-09T14:43:53

Stop counting nbChars in parser context The value was inaccurate and never used.

20c60886

2020-03-08T17:19:42

Fix typos Resolves #133.

c2e09f44

2020-02-11T11:32:23

Add xmlPopOutputCallbacks Add function to pop a single set of output callbacks from the stack. This was only implemented for input callbacks before. Fixes #135.

74a8a91f

2019-09-30T17:58:59

Fix a few more typos ("fonction")

2a350ee9

2019-09-30T17:04:54

Large batch of typo fixes Closes #109.

d56184a0

2019-09-26T12:11:39

Disable xmlExp regex code This is apparently another regex engine that was never used, see commit 81a8ec6.

37189c08

2019-07-08T12:18:24

dict.h: gcc 2.95 doesn't allow multiple storage classes This is a partial revert of commit c71f9305. I'm not sure what issue this commit was trying to solve but it seems to be related to a circular dependency. It might be related to tree.h being included from dict.h which is unnecessary. Resolves !22.

2d97a97a

2019-03-15T16:27:58

Optional recursion limit when parsing XPath expressions Useful to avoid call stack overflows when fuzzing. Note that parsing a parenthesized expression currently consumes more than 10 stack frames, so this limit should be set rather low.

64115ed6

2019-03-18T11:34:26

Optional recursion limit when evaluating XPath expressions Useful to avoid call stack overflows when fuzzing.

852c93a2

2019-03-12T16:12:05

Optional XPath operation limit Optionally limit the maximum numbers of XPath operations when evaluating an expression. Useful to avoid timeouts when fuzzing. The following operations count towards the limit: - XPath operations - Location step iterations - Union operations Enabled by setting opLimit to a non-zero value. Note that it's the user's responsibility to reset opCount. This allows to enforce the operation limit across multiple reuses of an XPath context.

9a82ae30

2019-02-28T12:18:37

Stop defining _REENTRANT on some Win32 platforms The _REENTRANT macro was defined unconditionally on some Win32 builds using the Microsoft C runtime. It shouldn't have an effect under MSVCRT and was presumably only defined because of the LIBXML_THREAD_ENABLED issue fixed with the previous commit.

cf68fe3d

2019-02-27T15:00:14

Always define LIBXML_THREAD_ENABLED when enabled When libxml2 is compiled with threads enabled, have the header file define LIBXML_THREAD_ENABLED even if the subsequent application by itself does not enable threads. Otherwise, the application would see the unthreaded API functions, but these are not exported (where it does make a difference, like on Win32 based platforms).

ee501f54

2018-10-13T15:23:35

Stop using doc->charset outside parser code doc->charset does not specify the in-memory encoding which is always UTF-8.

73b2417c

2018-09-22T15:45:02

Variables need 'extern' in static lib on Cygwin While the dllimport/dllexport macros now work for Cygwin, using the static library still requires variables to be declared as 'extern'. This is a regression of c65c9e8ee07e2dab0647392c2bd1795a5bc99829, found+fixed by Bruno Haible using static libxml embedded in gettext.

1dafb427

2018-09-03T15:29:50

Don't include SAX.h from globals.h SAX.h contains a legacy interface with several unprefixed symbols like `reference`, causing severe namespace pollution. The globals.h header doesn't need any of these symbols, so remove the #include.

c65c9e8e

2018-08-31T11:42:14

Really declare dllexport/dllimport for Cygwin Cygwin does not define _WIN32, but still requires dllexport/dllimport tags for when applications use the --disable-auto-import linker flag, probably set by the gl_WOE32_DLL autoconf macro in woe32-dll.m4 file.

ff628d46

2017-11-13T18:35:51

Stop including ansidecl.h This seems to be an undocumented, internal GCC header added a long time ago. I don't know why it was included, but I think it can be safely removed.

4dd6d7a5

2017-11-09T17:28:00

Fix list callback signatures Make sure that all parameters and return values of list callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Also change the `user` parameter type from `const void *` to `void *`.

e03f0a19

2017-11-09T16:42:47

Fix hash callback signatures Make sure that all parameters and return values of hash callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Fixes bug 784861.

0b19f236

2017-10-25T18:11:12

Fixed ICU to set flush correctly and provide pivot buffer. By always setting flush=TRUE when doing multiple reads, ICU will not correctly handle truncated utf8 chars across read boundaries. The fix is to set flush=TRUE only on final read, and to provide a pivot buffer which is maintained by libxml between calls to ucnv_convertEx.

882a165a

2017-10-21T14:04:20

Fix preprocessor conditional in threads.h Make sure that the preprocessor conditions and types for xmlDllMain match exactly in threads.h and threads.c.

e3890546

2017-10-09T00:20:01

Fix the Windows header mess Don't include windows.h and wsockcompat.h from config.h but only when needed. Don't define _WINSOCKAPI_ manually. This was apparently done to stop windows.h from including winsock.h which is a problem if winsock2.h wasn't included first. But on MinGW, this causes compiler warnings. Define WIN32_LEAN_AND_MEAN instead which has the same effect. Always use the compiler-defined _WIN32 macro instead of WIN32.

8bbe4508

2017-06-17T16:15:09

Spelling and grammar fixes Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other misspellings.

576912fa

2017-06-17T15:59:13

Make HTML parser functions take const pointers The 'cur' parameter of htmlParseDoc and htmlSAXParseDoc should be 'const xmlChar *'. Fixes bug 770650.

030b1f7a

2017-06-06T15:53:42

Revert "Add an XML_PARSE_NOXXE flag to block all entities loading even local" This reverts commit 2304078555896cf1638c628f50326aeef6f0e0d0. The new flag doesn't work and the change even broke the XML_PARSE_NONET option.

23040785

2017-04-07T16:45:56

Add an XML_PARSE_NOXXE flag to block all entities loading even local For https://bugzilla.gnome.org/show_bug.cgi?id=772726 * include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE * elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine * include/libxml/xmlerror.h: new error raised * xmllint.c: adds --noxxe flag to activate the option

4472c3a5

2016-05-13T15:13:17

Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.

c71f9305

2016-05-02T16:21:47

dict.h: Move xmlDictPtr definition before includes to allow direct inclusion.

91ac664f

2016-04-26T14:47:56

Fix OOB write in xmlXPathEmptyNodeSet xmlXPathEmptyNodeSet would write a NULL pointer just beyond the end of the nodeTab array. This macro isn't used in libxml2, but in some of the math functions in libexslt where it can result in heap corruption and denial of service. Found by afl-fuzz and ASan.

cad102b8

2016-04-15T22:41:24

Do normalize string-based datatype value in RelaxNG facet checking Original patch is from Jan Pokorný <jpokorny redhat com> https://mail.gnome.org/archives/xml/2013-November/msg00028.html Improve it according to reviews and add test files.

bb654feb

2016-04-13T16:56:07

Fix typos: dictio{ nn -> n }ar{y,ies} Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

b02a167a

2015-04-14T13:51:01

Silence clang's -Wunknown-attribute Clang doesn't have perfect feature compatibility with GCC, unfortunately. https://bugzilla.gnome.org/show_bug.cgi?id=747870

213f1fe0

2015-04-14T17:41:48

CVE-2015-1819 Enforce the reader to run in constant memory One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect.

7a72f4af

2014-10-13T16:23:24

Fix a couple of issues raised by make dist

95ebe53b

2014-10-13T16:06:21

Fix and add const qualifiers For https://bugzilla.gnome.org/show_bug.cgi?id=689483 It seems there are functions that do use the const qualifier for some of the arguments, but it seems that there are a lot of functions that don't use it and probably should. So I created a patch against 2.9.0 that makes as much as possible const in tree.h, and changed other files as needed. There were a lot of cases like "const xmlNodePtr node". This doesn't actually do anything, there the *pointer* is constant not the object it points to. So I changed those to "const xmlNode *node". I also removed some consts, mostly in the Copy functions, because those functions can actually modify the doc or node they copy from

77b5b464

2014-02-10T10:32:45

Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). Fix compilation with minimum and legacy.

kc3-lang/libxml2/include/libxml

include/libxml

Log