kmx git

Commit	Date	Message
322e733b	2024-07-18T19:27:43	xinclude: Fix fallback for text includes Fixes #772.
1dd5e76a	2024-06-17T21:06:46	xinclude: Don't remove root element Don't replace include element at root with empty nodeset.
52ce0d70	2024-06-17T17:35:12	tests: Add XInclude test for issue #733
2608baaf	2024-06-14T19:42:40	parser: Make failure to load main document a warning Revert the change that made failures to load the main document an error. This fixes the --path option of xmllint and xsltproc. Should fix #733.
f43197fc	2024-03-29T11:16:45	tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling Commit 9e1c72da from 2001 introduced a bug where xmlAddPrevSibling and xmlAddNextSibling would only try to merge text nodes with one of its new siblings. Commit 4ccd3eb8 fixed this bug but unfortunately, lxml and possibly other downstream code depend on text nodes not being merged. To avoid breaking downstream code while still having somewhat consistent API behavior, it's probably best to make these functions never coalesce text nodes.
4ccd3eb8	2024-03-11T19:43:56	tree: Refactor node insertion Also fixes a text coalescing bug.
63986c45	2024-01-22T21:02:16	parser: Report fatal error if document entity couldn't be loaded Only lower error level when loading entities. Fixes #667.
6e3a2ac6	2023-12-22T21:38:50	xinclude: Rework xml:base fixup The xml:base fixup was broken in more complex cases. Also avoid parsing and building the included URI multiple times.
7e511f35	2023-12-19T15:41:37	io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile This allows to report the reason why opening a file failed to the parser context and improve error messages. Now we can also remove the stat call before opening a file.
157df344	2023-12-10T18:23:53	xmlreader: Report malloc failures Fix many places where malloc failures aren't reported. Introduce a new API function xmlTextReaderGetLastError.
e20f4d7a	2023-02-13T14:38:05	xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt Also make text inclusions work with memory buffers, for example when using a custom entity loader, and fix a memory leak in case of invalid characters. Fixes #483.
be0ec005	2023-02-03T14:37:49	xinclude: Abort immediately if max depth was exceeded Avoids resource exhaustion if the maximum recursion depth was exceeded. Note that the XInclude engine offers no protection against other "billion laughs"-style amplification attacks as long as they stay below the maximum depth.
b456e3bb	2022-10-30T20:28:20	xinclude: Always allow XPtr expressions in external documents
eef0a739	2022-10-30T12:21:20	xinclude: Implement "streaming" mode When using xmlreader, XPointer expressions in XIncludes simply cannot work. Expressions can reference nodes which weren't parsed yet or which were already deleted. After fixing nested XIncludes, we reference includes which were parsed previously. When streaming, these nodes could have been deleted, leading to use-after-free errors. Disallow XPointer expressions and truncate the include table in streaming mode.
20e2fb4c	2022-10-23T17:52:29	xinclude: Avoid creation of subcontexts Don't create subcontext in xmlXIncludeRecurseDoc. Save and restore 'doc' and 'incTab' instead. Make xmlXIncludeLoadFallback call xmlXIncludeCopyNode which seems safer than xmlXIncludeDoProcess since the latter may modify the document. This should also be more performant since we need to copy the whole fallback subtree anyway. Also make sure to avoid replacements in fallback elements in xmlXIncludeDoProcess.
d2ed1e4f	2022-10-22T16:50:18	xinclude: Limit recursion depth This avoids call stack overflows.
34496f26	2022-10-22T16:09:21	xinclude: Test for inclusion loops
bc267cb9	2022-10-22T02:19:22	xinclude: Expand includes in xmlXIncludeCopyNode This should make nested includes work reliably. Fixes #424.
ea7c9fb5	2022-10-22T16:48:58	xinclude: Don't create result doc for test with errors
c99cde3f	2022-10-22T16:59:35	xinclude: Also test error messages The reader interface with XIncludes is somewhat broken and can generate different error messages. Start to move tests which are sketchy with reader to a separate directory.
938105b5	2022-10-21T15:56:12	Revert "xinclude: Fix regression with nested includes" This reverts commit 7f04e297318b1b908cec20711f74f75625afed7f which caused memory errors. See #424.
7f04e297	2022-10-18T18:40:00	xinclude: Fix regression with nested includes This reverts commits 74dcc10b and 87d20b55. Fixes #424.
41afa89f	2022-04-10T14:09:29	Fix short-lived regression in xmlStaticCopyNode Commit 7618a3b1 didn't account for coalesced text nodes. I think it would be better if xmlStaticCopyNode didn't try to coalesce text nodes at all. This code path can only be triggered if some other code doesn't coalesce text nodes properly. In this case, OSS-Fuzz found such behavior in xinclude.c.
4de7f2ac	2022-04-04T03:28:21	Remove unused result files
f1c32b4c	2020-07-09T03:19:13	Allow missing result files in runtest Treat missing files as empty.
bc06a522	2022-03-02T02:57:49	Fix recursion check in xinclude.c Compare the included URL with the document's URL to detect local inclusions. Fixes #348.
652dd12a	2022-02-08T03:29:24	[CVE-2022-23308] Use-after-free of ID and IDREF attributes If a document is parsed with XML_PARSE_DTDVALID and without XML_PARSE_NOENT, the value of ID attributes has to be normalized after potentially expanding entities in xmlRemoveID. Otherwise, later calls to xmlGetID can return a pointer to previously freed memory. ID attributes which are empty or contain only whitespace after entity expansion are affected in a similar way. This is fixed by not storing such attributes in the ID table. The test to detect streaming mode when validating against a DTD was broken. In connection with the defects above, this could result in a use-after-free when using the xmlReader interface with validation. Fix detection of streaming mode to avoid similar issues. (This changes the expected result of a test case. But as far as I can tell, using the XML reader with XIncludes referencing the root document never worked properly, anyway.) All of these issues can result in denial of service. Using xmlReader with validation could result in disclosure of memory via the error channel, typically stderr. The security impact of xmlGetID returning a pointer to freed memory depends on the application. The typical use case of calling xmlGetID on an unmodified document is not affected.
87d20b55	2020-08-19T13:52:08	Fix regression introduced with commit 74dcc10b The code wasn't dead after all, but I can see no reason in delaying the XPointer evaluation. This could lead to nodes included earlier appearing in XPointer results.
d88df4bd	2020-08-16T23:38:48	Fix corner case with empty xi:fallback xi:fallback could become empty after recursive expansion. Use a flag to track whether nodes should be skipped.
1abf2967	2020-08-06T17:51:57	Fix exponential runtime and memory in xi:fallback processing When creating XML_XINCLUDE_START nodes, the children of the original xi:include node must be freed, otherwise fallback content is copied twice, doubling runtime and memory consumption for each nested xi:fallback/xi:include pair. Found with libFuzzer.
0f9817c7	2020-06-10T16:34:52	Don't recurse into xi:include children in xmlXIncludeDoProcess Otherwise, nested xi:include nodes might result in a use-after-free if XML_PARSE_NOXINCNODE is specified. Found with libFuzzer and ASan.
2a350ee9	2019-09-30T17:04:54	Large batch of typo fixes Closes #109.
f20fbf70	2004-06-25T05:49:08	fixed a problem when base path was "./xxx" 5 test results changed by * uri.c: fixed a problem when base path was "./xxx" * result/XInclude/: 5 test results changed by above. Makefile.am: fixed a couple of spots where a new result file used different flags that the testing one.
f7789b13	2004-06-07T08:57:27	added a new routine xmlBuildRelativeURI needed for enhancement of * uri.c, include/libxml/uri.h: added a new routine xmlBuildRelativeURI needed for enhancement of xinclude.c * xinclude.c: changed handling of xml:base (bug 135864) * result/XInclude/*: results of 5 tests changed as a result of the above change
5d8d10bb	2004-04-16T08:11:26	fixed problem causing duplicate fallback execution (bug 139520) added * xinclude.c: fixed problem causing duplicate fallback execution (bug 139520) * test/XInclude/docs/fallback2.xml result/XInclude/fallback2.*: added testcase
b98d082e	2003-12-24T11:06:25	XInclude xpointer support was broken with the new namespace. Fixes #129932 * xinclude.c result/XInclude/nodes2.*: XInclude xpointer support was broken with the new namespace. Fixes #129932 Daniel
e74d2e1c	2003-12-09T11:35:37	augmented the XInclude API to be able to pass XML parser flags down to the * xinclude.c xmllint.c xmlreader.c include/libxml/xinclude.h include/libxml/xmlerror.h: augmented the XInclude API to be able to pass XML parser flags down to the Inclusion process. Also resynchronized with the Last Call W3C Working Draft 10 November 2003 for the xpointer attribute. * Makefile.am test/XInclude/docs/nodes[23].xml result/XInclude/: augmented the tests for the new namespace and testing the xpointer attribute, changed the way error messages are tested doc/*: regenerated the documentation Daniel
7899c5c5	2003-11-03T12:31:38	adding XInclude support to the reader interface. Lot of testing of the * xinclude.c xmlreader.c include/libxml/xinclude.h: adding XInclude support to the reader interface. Lot of testing of the walker, various bug fixes. * xmllint.c: added --walker and made sure --xinclude --stream --debug works as expected * Makefile.am result/dtd11.rdr result/ent6.rdr test/dtd11 test/ent6 result/XInclude/*.rdr: added regression tests for the walker and XInclude xmlReader support, had to slightly change a couple of tests because the walker can't distinguish <foo/> from <foo></foo> Daniel
d076a20e	2002-11-20T13:28:31	fixed #99082 for xi:include encoding="..." support on text includes. added * xinclude.c parserInternals.c encoding.c: fixed #99082 for xi:include encoding="..." support on text includes. * result/XInclude/tstencoding.xml test/XInclude/docs/tstencoding.xml test/XInclude/ents/isolatin.txt : added a specific regression test * python/generator.py python/libxml2class.txt: fixed the generator the new set of comments generated for doc/libxml2-api.xml were breaking the python generation. Daniel
c4bad4a7	2002-08-14T14:45:25	oops I was missing the xml:base fixup too this adds xml:base attributes to * xinclude.c: oops I was missing the xml:base fixup too * result/XInclude/*.xml: this adds xml:base attributes to most results of the tests Daniel
e3b7d9a1	2002-08-14T14:11:30	quick but apparently working implementation of xi:fallback, should close * xinclude.c: quick but apparently working implementation of xi:fallback, should close bug #89684 * Makefile.am test/XInclude/docs/fallback.xml result/XInclude/fallback.xml: added a basic test for fallback, and run with --nowarning to avoid a spurious warning * configure.in: applied patch from Frederic Crozat for python bindings on AMD 64bits machines. Daniel
c5f05ada	2002-02-10T11:57:22	fix #68882, cleanup the XInclude copying of node, merge back IDs in the * tree.c valid.c xinclude.c: fix #68882, cleanup the XInclude copying of node, merge back IDs in the target document. * result/XInclude/docids.xml test/XInclude/docs/docids.xml test/XInclude/ents/ids.xml: test case * result/VC/ElementValid4: output changed due to a typo fix Daniel
d16df9f6	2001-05-23T13:44:21	- xinclude.c: fixed XInclude recursive behaviour bug #54678 - result/XInclude/recursive.xml test/XInclude/docs/recursive.xml test/XInclude/ents/inc.txt test/XInclude/ents/sub-inc.ent: added specific regression test - parser.h: preparing for the XSLT mode where DTD inherited attributes are added to the tree. Daniel
bbd22458	2001-05-23T12:02:27	- xinclude.[ch]: Updated the namespace for the Last Call version - result/XInclude/include test/XInclude/include: updated the testsuite accordingly Daniel
bf43275d	2000-11-12T15:56:56	Bug fixes new Xinclude tests: - nanoftp.c: fixed gcc 2.95 new warnings - SAX.c: fixed a stupid bug - tree.c: fixed a formatting problem when round-tripping from/to memory - xinclude.c: chased memleak, fixed a base problem - xpointer.c: added xmlXPtrBuildRangeNodeList(), finished ? xmlXPtrBuildNodeList() - TODO: updated - Makefile.am test/XInclude/docs test/XInclude/ents result/XInclude: adding a first small set of regression tests for XInclude Daniel

322e733b

2024-07-18T19:27:43

xinclude: Fix fallback for text includes Fixes #772.

1dd5e76a

2024-06-17T21:06:46

xinclude: Don't remove root element Don't replace include element at root with empty nodeset.

52ce0d70

2024-06-17T17:35:12

tests: Add XInclude test for issue #733

2608baaf

2024-06-14T19:42:40

parser: Make failure to load main document a warning Revert the change that made failures to load the main document an error. This fixes the --path option of xmllint and xsltproc. Should fix #733.

f43197fc

2024-03-29T11:16:45

tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling Commit 9e1c72da from 2001 introduced a bug where xmlAddPrevSibling and xmlAddNextSibling would only try to merge text nodes with one of its new siblings. Commit 4ccd3eb8 fixed this bug but unfortunately, lxml and possibly other downstream code depend on text nodes not being merged. To avoid breaking downstream code while still having somewhat consistent API behavior, it's probably best to make these functions never coalesce text nodes.

4ccd3eb8

2024-03-11T19:43:56

tree: Refactor node insertion Also fixes a text coalescing bug.

63986c45

2024-01-22T21:02:16

parser: Report fatal error if document entity couldn't be loaded Only lower error level when loading entities. Fixes #667.

6e3a2ac6

2023-12-22T21:38:50

xinclude: Rework xml:base fixup The xml:base fixup was broken in more complex cases. Also avoid parsing and building the included URI multiple times.

7e511f35

2023-12-19T15:41:37

io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile This allows to report the reason why opening a file failed to the parser context and improve error messages. Now we can also remove the stat call before opening a file.

157df344

2023-12-10T18:23:53

xmlreader: Report malloc failures Fix many places where malloc failures aren't reported. Introduce a new API function xmlTextReaderGetLastError.

e20f4d7a

2023-02-13T14:38:05

xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt Also make text inclusions work with memory buffers, for example when using a custom entity loader, and fix a memory leak in case of invalid characters. Fixes #483.

be0ec005

2023-02-03T14:37:49

xinclude: Abort immediately if max depth was exceeded Avoids resource exhaustion if the maximum recursion depth was exceeded. Note that the XInclude engine offers no protection against other "billion laughs"-style amplification attacks as long as they stay below the maximum depth.

b456e3bb

2022-10-30T20:28:20

xinclude: Always allow XPtr expressions in external documents

eef0a739

2022-10-30T12:21:20

xinclude: Implement "streaming" mode When using xmlreader, XPointer expressions in XIncludes simply cannot work. Expressions can reference nodes which weren't parsed yet or which were already deleted. After fixing nested XIncludes, we reference includes which were parsed previously. When streaming, these nodes could have been deleted, leading to use-after-free errors. Disallow XPointer expressions and truncate the include table in streaming mode.

20e2fb4c

2022-10-23T17:52:29

xinclude: Avoid creation of subcontexts Don't create subcontext in xmlXIncludeRecurseDoc. Save and restore 'doc' and 'incTab' instead. Make xmlXIncludeLoadFallback call xmlXIncludeCopyNode which seems safer than xmlXIncludeDoProcess since the latter may modify the document. This should also be more performant since we need to copy the whole fallback subtree anyway. Also make sure to avoid replacements in fallback elements in xmlXIncludeDoProcess.

d2ed1e4f

2022-10-22T16:50:18

xinclude: Limit recursion depth This avoids call stack overflows.

34496f26

2022-10-22T16:09:21

xinclude: Test for inclusion loops

bc267cb9

2022-10-22T02:19:22

xinclude: Expand includes in xmlXIncludeCopyNode This should make nested includes work reliably. Fixes #424.

ea7c9fb5

2022-10-22T16:48:58

xinclude: Don't create result doc for test with errors

c99cde3f

2022-10-22T16:59:35

xinclude: Also test error messages The reader interface with XIncludes is somewhat broken and can generate different error messages. Start to move tests which are sketchy with reader to a separate directory.

938105b5

2022-10-21T15:56:12

Revert "xinclude: Fix regression with nested includes" This reverts commit 7f04e297318b1b908cec20711f74f75625afed7f which caused memory errors. See #424.

7f04e297

2022-10-18T18:40:00

xinclude: Fix regression with nested includes This reverts commits 74dcc10b and 87d20b55. Fixes #424.

41afa89f

2022-04-10T14:09:29

Fix short-lived regression in xmlStaticCopyNode Commit 7618a3b1 didn't account for coalesced text nodes. I think it would be better if xmlStaticCopyNode didn't try to coalesce text nodes at all. This code path can only be triggered if some other code doesn't coalesce text nodes properly. In this case, OSS-Fuzz found such behavior in xinclude.c.

4de7f2ac

2022-04-04T03:28:21

Remove unused result files

f1c32b4c

2020-07-09T03:19:13

Allow missing result files in runtest Treat missing files as empty.

bc06a522

2022-03-02T02:57:49

Fix recursion check in xinclude.c Compare the included URL with the document's URL to detect local inclusions. Fixes #348.

652dd12a

2022-02-08T03:29:24

[CVE-2022-23308] Use-after-free of ID and IDREF attributes If a document is parsed with XML_PARSE_DTDVALID and without XML_PARSE_NOENT, the value of ID attributes has to be normalized after potentially expanding entities in xmlRemoveID. Otherwise, later calls to xmlGetID can return a pointer to previously freed memory. ID attributes which are empty or contain only whitespace after entity expansion are affected in a similar way. This is fixed by not storing such attributes in the ID table. The test to detect streaming mode when validating against a DTD was broken. In connection with the defects above, this could result in a use-after-free when using the xmlReader interface with validation. Fix detection of streaming mode to avoid similar issues. (This changes the expected result of a test case. But as far as I can tell, using the XML reader with XIncludes referencing the root document never worked properly, anyway.) All of these issues can result in denial of service. Using xmlReader with validation could result in disclosure of memory via the error channel, typically stderr. The security impact of xmlGetID returning a pointer to freed memory depends on the application. The typical use case of calling xmlGetID on an unmodified document is not affected.

87d20b55

2020-08-19T13:52:08

Fix regression introduced with commit 74dcc10b The code wasn't dead after all, but I can see no reason in delaying the XPointer evaluation. This could lead to nodes included earlier appearing in XPointer results.

d88df4bd

2020-08-16T23:38:48

Fix corner case with empty xi:fallback xi:fallback could become empty after recursive expansion. Use a flag to track whether nodes should be skipped.

1abf2967

2020-08-06T17:51:57

Fix exponential runtime and memory in xi:fallback processing When creating XML_XINCLUDE_START nodes, the children of the original xi:include node must be freed, otherwise fallback content is copied twice, doubling runtime and memory consumption for each nested xi:fallback/xi:include pair. Found with libFuzzer.

0f9817c7

2020-06-10T16:34:52

Don't recurse into xi:include children in xmlXIncludeDoProcess Otherwise, nested xi:include nodes might result in a use-after-free if XML_PARSE_NOXINCNODE is specified. Found with libFuzzer and ASan.

2a350ee9

2019-09-30T17:04:54

Large batch of typo fixes Closes #109.

f20fbf70

2004-06-25T05:49:08

fixed a problem when base path was "./xxx" 5 test results changed by * uri.c: fixed a problem when base path was "./xxx" * result/XInclude/*: 5 test results changed by above. * Makefile.am: fixed a couple of spots where a new result file used different flags that the testing one.

f7789b13

2004-06-07T08:57:27

added a new routine xmlBuildRelativeURI needed for enhancement of * uri.c, include/libxml/uri.h: added a new routine xmlBuildRelativeURI needed for enhancement of xinclude.c * xinclude.c: changed handling of xml:base (bug 135864) * result/XInclude/*: results of 5 tests changed as a result of the above change

5d8d10bb

2004-04-16T08:11:26

fixed problem causing duplicate fallback execution (bug 139520) added * xinclude.c: fixed problem causing duplicate fallback execution (bug 139520) * test/XInclude/docs/fallback2.xml result/XInclude/fallback2.*: added testcase

b98d082e

2003-12-24T11:06:25

XInclude xpointer support was broken with the new namespace. Fixes #129932 * xinclude.c result/XInclude/nodes2.*: XInclude xpointer support was broken with the new namespace. Fixes #129932 Daniel

e74d2e1c

2003-12-09T11:35:37

augmented the XInclude API to be able to pass XML parser flags down to the * xinclude.c xmllint.c xmlreader.c include/libxml/xinclude.h include/libxml/xmlerror.h: augmented the XInclude API to be able to pass XML parser flags down to the Inclusion process. Also resynchronized with the Last Call W3C Working Draft 10 November 2003 for the xpointer attribute. * Makefile.am test/XInclude/docs/nodes[23].xml result/XInclude/*: augmented the tests for the new namespace and testing the xpointer attribute, changed the way error messages are tested * doc/*: regenerated the documentation Daniel

7899c5c5

2003-11-03T12:31:38

adding XInclude support to the reader interface. Lot of testing of the * xinclude.c xmlreader.c include/libxml/xinclude.h: adding XInclude support to the reader interface. Lot of testing of the walker, various bug fixes. * xmllint.c: added --walker and made sure --xinclude --stream --debug works as expected * Makefile.am result/dtd11.rdr result/ent6.rdr test/dtd11 test/ent6 result/XInclude/*.rdr: added regression tests for the walker and XInclude xmlReader support, had to slightly change a couple of tests because the walker can't distinguish <foo/> from <foo></foo> Daniel

d076a20e

2002-11-20T13:28:31

fixed #99082 for xi:include encoding="..." support on text includes. added * xinclude.c parserInternals.c encoding.c: fixed #99082 for xi:include encoding="..." support on text includes. * result/XInclude/tstencoding.xml test/XInclude/docs/tstencoding.xml test/XInclude/ents/isolatin.txt : added a specific regression test * python/generator.py python/libxml2class.txt: fixed the generator the new set of comments generated for doc/libxml2-api.xml were breaking the python generation. Daniel

c4bad4a7

2002-08-14T14:45:25

oops I was missing the xml:base fixup too this adds xml:base attributes to * xinclude.c: oops I was missing the xml:base fixup too * result/XInclude/*.xml: this adds xml:base attributes to most results of the tests Daniel

e3b7d9a1

2002-08-14T14:11:30

quick but apparently working implementation of xi:fallback, should close * xinclude.c: quick but apparently working implementation of xi:fallback, should close bug #89684 * Makefile.am test/XInclude/docs/fallback.xml result/XInclude/fallback.xml: added a basic test for fallback, and run with --nowarning to avoid a spurious warning * configure.in: applied patch from Frederic Crozat for python bindings on AMD 64bits machines. Daniel

c5f05ada

2002-02-10T11:57:22

fix #68882, cleanup the XInclude copying of node, merge back IDs in the * tree.c valid.c xinclude.c: fix #68882, cleanup the XInclude copying of node, merge back IDs in the target document. * result/XInclude/docids.xml test/XInclude/docs/docids.xml test/XInclude/ents/ids.xml: test case * result/VC/ElementValid4: output changed due to a typo fix Daniel

d16df9f6

2001-05-23T13:44:21

- xinclude.c: fixed XInclude recursive behaviour bug #54678 - result/XInclude/recursive.xml test/XInclude/docs/recursive.xml test/XInclude/ents/inc.txt test/XInclude/ents/sub-inc.ent: added specific regression test - parser.h: preparing for the XSLT mode where DTD inherited attributes are added to the tree. Daniel

bbd22458

2001-05-23T12:02:27

- xinclude.[ch]: Updated the namespace for the Last Call version - result/XInclude/include test/XInclude/include: updated the testsuite accordingly Daniel

bf43275d

2000-11-12T15:56:56

Bug fixes new Xinclude tests: - nanoftp.c: fixed gcc 2.95 new warnings - SAX.c: fixed a stupid bug - tree.c: fixed a formatting problem when round-tripping from/to memory - xinclude.c: chased memleak, fixed a base problem - xpointer.c: added xmlXPtrBuildRangeNodeList(), finished ? xmlXPtrBuildNodeList() - TODO: updated - Makefile.am test/XInclude/docs test/XInclude/ents result/XInclude: adding a first small set of regression tests for XInclude Daniel

kc3-lang/libxml2/result/XInclude

result/XInclude

Log