kmx git

Commit	Date	Message
9bd7abfb	2020-01-02T14:14:48	Remove useless comparisons Found by lgtm.com
c9faa292	2020-01-02T14:12:39	Fix overflow check in xmlNodeDump Store return value of xmlBufNodeDump in a size_t before checking for integer overflow. Found by lgtm.com
8f62ac92	2020-01-01T19:16:10	Updated Python test reader2.py Added all test cases that have a non-empty error in result/valid/*.xml.err Restructured to make it easier extensible with new test cases Added coding cookie because there is non-ASCII in the error messages
8c3e52eb	2019-12-31T21:49:58	Updated python/tests/tstLastError.py libxml2.registerErrorHandler(None,None): None is not acceptable as first argument failUnlessEqual replaced by assertEqual
0e1a49c8	2019-12-12T17:30:55	Fix infinite loop in xmlStringLenDecodeEntities When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef return NULL which cause a infinite loop in xmlStringLenDecodeEntities Found with libFuzzer. Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
0815302d	2019-12-06T12:27:29	Fix freeing of nested documents Apparently, some libxslt RVTs can contain nested document nodes, see issue #132. I'm not sure how this happens exactly but it can cause a segfault in xmlFreeNodeList after the changes in commit 0762c9b6. Make sure not to touch the (nonexistent) `content` member of xmlDocs.
2c80fc91	2019-12-02T11:30:30	Fix more memory leaks in error paths of XPath parser Found by OSS-Fuzz.
3c8a3e99	2019-11-07T12:59:10	Use random seed in xmlDictComputeFastKey xmlDictComputeFastKey is only used for small tables, so this shouldn't be a security problem.
42942066	2019-11-11T13:49:11	Fix memory leaks of encoding handlers in xmlsave.c Fix leak of iconv/ICU encoding handler in xmlSaveToBuffer. Fix leaks of iconv/ICU encoding handlers in xmlSaveTo* error paths. Closes #127.
2a357ab9	2019-11-11T11:29:17	Fix xml2-config error code Return an error code if called with an unknown option.
d5f2f74d	2019-11-11T11:27:40	Fix memory leak in error path of XPath expr parser Also propagate memory errors. Found by OSS-Fuzz.
bf2e9617	2019-11-07T12:54:01	Fix overflow handling in xmlBufBackToBuffer Don't overwrite 'use' and 'size' members after clamping to INT_MAX. Thanks to Ranier Vilela for pointing this out in merge request !56.
d7248615	2019-11-04T23:19:28	Null pointer handling in catalog.c Fix potential deferencing potential null pointers; Small optimizations. Closes #123.
29740ed1	2019-11-02T17:51:39	xml2-config.in: fix regressions introduced by commit 2f2bf4b2c One of regressions introduced by commit 2f2bf4b2caa1cb9a4a5039b7a44db101943382d1 aka v2.9.10-rc1~56 is that cflags and libs variables are used uninitialized, resulting to the following behaviour: $ cflags=foo libs=bar sh ./xml2-config.in --prefix @prefix@ foo bar Another regression is that the test for these variables is flawed. Fixes: 2f2bf4b2c ("xml2-config.in: Output CFLAGS and LIBS on the same line")
db0c0450	2019-11-02T15:14:10	Enable more undefined behavior sanitizers Minor fix to xmlStringLenGetNodeList to avoid a pointer overflow during API test. Enable pointer-overflow and unsigned-integer-overflow sanitizers in CI tests. Technically, unsigned integer overflows aren't undefined behavior, but they typically indicate programming errors. Some hash functions that really require unsigned integer overflows have already been annotated.
41a34e1f	2019-10-30T20:14:56	Release of libxml2-2.9.10 * configure.ac doc/xml.html: updated for the release * doc/*: regenerated docs, APIs, etc ...
a5bb6aaa	2019-10-29T14:21:54	Run XML conformance tests under CI Also add llvm to Docker image so that backtraces can be symbolized.
9737ec07	2019-10-29T16:19:37	Another fix for conditional sections at end of document The previous fix introduced an uninitialized read.
9acef289	2019-10-23T18:13:08	Fix some release issues on Fedora 30 * doc/Makefile.am: xzlib.html seems not generated anymore since it was only containing an internal define we can drop it * libxml.spec.in: don't run python tests as part of %check as this is now breaking on F30
c1035664	2019-10-23T11:40:34	Fix for conditional sections at end of document Parsing conditional sections would fail if the final ']]>' was at the end of the document. Short-lived regression caused by commit c51e38cb.
d188eb92	2019-10-21T12:44:59	Make sure that Python tests exit with error code Closes #108.
55d95dcf	2019-10-20T18:03:21	Update GitLab CI config - Update Dockerfile - Don't configure with -Werror - Don't mention Travis in CONTRIBUTING
bfc0f674	2019-10-20T14:39:46	Audit memory error handling in xpath.c Memory allocation errors in the following functions a often ignored. Add TODO comments. - xmlXPathNodeSetCreate - xmlXPathNodeSetAdd* - xmlXPathNodeSetMerge* - xmlXPathNodeSetDupNs Note that the following functions currently lack a way to propagate memory errors: - xmlXPathCompareNodeSets - xmlXPathEqualNodeSets
429d4eca	2019-10-20T14:22:20	Propagate memory errors in valuePush Currently, many memory allocation errors in xpath.c aren't propagated to the parser/evaluation context and for the most part ignored. Most XPath objects allocated via one of the New, Wrap or Copy functions end up being pushed on the stack, so adding a check in valuePush handles many cases without much effort. Also simplify the code a little and make sure to return -1 in case of error.
390f05e7	2019-10-20T13:42:19	Propagate memory errors in xmlXPathCompExprAdd Make sure that memory errors in xmlXPathCompExprAdd are propagated to the parser context. Hitting the step limit or running out of memory without raising an error could also lead to an out-of-bounds read. Also fixes a memory leak in xmlXPathErrMemory. Found by OSS-Fuzz.
aec2bf71	2019-10-14T18:01:51	Make xmlFreeDocElementContent non-recursive Avoid call stack overflow when freeing element type declarations with deeply nested contents. Found by OSS-Fuzz.
d8999b1d	2019-10-14T17:04:04	Fix error code in xmlTextWriterStartDocument Return XML_ERR_UNSUPPORTED_ENCODING if no encoding handler could be found. Fixes bug #521808: https://bugzilla.gnome.org/show_bug.cgi?id=521808 Resolves !53.
40e00bc5	2019-10-14T16:56:59	Fix integer overflow when counting written bytes Check for integer overflow when updating the `written` member of struct xmlOutputBuffer in xmlIO.c. Closes #112. Resolves !54 and !55.
1fda3248	2019-10-14T16:48:32	Fix exponent digits when running tests under old MSVC Switch printf output format to two-digit exponent under certain MSVC versions. Closes #111.
f9f8df0a	2019-10-03T04:15:52	Fix uninitialized memory access in HTML parser The SAX2 character handler expects NULL-terminated buffer. Closes #106. Also see https://github.com/lxml/lxml/pull/288
5eeb9d5f	2019-10-14T16:35:00	Fix memory leak in xmlSchemaValAtomicType Don't collapse anyUris twice. Closes #104.
61f2abb1	2019-10-04T00:21:24	Enable continuous integration via GitLab CI Port the Travis CI setup to GitLab. We currently run three builds: - GCC with -std=c89 - clang with ASan and UBSan - clang with MSan Closes #110.
b88ae6d2	2019-10-14T15:38:28	Avoid ignored attribute warnings under GCC GCC doesn't support the unsigned-integer-overflow sanitizer.
24e3973b	2019-10-04T14:42:59	Make xmlDumpElementContent non-recursive Avoid call stack overflow when dumping deeply nested element declarations. Found by OSS-Fuzz.
64966ebe	2019-09-30T17:34:32	Rebuild docs
2e55f6dc	2019-09-30T17:30:17	Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE
74a8a91f	2019-09-30T17:58:59	Fix a few more typos ("fonction")
2a350ee9	2019-09-30T17:04:54	Large batch of typo fixes Closes #109.
80b110a9	2019-09-30T14:37:57	Mark xmlExp* symbols as removed
c2f209c0	2019-09-30T14:13:21	Disallow conditional sections in internal subset Conditional sections are only allowed in external parameter entities referenced from the internal subset.
c51e38cb	2019-09-30T13:50:02	Make xmlParseConditionalSections non-recursive Avoid call stack overflow in deeply nested conditional sections. Found by OSS-Fuzz.
9d461ac7	2019-09-26T16:17:31	Adjust expected error in Python tests Closes #107.
d56184a0	2019-09-26T12:11:39	Disable xmlExp regex code This is apparently another regex engine that was never used, see commit 81a8ec6.
664f8810	2019-09-26T11:01:58	Fix use-after-free in xmlTextReaderFreeNodeList Recent commit 1fbcf40 caused a use-after-free read because it didn't account for the fact that xmlTextReaderFreeDoc frees entities before freeing entity references via xmlTextReaderFreeNodeList. Found by OSS-Fuzz.
99a864a1	2019-09-25T15:27:45	Fix Regextests - One of the bug316338 test cases is expected to succeed. - Memory leak in testRegexp.c. - Refcount handling in xmlExpHashGetEntry.
c2b0a184	2019-09-25T13:57:42	Fix empty branch in regex Fixes bug 649244: https://bugzilla.gnome.org/show_bug.cgi?id=649244 Closes #57.
1fbcf409	2019-09-23T17:13:05	Make xmlTextReaderFreeNodeList non-recursive Avoid call stack overflow when freeing deeply nested documents. Found by OSS-Fuzz.
0762c9b6	2019-09-23T17:07:40	Make xmlFreeNodeList non-recursive Avoid call stack overflow when freeing deeply nested documents.
62150ed2	2019-09-23T14:46:41	Make xmlParseContent and xmlParseElement non-recursive Split xmlParseElement into subfunctions. Use nameNsPush to store prefix, URI and nsNr on the heap, similar to the push parser. Closes #84.
a28bc751	2019-09-20T13:46:58	Fix integer overflow in entity recursion check
e91cbcf6	2019-09-20T12:44:17	Don't read external entities or XIncludes from stdin The file input callbacks try to read from stdin if "-" is passed as URL. This should never be done when loading indirect resources like external entities or XIncludes. Unfortunately, the stdin substitution happens deep inside the IO code, so we simply replace "-" with "./-" in specific locations. This issue also affects other users of the library like libxslt. Ideally, stdin should only be substituted on explicit request. But more intrusive changes could break existing code. Closes #90 and #102.
6705f4d2	2019-09-16T15:45:27	Remove executable bit from non-executable files
eee1dd5a	2019-09-16T15:36:44	Fix expected output of test/schemas/any4 libxml2 correctly rejects any4_0.xsd as invalid schema. I can't figure out what the intent behind this test case was. Simply adjust the expected output to match the current behavior. Closes #92.
e8c9cd5c	2019-09-16T15:36:02	Fix Schema determinism check of ##other namespaces Non-compound (##local) and compound string atoms are always disjoint regardless of whether the compound atom is negated (##other). Closes #40.
4e326a3a	2019-09-02T14:16:12	Fix potential null deref in xmlSchemaIDCFillNodeTables Merge request !45
5f1f455c	2019-09-13T15:51:16	Fix potential memory leak in xmlBufBackToBuffer Fixes bug #794373 https://bugzilla.gnome.org/show_bug.cgi?id=794373 Also see merge request !42
e32afd3f	2019-09-13T15:45:21	Fix error message when processing XIncludes with fallbacks Fixes bug #616491 https://bugzilla.gnome.org/show_bug.cgi?id=616491 Based on merge request !41
fa5e8ca6	2019-08-27T19:09:20	Optimize build instructions in README Fixes bug #792181 https://bugzilla.gnome.org/show_bug.cgi?id=792181 Merge request !40
0b793591	2019-08-26T15:24:12	Fix memory leak in xmlRegEpxFromParse Merge request !39
8efc5b28	2019-09-13T12:24:23	14:00 is a valid timezone for xs:dateTime Closes #100
5a02583c	2019-08-07T17:39:17	Fix memory leak in xmlParseBalancedChunkMemoryRecover When doc is NULL, namespace created in xmlTreeEnsureXMLDecl is bind to newDoc->oldNs, in this case, set newDoc->oldNs to NULL and free newDoc will cause a memory leak. Found with libFuzzer. Closes #82.
a6a57867	2019-08-13T20:08:53	Fix memory leak in xmlXIncludeLoadTxt
09b6f818	2019-08-25T13:58:41	Fix potential null deref in xmlRelaxNGParsePatterns Thanks to Zhongyuan Zhou for the initial patch.
01d8cf07	2019-08-15T15:15:42	Misleading error message with xs:{min\|max}Inclusive Closes #53.
e3f1c7f7	2019-08-25T14:12:23	Partial fix for comparison of xs:durations See https://bugzilla.gnome.org/show_bug.cgi?id=777139 Thanks to Zhongyuan Zhou for the initial merge request !34.
39f10232	2019-08-09T09:44:11	Fix typos: tree: move{ -> s}, reconcil{i -> }ed, h{o -> e}ld by... ...seems to { -> be to} add. Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
5c0e48b8	2019-07-25T18:46:30	Fix typo: xpath: simpli{ -> fi}ed Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
0571b4e6	2019-08-09T15:39:17	Fix null deref in xmlreader buffer
ea695ac0	2019-08-09T15:09:22	Fix unability to RelaxNG-validate grammar with choice-based name class Previously, test/relaxng/ambig_name-class2.xml would fail to validate against test/relaxng/ambig_name-class2.rng: > test/relaxng/ambig_name-class2.rng:4: > element attribute: Relax-NG parser error : > Found anyName attribute without oneOrMore ancestor > Relax-NG schema test/relaxng/ambig_name-class2.rng failed to compile Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
8074b881	2019-08-08T23:33:48	Fix unability to validate ambiguously constructed interleave for RelaxNG Previously, test/relaxng/ambig_name-class.xml would fail to validate for a simple reason -- interleave within "open-name-class" context is supposed to be fine with whatever else is pending the consumption, since effectively, it's unrelated from a higher parsing perspective. Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
81958b6e	2019-07-11T19:24:11	Doc: do not mislead towards "infeasible" scenario wrt. xmlBufNodeDump At least when merely public API is to be leveraged, one cannot use xmlBufCreate function that would otherwise be a clear fit, and relying on some invariants wrt. how some other struct fields will get initialized along the construction/filling such parent struct and (ab)using that instead does not appear clever, either. Hence, instruct people what's the Right Thing for the moment, that is, make them use xmlNodeDumpOutput instead (together with likewise public xmlAllocOutputBuffer). Going forward, it's questionable what do with xmlBuf* family of functions that are once public, since they, for any practical purpose, cannot be used by the library clients (that's how I've run into this). Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
59028ba0	2019-08-07T14:38:07	Fix possible null dereference in xmlXPathIdFunction If a certain memory allocation fails, xmlXPathIdFunction would dereference a null pointer. Closes #77.
b17e3d1c	2019-08-01T15:04:16	Work around buggy ceil() function on AIX AIX has a buggy ceil() function that does not handle negative-zero correctly. Closes #79.
6c91dd94	2019-08-01T15:01:47	Don't call printf with NULL string in runtest.c Avoids undefined behavior causing problems on HP-UX and Solaris. Closes #78.
2f2bf4b2	2019-07-31T20:21:47	xml2-config.in: Output CFLAGS and LIBS on the same line xml2-config currently outputs the results of '--cflags --libs' on two lines. Printing this information on one line is far more useful.
0c1b4fd2	2019-07-13T10:47:25	Fix comments in test code
4f67dbb0	2019-07-09T15:11:01	fix memory leak in xmlAllocOutputBuffer
1fc410d3	2019-07-01T22:22:14	xml2-config: Add a --dynamic switch to print only shared libraries `xml2-config --libs` prints static library linking information by default. This is un-necessary for most programs, so introduce a new option, --dynamic, which, when combined with --libs, only prints shared library linking information.
87125732	2019-07-08T12:54:21	Switched from unsigned long to ptrdiff_t in parser.c Using unsigned long instead of ptrdiff_t results in non-zero pointer deltas being stored as zero delta, giving incorrect offsets into arrays and hence out of bounds reads. This patch fixes the issue in all places in parser.c and adds a macro to reduce the chances of cut-and-paste errors. Only affects platforms where 'sizeof(long) < sizeof(size_t)' like 64-bit Windows. See https://bugs.chromium.org/p/chromium/issues/detail?id=894933 Closes #44.
63484962	2019-07-08T12:28:39	Remove redundant code in xmlRelaxNGValidateState Closes #70.
b3a95d57	2019-05-21T11:21:29	Fix unsigned int overflow
0df3c2c9	2019-06-28T17:34:24	fix comment in testReader.c
37189c08	2019-07-08T12:18:24	dict.h: gcc 2.95 doesn't allow multiple storage classes This is a partial revert of commit c71f9305. I'm not sure what issue this commit was trying to solve but it seems to be related to a circular dependency. It might be related to tree.h being included from dict.h which is unnecessary. Resolves !22.
01ea9c5a	2019-07-08T11:29:40	Fix another code path in xmlParseQName Check for buffer errors in another code path missed in the previous commit. Found by OSS-Fuzz.
5ccac8ce	2019-06-27T10:23:36	Make sure that xmlParseQName returns NULL in error case If there's an error growing the input buffer when recovering from invalid QNames, make sure to return NULL. Otherwise, callers could be confused. In xmlParseStartTag2, for example, `tlen` could become negative. Found by OSS-Fuzz.
f209e551	2019-06-25T11:45:16	Fix build without reader but with pattern Broken by commit dbc6b55b.
f824a4bd	2019-05-20T13:26:08	Fix memory leak in xmlAllocOutputBufferInternal error path Thanks to Anish K Kurian for the report. Closes #60.
e79a903f	2019-05-20T13:22:49	Remove redundant code in xmlXPathCompRelationalExpr Thanks to Anish K Kurian for the report. Closes #59.
44e7a0d5	2019-05-16T21:17:28	Annotate functions with __attribute__((no_sanitize))
f9fce963	2019-05-16T21:16:01	Fix unsigned integer overflow It's defined behavior but -fsanitize=unsigned-integer-overflow is useful to discover bugs.
dbc6b55b	2019-05-16T21:06:56	Fix warnings when compiling without reader or push parser
407b393d	2019-05-15T12:47:28	Fix return value of xmlOutputBufferWrite When using memory buffers, the total size of the buffer was added again and again, potentially leading to an integer overflow. Found by OSS-Fuzz.
3c0d62b4	2019-05-13T07:15:44	Fix parser termination from "Double hyphen within comment" error The patch fixes the parser not halting immediately when the error handler attempts to stop the parser. Rather it was running on and continuing to reference the freed buffer in the while loop termination test. This is only a problem if xmlStopParser is called from an error handler. Probably caused by commit 123234f2. Fixes #58.
96125557	2019-05-10T12:30:03	Remove unused member `doc` in xmlSaveCtxt
14ed63b7	2019-05-08T12:00:51	Limit recursion depth in xmlXPathCompOpEvalPredicate
ad93f087	2019-04-25T12:47:49	Remove -Wno-array-bounds It's unsupported on GCC versions older than 4.3 and the false positives seem to be fixed in newer versions.
9948a9a3	2019-04-05T06:34:59	timsort.h: support older GCCs cherry-pick upstream pull request: __builtin_clzll isn't available on older GCCs
346febc6	2019-04-25T11:34:08	Fix call stack overflow in xmlFreePattern Since xmlFreePattern tried to free the next pattern recursively, its behavior is identical to xmlFreePatternList. Make it call xmlFreePatternList to avoid call stack overflows. Found by OSS-Fuzz.
f75256e7	2019-04-23T17:23:39	Remove unreachable code in xmlXPathCountFunction After the initial test, the condition (type == XPATH_NODESET) \|\| (type == XPATH_XSLT_TREE) always holds true.
949eced4	2019-04-22T16:04:26	Fix null deref in previous commit

9bd7abfb

2020-01-02T14:14:48

Remove useless comparisons Found by lgtm.com

c9faa292

2020-01-02T14:12:39

Fix overflow check in xmlNodeDump Store return value of xmlBufNodeDump in a size_t before checking for integer overflow. Found by lgtm.com

8f62ac92

2020-01-01T19:16:10

Updated Python test reader2.py Added all test cases that have a non-empty error in result/valid/*.xml.err Restructured to make it easier extensible with new test cases Added coding cookie because there is non-ASCII in the error messages

8c3e52eb

2019-12-31T21:49:58

Updated python/tests/tstLastError.py libxml2.registerErrorHandler(None,None): None is not acceptable as first argument failUnlessEqual replaced by assertEqual

0e1a49c8

2019-12-12T17:30:55

Fix infinite loop in xmlStringLenDecodeEntities When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef return NULL which cause a infinite loop in xmlStringLenDecodeEntities Found with libFuzzer. Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>

0815302d

2019-12-06T12:27:29

Fix freeing of nested documents Apparently, some libxslt RVTs can contain nested document nodes, see issue #132. I'm not sure how this happens exactly but it can cause a segfault in xmlFreeNodeList after the changes in commit 0762c9b6. Make sure not to touch the (nonexistent) `content` member of xmlDocs.

2c80fc91

2019-12-02T11:30:30

Fix more memory leaks in error paths of XPath parser Found by OSS-Fuzz.

3c8a3e99

2019-11-07T12:59:10

Use random seed in xmlDictComputeFastKey xmlDictComputeFastKey is only used for small tables, so this shouldn't be a security problem.

42942066

2019-11-11T13:49:11

Fix memory leaks of encoding handlers in xmlsave.c Fix leak of iconv/ICU encoding handler in xmlSaveToBuffer. Fix leaks of iconv/ICU encoding handlers in xmlSaveTo* error paths. Closes #127.

2a357ab9

2019-11-11T11:29:17

Fix xml2-config error code Return an error code if called with an unknown option.

d5f2f74d

2019-11-11T11:27:40

Fix memory leak in error path of XPath expr parser Also propagate memory errors. Found by OSS-Fuzz.

bf2e9617

2019-11-07T12:54:01

Fix overflow handling in xmlBufBackToBuffer Don't overwrite 'use' and 'size' members after clamping to INT_MAX. Thanks to Ranier Vilela for pointing this out in merge request !56.

d7248615

2019-11-04T23:19:28

Null pointer handling in catalog.c Fix potential deferencing potential null pointers; Small optimizations. Closes #123.

29740ed1

2019-11-02T17:51:39

xml2-config.in: fix regressions introduced by commit 2f2bf4b2c One of regressions introduced by commit 2f2bf4b2caa1cb9a4a5039b7a44db101943382d1 aka v2.9.10-rc1~56 is that cflags and libs variables are used uninitialized, resulting to the following behaviour: $ cflags=foo libs=bar sh ./xml2-config.in --prefix @prefix@ foo bar Another regression is that the test for these variables is flawed. Fixes: 2f2bf4b2c ("xml2-config.in: Output CFLAGS and LIBS on the same line")

db0c0450

2019-11-02T15:14:10

Enable more undefined behavior sanitizers Minor fix to xmlStringLenGetNodeList to avoid a pointer overflow during API test. Enable pointer-overflow and unsigned-integer-overflow sanitizers in CI tests. Technically, unsigned integer overflows aren't undefined behavior, but they typically indicate programming errors. Some hash functions that really require unsigned integer overflows have already been annotated.

41a34e1f

2019-10-30T20:14:56

Release of libxml2-2.9.10 * configure.ac doc/xml.html: updated for the release * doc/*: regenerated docs, APIs, etc ...

a5bb6aaa

2019-10-29T14:21:54

Run XML conformance tests under CI Also add llvm to Docker image so that backtraces can be symbolized.

9737ec07

2019-10-29T16:19:37

Another fix for conditional sections at end of document The previous fix introduced an uninitialized read.

9acef289

2019-10-23T18:13:08

Fix some release issues on Fedora 30 * doc/Makefile.am: xzlib.html seems not generated anymore since it was only containing an internal define we can drop it * libxml.spec.in: don't run python tests as part of %check as this is now breaking on F30

c1035664

2019-10-23T11:40:34

Fix for conditional sections at end of document Parsing conditional sections would fail if the final ']]>' was at the end of the document. Short-lived regression caused by commit c51e38cb.

d188eb92

2019-10-21T12:44:59

Make sure that Python tests exit with error code Closes #108.

55d95dcf

2019-10-20T18:03:21

Update GitLab CI config - Update Dockerfile - Don't configure with -Werror - Don't mention Travis in CONTRIBUTING

bfc0f674

2019-10-20T14:39:46

Audit memory error handling in xpath.c Memory allocation errors in the following functions a often ignored. Add TODO comments. - xmlXPathNodeSetCreate - xmlXPathNodeSetAdd* - xmlXPathNodeSetMerge* - xmlXPathNodeSetDupNs Note that the following functions currently lack a way to propagate memory errors: - xmlXPathCompareNodeSets - xmlXPathEqualNodeSets

429d4eca

2019-10-20T14:22:20

Propagate memory errors in valuePush Currently, many memory allocation errors in xpath.c aren't propagated to the parser/evaluation context and for the most part ignored. Most XPath objects allocated via one of the New, Wrap or Copy functions end up being pushed on the stack, so adding a check in valuePush handles many cases without much effort. Also simplify the code a little and make sure to return -1 in case of error.

390f05e7

2019-10-20T13:42:19

Propagate memory errors in xmlXPathCompExprAdd Make sure that memory errors in xmlXPathCompExprAdd are propagated to the parser context. Hitting the step limit or running out of memory without raising an error could also lead to an out-of-bounds read. Also fixes a memory leak in xmlXPathErrMemory. Found by OSS-Fuzz.

aec2bf71

2019-10-14T18:01:51

Make xmlFreeDocElementContent non-recursive Avoid call stack overflow when freeing element type declarations with deeply nested contents. Found by OSS-Fuzz.

d8999b1d

2019-10-14T17:04:04

Fix error code in xmlTextWriterStartDocument Return XML_ERR_UNSUPPORTED_ENCODING if no encoding handler could be found. Fixes bug #521808: https://bugzilla.gnome.org/show_bug.cgi?id=521808 Resolves !53.

40e00bc5

2019-10-14T16:56:59

Fix integer overflow when counting written bytes Check for integer overflow when updating the `written` member of struct xmlOutputBuffer in xmlIO.c. Closes #112. Resolves !54 and !55.

1fda3248

2019-10-14T16:48:32

Fix exponent digits when running tests under old MSVC Switch printf output format to two-digit exponent under certain MSVC versions. Closes #111.

f9f8df0a

2019-10-03T04:15:52

Fix uninitialized memory access in HTML parser The SAX2 character handler expects NULL-terminated buffer. Closes #106. Also see https://github.com/lxml/lxml/pull/288

5eeb9d5f

2019-10-14T16:35:00

Fix memory leak in xmlSchemaValAtomicType Don't collapse anyUris twice. Closes #104.

61f2abb1

2019-10-04T00:21:24

Enable continuous integration via GitLab CI Port the Travis CI setup to GitLab. We currently run three builds: - GCC with -std=c89 - clang with ASan and UBSan - clang with MSan Closes #110.

b88ae6d2

2019-10-14T15:38:28

Avoid ignored attribute warnings under GCC GCC doesn't support the unsigned-integer-overflow sanitizer.

24e3973b

2019-10-04T14:42:59

Make xmlDumpElementContent non-recursive Avoid call stack overflow when dumping deeply nested element declarations. Found by OSS-Fuzz.

64966ebe

2019-09-30T17:34:32

Rebuild docs

2e55f6dc

2019-09-30T17:30:17

Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE

74a8a91f

2019-09-30T17:58:59

Fix a few more typos ("fonction")

2a350ee9

2019-09-30T17:04:54

Large batch of typo fixes Closes #109.

80b110a9

2019-09-30T14:37:57

Mark xmlExp* symbols as removed

c2f209c0

2019-09-30T14:13:21

Disallow conditional sections in internal subset Conditional sections are only allowed in *external* parameter entities referenced from the internal subset.

c51e38cb

2019-09-30T13:50:02

Make xmlParseConditionalSections non-recursive Avoid call stack overflow in deeply nested conditional sections. Found by OSS-Fuzz.

9d461ac7

2019-09-26T16:17:31

Adjust expected error in Python tests Closes #107.

d56184a0

2019-09-26T12:11:39

Disable xmlExp regex code This is apparently another regex engine that was never used, see commit 81a8ec6.

664f8810

2019-09-26T11:01:58

Fix use-after-free in xmlTextReaderFreeNodeList Recent commit 1fbcf40 caused a use-after-free read because it didn't account for the fact that xmlTextReaderFreeDoc frees entities before freeing entity references via xmlTextReaderFreeNodeList. Found by OSS-Fuzz.

99a864a1

2019-09-25T15:27:45

Fix Regextests - One of the bug316338 test cases is expected to succeed. - Memory leak in testRegexp.c. - Refcount handling in xmlExpHashGetEntry.

c2b0a184

2019-09-25T13:57:42

Fix empty branch in regex Fixes bug 649244: https://bugzilla.gnome.org/show_bug.cgi?id=649244 Closes #57.

1fbcf409

2019-09-23T17:13:05

Make xmlTextReaderFreeNodeList non-recursive Avoid call stack overflow when freeing deeply nested documents. Found by OSS-Fuzz.

0762c9b6

2019-09-23T17:07:40

Make xmlFreeNodeList non-recursive Avoid call stack overflow when freeing deeply nested documents.

62150ed2

2019-09-23T14:46:41

Make xmlParseContent and xmlParseElement non-recursive Split xmlParseElement into subfunctions. Use nameNsPush to store prefix, URI and nsNr on the heap, similar to the push parser. Closes #84.

a28bc751

2019-09-20T13:46:58

Fix integer overflow in entity recursion check

e91cbcf6

2019-09-20T12:44:17

Don't read external entities or XIncludes from stdin The file input callbacks try to read from stdin if "-" is passed as URL. This should never be done when loading indirect resources like external entities or XIncludes. Unfortunately, the stdin substitution happens deep inside the IO code, so we simply replace "-" with "./-" in specific locations. This issue also affects other users of the library like libxslt. Ideally, stdin should only be substituted on explicit request. But more intrusive changes could break existing code. Closes #90 and #102.

6705f4d2

2019-09-16T15:45:27

Remove executable bit from non-executable files

eee1dd5a

2019-09-16T15:36:44

Fix expected output of test/schemas/any4 libxml2 correctly rejects any4_0.xsd as invalid schema. I can't figure out what the intent behind this test case was. Simply adjust the expected output to match the current behavior. Closes #92.

e8c9cd5c

2019-09-16T15:36:02

Fix Schema determinism check of ##other namespaces Non-compound (##local) and compound string atoms are always disjoint regardless of whether the compound atom is negated (##other). Closes #40.

4e326a3a

2019-09-02T14:16:12

Fix potential null deref in xmlSchemaIDCFillNodeTables Merge request !45

5f1f455c

2019-09-13T15:51:16

Fix potential memory leak in xmlBufBackToBuffer Fixes bug #794373 https://bugzilla.gnome.org/show_bug.cgi?id=794373 Also see merge request !42

e32afd3f

2019-09-13T15:45:21

Fix error message when processing XIncludes with fallbacks Fixes bug #616491 https://bugzilla.gnome.org/show_bug.cgi?id=616491 Based on merge request !41

fa5e8ca6

2019-08-27T19:09:20

Optimize build instructions in README Fixes bug #792181 https://bugzilla.gnome.org/show_bug.cgi?id=792181 Merge request !40

0b793591

2019-08-26T15:24:12

Fix memory leak in xmlRegEpxFromParse Merge request !39

8efc5b28

2019-09-13T12:24:23

14:00 is a valid timezone for xs:dateTime Closes #100

5a02583c

2019-08-07T17:39:17

Fix memory leak in xmlParseBalancedChunkMemoryRecover When doc is NULL, namespace created in xmlTreeEnsureXMLDecl is bind to newDoc->oldNs, in this case, set newDoc->oldNs to NULL and free newDoc will cause a memory leak. Found with libFuzzer. Closes #82.

a6a57867

2019-08-13T20:08:53

Fix memory leak in xmlXIncludeLoadTxt

09b6f818

2019-08-25T13:58:41

Fix potential null deref in xmlRelaxNGParsePatterns Thanks to Zhongyuan Zhou for the initial patch.

01d8cf07

2019-08-15T15:15:42

Misleading error message with xs:{min|max}Inclusive Closes #53.

e3f1c7f7

2019-08-25T14:12:23

Partial fix for comparison of xs:durations See https://bugzilla.gnome.org/show_bug.cgi?id=777139 Thanks to Zhongyuan Zhou for the initial merge request !34.

39f10232

2019-08-09T09:44:11

Fix typos: tree: move{ -> s}, reconcil{i -> }ed, h{o -> e}ld by... ...seems to { -> be to} add. Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

5c0e48b8

2019-07-25T18:46:30

Fix typo: xpath: simpli{ -> fi}ed Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

0571b4e6

2019-08-09T15:39:17

Fix null deref in xmlreader buffer

ea695ac0

2019-08-09T15:09:22

Fix unability to RelaxNG-validate grammar with choice-based name class Previously, test/relaxng/ambig_name-class2.xml would fail to validate against test/relaxng/ambig_name-class2.rng: > test/relaxng/ambig_name-class2.rng:4: > element attribute: Relax-NG parser error : > Found anyName attribute without oneOrMore ancestor > Relax-NG schema test/relaxng/ambig_name-class2.rng failed to compile Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

8074b881

2019-08-08T23:33:48

Fix unability to validate ambiguously constructed interleave for RelaxNG Previously, test/relaxng/ambig_name-class.xml would fail to validate for a simple reason -- interleave within "open-name-class" context is supposed to be fine with whatever else is pending the consumption, since effectively, it's unrelated from a higher parsing perspective. Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

81958b6e

2019-07-11T19:24:11

Doc: do not mislead towards "infeasible" scenario wrt. xmlBufNodeDump At least when merely public API is to be leveraged, one cannot use xmlBufCreate function that would otherwise be a clear fit, and relying on some invariants wrt. how some other struct fields will get initialized along the construction/filling such parent struct and (ab)using that instead does not appear clever, either. Hence, instruct people what's the Right Thing for the moment, that is, make them use xmlNodeDumpOutput instead (together with likewise public xmlAllocOutputBuffer). Going forward, it's questionable what do with xmlBuf* family of functions that are once public, since they, for any practical purpose, cannot be used by the library clients (that's how I've run into this). Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

59028ba0

2019-08-07T14:38:07

Fix possible null dereference in xmlXPathIdFunction If a certain memory allocation fails, xmlXPathIdFunction would dereference a null pointer. Closes #77.

b17e3d1c

2019-08-01T15:04:16

Work around buggy ceil() function on AIX AIX has a buggy ceil() function that does not handle negative-zero correctly. Closes #79.

6c91dd94

2019-08-01T15:01:47

Don't call printf with NULL string in runtest.c Avoids undefined behavior causing problems on HP-UX and Solaris. Closes #78.

2f2bf4b2

2019-07-31T20:21:47

xml2-config.in: Output CFLAGS and LIBS on the same line xml2-config currently outputs the results of '--cflags --libs' on two lines. Printing this information on one line is far more useful.

0c1b4fd2

2019-07-13T10:47:25

Fix comments in test code

4f67dbb0

2019-07-09T15:11:01

fix memory leak in xmlAllocOutputBuffer

1fc410d3

2019-07-01T22:22:14

xml2-config: Add a --dynamic switch to print only shared libraries `xml2-config --libs` prints static library linking information by default. This is un-necessary for most programs, so introduce a new option, --dynamic, which, when combined with --libs, only prints shared library linking information.

87125732

2019-07-08T12:54:21

Switched from unsigned long to ptrdiff_t in parser.c Using unsigned long instead of ptrdiff_t results in non-zero pointer deltas being stored as zero delta, giving incorrect offsets into arrays and hence out of bounds reads. This patch fixes the issue in all places in parser.c and adds a macro to reduce the chances of cut-and-paste errors. Only affects platforms where 'sizeof(long) < sizeof(size_t)' like 64-bit Windows. See https://bugs.chromium.org/p/chromium/issues/detail?id=894933 Closes #44.

63484962

2019-07-08T12:28:39

Remove redundant code in xmlRelaxNGValidateState Closes #70.

b3a95d57

2019-05-21T11:21:29

Fix unsigned int overflow

0df3c2c9

2019-06-28T17:34:24

fix comment in testReader.c

37189c08

2019-07-08T12:18:24

dict.h: gcc 2.95 doesn't allow multiple storage classes This is a partial revert of commit c71f9305. I'm not sure what issue this commit was trying to solve but it seems to be related to a circular dependency. It might be related to tree.h being included from dict.h which is unnecessary. Resolves !22.

01ea9c5a

2019-07-08T11:29:40

Fix another code path in xmlParseQName Check for buffer errors in another code path missed in the previous commit. Found by OSS-Fuzz.

5ccac8ce

2019-06-27T10:23:36

Make sure that xmlParseQName returns NULL in error case If there's an error growing the input buffer when recovering from invalid QNames, make sure to return NULL. Otherwise, callers could be confused. In xmlParseStartTag2, for example, `tlen` could become negative. Found by OSS-Fuzz.

f209e551

2019-06-25T11:45:16

Fix build without reader but with pattern Broken by commit dbc6b55b.

f824a4bd

2019-05-20T13:26:08

Fix memory leak in xmlAllocOutputBufferInternal error path Thanks to Anish K Kurian for the report. Closes #60.

e79a903f

2019-05-20T13:22:49

Remove redundant code in xmlXPathCompRelationalExpr Thanks to Anish K Kurian for the report. Closes #59.

44e7a0d5

2019-05-16T21:17:28

Annotate functions with __attribute__((no_sanitize))

f9fce963

2019-05-16T21:16:01

Fix unsigned integer overflow It's defined behavior but -fsanitize=unsigned-integer-overflow is useful to discover bugs.

dbc6b55b

2019-05-16T21:06:56

Fix warnings when compiling without reader or push parser

407b393d

2019-05-15T12:47:28

Fix return value of xmlOutputBufferWrite When using memory buffers, the total size of the buffer was added again and again, potentially leading to an integer overflow. Found by OSS-Fuzz.

3c0d62b4

2019-05-13T07:15:44

Fix parser termination from "Double hyphen within comment" error The patch fixes the parser not halting immediately when the error handler attempts to stop the parser. Rather it was running on and continuing to reference the freed buffer in the while loop termination test. This is only a problem if xmlStopParser is called from an error handler. Probably caused by commit 123234f2. Fixes #58.

96125557

2019-05-10T12:30:03

Remove unused member `doc` in xmlSaveCtxt

14ed63b7

2019-05-08T12:00:51

Limit recursion depth in xmlXPathCompOpEvalPredicate

ad93f087

2019-04-25T12:47:49

Remove -Wno-array-bounds It's unsupported on GCC versions older than 4.3 and the false positives seem to be fixed in newer versions.

9948a9a3

2019-04-05T06:34:59

timsort.h: support older GCCs cherry-pick upstream pull request: __builtin_clzll isn't available on older GCCs

346febc6

2019-04-25T11:34:08

Fix call stack overflow in xmlFreePattern Since xmlFreePattern tried to free the next pattern recursively, its behavior is identical to xmlFreePatternList. Make it call xmlFreePatternList to avoid call stack overflows. Found by OSS-Fuzz.

f75256e7

2019-04-23T17:23:39

Remove unreachable code in xmlXPathCountFunction After the initial test, the condition (type == XPATH_NODESET) || (type == XPATH_XSLT_TREE) always holds true.

949eced4

2019-04-22T16:04:26

Fix null deref in previous commit

kc3-lang/libxml2

Log