kmx git

Commit	Date	Message
bdd66182	2016-05-23T12:27:58	Avoid building recursive entities For https://bugzilla.gnome.org/show_bug.cgi?id=762100 When we detect a recusive entity we should really not build the associated data, moreover if someone bypass libxml2 fatal errors and still tries to serialize a broken entity make sure we don't risk to get ito a recursion * parser.c: xmlParserEntityCheck() don't build if entity loop were found and remove the associated text content * tree.c: xmlStringGetNodeList() avoid a potential recursion
0bcd05c5	2016-03-01T15:18:04	Heap-based buffer overread in htmlCurrentChar For https://bugzilla.gnome.org/show_bug.cgi?id=758606 * parserInternals.c: (xmlNextChar): Add an test to catch other issues on ctxt->input corruption proactively. For non-UTF-8 charsets, xmlNextChar() failed to check for the end of the input buffer and would continuing reading. Fix this by pulling out the check for the end of the input buffer into common code, and return if we reach the end of the input buffer prematurely. * result/HTML/758606.html: Added. * result/HTML/758606.html.err: Added. * result/HTML/758606.html.sax: Added. * result/HTML/758606_2.html: Added. * result/HTML/758606_2.html.err: Added. * result/HTML/758606_2.html.sax: Added. * test/HTML/758606.html: Added test case. * test/HTML/758606_2.html: Added test case.
38eae571	2016-03-07T14:04:08	Heap use-after-free in xmlSAX2AttributeNs For https://bugzilla.gnome.org/show_bug.cgi?id=759020 * parser.c: (xmlParseStartTag2): Attribute strings are only valid if the base does not change, so add another check where the base may change. Make sure to set 'attvalue' to NULL after freeing it. * result/errors/759020.xml: Added. * result/errors/759020.xml.err: Added. * result/errors/759020.xml.str: Added. * test/errors/759020.xml: Added test case.
b1d34de4	2016-03-14T17:19:44	Fix inappropriate fetch of entities content For https://bugzilla.gnome.org/show_bug.cgi?id=761430 libfuzzer regression testing exposed another case where the parser would fetch content of an external entity while not in validating mode. Plug that hole
45752d2c	2016-03-03T11:50:34	Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> * parser.c: (xmlParseNCNameComplex): Store start position instead of a pointer to the name since the underlying buffer may change, resulting in a stale pointer being used. * result/errors/759398.xml: Added. * result/errors/759398.xml.err: Added. * result/errors/759398.xml.str: Added. * test/errors/759398.xml: Added test case.
11ed4a7a	2016-03-02T15:52:24	Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral For https://bugzilla.gnome.org/show_bug.cgi?id=760263 * HTMLparser.c: Add BASE_PTR convenience macro. (htmlParseSystemLiteral): Store length and start position instead of a pointer while iterating through the public identifier since the underlying buffer may change, resulting in a stale pointer being used. (htmlParsePubidLiteral): Ditto.
a820dbea	2016-03-01T11:34:04	Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> Reviewed by David Kilzer. * HTMLparser.c: (htmlParseName): Add bounds check. (htmlParseNameComplex): Ditto. * result/HTML/758605.html: Added. * result/HTML/758605.html.err: Added. * result/HTML/758605.html.sax: Added. * runtest.c: (pushParseTest): The input for the new test case was so small (4 bytes) that htmlParseChunk() was never called after htmlCreatePushParserCtxt(), thereby creating a false positive test failure. Fixed by using a do-while loop so we always call htmlParseChunk() at least once. * test/HTML/758605.html: Added.
db07dd61	2016-02-12T09:58:29	Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> * parser.c: (xmlParseEndTag2): Add bounds checks before dereferencing ctxt->input->cur past the end of the buffer, or incrementing the pointer past the end of the buffer. * result/errors/758588.xml: Add test result. * result/errors/758588.xml.err: Ditto. * result/errors/758588.xml.str: Ditto. * test/errors/758588.xml: Add regression test.
00906759	2016-01-26T16:57:03	Heap-based buffer-underreads due to xmlParseName For https://bugzilla.gnome.org/show_bug.cgi?id=759573 * parser.c: (xmlParseElementDecl): Return early on invalid input to fix non-minimized test case (759573-2.xml). Otherwise the parser gets into a bad state in SKIP(3) at the end of the function. (xmlParseConditionalSections): Halt parsing when hitting invalid input that would otherwise caused xmlParserHandlePEReference() to recurse unexpectedly. This fixes the minimized test case (759573.xml). * result/errors/759573-2.xml: Add. * result/errors/759573-2.xml.err: Add. * result/errors/759573-2.xml.str: Add. * result/errors/759573.xml: Add. * result/errors/759573.xml.err: Add. * result/errors/759573.xml.str: Add. * test/errors/759573-2.xml: Add. * test/errors/759573.xml: Add.
4472c3a5	2016-05-13T15:13:17	Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.
cbb27165	2016-03-07T06:34:26	Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> * xmlregexp.c: (xmlFAParseCharRange): Only advance to the next character if there is no error. Advancing to the next character in case of an error while parsing regexp leads to an out of bounds access.
beca86e8	2016-05-04T11:23:49	Detect change of encoding when parsing HTML names From https://bugzilla.gnome.org/show_bug.cgi?id=758518 Happens when a file has a name getting parsed, but no valid encoding set, so libxml has to guess what the encoding is. This patch detects when the buffer location changes, and if it does, restarts the parsing of the name. This slightly change a couple of regression tests output
40fd6d2a	2016-01-28T14:20:09	Correct the usage of LDFLAGS For https://bugzilla.gnome.org/show_bug.cgi?id=761252 It is no longer necessary to save system LDFLAGS when checking lib specific LDFLAGS.
ebbd2b72	2016-05-23T13:58:24	Revert the use of SAVE_LDFLAGS in configure.ac For https://bugzilla.gnome.org/show_bug.cgi?id=761252 This reverts commit 7dc24965092d7cc310908d6052913050e88ec072.
c97750d1	2016-05-23T13:39:13	Avoid an out of bound access when serializing malformed strings For https://bugzilla.gnome.org/show_bug.cgi?id=766414 * xmlsave.c: xmlBufAttrSerializeTxtContent() if an attribute value is not UTF-8 be more careful when serializing it as we may do an out of bound access as a result.
886529b5	2016-04-05T12:05:25	Unsigned addition may overflow in xmlMallocAtomicLoc() For https://bugzilla.gnome.org/show_bug.cgi?id=764616 This code is used only if turning memory allocation debug in configure with --with-mem-debug, which should never happen in real life, so not a serious issue. * xmlmemory.c: (MAX_SIZE_T): Macro to define maximum value of size_t. (xmlMallocAtomicLoc): Add bounds check. Fix description and use the correct function name in another error message.
48920055	2016-05-23T08:59:20	libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles For https://bugzilla.gnome.org/show_bug.cgi?id=749416 do not use -L$Z_DIR/lib when Z_DIR isn't actually set
9f2416c6	2016-05-22T11:14:45	Add more debugging info to runtest When there is a failure, indicates what failed instead of just dumping the tested file name.
5c37382f	2016-05-22T09:58:30	Implement "runtest -u" mode For https://bugzilla.gnome.org/show_bug.cgi?id=611807 Using "make tests" to add new tests is error prone. This patch implements a "runtest -u" mode that makes it much easier to create baselines for new tests.
d433ea6c	2016-05-18T14:52:59	Integer signed/unsigned type mismatch in xmlParserInputGrow() For https://bugzilla.gnome.org/show_bug.cgi?id=766635 * parserInternals.c: (xmlParserInputGrow): Change 'ret' type to 'int' to match the return type of xmlParserInputBufferGrow().
8fbbf551	2016-03-08T17:29:00	Bug 763071: heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> * xmlstring.c: (xmlStrncat): Return NULL if xmlStrlen returns a negative length. (xmlStrncatNew): Ditto.
8f30bdff	2016-04-15T11:56:55	Add missing increments of recursion depth counter to XML parser. For https://bugzilla.gnome.org/show_bug.cgi?id=765207 CVE-2016-3705 The functions xmlParserEntityCheck() and xmlParseAttValueComplex() used to call xmlStringDecodeEntities() in a recursive context without incrementing the 'depth' counter in the parser context. Because of that omission, the parser failed to detect attribute recursions in certain documents before running out of stack space.
846cf015	2016-05-21T17:16:05	Integer overflow parsing port number in URI For https://bugzilla.gnome.org/show_bug.cgi?id=765566 in xmlParse3986Port(), uri->port can overflow when parsing a the port number. The type of uri->port is int, so the consequent behavior is undefined and may differ between compilers and architectures
8effcb57	2016-05-09T10:31:09	Fix apibuild for a recently added construct commit c71f9305a99b6aa03cb08fab31106c9c56f1be4f added __XML_EXTERNC cpp construct which not understood by apibuild, leading to make dist failures, ask to ignore that construct.
45f0abd4	2016-05-09T10:13:12	Use pkg-config to locate zlib when possible For https://bugzilla.gnome.org/show_bug.cgi?id=765979 This fallback to direct detection if not available, but current situation this is broken for cross compilation
3d75c2e8	2016-05-09T10:11:05	Use pkg-config to locate ICU when possible For https://bugzilla.gnome.org/show_bug.cgi?id=765979 This fallback to icu-config if not available, but current situation this is broken for cross compilation
34b35004	2016-05-09T09:28:38	Fix an error with regexp on nullable counted char transition This is the first of the two issues raised by Pete Cordell in https://mail.gnome.org/archives/xml/2016-April/msg00030.html
6eb0894a	2016-05-05T16:49:00	Fix memory leak with XPath namespace nodes Set hasNsNodes to 1 when adding namespace nodes via XP_TEST_HIT.
82b73039	2016-04-30T17:53:10	Fix namespace axis traversal When the namespace axis is traversed in "toBool" mode, the traversal can exit early, before visiting all nodes. In this case, the XPath context still contains a non-NULL tmpNsList. This means that - the check when to start a new traversal was wrong and - the tmpNsList could be leaked. Fixes bug #750037 and, by accident, bug #756075: https://bugzilla.gnome.org/show_bug.cgi?id=750037 https://bugzilla.gnome.org/show_bug.cgi?id=756075
9b4b8cb3	2016-05-04T12:33:32	Add a make rule to rebuild for ASAN
b8e0fa34	2016-05-04T10:55:49	Fix null pointer deref in docs with no root element From https://bugzilla.gnome.org/show_bug.cgi?id=758514
90da33ce	2016-05-03T21:37:52	Portability to non C99 compliant compilers OS400 C compiler is not C99 compliant. It only supports local variable declarations at the beginning of a block. We loose the const as a result but portability is more important.
c71f9305	2016-05-02T16:21:47	dict.h: Move xmlDictPtr definition before includes to allow direct inclusion.
f6599c51	2016-05-02T22:29:59	Fix XSD validation of URIs with ampersands For https://bugzilla.gnome.org/show_bug.cgi?id=709171 This makes xmlSchemaSAXHandleStartElementNs pass attributes through xmlStringDecodeEntities, similar to how xmlSchemaVDocWalk passes them through xmlNodeListGetString.
a1dca81d	2016-04-11T20:03:19	xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error.
b2937710	2015-04-21T17:21:49	os400: tell about xmllint and xmlcatalog in README400.
c04785d5	2015-04-21T16:56:54	os400: properly process SGML add in XMLCATALOG command.
9b5a57cf	2015-04-21T13:56:39	os400: implement CL command XMLCATALOG.
d76abc7b	2015-04-20T15:40:00	os400: compile and install program xmlcatalog (qshell-only).
2137326e	2015-04-20T15:00:58	xmlcatalog: flush stdout before interactive shell input.
cad1634e	2015-04-17T17:26:46	os400: expand tabs in sources, strip trailing blanks.
26db5e7a	2015-04-17T17:21:14	os400: implement CL command XMLLINT.
b1682bdb	2015-04-17T17:17:58	os400: compile and install program xmllint (qshell-only).
1463a91d	2015-04-17T17:09:13	os400: initscript make_module(): Use options instead of positional parameters.
11e805d3	2015-04-17T17:02:59	xmllint: flush stdout before interactive shell input.
44e49f47	2015-04-13T14:26:55	os400: c14n.rpgle: allow *omit for nullable reference parameters.
ae0b2240	2015-04-01T19:35:39	os400: use like() for double type.
155faa52	2015-04-01T18:52:37	os400: use like() for int type.
26202cf9	2015-04-01T15:39:45	os400: use like() for unsigned int type.
91e2e698	2015-04-01T15:23:57	os400: use like() for enum types.
2e354d74	2016-04-28T15:09:25	Add xz to xml2-config --libs output XML_LIBS should include LZMA_LIBS. This ensures that 'xml2-config --libs' shows -llzma when xz is enabled. Otherwise static link fails because of missing xz symbols.
839689a9	2016-04-27T18:00:12	Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression The ch1 slot of OP_VALUEs contains an invalid value. Ignore it. Fixes bug #760325: https://bugzilla.gnome.org/show_bug.cgi?id=760325
f39fd66e	2016-04-27T03:01:16	Fix namespace::node() XPath expression Make sure that xmlXPathNodeSetAddNs is called for namespace nodes when matched with a namespace::node() step. This correctly sets the parent of namespace nodes. Note that xmlXPathNodeSetAddNs must only be called if working on the namespace axis. Otherwise, the context node is not the parent of the namespace node and the standard XP_TEST_HIT macro must be invoked. This explains the errors in the C14N tests that the old TODO comment mentioned.
91ac664f	2016-04-26T14:47:56	Fix OOB write in xmlXPathEmptyNodeSet xmlXPathEmptyNodeSet would write a NULL pointer just beyond the end of the nodeTab array. This macro isn't used in libxml2, but in some of the math functions in libexslt where it can result in heap corruption and denial of service. Found by afl-fuzz and ASan.
e2893903	2016-04-21T19:19:23	Fix parsing of NCNames in XPath The NCName parser would allow any NameChar as start character. For example, the following XPath expressions would compile: self::-abc self::0abc self::.abc
96a5c17e	2016-04-21T19:03:47	Fix OOB read with invalid UTF-8 in xmlUTF8Strsize With certain invalid UTF-8, xmlUTF8Strsize can read up to 6 bytes beyond the end of the string and return the wrong size. This means that in xmlUTF8Strndup and similar code, some content behind the string is copied. But since the terminating \0 is copied as well, this probably can't be exploited to leak sensitive information. Found by afl-fuzz and ASan.
cad102b8	2016-04-15T22:41:24	Do normalize string-based datatype value in RelaxNG facet checking Original patch is from Jan Pokorný <jpokorny redhat com> https://mail.gnome.org/archives/xml/2013-November/msg00028.html Improve it according to reviews and add test files.
27aae651	2016-04-13T16:56:08	Fix typo: s{ ec -> cr }cipt Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
bb654feb	2016-04-13T16:56:07	Fix typos: dictio{ nn -> n }ar{y,ies} Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
9811ce78	2016-04-13T16:56:06	Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
d5bd2a9a	2016-04-03T05:14:44	Correct a typo.
c5ddd095	2016-01-20T20:41:44	Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" <https://bugzilla.gnome.org/show_bug.cgi?id=760921> * doc/examples/io1.res: Update expected result.
5be1a6e8	2016-01-19T11:38:52	Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd <https://bugzilla.gnome.org/show_bug.cgi?id=760861> Add missing test results to fix the following errors when running "make Schemastests": ## Schemas regression tests diff: ./result/schemas/regexp-char-ref_0_0.err: No such file or directory diff: ./result/schemas/regexp-char-ref_1_0.err: No such file or directory * result/schemas/regexp-char-ref_0_0.err: Added. * result/schemas/regexp-char-ref_1_0.err: Added.
c4184ba2	2015-12-01T13:24:44	error.c: *input->cur == 0 does not mean no error Complements: ce0b0d0d81fdbb5
49bbfdb6	2016-03-14T15:53:16	Add missing RNG test files For https://bugzilla.gnome.org/show_bug.cgi?id=760249 Add missing test results from Bug 710744 for commit 6473a41a49601da8355c4b407b99474ada170213.
6e3af870	2016-01-05T16:11:28	Bug 760190: configure.ac should be able to build --with-icu without icu-config tool <https://bugzilla.gnome.org/show_bug.cgi?id=760190> * configure.ac: Add fallback tests if the icu-config tool is not installed (like on Mac OS X). This also allows an include prefix to be set using "--with-icu=/prefix/to/icu", similar to --with-iconv.
4f8606c1	2016-01-05T13:38:09	Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> * parser.c: (xmlCheckCdataPush): Add 'complete' argument to describe whether the buffer passed in is the whole CDATA buffer, or if there is more data to parse. If there is more data to parse, don't return a negative value for an invalid multi-byte UTF-8 character that is split between buffers. (xmlParseTryOrFinish): Pass 'complete' argument to xmlCheckCdataPush() as appropriate. * result/cdata-2-byte-UTF-8.xml: Added. * result/cdata-2-byte-UTF-8.xml.rde: Added. * result/cdata-2-byte-UTF-8.xml.rdr: Added. * result/cdata-2-byte-UTF-8.xml.sax: Added. * result/cdata-2-byte-UTF-8.xml.sax2: Added. * result/cdata-3-byte-UTF-8.xml: Added. * result/cdata-3-byte-UTF-8.xml.rde: Added. * result/cdata-3-byte-UTF-8.xml.rdr: Added. * result/cdata-3-byte-UTF-8.xml.sax: Added. * result/cdata-3-byte-UTF-8.xml.sax2: Added. * result/cdata-4-byte-UTF-8.xml: Added. * result/cdata-4-byte-UTF-8.xml.rde: Added. * result/cdata-4-byte-UTF-8.xml.rdr: Added. * result/cdata-4-byte-UTF-8.xml.sax: Added. * result/cdata-4-byte-UTF-8.xml.sax2: Added. * result/noent/cdata-2-byte-UTF-8.xml: Added. * result/noent/cdata-3-byte-UTF-8.xml: Added. * result/noent/cdata-4-byte-UTF-8.xml: Added. * test/cdata-2-byte-UTF-8.xml: Added. * test/cdata-3-byte-UTF-8.xml: Added. * test/cdata-4-byte-UTF-8.xml: Added. - Add tests and results. Only 'make Readertests XMLPushtests' fails prior to the fix.
e6b97476	2016-03-07T20:16:41	Bug 758572: ASAN crash in make check <https://bugzilla.gnome.org/show_bug.cgi?id=758572> Instead of sending a random string length into API methods, compute the string length properly to fix out-of-bounds accesses caught with AddressSanitizer turned on. * testapi.c: (test_htmlCreateMemoryParserCtxt): (test_htmlCreatePushParserCtxt): (test_htmlCtxtReadMemory): (test_htmlParseChunk): (test_htmlReadMemory): (test_xmlDictExists): (test_xmlDictLookup): (test_xmlCreatePushParserCtxt): (test_xmlCtxtReadMemory): (test_xmlCtxtResetPush): (test_xmlParseChunk): (test_xmlParseInNodeContext): (test_xmlParseMemory): (test_xmlReadMemory): (test_xmlRecoverMemory): (test_xmlSAXParseMemory): (test_xmlSAXParseMemoryWithData): (test_xmlSAXUserParseMemory): (test_xmlCreateMemoryParserCtxt): (test_xmlRelaxNGNewMemParserCtxt): (test_xmlBufferAdd): (test_xmlBufferAddHead): (test_xmlBuildQName): (test_xmlDocDumpFormatMemory): (test_xmlDocDumpFormatMemoryEnc): (test_xmlDocDumpMemory): (test_xmlNewCDataBlock): (test_xmlNewDocTextLen): (test_xmlNewTextLen): (test_xmlNodeAddContentLen): (test_xmlNodeSetContentLen): (test_xmlSplitQName3): (test_xmlStringLenGetNodeList): (test_xmlTextConcat): (test_xmlOutputBufferWrite): (test_xmlParserInputBufferCreateMem): (test_xmlParserInputBufferCreateStatic): (test_xmlParserInputBufferPush): (test_xmlReaderForMemory): (test_xmlReaderNewMemory): (test_xmlSchemaNewMemParserCtxt): (test_xmlCharStrndup): (test_xmlStrncatNew): (test_xmlStrncmp): (test_xmlStrndup): (test_xmlStrsub): (test_xmlTextWriterWriteBase64): (test_xmlTextWriterWriteBinHex): (test_xmlTextWriterWriteRawLen):
783931fc	2016-03-02T12:48:51	Bug 721158: Missing ICU string when doing --version on xmllint <https://bugzilla.gnome.org/show_bug.cgi?id=721158> * xmllint.c: (showVersion): Add "ICU" to xmllint version string if libxml2 is built with ICU enabled.
65112cb3	2016-01-18T12:46:41	python 3: libxml2.c wrappers create Unicode str already ... so stop decoding these, which only results in "TypeError: 'str' does not support the buffer interface".
dfbacd4f	2016-03-07T13:46:28	win32\VC10\config.h and VS 2015 --047d7bacb4ee71848a052d7c673a Content-Type: text/plain; charset=UTF-8 The config.h file in win32\VC10 is incompatible with VS 2015 because VS 2015 provides an implementation of snprintf and prohibits using the preprocessor to define it. Therefor an ifdef check is needed around that definition in VC10\config.h. Here is a patch that is compatible with the change that we made to Chromium's copy:
0f84ee23	2016-02-09T17:55:40	Add autogen.sh to distrib For https://bugzilla.gnome.org/show_bug.cgi?id=761782 autogen.sh was not included in the tarball releases which complicates situations when users have to make changes to e.g. configure.ac andi have to re-generate configure.
b5ca2607	2016-02-09T17:23:48	Add configure maintainer mode For https://bugzilla.gnome.org/show_bug.cgi?id=761784 I wasn't able to build libxml2 because aclocal-1.13 was missing from my machine. With AM_MAINTAINER_MODE, I'm able to configure libxml2 with '--disable-maintainer-mode' which will disable checks for aclocal.
a7a94612	2016-02-09T12:55:29	Heap-based buffer overread in xmlNextChar For https://bugzilla.gnome.org/show_bug.cgi?id=759671 when the end of the internal subset isn't properly detected xmlParseInternalSubset should just return instead of trying to process input further.
6657afe8	2015-11-20T17:55:11	Release of libxml2-2.9.3 * configure.ac: updated * doc/*: regenerated
8fb4a770	2015-11-20T17:16:06	CVE-2015-8242 Buffer overead with HTML parser in push mode For https://bugzilla.gnome.org/show_bug.cgi?id=756372 Error in the code pointing to the codepoint in the stack for the current char value instead of the pointer in the input that the SAX callback expects Reported and fixed by Hugh Davenport
f1063fdb	2015-11-20T16:06:59	CVE-2015-7500 Fix memory access error due to incorrect entities boundaries For https://bugzilla.gnome.org/show_bug.cgi?id=756525 handle properly the case where we popped out of the current entity while processing a start tag Reported by Kostya Serebryany @ Google This slightly modifies the output of 754946 in regression tests
fdfeecc1	2015-11-20T15:07:38	Bug on creating new stream from entity sometimes the entity could have a lenght of 0, i.e. it wasn't parsed or used yet, and we ended up with an incoherent input state
3bd6ae14	2015-11-20T15:06:02	Fix some loop issues embedding NEXT Next can switch the parser back to XML_PARSER_EOF state, we need to consider those in loops consuming input
35bcb1d7	2015-11-20T15:04:09	Detect incoherency on GROW the current pointer to the input has to be between the base and end if not stop everything we have an internal state error.
ce0b0d0d	2015-11-20T15:01:22	Do not print error context when there is none Which now happens more frequently du to xmlHaltParser use
e3b15974	2015-11-20T14:59:30	Reuse xmlHaltParser() where it makes sense Unify the various place where either xmlStopParser was called (which resets the error as a side effect) and places where we used ctxt->instate = XML_PARSER_EOF to stop further processing
28cd9cb7	2015-11-20T14:55:30	Add xmlHaltParser() to stop the parser The problem is doing it in a consistent and safe fashion It's more complex than just setting ctxt->instate = XML_PARSER_EOF Update the public function to reuse that new internal routine
69030714	2015-11-20T11:13:45	CVE-2015-5312 Another entity expansion issue For https://bugzilla.gnome.org/show_bug.cgi?id=756733 It is one case where the code in place to detect entities expansions failed to exit when the situation was detected, leading to DoS Problem reported by Kostya Serebryany @ Google Patch provided by David Drysdale @ Google
6360a31a	2015-11-20T10:47:12	CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey For https://bugzilla.gnome.org/show_bug.cgi?id=756528 It was possible to hit a negative offset in the name indexing used to randomize the dictionary key generation Reported and fix provided by David Drysdale @ Google
53ac9c96	2015-11-09T18:16:00	xmlStopParser reset errNo I had used it in contexts where that information ought to be preserved
afd27c21	2015-11-09T18:07:18	Avoid processing entities after encoding conversion failures For https://bugzilla.gnome.org/show_bug.cgi?id=756527 and was also raised by Chromium team in the past When we hit a convwersion failure when switching encoding it is bestter to stop parsing there, this was treated as a fatal error but the parser was continuing to process to extract more errors, unfortunately that makes little sense as the data is obviously corrupt and can potentially lead to unexpected behaviour.
ab2b9a93	2015-11-03T20:40:49	Avoid extra processing of MarkupDecl when EOF For https://bugzilla.gnome.org/show_bug.cgi?id=756263 One place where ctxt->instate == XML_PARSER_EOF whic was set up by entity detection issues doesn't get noticed, and even overrided
18b89885	2015-11-03T15:46:29	Reenable xz support by default For https://bugzilla.gnome.org/show_bug.cgi?id=757466 problem was introduced by commit f3f86ff465c92c79f834d7b981f3c7274a8bb5c8 for https://bugzilla.gnome.org/show_bug.cgi?id=711026
f0709e3c	2015-11-03T15:31:25	CVE-2015-8035 Fix XZ compression support loop For https://bugzilla.gnome.org/show_bug.cgi?id=757466 DoS when parsing specially crafted XML document if XZ support is compiled in (which wasn't the case for 2.9.2 and master since Nov 2013, fixed in next commit !)
e724879d	2015-10-30T21:14:55	Fix parsing short unclosed comment uninitialized access For https://bugzilla.gnome.org/show_bug.cgi?id=746048 The HTML parser was too optimistic when processing comments and didn't check for the end of the stream on the first 2 characters
41ac9049	2015-10-27T10:53:44	Fix an error in previous Conditional section patch an off by one mistake in the change, led to error on correct document where the end of the included entity was exactly the end of the conditional section, leading to regtest failure
73c50805	2015-10-26T18:33:14	Correct spelling of "calling"
b40c1940	2015-10-23T19:35:02	Fix a small error in xmllint --format description Obviously it operates on the output not the input
bd0526e6	2015-10-23T19:02:28	Another variation of overflow in Conditional sections Which happen after the previous fix to https://bugzilla.gnome.org/show_bug.cgi?id=756456 But stopping the parser and exiting we didn't pop the intermediary entities and doing the SKIP there applies on an input which may be too small
cf77e605	2015-09-30T14:46:29	Add missing Null check in xmlParseExternalEntityPrivate For https://bugzilla.gnome.org/show_bug.cgi?id=755857 a case where we check for NULL but not everywhere
4a5d80ad	2015-09-18T15:06:46	Fix a bug in CData error handling in the push parser For https://bugzilla.gnome.org/show_bug.cgi?id=754947 The checking function was returning incorrect args in some cases Adds the test to teh reg suite and fix one of the existing test output
51f02b0a	2015-09-15T16:50:32	Fix a bug on name parsing at the end of current input buffer For https://bugzilla.gnome.org/show_bug.cgi?id=754946 When hitting the end of the current input buffer while parsing a name we could end up loosing the beginning of the name, which led to various issues.
ef709ce2	2015-09-10T19:41:41	Fix the spurious ID already defined error For https://bugzilla.gnome.org/show_bug.cgi?id=737840 the fix for 724903 introduced a regression on external entities carrying IDs, revert that patch in part and add a specific test to avoid readding it
3eaedba1	2015-07-11T14:27:34	Fix previous change to node sort order Commit ba58f23 broke comparison of nodes from different documents. Thanks to Olli Pottonen for the report.

bdd66182

2016-05-23T12:27:58

Avoid building recursive entities For https://bugzilla.gnome.org/show_bug.cgi?id=762100 When we detect a recusive entity we should really not build the associated data, moreover if someone bypass libxml2 fatal errors and still tries to serialize a broken entity make sure we don't risk to get ito a recursion * parser.c: xmlParserEntityCheck() don't build if entity loop were found and remove the associated text content * tree.c: xmlStringGetNodeList() avoid a potential recursion

0bcd05c5

2016-03-01T15:18:04

Heap-based buffer overread in htmlCurrentChar For https://bugzilla.gnome.org/show_bug.cgi?id=758606 * parserInternals.c: (xmlNextChar): Add an test to catch other issues on ctxt->input corruption proactively. For non-UTF-8 charsets, xmlNextChar() failed to check for the end of the input buffer and would continuing reading. Fix this by pulling out the check for the end of the input buffer into common code, and return if we reach the end of the input buffer prematurely. * result/HTML/758606.html: Added. * result/HTML/758606.html.err: Added. * result/HTML/758606.html.sax: Added. * result/HTML/758606_2.html: Added. * result/HTML/758606_2.html.err: Added. * result/HTML/758606_2.html.sax: Added. * test/HTML/758606.html: Added test case. * test/HTML/758606_2.html: Added test case.

38eae571

2016-03-07T14:04:08

Heap use-after-free in xmlSAX2AttributeNs For https://bugzilla.gnome.org/show_bug.cgi?id=759020 * parser.c: (xmlParseStartTag2): Attribute strings are only valid if the base does not change, so add another check where the base may change. Make sure to set 'attvalue' to NULL after freeing it. * result/errors/759020.xml: Added. * result/errors/759020.xml.err: Added. * result/errors/759020.xml.str: Added. * test/errors/759020.xml: Added test case.

b1d34de4

2016-03-14T17:19:44

Fix inappropriate fetch of entities content For https://bugzilla.gnome.org/show_bug.cgi?id=761430 libfuzzer regression testing exposed another case where the parser would fetch content of an external entity while not in validating mode. Plug that hole

45752d2c

2016-03-03T11:50:34

Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> * parser.c: (xmlParseNCNameComplex): Store start position instead of a pointer to the name since the underlying buffer may change, resulting in a stale pointer being used. * result/errors/759398.xml: Added. * result/errors/759398.xml.err: Added. * result/errors/759398.xml.str: Added. * test/errors/759398.xml: Added test case.

11ed4a7a

2016-03-02T15:52:24

Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral For https://bugzilla.gnome.org/show_bug.cgi?id=760263 * HTMLparser.c: Add BASE_PTR convenience macro. (htmlParseSystemLiteral): Store length and start position instead of a pointer while iterating through the public identifier since the underlying buffer may change, resulting in a stale pointer being used. (htmlParsePubidLiteral): Ditto.

a820dbea

2016-03-01T11:34:04

Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> Reviewed by David Kilzer. * HTMLparser.c: (htmlParseName): Add bounds check. (htmlParseNameComplex): Ditto. * result/HTML/758605.html: Added. * result/HTML/758605.html.err: Added. * result/HTML/758605.html.sax: Added. * runtest.c: (pushParseTest): The input for the new test case was so small (4 bytes) that htmlParseChunk() was never called after htmlCreatePushParserCtxt(), thereby creating a false positive test failure. Fixed by using a do-while loop so we always call htmlParseChunk() at least once. * test/HTML/758605.html: Added.

db07dd61

2016-02-12T09:58:29

Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> * parser.c: (xmlParseEndTag2): Add bounds checks before dereferencing ctxt->input->cur past the end of the buffer, or incrementing the pointer past the end of the buffer. * result/errors/758588.xml: Add test result. * result/errors/758588.xml.err: Ditto. * result/errors/758588.xml.str: Ditto. * test/errors/758588.xml: Add regression test.

00906759

2016-01-26T16:57:03

Heap-based buffer-underreads due to xmlParseName For https://bugzilla.gnome.org/show_bug.cgi?id=759573 * parser.c: (xmlParseElementDecl): Return early on invalid input to fix non-minimized test case (759573-2.xml). Otherwise the parser gets into a bad state in SKIP(3) at the end of the function. (xmlParseConditionalSections): Halt parsing when hitting invalid input that would otherwise caused xmlParserHandlePEReference() to recurse unexpectedly. This fixes the minimized test case (759573.xml). * result/errors/759573-2.xml: Add. * result/errors/759573-2.xml.err: Add. * result/errors/759573-2.xml.str: Add. * result/errors/759573.xml: Add. * result/errors/759573.xml.err: Add. * result/errors/759573.xml.str: Add. * test/errors/759573-2.xml: Add. * test/errors/759573.xml: Add.

4472c3a5

2016-05-13T15:13:17

Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.

cbb27165

2016-03-07T06:34:26

Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> * xmlregexp.c: (xmlFAParseCharRange): Only advance to the next character if there is no error. Advancing to the next character in case of an error while parsing regexp leads to an out of bounds access.

beca86e8

2016-05-04T11:23:49

Detect change of encoding when parsing HTML names From https://bugzilla.gnome.org/show_bug.cgi?id=758518 Happens when a file has a name getting parsed, but no valid encoding set, so libxml has to guess what the encoding is. This patch detects when the buffer location changes, and if it does, restarts the parsing of the name. This slightly change a couple of regression tests output

40fd6d2a

2016-01-28T14:20:09

Correct the usage of LDFLAGS For https://bugzilla.gnome.org/show_bug.cgi?id=761252 It is no longer necessary to save system LDFLAGS when checking lib specific LDFLAGS.

ebbd2b72

2016-05-23T13:58:24

Revert the use of SAVE_LDFLAGS in configure.ac For https://bugzilla.gnome.org/show_bug.cgi?id=761252 This reverts commit 7dc24965092d7cc310908d6052913050e88ec072.

c97750d1

2016-05-23T13:39:13

Avoid an out of bound access when serializing malformed strings For https://bugzilla.gnome.org/show_bug.cgi?id=766414 * xmlsave.c: xmlBufAttrSerializeTxtContent() if an attribute value is not UTF-8 be more careful when serializing it as we may do an out of bound access as a result.

886529b5

2016-04-05T12:05:25

Unsigned addition may overflow in xmlMallocAtomicLoc() For https://bugzilla.gnome.org/show_bug.cgi?id=764616 This code is used only if turning memory allocation debug in configure with --with-mem-debug, which should never happen in real life, so not a serious issue. * xmlmemory.c: (MAX_SIZE_T): Macro to define maximum value of size_t. (xmlMallocAtomicLoc): Add bounds check. Fix description and use the correct function name in another error message.

48920055

2016-05-23T08:59:20

libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles For https://bugzilla.gnome.org/show_bug.cgi?id=749416 do not use -L$Z_DIR/lib when Z_DIR isn't actually set

9f2416c6

2016-05-22T11:14:45

Add more debugging info to runtest When there is a failure, indicates what failed instead of just dumping the tested file name.

5c37382f

2016-05-22T09:58:30

Implement "runtest -u" mode For https://bugzilla.gnome.org/show_bug.cgi?id=611807 Using "make tests" to add new tests is error prone. This patch implements a "runtest -u" mode that makes it much easier to create baselines for new tests.

d433ea6c

2016-05-18T14:52:59

Integer signed/unsigned type mismatch in xmlParserInputGrow() For https://bugzilla.gnome.org/show_bug.cgi?id=766635 * parserInternals.c: (xmlParserInputGrow): Change 'ret' type to 'int' to match the return type of xmlParserInputBufferGrow().

8fbbf551

2016-03-08T17:29:00

Bug 763071: heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> * xmlstring.c: (xmlStrncat): Return NULL if xmlStrlen returns a negative length. (xmlStrncatNew): Ditto.

8f30bdff

2016-04-15T11:56:55

Add missing increments of recursion depth counter to XML parser. For https://bugzilla.gnome.org/show_bug.cgi?id=765207 CVE-2016-3705 The functions xmlParserEntityCheck() and xmlParseAttValueComplex() used to call xmlStringDecodeEntities() in a recursive context without incrementing the 'depth' counter in the parser context. Because of that omission, the parser failed to detect attribute recursions in certain documents before running out of stack space.

846cf015

2016-05-21T17:16:05

Integer overflow parsing port number in URI For https://bugzilla.gnome.org/show_bug.cgi?id=765566 in xmlParse3986Port(), uri->port can overflow when parsing a the port number. The type of uri->port is int, so the consequent behavior is undefined and may differ between compilers and architectures

8effcb57

2016-05-09T10:31:09

Fix apibuild for a recently added construct commit c71f9305a99b6aa03cb08fab31106c9c56f1be4f added __XML_EXTERNC cpp construct which not understood by apibuild, leading to make dist failures, ask to ignore that construct.

45f0abd4

2016-05-09T10:13:12

Use pkg-config to locate zlib when possible For https://bugzilla.gnome.org/show_bug.cgi?id=765979 This fallback to direct detection if not available, but current situation this is broken for cross compilation

3d75c2e8

2016-05-09T10:11:05

Use pkg-config to locate ICU when possible For https://bugzilla.gnome.org/show_bug.cgi?id=765979 This fallback to icu-config if not available, but current situation this is broken for cross compilation

34b35004

2016-05-09T09:28:38

Fix an error with regexp on nullable counted char transition This is the first of the two issues raised by Pete Cordell in https://mail.gnome.org/archives/xml/2016-April/msg00030.html

6eb0894a

2016-05-05T16:49:00

Fix memory leak with XPath namespace nodes Set hasNsNodes to 1 when adding namespace nodes via XP_TEST_HIT.

82b73039

2016-04-30T17:53:10

Fix namespace axis traversal When the namespace axis is traversed in "toBool" mode, the traversal can exit early, before visiting all nodes. In this case, the XPath context still contains a non-NULL tmpNsList. This means that - the check when to start a new traversal was wrong and - the tmpNsList could be leaked. Fixes bug #750037 and, by accident, bug #756075: https://bugzilla.gnome.org/show_bug.cgi?id=750037 https://bugzilla.gnome.org/show_bug.cgi?id=756075

9b4b8cb3

2016-05-04T12:33:32

Add a make rule to rebuild for ASAN

b8e0fa34

2016-05-04T10:55:49

Fix null pointer deref in docs with no root element From https://bugzilla.gnome.org/show_bug.cgi?id=758514

90da33ce

2016-05-03T21:37:52

Portability to non C99 compliant compilers OS400 C compiler is not C99 compliant. It only supports local variable declarations at the beginning of a block. We loose the const as a result but portability is more important.

c71f9305

2016-05-02T16:21:47

dict.h: Move xmlDictPtr definition before includes to allow direct inclusion.

f6599c51

2016-05-02T22:29:59

Fix XSD validation of URIs with ampersands For https://bugzilla.gnome.org/show_bug.cgi?id=709171 This makes xmlSchemaSAXHandleStartElementNs pass attributes through xmlStringDecodeEntities, similar to how xmlSchemaVDocWalk passes them through xmlNodeListGetString.

a1dca81d

2016-04-11T20:03:19

xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error.

b2937710

2015-04-21T17:21:49

os400: tell about xmllint and xmlcatalog in README400.

c04785d5

2015-04-21T16:56:54

os400: properly process SGML add in XMLCATALOG command.

9b5a57cf

2015-04-21T13:56:39

os400: implement CL command XMLCATALOG.

d76abc7b

2015-04-20T15:40:00

os400: compile and install program xmlcatalog (qshell-only).

2137326e

2015-04-20T15:00:58

xmlcatalog: flush stdout before interactive shell input.

cad1634e

2015-04-17T17:26:46

os400: expand tabs in sources, strip trailing blanks.

26db5e7a

2015-04-17T17:21:14

os400: implement CL command XMLLINT.

b1682bdb

2015-04-17T17:17:58

os400: compile and install program xmllint (qshell-only).

1463a91d

2015-04-17T17:09:13

os400: initscript make_module(): Use options instead of positional parameters.

11e805d3

2015-04-17T17:02:59

xmllint: flush stdout before interactive shell input.

44e49f47

2015-04-13T14:26:55

os400: c14n.rpgle: allow *omit for nullable reference parameters.

ae0b2240

2015-04-01T19:35:39

os400: use like() for double type.

155faa52

2015-04-01T18:52:37

os400: use like() for int type.

26202cf9

2015-04-01T15:39:45

os400: use like() for unsigned int type.

91e2e698

2015-04-01T15:23:57

os400: use like() for enum types.

2e354d74

2016-04-28T15:09:25

Add xz to xml2-config --libs output XML_LIBS should include LZMA_LIBS. This ensures that 'xml2-config --libs' shows -llzma when xz is enabled. Otherwise static link fails because of missing xz symbols.

839689a9

2016-04-27T18:00:12

Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression The ch1 slot of OP_VALUEs contains an invalid value. Ignore it. Fixes bug #760325: https://bugzilla.gnome.org/show_bug.cgi?id=760325

f39fd66e

2016-04-27T03:01:16

Fix namespace::node() XPath expression Make sure that xmlXPathNodeSetAddNs is called for namespace nodes when matched with a namespace::node() step. This correctly sets the parent of namespace nodes. Note that xmlXPathNodeSetAddNs must only be called if working on the namespace axis. Otherwise, the context node is not the parent of the namespace node and the standard XP_TEST_HIT macro must be invoked. This explains the errors in the C14N tests that the old TODO comment mentioned.

91ac664f

2016-04-26T14:47:56

Fix OOB write in xmlXPathEmptyNodeSet xmlXPathEmptyNodeSet would write a NULL pointer just beyond the end of the nodeTab array. This macro isn't used in libxml2, but in some of the math functions in libexslt where it can result in heap corruption and denial of service. Found by afl-fuzz and ASan.

e2893903

2016-04-21T19:19:23

Fix parsing of NCNames in XPath The NCName parser would allow any NameChar as start character. For example, the following XPath expressions would compile: self::-abc self::0abc self::.abc

96a5c17e

2016-04-21T19:03:47

Fix OOB read with invalid UTF-8 in xmlUTF8Strsize With certain invalid UTF-8, xmlUTF8Strsize can read up to 6 bytes beyond the end of the string and return the wrong size. This means that in xmlUTF8Strndup and similar code, some content behind the string is copied. But since the terminating \0 is copied as well, this probably can't be exploited to leak sensitive information. Found by afl-fuzz and ASan.

cad102b8

2016-04-15T22:41:24

Do normalize string-based datatype value in RelaxNG facet checking Original patch is from Jan Pokorný <jpokorny redhat com> https://mail.gnome.org/archives/xml/2013-November/msg00028.html Improve it according to reviews and add test files.

27aae651

2016-04-13T16:56:08

Fix typo: s{ ec -> cr }cipt Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

bb654feb

2016-04-13T16:56:07

Fix typos: dictio{ nn -> n }ar{y,ies} Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

9811ce78

2016-04-13T16:56:06

Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

d5bd2a9a

2016-04-03T05:14:44

Correct a typo.

c5ddd095

2016-01-20T20:41:44

Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" <https://bugzilla.gnome.org/show_bug.cgi?id=760921> * doc/examples/io1.res: Update expected result.

5be1a6e8

2016-01-19T11:38:52

Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd <https://bugzilla.gnome.org/show_bug.cgi?id=760861> Add missing test results to fix the following errors when running "make Schemastests": ## Schemas regression tests diff: ./result/schemas/regexp-char-ref_0_0.err: No such file or directory diff: ./result/schemas/regexp-char-ref_1_0.err: No such file or directory * result/schemas/regexp-char-ref_0_0.err: Added. * result/schemas/regexp-char-ref_1_0.err: Added.

c4184ba2

2015-12-01T13:24:44

error.c: *input->cur == 0 does not mean no error Complements: ce0b0d0d81fdbb5

49bbfdb6

2016-03-14T15:53:16

Add missing RNG test files For https://bugzilla.gnome.org/show_bug.cgi?id=760249 Add missing test results from Bug 710744 for commit 6473a41a49601da8355c4b407b99474ada170213.

6e3af870

2016-01-05T16:11:28

Bug 760190: configure.ac should be able to build --with-icu without icu-config tool <https://bugzilla.gnome.org/show_bug.cgi?id=760190> * configure.ac: Add fallback tests if the icu-config tool is not installed (like on Mac OS X). This also allows an include prefix to be set using "--with-icu=/prefix/to/icu", similar to --with-iconv.

4f8606c1

2016-01-05T13:38:09

Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> * parser.c: (xmlCheckCdataPush): Add 'complete' argument to describe whether the buffer passed in is the whole CDATA buffer, or if there is more data to parse. If there is more data to parse, don't return a negative value for an invalid multi-byte UTF-8 character that is split between buffers. (xmlParseTryOrFinish): Pass 'complete' argument to xmlCheckCdataPush() as appropriate. * result/cdata-2-byte-UTF-8.xml: Added. * result/cdata-2-byte-UTF-8.xml.rde: Added. * result/cdata-2-byte-UTF-8.xml.rdr: Added. * result/cdata-2-byte-UTF-8.xml.sax: Added. * result/cdata-2-byte-UTF-8.xml.sax2: Added. * result/cdata-3-byte-UTF-8.xml: Added. * result/cdata-3-byte-UTF-8.xml.rde: Added. * result/cdata-3-byte-UTF-8.xml.rdr: Added. * result/cdata-3-byte-UTF-8.xml.sax: Added. * result/cdata-3-byte-UTF-8.xml.sax2: Added. * result/cdata-4-byte-UTF-8.xml: Added. * result/cdata-4-byte-UTF-8.xml.rde: Added. * result/cdata-4-byte-UTF-8.xml.rdr: Added. * result/cdata-4-byte-UTF-8.xml.sax: Added. * result/cdata-4-byte-UTF-8.xml.sax2: Added. * result/noent/cdata-2-byte-UTF-8.xml: Added. * result/noent/cdata-3-byte-UTF-8.xml: Added. * result/noent/cdata-4-byte-UTF-8.xml: Added. * test/cdata-2-byte-UTF-8.xml: Added. * test/cdata-3-byte-UTF-8.xml: Added. * test/cdata-4-byte-UTF-8.xml: Added. - Add tests and results. Only 'make Readertests XMLPushtests' fails prior to the fix.

e6b97476

2016-03-07T20:16:41

Bug 758572: ASAN crash in make check <https://bugzilla.gnome.org/show_bug.cgi?id=758572> Instead of sending a random string length into API methods, compute the string length properly to fix out-of-bounds accesses caught with AddressSanitizer turned on. * testapi.c: (test_htmlCreateMemoryParserCtxt): (test_htmlCreatePushParserCtxt): (test_htmlCtxtReadMemory): (test_htmlParseChunk): (test_htmlReadMemory): (test_xmlDictExists): (test_xmlDictLookup): (test_xmlCreatePushParserCtxt): (test_xmlCtxtReadMemory): (test_xmlCtxtResetPush): (test_xmlParseChunk): (test_xmlParseInNodeContext): (test_xmlParseMemory): (test_xmlReadMemory): (test_xmlRecoverMemory): (test_xmlSAXParseMemory): (test_xmlSAXParseMemoryWithData): (test_xmlSAXUserParseMemory): (test_xmlCreateMemoryParserCtxt): (test_xmlRelaxNGNewMemParserCtxt): (test_xmlBufferAdd): (test_xmlBufferAddHead): (test_xmlBuildQName): (test_xmlDocDumpFormatMemory): (test_xmlDocDumpFormatMemoryEnc): (test_xmlDocDumpMemory): (test_xmlNewCDataBlock): (test_xmlNewDocTextLen): (test_xmlNewTextLen): (test_xmlNodeAddContentLen): (test_xmlNodeSetContentLen): (test_xmlSplitQName3): (test_xmlStringLenGetNodeList): (test_xmlTextConcat): (test_xmlOutputBufferWrite): (test_xmlParserInputBufferCreateMem): (test_xmlParserInputBufferCreateStatic): (test_xmlParserInputBufferPush): (test_xmlReaderForMemory): (test_xmlReaderNewMemory): (test_xmlSchemaNewMemParserCtxt): (test_xmlCharStrndup): (test_xmlStrncatNew): (test_xmlStrncmp): (test_xmlStrndup): (test_xmlStrsub): (test_xmlTextWriterWriteBase64): (test_xmlTextWriterWriteBinHex): (test_xmlTextWriterWriteRawLen):

783931fc

2016-03-02T12:48:51

Bug 721158: Missing ICU string when doing --version on xmllint <https://bugzilla.gnome.org/show_bug.cgi?id=721158> * xmllint.c: (showVersion): Add "ICU" to xmllint version string if libxml2 is built with ICU enabled.

65112cb3

2016-01-18T12:46:41

python 3: libxml2.c wrappers create Unicode str already ... so stop decoding these, which only results in "TypeError: 'str' does not support the buffer interface".

dfbacd4f

2016-03-07T13:46:28

win32\VC10\config.h and VS 2015 --047d7bacb4ee71848a052d7c673a Content-Type: text/plain; charset=UTF-8 The config.h file in win32\VC10 is incompatible with VS 2015 because VS 2015 provides an implementation of snprintf and prohibits using the preprocessor to define it. Therefor an ifdef check is needed around that definition in VC10\config.h. Here is a patch that is compatible with the change that we made to Chromium's copy:

0f84ee23

2016-02-09T17:55:40

Add autogen.sh to distrib For https://bugzilla.gnome.org/show_bug.cgi?id=761782 autogen.sh was not included in the tarball releases which complicates situations when users have to make changes to e.g. configure.ac andi have to re-generate configure.

b5ca2607

2016-02-09T17:23:48

Add configure maintainer mode For https://bugzilla.gnome.org/show_bug.cgi?id=761784 I wasn't able to build libxml2 because aclocal-1.13 was missing from my machine. With AM_MAINTAINER_MODE, I'm able to configure libxml2 with '--disable-maintainer-mode' which will disable checks for aclocal.

a7a94612

2016-02-09T12:55:29

Heap-based buffer overread in xmlNextChar For https://bugzilla.gnome.org/show_bug.cgi?id=759671 when the end of the internal subset isn't properly detected xmlParseInternalSubset should just return instead of trying to process input further.

6657afe8

2015-11-20T17:55:11

Release of libxml2-2.9.3 * configure.ac: updated * doc/*: regenerated

8fb4a770

2015-11-20T17:16:06

CVE-2015-8242 Buffer overead with HTML parser in push mode For https://bugzilla.gnome.org/show_bug.cgi?id=756372 Error in the code pointing to the codepoint in the stack for the current char value instead of the pointer in the input that the SAX callback expects Reported and fixed by Hugh Davenport

f1063fdb

2015-11-20T16:06:59

CVE-2015-7500 Fix memory access error due to incorrect entities boundaries For https://bugzilla.gnome.org/show_bug.cgi?id=756525 handle properly the case where we popped out of the current entity while processing a start tag Reported by Kostya Serebryany @ Google This slightly modifies the output of 754946 in regression tests

fdfeecc1

2015-11-20T15:07:38

Bug on creating new stream from entity sometimes the entity could have a lenght of 0, i.e. it wasn't parsed or used yet, and we ended up with an incoherent input state

3bd6ae14

2015-11-20T15:06:02

Fix some loop issues embedding NEXT Next can switch the parser back to XML_PARSER_EOF state, we need to consider those in loops consuming input

35bcb1d7

2015-11-20T15:04:09

Detect incoherency on GROW the current pointer to the input has to be between the base and end if not stop everything we have an internal state error.

ce0b0d0d

2015-11-20T15:01:22

Do not print error context when there is none Which now happens more frequently du to xmlHaltParser use

e3b15974

2015-11-20T14:59:30

Reuse xmlHaltParser() where it makes sense Unify the various place where either xmlStopParser was called (which resets the error as a side effect) and places where we used ctxt->instate = XML_PARSER_EOF to stop further processing

28cd9cb7

2015-11-20T14:55:30

Add xmlHaltParser() to stop the parser The problem is doing it in a consistent and safe fashion It's more complex than just setting ctxt->instate = XML_PARSER_EOF Update the public function to reuse that new internal routine

69030714

2015-11-20T11:13:45

CVE-2015-5312 Another entity expansion issue For https://bugzilla.gnome.org/show_bug.cgi?id=756733 It is one case where the code in place to detect entities expansions failed to exit when the situation was detected, leading to DoS Problem reported by Kostya Serebryany @ Google Patch provided by David Drysdale @ Google

6360a31a

2015-11-20T10:47:12

CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey For https://bugzilla.gnome.org/show_bug.cgi?id=756528 It was possible to hit a negative offset in the name indexing used to randomize the dictionary key generation Reported and fix provided by David Drysdale @ Google

53ac9c96

2015-11-09T18:16:00

xmlStopParser reset errNo I had used it in contexts where that information ought to be preserved

afd27c21

2015-11-09T18:07:18

Avoid processing entities after encoding conversion failures For https://bugzilla.gnome.org/show_bug.cgi?id=756527 and was also raised by Chromium team in the past When we hit a convwersion failure when switching encoding it is bestter to stop parsing there, this was treated as a fatal error but the parser was continuing to process to extract more errors, unfortunately that makes little sense as the data is obviously corrupt and can potentially lead to unexpected behaviour.

ab2b9a93

2015-11-03T20:40:49

Avoid extra processing of MarkupDecl when EOF For https://bugzilla.gnome.org/show_bug.cgi?id=756263 One place where ctxt->instate == XML_PARSER_EOF whic was set up by entity detection issues doesn't get noticed, and even overrided

18b89885

2015-11-03T15:46:29

Reenable xz support by default For https://bugzilla.gnome.org/show_bug.cgi?id=757466 problem was introduced by commit f3f86ff465c92c79f834d7b981f3c7274a8bb5c8 for https://bugzilla.gnome.org/show_bug.cgi?id=711026

f0709e3c

2015-11-03T15:31:25

CVE-2015-8035 Fix XZ compression support loop For https://bugzilla.gnome.org/show_bug.cgi?id=757466 DoS when parsing specially crafted XML document if XZ support is compiled in (which wasn't the case for 2.9.2 and master since Nov 2013, fixed in next commit !)

e724879d

2015-10-30T21:14:55

Fix parsing short unclosed comment uninitialized access For https://bugzilla.gnome.org/show_bug.cgi?id=746048 The HTML parser was too optimistic when processing comments and didn't check for the end of the stream on the first 2 characters

41ac9049

2015-10-27T10:53:44

Fix an error in previous Conditional section patch an off by one mistake in the change, led to error on correct document where the end of the included entity was exactly the end of the conditional section, leading to regtest failure

73c50805

2015-10-26T18:33:14

Correct spelling of "calling"

b40c1940

2015-10-23T19:35:02

Fix a small error in xmllint --format description Obviously it operates on the output not the input

bd0526e6

2015-10-23T19:02:28

Another variation of overflow in Conditional sections Which happen after the previous fix to https://bugzilla.gnome.org/show_bug.cgi?id=756456 But stopping the parser and exiting we didn't pop the intermediary entities and doing the SKIP there applies on an input which may be too small

cf77e605

2015-09-30T14:46:29

Add missing Null check in xmlParseExternalEntityPrivate For https://bugzilla.gnome.org/show_bug.cgi?id=755857 a case where we check for NULL but not everywhere

4a5d80ad

2015-09-18T15:06:46

Fix a bug in CData error handling in the push parser For https://bugzilla.gnome.org/show_bug.cgi?id=754947 The checking function was returning incorrect args in some cases Adds the test to teh reg suite and fix one of the existing test output

51f02b0a

2015-09-15T16:50:32

Fix a bug on name parsing at the end of current input buffer For https://bugzilla.gnome.org/show_bug.cgi?id=754946 When hitting the end of the current input buffer while parsing a name we could end up loosing the beginning of the name, which led to various issues.

ef709ce2

2015-09-10T19:41:41

Fix the spurious ID already defined error For https://bugzilla.gnome.org/show_bug.cgi?id=737840 the fix for 724903 introduced a regression on external entities carrying IDs, revert that patch in part and add a specific test to avoid readding it

3eaedba1

2015-07-11T14:27:34

Fix previous change to node sort order Commit ba58f23 broke comparison of nodes from different documents. Thanks to Olli Pottonen for the report.

kc3-lang/libxml2

Log