kmx git

Commit	Date	Message
899a5d9f	2017-07-25T14:59:49	Detect infinite recursion in parameter entities When expanding a parameter entity in a DTD, infinite recursion could lead to an infinite loop or memory exhaustion. Thanks to Wei Lei for the first of many reports. Fixes bug 759579.
5f440d8c	2017-06-12T14:32:34	Rework entity boundary checks Make sure to finish all entities in the internal subset. Nevertheless, readd a sanity check in xmlParseStartTag2 that was lost in my previous commit. Also add a sanity check in xmlPopInput. Popping an input unexpectedly was the source of many recent memory bugs. The check doesn't mitigate such issues but helps with diagnosis. Always base entity boundary checks on the input ID, not the input pointer. The pointer could have been reallocated to the old address. Always throw a well-formedness error if a boundary check fails. In a few places, a validity error was thrown. Fix a few error codes and improve indentation.
85c112a0	2017-06-12T18:26:11	Add test cases for bug 758518 test/HTML/758518-entity.html exposed a bug in pushParseTest() in runtest.c which assumed that an input file was at least 4 bytes long. That test case is only 3 bytes, so we now take the minimum of 4 bytes or the length of the test input. We also now use 'chunkSize' in place of the hard-coded value '1024' later in the function.
79c8a6b1	2017-06-10T17:01:27	Print error messages for truncated UTF-8 sequences Before, truncated UTF-8 sequences at the end of a file were treated as EOF. Create an error message containing the offending bytes. xmlStringCurrentChar would also print characters from the input stream, not the string it's working on.
932cc989	2017-06-03T02:01:29	Fix buffer size checks in xmlSnprintfElementContent xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). Thanks to Marcel Böhme and Thuan Pham for the report.
e2663054	2017-06-05T15:37:17	Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= The NEXTL macro used to call xmlParserHandlePEReference. When parsing "complex" names inside the DTD, this could result in entity expansion which created a new input buffer. The fix is to simply remove the call to xmlParserHandlePEReference from the NEXTL macro. This is safe because no users of the macro require expansion of parameter entities. - xmlParseNameComplex - xmlParseNCNameComplex - xmlParseNmtoken The percent sign is not allowed in names, which are grammatical tokens. - xmlParseEntityValue Parameter-entity references in entity values are expanded but this happens in a separate step in this function. - xmlParseSystemLiteral Parameter-entity references are ignored in the system literal. - xmlParseAttValueComplex - xmlParseCharDataComplex - xmlParseCommentComplex - xmlParsePI - xmlParseCDSect Parameter-entity references are ignored outside the DTD. - xmlLoadEntityContent This function is only called from xmlStringLenDecodeEntities and entities are replaced in a separate step immediately after the function call. This bug could also be triggered with an internal subset and double entity expansion. This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== When parsing Names inside an expanded parameter entity with the XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the GROW macro if the input buffer was exhausted. At the end of the parameter entity's replacement text, this function would then call xmlPopInput which invalidated the input buffer. There should be no need to invoke GROW in this situation because the buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, at least for UTF-8, in xmlCurrentChar. This also matches the code path executed when XML_PARSE_OLD10 is not set. This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size.
7482f41f	2017-06-01T22:00:19	Check for integer overflow in xmlXPathFormatNumber Check for overflow before casting double to int. Found with afl-fuzz and UBSan.
f4029cd4	2016-04-21T16:37:26	Check XPath exponents for overflow Avoid undefined behavior and wrong results with huge exponents. Found with afl-fuzz and UBSan.
a58331a6	2017-05-29T21:02:21	Check for overflow in xmlXPathIsPositionalPredicate Avoid undefined behavior when casting from double to int. Found with afl-fuzz and UBSan.
a851868a	2017-05-29T20:14:42	Parse small XPath numbers more accurately Don't count leading zeros towards the fraction size limit. This allows to parse numbers like 0.0000000000000000000000000000000000000000000000000000000001 which is the only standard-conformant way to represent such numbers, as scientific notation isn't allowed in XPath 1.0. (It is allowed in XPath 2.0 and in libxml2 as an extension, though.) Overall accuracy is still bad, see bug 783238.
4bebb030	2016-04-21T13:41:09	Rework XPath rounding functions Use the C library's floor and ceil functions. The old code was overly complicated for no apparent reason and could result in undefined behavior when handling NaNs (found with afl-fuzz and UBSan). Fix wrong comment in xmlXPathRoundFunction. The implementation was already following the spec and rounding half up.
40f58521	2017-05-26T20:16:35	Fix axis traversal from attribute and namespace nodes When traversing the "preceding" axis from an attribute node, we must first go up to the attribute's containing element. Otherwise, text children of other attributes could be returned. This made it possible to hit a code path in xmlXPathNextAncestor which contained another bug: The attribute node was initialized with the context node instead of the current node. Normally, this code path is only hit via xmlXPathNextAncestorOrSelf in which case the current and context node are the same. The combination of the two bugs could result in an infinite loop, found with libFuzzer. Traversing the "following" and the "preceding" axis from namespace nodes should be handled similarly. This wasn't supported at all previously.
9ab01a27	2016-06-28T14:22:23	Fix XPointer paths beginning with range-to The old code would invoke the broken xmlXPtrRangeToFunction. range-to isn't really a function but a special kind of location step. Remove this function and always handle range-to in the XPath code. The old xmlXPtrRangeToFunction could also be abused to trigger a use-after-free error with the potential for remote code execution. Found with afl-fuzz. Fixes CVE-2016-5131.
d8083bf7	2016-06-25T12:35:50	Fix NULL pointer deref in XPointer range-to - Check for errors after evaluating first operand. - Add sanity check for empty stack. Found with afl-fuzz.
0bcd05c5	2016-03-01T15:18:04	Heap-based buffer overread in htmlCurrentChar For https://bugzilla.gnome.org/show_bug.cgi?id=758606 * parserInternals.c: (xmlNextChar): Add an test to catch other issues on ctxt->input corruption proactively. For non-UTF-8 charsets, xmlNextChar() failed to check for the end of the input buffer and would continuing reading. Fix this by pulling out the check for the end of the input buffer into common code, and return if we reach the end of the input buffer prematurely. * result/HTML/758606.html: Added. * result/HTML/758606.html.err: Added. * result/HTML/758606.html.sax: Added. * result/HTML/758606_2.html: Added. * result/HTML/758606_2.html.err: Added. * result/HTML/758606_2.html.sax: Added. * test/HTML/758606.html: Added test case. * test/HTML/758606_2.html: Added test case.
00906759	2016-01-26T16:57:03	Heap-based buffer-underreads due to xmlParseName For https://bugzilla.gnome.org/show_bug.cgi?id=759573 * parser.c: (xmlParseElementDecl): Return early on invalid input to fix non-minimized test case (759573-2.xml). Otherwise the parser gets into a bad state in SKIP(3) at the end of the function. (xmlParseConditionalSections): Halt parsing when hitting invalid input that would otherwise caused xmlParserHandlePEReference() to recurse unexpectedly. This fixes the minimized test case (759573.xml). * result/errors/759573-2.xml: Add. * result/errors/759573-2.xml.err: Add. * result/errors/759573-2.xml.str: Add. * result/errors/759573.xml: Add. * result/errors/759573.xml.err: Add. * result/errors/759573.xml.str: Add. * test/errors/759573-2.xml: Add. * test/errors/759573.xml: Add.
38eae571	2016-03-07T14:04:08	Heap use-after-free in xmlSAX2AttributeNs For https://bugzilla.gnome.org/show_bug.cgi?id=759020 * parser.c: (xmlParseStartTag2): Attribute strings are only valid if the base does not change, so add another check where the base may change. Make sure to set 'attvalue' to NULL after freeing it. * result/errors/759020.xml: Added. * result/errors/759020.xml.err: Added. * result/errors/759020.xml.str: Added. * test/errors/759020.xml: Added test case.
45752d2c	2016-03-03T11:50:34	Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> * parser.c: (xmlParseNCNameComplex): Store start position instead of a pointer to the name since the underlying buffer may change, resulting in a stale pointer being used. * result/errors/759398.xml: Added. * result/errors/759398.xml.err: Added. * result/errors/759398.xml.str: Added. * test/errors/759398.xml: Added test case.
a820dbea	2016-03-01T11:34:04	Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> Reviewed by David Kilzer. * HTMLparser.c: (htmlParseName): Add bounds check. (htmlParseNameComplex): Ditto. * result/HTML/758605.html: Added. * result/HTML/758605.html.err: Added. * result/HTML/758605.html.sax: Added. * runtest.c: (pushParseTest): The input for the new test case was so small (4 bytes) that htmlParseChunk() was never called after htmlCreatePushParserCtxt(), thereby creating a false positive test failure. Fixed by using a do-while loop so we always call htmlParseChunk() at least once. * test/HTML/758605.html: Added.
db07dd61	2016-02-12T09:58:29	Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> * parser.c: (xmlParseEndTag2): Add bounds checks before dereferencing ctxt->input->cur past the end of the buffer, or incrementing the pointer past the end of the buffer. * result/errors/758588.xml: Add test result. * result/errors/758588.xml.err: Ditto. * result/errors/758588.xml.str: Ditto. * test/errors/758588.xml: Add regression test.
6eb0894a	2016-05-05T16:49:00	Fix memory leak with XPath namespace nodes Set hasNsNodes to 1 when adding namespace nodes via XP_TEST_HIT.
82b73039	2016-04-30T17:53:10	Fix namespace axis traversal When the namespace axis is traversed in "toBool" mode, the traversal can exit early, before visiting all nodes. In this case, the XPath context still contains a non-NULL tmpNsList. This means that - the check when to start a new traversal was wrong and - the tmpNsList could be leaked. Fixes bug #750037 and, by accident, bug #756075: https://bugzilla.gnome.org/show_bug.cgi?id=750037 https://bugzilla.gnome.org/show_bug.cgi?id=756075
839689a9	2016-04-27T18:00:12	Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression The ch1 slot of OP_VALUEs contains an invalid value. Ignore it. Fixes bug #760325: https://bugzilla.gnome.org/show_bug.cgi?id=760325
f39fd66e	2016-04-27T03:01:16	Fix namespace::node() XPath expression Make sure that xmlXPathNodeSetAddNs is called for namespace nodes when matched with a namespace::node() step. This correctly sets the parent of namespace nodes. Note that xmlXPathNodeSetAddNs must only be called if working on the namespace axis. Otherwise, the context node is not the parent of the namespace node and the standard XP_TEST_HIT macro must be invoked. This explains the errors in the C14N tests that the old TODO comment mentioned.
e2893903	2016-04-21T19:19:23	Fix parsing of NCNames in XPath The NCName parser would allow any NameChar as start character. For example, the following XPath expressions would compile: self::-abc self::0abc self::.abc
cad102b8	2016-04-15T22:41:24	Do normalize string-based datatype value in RelaxNG facet checking Original patch is from Jan Pokorný <jpokorny redhat com> https://mail.gnome.org/archives/xml/2013-November/msg00028.html Improve it according to reviews and add test files.
4f8606c1	2016-01-05T13:38:09	Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> * parser.c: (xmlCheckCdataPush): Add 'complete' argument to describe whether the buffer passed in is the whole CDATA buffer, or if there is more data to parse. If there is more data to parse, don't return a negative value for an invalid multi-byte UTF-8 character that is split between buffers. (xmlParseTryOrFinish): Pass 'complete' argument to xmlCheckCdataPush() as appropriate. * result/cdata-2-byte-UTF-8.xml: Added. * result/cdata-2-byte-UTF-8.xml.rde: Added. * result/cdata-2-byte-UTF-8.xml.rdr: Added. * result/cdata-2-byte-UTF-8.xml.sax: Added. * result/cdata-2-byte-UTF-8.xml.sax2: Added. * result/cdata-3-byte-UTF-8.xml: Added. * result/cdata-3-byte-UTF-8.xml.rde: Added. * result/cdata-3-byte-UTF-8.xml.rdr: Added. * result/cdata-3-byte-UTF-8.xml.sax: Added. * result/cdata-3-byte-UTF-8.xml.sax2: Added. * result/cdata-4-byte-UTF-8.xml: Added. * result/cdata-4-byte-UTF-8.xml.rde: Added. * result/cdata-4-byte-UTF-8.xml.rdr: Added. * result/cdata-4-byte-UTF-8.xml.sax: Added. * result/cdata-4-byte-UTF-8.xml.sax2: Added. * result/noent/cdata-2-byte-UTF-8.xml: Added. * result/noent/cdata-3-byte-UTF-8.xml: Added. * result/noent/cdata-4-byte-UTF-8.xml: Added. * test/cdata-2-byte-UTF-8.xml: Added. * test/cdata-3-byte-UTF-8.xml: Added. * test/cdata-4-byte-UTF-8.xml: Added. - Add tests and results. Only 'make Readertests XMLPushtests' fails prior to the fix.
4a5d80ad	2015-09-18T15:06:46	Fix a bug in CData error handling in the push parser For https://bugzilla.gnome.org/show_bug.cgi?id=754947 The checking function was returning incorrect args in some cases Adds the test to teh reg suite and fix one of the existing test output
51f02b0a	2015-09-15T16:50:32	Fix a bug on name parsing at the end of current input buffer For https://bugzilla.gnome.org/show_bug.cgi?id=754946 When hitting the end of the current input buffer while parsing a name we could end up loosing the beginning of the name, which led to various issues.
ef709ce2	2015-09-10T19:41:41	Fix the spurious ID already defined error For https://bugzilla.gnome.org/show_bug.cgi?id=737840 the fix for 724903 introduced a regression on external entities carrying IDs, revert that patch in part and add a specific test to avoid readding it
2fab235d	2015-03-16T08:38:36	Fix support for except in nameclasses For https://bugzilla.gnome.org/show_bug.cgi?id=565219 The code was imply missing even if simple, added a few regression tests.
02b252d7	2015-03-08T17:00:37	Regression test for bug #695699
342658a1	2015-03-08T16:46:04	Add a couple of XPath tests
f6aaabce	2015-03-08T16:05:26	Allow attributes on descendant-or-self axis If the context node is an attribute, the attribute itself is on the descendant-or-self axis. The principal node type of this axis is element, so the only node test that can return the attribute is "node()". In other words, "@attr/descendant-or-self::node()" is equivalent to "@attr". This matches the behavior of Saxon-CE.
df23f584	2014-10-23T13:52:47	Adding example from bugs 738805 to regression tests For https://bugzilla.gnome.org/show_bug.cgi?id=738805 Tortuous test case provided by pierre.labastie@neuf.fr
6473a41a	2013-10-23T14:51:33	Implement choice for name classes on attributes https://bugzilla.gnome.org/show_bug.cgi?id=710744
dcc19503	2013-05-22T22:56:45	Fix a parsing bug on non-ascii element and CR/LF usage https://bugzilla.gnome.org/show_bug.cgi?id=698550 Somehow the behaviour of the internal parser routine changed slightly when encountering CR/LF, which led to a bug when parsing document with non-ascii Names
483272f3	2013-03-27T13:37:14	Added a regression tests from bug 694228 data Provided by Mark Rowe <mrowe@apple.com>
4629ee02	2012-07-23T14:15:40	Do not fetch external parsed entities Unless explicietely asked for when validating or replacing entities with their value. Problem pointed out by Tom Lane <tgl@redhat.com> * parser.c: do not load external parsed entities unless needed * test/errors/extparsedent.xml result/errors/extparsedent.xml*: add a regression test to avoid change of the behaviour in the future
a0cd075d	2012-05-11T19:31:12	HTML parser error with <noscript> in the <head> For https://bugzilla.gnome.org/show_bug.cgi?id=615785 When the <noscript> is found, <head> is closed and a <body> element is created. The real <body id="xxx"> gets skipped over, so I can't see any of the body's attributes. Just don't close <head> when encountering a <noscript> Add a regression test too
4609e6c9	2012-05-11T15:31:05	XSD: optional element in complex type extension For https://bugzilla.gnome.org/show_bug.cgi?id=609796 Libxml2 fails to validate an instance document against a schema if an element whose type is a complex extension of some base type with an optional child element and that child element is not specified in the instance document. For example, suppose I have some complex type BaseType that is defined to have one child element in a sequence group that has minOccurs set to 0
868d92da	2012-05-10T15:34:57	Add HTML parser support for HTML5 meta charset encoding declaration For https://bugzilla.gnome.org/show_bug.cgi?id=655218 http://www.w3.org/TR/2011/WD-html5-20110525/semantics.html#the-meta-element """ The charset attribute specifies the character encoding used by the document. This is a character encoding declaration. If the attribute is present in an XML document, its value must be an ASCII case-insensitive match for the string "UTF-8" (and the document is therefore forced to use UTF-8 as its encoding). """ However, while <meta http-equiv="Content-Type" content="text/html; charset=utf8"> works, <meta charset="utf8"> does not. While libxml2 HTML parser is not tuned for HTML5, this is a simple addition Also added a testcase
aa422d92	2009-09-24T11:31:48	595792 fixing a RelaxNG bug introduced in 2.7.4 * relaxng.c: refs definitions added from inported schemas should not be processed as refs from the main schemas * test/relaxng/595792* result/relaxng/595792*: add the test to the regression suite
9332b48f	2009-09-23T18:28:43	Fix a Relaxng bug raised by libvirt test suite * xmlregexp.c: other fixes in 2.7.4 raised this internal error when comparing ranges, this affects among others detection of the determinism * test/relaxng/libvirt* result/relaxng/libvirt*: add a test case based on libvirt schemas and tests
1ba2aca3	2009-08-31T16:47:39	492317 Fix Relax-NG validation problems * relaxng.c xmlregexp.c: a subtle problem when checking for compileable content model, if using the same elements in cases of choices. Handled by adding a special flag to the regexp compilation to detect transitions with different atoms using same strings. * test/relaxng/492317* result/relaxng/492317*: add the test to the regression suite
ec18c960	2009-08-26T18:37:43	558452 fight with reg test and error report * relaxng.c: tiny fix and provide more context on some errors * result/relaxng/558452_0* test/relaxng/558452: add some regression tests for the bugs Makefile.am runtest.c: fight with the fact streaming error messages can differ due to missing node context
4013e83e	2009-08-26T17:24:31	579746 XSD validation not correct / nilable groups * xmlschemas.c: when a particle need to be processed via counted transition, if the group is nillable, the counting won't work, so keep track of nillable subset as they are built and generate the appropriate epsilon transitions as needed * test/schemas/579746* result/schemas/579746*: add related test cases based on the bug report
a6c76a26	2009-08-26T14:37:00	566012 part 2 fix regresion tests and push mode * test/utf16bebom.xml: regression test showed that this test case was broken but previous behaviour would not detect it ! * parser.c: fix 566012 for the push mode of the parser, tricky ! * test/ebcdic_566012.xml result//ebcdic_566012.xml*: add the test to the regression suite
d80d0728	2009-08-22T18:56:01	559410 - Regexp bug on (...)? constructs * xmlregexp.c: fix a regexp bug on some (...)? constructs * test/schemas/nvdcve* result/schemas/nvdcve*: add the tests to the regression suite
a721612e	2009-08-21T18:22:58	446613 small validation bug mixed content with NS * valid.c: fix a bug when valdating mixed content lists and some name use namespaces prefixes. * result/valid/notes.xml* test/valid/dtds/notes.dtd * test/valid/notes.xml: add the test case to the regression suite
be390ed0	2009-08-12T12:40:39	Test case for 570702
edc68aad	2009-08-07T20:29:33	582906 XSD validating multiple imports of the same schema * xmlschemas.c: When validating a schema that includes the same file that has no targetNamespace defined an internal erro was thrown, depending on the orig namespace that should be allowed though * test/schemas/582906-* result/schemas/582906-*: 2 tests case, one where this is allowed, and one where this is forbidden
d9960720	2009-08-07T19:01:32	Bug 582887 – problems validating complex schemas * xmlschemas.c: fixes the problem faced when importing the same schemas multiple times but from different places which is allowed * test/schemas/582887* result/schemas/582887*: adding the specific test to the regressions
83868247	2009-07-09T10:26:22	Aleksey Sanin support for c14n 1.1 * c14n.c include/libxml/c14n.h: adds support for C14N 1.1, new flags at the API level * runtest.c Makefile.am testC14N.c xmllint.c: add support in CLI tools and test binaries * result/c14n/1-1-without-comments/* test/c14n/1-1-without-comments/*: add a new batch of tests
7f4547cd	2008-10-03T07:58:23	preparing the release of 2.7.2 fix the Solaris portability issue * configure.in doc/* NEWS: preparing the release of 2.7.2 * dict.c: fix the Solaris portability issue * parser.c: additional cleanup on #554660 fix * test/ent13 result/ent13* result/noent/ent13: added the example in the regression test suite. HTMLparser.c: handle leading BOM in htmlParseElement() Daniel svn path=/trunk/; revision=3799
a57ba4ce	2008-09-25T16:06:18	fix an HTML parsing error on large data sections reported by Mike Day add * HTMLparser.c: fix an HTML parsing error on large data sections reported by Mike Day * test/HTML/utf8bug.html result/HTML/utf8bug.html.err result/HTML/utf8bug.html.sax result/HTML/utf8bug.html: add the reproducer to the test suite daniel svn path=/trunk/; revision=3797
0161e638	2008-08-28T15:36:32	completely different fix for the recursion detection based on entity * parser.c include/libxml/parser.h: completely different fix for the recursion detection based on entity density, big cleanups in the entity parsing code too * result/.sax: the parser should not ask for used defined versions of the predefined entities * testrecurse.c: automatic test for entity recursion checks * Makefile.am: added testrecurse * test/recurse/lol* test/recurse/good*: a first set of tests for the recursion Daniel svn path=/trunk/; revision=3783
bf9c1dad	2008-08-26T07:46:42	add the testchar to 'make check' Volker Grabsch pointed out a typo * Makefile.am: add the testchar to 'make check' * xmlschemas.c: Volker Grabsch pointed out a typo * xmlregexp.c: production [19] from XML Schemas regexps were a mistake removed in version REC-xmlschema-2-20041028, Volker Grabsch provided a patch to remove it * test/schemas/regexp-char-ref_0.xml test/schemas/regexp-char-ref_0.xsd test/schemas/regexp-char-ref_1.xsd result/schemas/regexp-char-ref_0_0 result/schemas/regexp-char-ref_1_0: Volker Grabsch also provided regession tests for this Daniel svn path=/trunk/; revision=3776
d7af5553	2008-08-04T15:29:44	rewrite the URI parser to update to rfc3986 (from 2396) removed the error * uri.c include/libxml/uri.h: rewrite the URI parser to update to rfc3986 (from 2396) * test/errors/webdav.xml result/errors/webdav.xml: removed the error test, 'DAV:' is a correct URI under 3986 Makefile.am: small cleanup in make check Daniel svn path=/trunk/; revision=3763
97c9ce2e	2008-03-25T16:52:41	fix various attribute normalisation problems reported by Ashwin this * parser.c: fix various attribute normalisation problems reported by Ashwin * result/c14n/without-comments/example-4 result/c14n/with-comments/example-4: this impacted the result of two c14n tests :-\ * test/att9 test/att10 test/att11 result//att9* result//att10* result//att11*: added 3 specific regression tests coming from the XML spec revision and from Ashwin Daniel svn path=/trunk/; revision=3715
8bf64aef	2008-03-24T20:45:21	fix a problem reported by Ashwin for system parameter entities referenced * parser.c: fix a problem reported by Ashwin for system parameter entities referenced from entities in external subset, add a specific loading routine. * test/valid/dtds/external.ent test/valid/dtds/external2.ent test/valid/t11.xml result/valid/t11.xml*: added the test to the regression suite Daniel svn path=/trunk/; revision=3713
d0d2f090	2008-03-07T16:50:21	fix handling of empty CDATA nodes as reported and discussed around #514181 * xmlsave.c parser.c: fix handling of empty CDATA nodes as reported and discussed around #514181 and associated patches * test/emptycdata.xml result/emptycdata.xml* result/noent/emptycdata.xml: added a specific test in the regression suite. Daniel svn path=/trunk/; revision=3701
57c9db07	2008-03-06T14:37:10	poblem with encoding detection for UTF-16 reported by Ashwin and found by * encoding.c: poblem with encoding detection for UTF-16 reported by Ashwin and found by Bill * test/valid/dtds/utf16b.ent test/valid/dtds/utf16l.ent test/valid/UTF16Entity.xml result/valid/UTF16Entity.xml*: added the example to the regression tests Daniel svn path=/trunk/; revision=3700
041b687e	2008-02-08T10:37:18	apply patch from Andrew Tosh to fix behaviour when '.' is used in a * xmlregexp.c: apply patch from Andrew Tosh to fix behaviour when '.' is used in a posCharGroup * test/schemas/poschargrp0_0.* result/schemas/poschargrp0_0_0*: added the test to the regression suite Daniel svn path=/trunk/; revision=3687
c707d0b7	2008-01-24T14:48:54	fix a memeory leak in internal subset parsing with a fix from Ashwin add * parser.c: fix a memeory leak in internal subset parsing with a fix from Ashwin * test/errors/content1.xml result/errors/content1.xml*: add test to regressions Daniel svn path=/trunk/; revision=3680
c821e03c	2007-08-28T17:33:45	another nasty regexp case fixed. added to regression suite Daniel * xmlregexp.c: another nasty regexp case fixed. * test/regexp/ranges2 result/regexp/ranges2: added to regression suite Daniel svn path=/trunk/; revision=3658
3888f472	2007-08-23T09:29:03	applied patch from Frank Gross fixing Schemas IDC import bug #455953 and * xmlschemas.c test/schemas/455953 result/schemas/bug455953*: applied patch from Frank Gross fixing Schemas IDC import bug #455953 and also add the test to the regression suite Daniel svn path=/trunk/; revision=3652
da629347	2007-08-01T07:49:06	fixed a parser bug where invalid char in comment may not be detected, * parser.c: fixed a parser bug where invalid char in comment may not be detected, reported by Ashwin Sinha * test/errors/comment1.xml result/errors/comment1.xml*: added the example to the regression suite Daniel svn path=/trunk/; revision=3647
dfac946c	2007-06-12T14:44:32	fixed the push mode when a big comment occurs before an internal subset, * parser.c: fixed the push mode when a big comment occurs before an internal subset, should close bug #438835 * test/comment6.xml result//comment6.xml*: added a special test in the regression suite Daniel svn path=/trunk/; revision=3635
b9e5acc4	2007-06-12T13:43:00	fix bug #414846 where invalid characters in attributes would sometimes not * parser.c: fix bug #414846 where invalid characters in attributes would sometimes not be detected. * test/errors/attr4.xml result/errors/attr4.xml*: added a specific test case to the regression tests Daniel svn path=/trunk/; revision=3634
a9cbf283	2007-03-21T13:16:33	fixed problem with 0x2d in Char Range (bug #420596) added regression test * xmlregexp.c: fixed problem with 0x2d in Char Range (bug #420596) * test/regexp/bug420596, result/regexp/bug420596: added regression test for this svn path=/trunk/; revision=3594
e96b47fd	2007-01-04T17:28:35	fix xmlTextReaderSetup() description tests which were apparently never * xmlreader.c: fix xmlTextReaderSetup() description * test/relaxng/empty1.rng test/relaxng/comps_0.xml test/relaxng/empty1_0.xml test/relaxng/comps.rng test/relaxng/empty0.rng test/relaxng/empty0_0.xml test/relaxng/empty1_1.xml: tests which were apparently never commited to CVS Daniel svn path=/trunk/; revision=3572
48519092	2006-10-17T15:56:35	fixing HTML entities in attributes parsing bug #362552 added to the * HTMLparser.c: fixing HTML entities in attributes parsing bug #362552 * result/HTML/entities2.html* test/HTML/entities2.html: added to the regression suite Daniel
be58a0a3	2006-10-13T16:39:14	Adding test file, Daniel
166e1a9b	2006-10-10T20:12:24	Adding extra test files, just in case ... Daniel
92b394fc	2006-05-09T19:59:54	Fixed bug #341150, reported by Michael Romer. In * xmlschemas.c: Fixed bug #341150, reported by Michael Romer. In xmlSchemaBuildContentModelForSubstGroup(), xmlAutomataNewOnceTrans2() was incorrectly used instead of xmlAutomataNewTransition2() to mimic a xs:choice for substitution-groups. * test/schemas/subst-group-1_1.xsd test/schemas/subst-group-1_0.xml result/schemas/subst-group-1_0_1 result/schemas/subst-group-1_0_1.err: Added regression test supplied by Michael Romer for bug #341150.
b63d2fab	2006-04-19T11:20:49	Fixed incorrect validation of restricted enumerations. Added related * xmlschemas.c test/schemas/restriction-enum-1* result/schemas/restriction-enum-1*: Fixed incorrect validation of restricted enumerations. Added related regression tests.
54eb0243	2006-03-21T23:17:57	applied patch from Youri Golovanov fixing bug #316338 and adding a couple * xmlregexp.c: applied patch from Youri Golovanov fixing bug #316338 and adding a couple of optimizations in the regexp compilation engine. * test/regexp/bug316338 result/regexp/bug316338: added regression tests based on the examples provided in the bug report. Daniel
79338009	2006-02-19T15:32:29	Added new regression tests for #331062, daniel
6974feb0	2006-02-05T02:43:36	fixed the comment streaming bug raised by Graham Bennett added to the * parser.c: fixed the comment streaming bug raised by Graham Bennett * test/badcomment.xml result//badcomment.xml*: added to the regression suite. Daniel
a617e24f	2006-01-09T14:38:44	reverted first patches for #319279 which led to #326295 and fixed the * parser.c: reverted first patches for #319279 which led to #326295 and fixed the problem in xmlParseChunk() instead * test/ent11 result//ent11*: added test for #326295 to the regression suite Daniel
bb2074e8	2006-01-05T14:49:40	Added regression tests for the latest XPath/pattern fixes. * test/XPath/docs/nodes test/XPath/tests/nodespat result/XPath/tests/nodespat: Added regression tests for the latest XPath/pattern fixes.
6977c6c4	2006-01-04T14:03:10	fix bug #324432 with <xml:foo/> added to the regression tests Daniel * SAX2.c: fix bug #324432 with <xml:foo/> * test/ns7 resul//ns7*: added to the regression tests Daniel
b0d74c66	2005-12-13T11:52:35	Added regression test for bug #321475 (reported by Gabor Nagy). Fixing of * test/schemas/bug321475* result/schemas/bug321475*: Added regression test for bug #321475 (reported by Gabor Nagy). Fixing of bug #323510 seemed to have fixed this bug as well.
183fa3e7	2005-12-12T15:20:28	Added regression test for bug #323510. * test/schemas/bug323510* result/schemas/bug323510*: Added regression test for bug #323510.
bf442eb2	2005-11-30T11:24:18	Added regression tests for the latest IDC and xs:decimal bugs. * test/schemas/decimal* test/schemas/bug322411*: Added regression tests for the latest IDC and xs:decimal bugs.
77e76829	2005-11-11T12:52:32	Changed xmlSchemaFormatIDCKeySequence() to use * xmlschemas.c: Changed xmlSchemaFormatIDCKeySequence() to use xmlSchemaGetCanonValueWhtspExt() in order to correctly report values for xs:anySimpleType. * test/schemas/idc-keyref-err1* result/schemas/idc-keyref-err1*: Added a test for this change.
fc6eca0d	2005-11-01T15:24:02	fix bug #319897, problem with counted atoms when the transition itself is * xmlregexp.c: fix bug #319897, problem with counted atoms when the transition itself is counted too * result/regexp/hard test/regexp/hard: augmented the regression tests with the problem exposed. Daniel
b2eabc0c	2005-10-28T03:15:18	fixed bug in exc-c14n namespace visibility + test case 319367(bug #319367)
b990008f	2005-10-25T12:36:29	script HTML parser error fix, corrects bug #319715 added test from Michael * HTMLparser.c: script HTML parser error fix, corrects bug #319715 * result/HTML/53867* test/HTML/53867.html: added test from Michael Day to the regression suite Daniel
91b23143	2005-09-12T19:44:00	And adapting another one. * test/schemas/import1_0.xsd: And adapting another one.
dbd61053	2005-09-12T14:03:26	applied second patch from David Madore to be less intrusive when handling * xmlsave.c: applied second patch from David Madore to be less intrusive when handling scripts and style elements in XHTML1 should fix #316041 * test/xhtml1 result//xhtml1\*: updated the test accordingly Daniel
96688263	2005-08-23T18:14:12	fixed bug #170489 reported by Jirka Kosek added the test to the regression * parser.c: fixed bug #170489 reported by Jirka Kosek * test/valid/objednavka.xml test/valid/dtds/objednavka.dtd result/valid/objednavka*: added the test to the regression suite. Daniel
4f917e24	2005-08-22T16:01:43	applied patch from Kuba Nowakowski fixing bug #313982 also added the test * xmlschemastypes.c: applied patch from Kuba Nowakowski fixing bug #313982 * result/schemas/bug313982* test/schemas/bug313982*: also added the test case to the regression suite. Daniel
355a0238	2005-08-22T12:58:05	added the first regression test suite set for the new expression support * Makefile.am result/expr/base test/expr/base: added the first regression test suite set for the new expression support Daniel
60faf528	2005-08-10T16:23:57	fixed bug #307377 about validation of choices in list values. added * relaxng.c: fixed bug #307377 about validation of choices in list values. * test/relaxng/307377* result/relaxng/307377* Makefile.am runtest.c: added examples to the regression tests, problem is that streaming version gives slightly more informations. Daniel
76d73f5b	2005-08-09T13:56:25	Added some more tests for element wildcards. * test/schemas/any7_2.xml test/schemas/any6_2.xsd test/schemas/any8_1.xsd test/schemas/any8_0.xml: Added some more tests for element wildcards.
800cbac3	2005-08-09T12:31:55	Fixed #312957 reported by Carol Hunter: streaming XPath states were not * xmlschemas.c: Fixed #312957 reported by Carol Hunter: streaming XPath states were not popped in every case, thus failed to resolve correctly for subsequent input. * test/schemas/bug312957* result/schemas/bug312957*: Added the test submitted by Carol Hunter.
6e65e157	2005-08-09T11:09:52	trying to nail down the remaining ##other issues completed the tests and * xmlregexp.c xmlschemas.c: trying to nail down the remaining ##other issues * result/schemas/any7* test/schemas/any7: completed the tests and added the results * result/schemas/any3_0_0.err result/schemas/any5_0_0.err result/schemas/any5_1_0.err: this slightly chnages the output from 3 existing tests Daniel
10752284	2005-08-08T13:05:13	fixed bug #310264, basically it's about reentrancy of count based * xmlregexp.c: fixed bug #310264, basically it's about reentrancy of count based transition, when going though the counter must be reset to 0 * test/schemas/bug310264* result/schemas/bug310264*: added the regression test. Daniel

899a5d9f

2017-07-25T14:59:49

Detect infinite recursion in parameter entities When expanding a parameter entity in a DTD, infinite recursion could lead to an infinite loop or memory exhaustion. Thanks to Wei Lei for the first of many reports. Fixes bug 759579.

5f440d8c

2017-06-12T14:32:34

Rework entity boundary checks Make sure to finish all entities in the internal subset. Nevertheless, readd a sanity check in xmlParseStartTag2 that was lost in my previous commit. Also add a sanity check in xmlPopInput. Popping an input unexpectedly was the source of many recent memory bugs. The check doesn't mitigate such issues but helps with diagnosis. Always base entity boundary checks on the input ID, not the input pointer. The pointer could have been reallocated to the old address. Always throw a well-formedness error if a boundary check fails. In a few places, a validity error was thrown. Fix a few error codes and improve indentation.

85c112a0

2017-06-12T18:26:11

Add test cases for bug 758518 test/HTML/758518-entity.html exposed a bug in pushParseTest() in runtest.c which assumed that an input file was at least 4 bytes long. That test case is only 3 bytes, so we now take the minimum of 4 bytes or the length of the test input. We also now use 'chunkSize' in place of the hard-coded value '1024' later in the function.

79c8a6b1

2017-06-10T17:01:27

Print error messages for truncated UTF-8 sequences Before, truncated UTF-8 sequences at the end of a file were treated as EOF. Create an error message containing the offending bytes. xmlStringCurrentChar would also print characters from the input stream, not the string it's working on.

932cc989

2017-06-03T02:01:29

Fix buffer size checks in xmlSnprintfElementContent xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). Thanks to Marcel Böhme and Thuan Pham for the report.

e2663054

2017-06-05T15:37:17

Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= The NEXTL macro used to call xmlParserHandlePEReference. When parsing "complex" names inside the DTD, this could result in entity expansion which created a new input buffer. The fix is to simply remove the call to xmlParserHandlePEReference from the NEXTL macro. This is safe because no users of the macro require expansion of parameter entities. - xmlParseNameComplex - xmlParseNCNameComplex - xmlParseNmtoken The percent sign is not allowed in names, which are grammatical tokens. - xmlParseEntityValue Parameter-entity references in entity values are expanded but this happens in a separate step in this function. - xmlParseSystemLiteral Parameter-entity references are ignored in the system literal. - xmlParseAttValueComplex - xmlParseCharDataComplex - xmlParseCommentComplex - xmlParsePI - xmlParseCDSect Parameter-entity references are ignored outside the DTD. - xmlLoadEntityContent This function is only called from xmlStringLenDecodeEntities and entities are replaced in a separate step immediately after the function call. This bug could also be triggered with an internal subset and double entity expansion. This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== When parsing Names inside an expanded parameter entity with the XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the GROW macro if the input buffer was exhausted. At the end of the parameter entity's replacement text, this function would then call xmlPopInput which invalidated the input buffer. There should be no need to invoke GROW in this situation because the buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, at least for UTF-8, in xmlCurrentChar. This also matches the code path executed when XML_PARSE_OLD10 is not set. This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size.

7482f41f

2017-06-01T22:00:19

Check for integer overflow in xmlXPathFormatNumber Check for overflow before casting double to int. Found with afl-fuzz and UBSan.

f4029cd4

2016-04-21T16:37:26

Check XPath exponents for overflow Avoid undefined behavior and wrong results with huge exponents. Found with afl-fuzz and UBSan.

a58331a6

2017-05-29T21:02:21

Check for overflow in xmlXPathIsPositionalPredicate Avoid undefined behavior when casting from double to int. Found with afl-fuzz and UBSan.

a851868a

2017-05-29T20:14:42

Parse small XPath numbers more accurately Don't count leading zeros towards the fraction size limit. This allows to parse numbers like 0.0000000000000000000000000000000000000000000000000000000001 which is the only standard-conformant way to represent such numbers, as scientific notation isn't allowed in XPath 1.0. (It is allowed in XPath 2.0 and in libxml2 as an extension, though.) Overall accuracy is still bad, see bug 783238.

4bebb030

2016-04-21T13:41:09

Rework XPath rounding functions Use the C library's floor and ceil functions. The old code was overly complicated for no apparent reason and could result in undefined behavior when handling NaNs (found with afl-fuzz and UBSan). Fix wrong comment in xmlXPathRoundFunction. The implementation was already following the spec and rounding half up.

40f58521

2017-05-26T20:16:35

Fix axis traversal from attribute and namespace nodes When traversing the "preceding" axis from an attribute node, we must first go up to the attribute's containing element. Otherwise, text children of other attributes could be returned. This made it possible to hit a code path in xmlXPathNextAncestor which contained another bug: The attribute node was initialized with the context node instead of the current node. Normally, this code path is only hit via xmlXPathNextAncestorOrSelf in which case the current and context node are the same. The combination of the two bugs could result in an infinite loop, found with libFuzzer. Traversing the "following" and the "preceding" axis from namespace nodes should be handled similarly. This wasn't supported at all previously.

9ab01a27

2016-06-28T14:22:23

Fix XPointer paths beginning with range-to The old code would invoke the broken xmlXPtrRangeToFunction. range-to isn't really a function but a special kind of location step. Remove this function and always handle range-to in the XPath code. The old xmlXPtrRangeToFunction could also be abused to trigger a use-after-free error with the potential for remote code execution. Found with afl-fuzz. Fixes CVE-2016-5131.

d8083bf7

2016-06-25T12:35:50

Fix NULL pointer deref in XPointer range-to - Check for errors after evaluating first operand. - Add sanity check for empty stack. Found with afl-fuzz.

0bcd05c5

2016-03-01T15:18:04

Heap-based buffer overread in htmlCurrentChar For https://bugzilla.gnome.org/show_bug.cgi?id=758606 * parserInternals.c: (xmlNextChar): Add an test to catch other issues on ctxt->input corruption proactively. For non-UTF-8 charsets, xmlNextChar() failed to check for the end of the input buffer and would continuing reading. Fix this by pulling out the check for the end of the input buffer into common code, and return if we reach the end of the input buffer prematurely. * result/HTML/758606.html: Added. * result/HTML/758606.html.err: Added. * result/HTML/758606.html.sax: Added. * result/HTML/758606_2.html: Added. * result/HTML/758606_2.html.err: Added. * result/HTML/758606_2.html.sax: Added. * test/HTML/758606.html: Added test case. * test/HTML/758606_2.html: Added test case.

00906759

2016-01-26T16:57:03

Heap-based buffer-underreads due to xmlParseName For https://bugzilla.gnome.org/show_bug.cgi?id=759573 * parser.c: (xmlParseElementDecl): Return early on invalid input to fix non-minimized test case (759573-2.xml). Otherwise the parser gets into a bad state in SKIP(3) at the end of the function. (xmlParseConditionalSections): Halt parsing when hitting invalid input that would otherwise caused xmlParserHandlePEReference() to recurse unexpectedly. This fixes the minimized test case (759573.xml). * result/errors/759573-2.xml: Add. * result/errors/759573-2.xml.err: Add. * result/errors/759573-2.xml.str: Add. * result/errors/759573.xml: Add. * result/errors/759573.xml.err: Add. * result/errors/759573.xml.str: Add. * test/errors/759573-2.xml: Add. * test/errors/759573.xml: Add.

38eae571

2016-03-07T14:04:08

Heap use-after-free in xmlSAX2AttributeNs For https://bugzilla.gnome.org/show_bug.cgi?id=759020 * parser.c: (xmlParseStartTag2): Attribute strings are only valid if the base does not change, so add another check where the base may change. Make sure to set 'attvalue' to NULL after freeing it. * result/errors/759020.xml: Added. * result/errors/759020.xml.err: Added. * result/errors/759020.xml.str: Added. * test/errors/759020.xml: Added test case.

45752d2c

2016-03-03T11:50:34

Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> * parser.c: (xmlParseNCNameComplex): Store start position instead of a pointer to the name since the underlying buffer may change, resulting in a stale pointer being used. * result/errors/759398.xml: Added. * result/errors/759398.xml.err: Added. * result/errors/759398.xml.str: Added. * test/errors/759398.xml: Added test case.

a820dbea

2016-03-01T11:34:04

Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> Reviewed by David Kilzer. * HTMLparser.c: (htmlParseName): Add bounds check. (htmlParseNameComplex): Ditto. * result/HTML/758605.html: Added. * result/HTML/758605.html.err: Added. * result/HTML/758605.html.sax: Added. * runtest.c: (pushParseTest): The input for the new test case was so small (4 bytes) that htmlParseChunk() was never called after htmlCreatePushParserCtxt(), thereby creating a false positive test failure. Fixed by using a do-while loop so we always call htmlParseChunk() at least once. * test/HTML/758605.html: Added.

db07dd61

2016-02-12T09:58:29

Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> * parser.c: (xmlParseEndTag2): Add bounds checks before dereferencing ctxt->input->cur past the end of the buffer, or incrementing the pointer past the end of the buffer. * result/errors/758588.xml: Add test result. * result/errors/758588.xml.err: Ditto. * result/errors/758588.xml.str: Ditto. * test/errors/758588.xml: Add regression test.

6eb0894a

2016-05-05T16:49:00

Fix memory leak with XPath namespace nodes Set hasNsNodes to 1 when adding namespace nodes via XP_TEST_HIT.

82b73039

2016-04-30T17:53:10

Fix namespace axis traversal When the namespace axis is traversed in "toBool" mode, the traversal can exit early, before visiting all nodes. In this case, the XPath context still contains a non-NULL tmpNsList. This means that - the check when to start a new traversal was wrong and - the tmpNsList could be leaked. Fixes bug #750037 and, by accident, bug #756075: https://bugzilla.gnome.org/show_bug.cgi?id=750037 https://bugzilla.gnome.org/show_bug.cgi?id=756075

839689a9

2016-04-27T18:00:12

Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression The ch1 slot of OP_VALUEs contains an invalid value. Ignore it. Fixes bug #760325: https://bugzilla.gnome.org/show_bug.cgi?id=760325

f39fd66e

2016-04-27T03:01:16

Fix namespace::node() XPath expression Make sure that xmlXPathNodeSetAddNs is called for namespace nodes when matched with a namespace::node() step. This correctly sets the parent of namespace nodes. Note that xmlXPathNodeSetAddNs must only be called if working on the namespace axis. Otherwise, the context node is not the parent of the namespace node and the standard XP_TEST_HIT macro must be invoked. This explains the errors in the C14N tests that the old TODO comment mentioned.

e2893903

2016-04-21T19:19:23

Fix parsing of NCNames in XPath The NCName parser would allow any NameChar as start character. For example, the following XPath expressions would compile: self::-abc self::0abc self::.abc

cad102b8

2016-04-15T22:41:24

Do normalize string-based datatype value in RelaxNG facet checking Original patch is from Jan Pokorný <jpokorny redhat com> https://mail.gnome.org/archives/xml/2013-November/msg00028.html Improve it according to reviews and add test files.

4f8606c1

2016-01-05T13:38:09

Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer <https://bugzilla.gnome.org/show_bug.cgi?id=760183> * parser.c: (xmlCheckCdataPush): Add 'complete' argument to describe whether the buffer passed in is the whole CDATA buffer, or if there is more data to parse. If there is more data to parse, don't return a negative value for an invalid multi-byte UTF-8 character that is split between buffers. (xmlParseTryOrFinish): Pass 'complete' argument to xmlCheckCdataPush() as appropriate. * result/cdata-2-byte-UTF-8.xml: Added. * result/cdata-2-byte-UTF-8.xml.rde: Added. * result/cdata-2-byte-UTF-8.xml.rdr: Added. * result/cdata-2-byte-UTF-8.xml.sax: Added. * result/cdata-2-byte-UTF-8.xml.sax2: Added. * result/cdata-3-byte-UTF-8.xml: Added. * result/cdata-3-byte-UTF-8.xml.rde: Added. * result/cdata-3-byte-UTF-8.xml.rdr: Added. * result/cdata-3-byte-UTF-8.xml.sax: Added. * result/cdata-3-byte-UTF-8.xml.sax2: Added. * result/cdata-4-byte-UTF-8.xml: Added. * result/cdata-4-byte-UTF-8.xml.rde: Added. * result/cdata-4-byte-UTF-8.xml.rdr: Added. * result/cdata-4-byte-UTF-8.xml.sax: Added. * result/cdata-4-byte-UTF-8.xml.sax2: Added. * result/noent/cdata-2-byte-UTF-8.xml: Added. * result/noent/cdata-3-byte-UTF-8.xml: Added. * result/noent/cdata-4-byte-UTF-8.xml: Added. * test/cdata-2-byte-UTF-8.xml: Added. * test/cdata-3-byte-UTF-8.xml: Added. * test/cdata-4-byte-UTF-8.xml: Added. - Add tests and results. Only 'make Readertests XMLPushtests' fails prior to the fix.

4a5d80ad

2015-09-18T15:06:46

Fix a bug in CData error handling in the push parser For https://bugzilla.gnome.org/show_bug.cgi?id=754947 The checking function was returning incorrect args in some cases Adds the test to teh reg suite and fix one of the existing test output

51f02b0a

2015-09-15T16:50:32

Fix a bug on name parsing at the end of current input buffer For https://bugzilla.gnome.org/show_bug.cgi?id=754946 When hitting the end of the current input buffer while parsing a name we could end up loosing the beginning of the name, which led to various issues.

ef709ce2

2015-09-10T19:41:41

Fix the spurious ID already defined error For https://bugzilla.gnome.org/show_bug.cgi?id=737840 the fix for 724903 introduced a regression on external entities carrying IDs, revert that patch in part and add a specific test to avoid readding it

2fab235d

2015-03-16T08:38:36

Fix support for except in nameclasses For https://bugzilla.gnome.org/show_bug.cgi?id=565219 The code was imply missing even if simple, added a few regression tests.

02b252d7

2015-03-08T17:00:37

Regression test for bug #695699

342658a1

2015-03-08T16:46:04

Add a couple of XPath tests

f6aaabce

2015-03-08T16:05:26

Allow attributes on descendant-or-self axis If the context node is an attribute, the attribute itself is on the descendant-or-self axis. The principal node type of this axis is element, so the only node test that can return the attribute is "node()". In other words, "@attr/descendant-or-self::node()" is equivalent to "@attr". This matches the behavior of Saxon-CE.

df23f584

2014-10-23T13:52:47

Adding example from bugs 738805 to regression tests For https://bugzilla.gnome.org/show_bug.cgi?id=738805 Tortuous test case provided by pierre.labastie@neuf.fr

6473a41a

2013-10-23T14:51:33

Implement choice for name classes on attributes https://bugzilla.gnome.org/show_bug.cgi?id=710744

dcc19503

2013-05-22T22:56:45

Fix a parsing bug on non-ascii element and CR/LF usage https://bugzilla.gnome.org/show_bug.cgi?id=698550 Somehow the behaviour of the internal parser routine changed slightly when encountering CR/LF, which led to a bug when parsing document with non-ascii Names

483272f3

2013-03-27T13:37:14

Added a regression tests from bug 694228 data Provided by Mark Rowe <mrowe@apple.com>

4629ee02

2012-07-23T14:15:40

Do not fetch external parsed entities Unless explicietely asked for when validating or replacing entities with their value. Problem pointed out by Tom Lane <tgl@redhat.com> * parser.c: do not load external parsed entities unless needed * test/errors/extparsedent.xml result/errors/extparsedent.xml*: add a regression test to avoid change of the behaviour in the future

a0cd075d

2012-05-11T19:31:12

HTML parser error with <noscript> in the <head> For https://bugzilla.gnome.org/show_bug.cgi?id=615785 When the <noscript> is found, <head> is closed and a <body> element is created. The real <body id="xxx"> gets skipped over, so I can't see any of the body's attributes. Just don't close <head> when encountering a <noscript> Add a regression test too

4609e6c9

2012-05-11T15:31:05

XSD: optional element in complex type extension For https://bugzilla.gnome.org/show_bug.cgi?id=609796 Libxml2 fails to validate an instance document against a schema if an element whose type is a complex extension of some base type with an optional child element and that child element is not specified in the instance document. For example, suppose I have some complex type BaseType that is defined to have one child element in a sequence group that has minOccurs set to 0

868d92da

2012-05-10T15:34:57

Add HTML parser support for HTML5 meta charset encoding declaration For https://bugzilla.gnome.org/show_bug.cgi?id=655218 http://www.w3.org/TR/2011/WD-html5-20110525/semantics.html#the-meta-element """ The charset attribute specifies the character encoding used by the document. This is a character encoding declaration. If the attribute is present in an XML document, its value must be an ASCII case-insensitive match for the string "UTF-8" (and the document is therefore forced to use UTF-8 as its encoding). """ However, while <meta http-equiv="Content-Type" content="text/html; charset=utf8"> works, <meta charset="utf8"> does not. While libxml2 HTML parser is not tuned for HTML5, this is a simple addition Also added a testcase

aa422d92

2009-09-24T11:31:48

595792 fixing a RelaxNG bug introduced in 2.7.4 * relaxng.c: refs definitions added from inported schemas should not be processed as refs from the main schemas * test/relaxng/595792* result/relaxng/595792*: add the test to the regression suite

9332b48f

2009-09-23T18:28:43

Fix a Relaxng bug raised by libvirt test suite * xmlregexp.c: other fixes in 2.7.4 raised this internal error when comparing ranges, this affects among others detection of the determinism * test/relaxng/libvirt* result/relaxng/libvirt*: add a test case based on libvirt schemas and tests

1ba2aca3

2009-08-31T16:47:39

492317 Fix Relax-NG validation problems * relaxng.c xmlregexp.c: a subtle problem when checking for compileable content model, if using the same elements in cases of choices. Handled by adding a special flag to the regexp compilation to detect transitions with different atoms using same strings. * test/relaxng/492317* result/relaxng/492317*: add the test to the regression suite

ec18c960

2009-08-26T18:37:43

558452 fight with reg test and error report * relaxng.c: tiny fix and provide more context on some errors * result/relaxng/558452_0* test/relaxng/558452*: add some regression tests for the bugs * Makefile.am runtest.c: fight with the fact streaming error messages can differ due to missing node context

4013e83e

2009-08-26T17:24:31

579746 XSD validation not correct / nilable groups * xmlschemas.c: when a particle need to be processed via counted transition, if the group is nillable, the counting won't work, so keep track of nillable subset as they are built and generate the appropriate epsilon transitions as needed * test/schemas/579746* result/schemas/579746*: add related test cases based on the bug report

a6c76a26

2009-08-26T14:37:00

566012 part 2 fix regresion tests and push mode * test/utf16bebom.xml: regression test showed that this test case was broken but previous behaviour would not detect it ! * parser.c: fix 566012 for the push mode of the parser, tricky ! * test/ebcdic_566012.xml result//ebcdic_566012.xml*: add the test to the regression suite

d80d0728

2009-08-22T18:56:01

559410 - Regexp bug on (...)? constructs * xmlregexp.c: fix a regexp bug on some (...)? constructs * test/schemas/nvdcve* result/schemas/nvdcve*: add the tests to the regression suite

a721612e

2009-08-21T18:22:58

446613 small validation bug mixed content with NS * valid.c: fix a bug when valdating mixed content lists and some name use namespaces prefixes. * result/valid/notes.xml* test/valid/dtds/notes.dtd * test/valid/notes.xml: add the test case to the regression suite

be390ed0

2009-08-12T12:40:39

Test case for 570702

edc68aad

2009-08-07T20:29:33

582906 XSD validating multiple imports of the same schema * xmlschemas.c: When validating a schema that includes the same file that has no targetNamespace defined an internal erro was thrown, depending on the orig namespace that should be allowed though * test/schemas/582906-* result/schemas/582906-*: 2 tests case, one where this is allowed, and one where this is forbidden

d9960720

2009-08-07T19:01:32

Bug 582887 – problems validating complex schemas * xmlschemas.c: fixes the problem faced when importing the same schemas multiple times but from different places which is allowed * test/schemas/582887* result/schemas/582887*: adding the specific test to the regressions

83868247

2009-07-09T10:26:22

Aleksey Sanin support for c14n 1.1 * c14n.c include/libxml/c14n.h: adds support for C14N 1.1, new flags at the API level * runtest.c Makefile.am testC14N.c xmllint.c: add support in CLI tools and test binaries * result/c14n/1-1-without-comments/* test/c14n/1-1-without-comments/*: add a new batch of tests

7f4547cd

2008-10-03T07:58:23

preparing the release of 2.7.2 fix the Solaris portability issue * configure.in doc/* NEWS: preparing the release of 2.7.2 * dict.c: fix the Solaris portability issue * parser.c: additional cleanup on #554660 fix * test/ent13 result/ent13* result/noent/ent13*: added the example in the regression test suite. * HTMLparser.c: handle leading BOM in htmlParseElement() Daniel svn path=/trunk/; revision=3799

a57ba4ce

2008-09-25T16:06:18

fix an HTML parsing error on large data sections reported by Mike Day add * HTMLparser.c: fix an HTML parsing error on large data sections reported by Mike Day * test/HTML/utf8bug.html result/HTML/utf8bug.html.err result/HTML/utf8bug.html.sax result/HTML/utf8bug.html: add the reproducer to the test suite daniel svn path=/trunk/; revision=3797

0161e638

2008-08-28T15:36:32

completely different fix for the recursion detection based on entity * parser.c include/libxml/parser.h: completely different fix for the recursion detection based on entity density, big cleanups in the entity parsing code too * result/*.sax*: the parser should not ask for used defined versions of the predefined entities * testrecurse.c: automatic test for entity recursion checks * Makefile.am: added testrecurse * test/recurse/lol* test/recurse/good*: a first set of tests for the recursion Daniel svn path=/trunk/; revision=3783

bf9c1dad

2008-08-26T07:46:42

add the testchar to 'make check' Volker Grabsch pointed out a typo * Makefile.am: add the testchar to 'make check' * xmlschemas.c: Volker Grabsch pointed out a typo * xmlregexp.c: production [19] from XML Schemas regexps were a mistake removed in version REC-xmlschema-2-20041028, Volker Grabsch provided a patch to remove it * test/schemas/regexp-char-ref_0.xml test/schemas/regexp-char-ref_0.xsd test/schemas/regexp-char-ref_1.xsd result/schemas/regexp-char-ref_0_0 result/schemas/regexp-char-ref_1_0: Volker Grabsch also provided regession tests for this Daniel svn path=/trunk/; revision=3776

d7af5553

2008-08-04T15:29:44

rewrite the URI parser to update to rfc3986 (from 2396) removed the error * uri.c include/libxml/uri.h: rewrite the URI parser to update to rfc3986 (from 2396) * test/errors/webdav.xml result/errors/webdav.xml*: removed the error test, 'DAV:' is a correct URI under 3986 * Makefile.am: small cleanup in make check Daniel svn path=/trunk/; revision=3763

97c9ce2e

2008-03-25T16:52:41

fix various attribute normalisation problems reported by Ashwin this * parser.c: fix various attribute normalisation problems reported by Ashwin * result/c14n/without-comments/example-4 result/c14n/with-comments/example-4: this impacted the result of two c14n tests :-\ * test/att9 test/att10 test/att11 result//att9* result//att10* result//att11*: added 3 specific regression tests coming from the XML spec revision and from Ashwin Daniel svn path=/trunk/; revision=3715

8bf64aef

2008-03-24T20:45:21

fix a problem reported by Ashwin for system parameter entities referenced * parser.c: fix a problem reported by Ashwin for system parameter entities referenced from entities in external subset, add a specific loading routine. * test/valid/dtds/external.ent test/valid/dtds/external2.ent test/valid/t11.xml result/valid/t11.xml*: added the test to the regression suite Daniel svn path=/trunk/; revision=3713

d0d2f090

2008-03-07T16:50:21

fix handling of empty CDATA nodes as reported and discussed around #514181 * xmlsave.c parser.c: fix handling of empty CDATA nodes as reported and discussed around #514181 and associated patches * test/emptycdata.xml result/emptycdata.xml* result/noent/emptycdata.xml: added a specific test in the regression suite. Daniel svn path=/trunk/; revision=3701

57c9db07

2008-03-06T14:37:10

poblem with encoding detection for UTF-16 reported by Ashwin and found by * encoding.c: poblem with encoding detection for UTF-16 reported by Ashwin and found by Bill * test/valid/dtds/utf16b.ent test/valid/dtds/utf16l.ent test/valid/UTF16Entity.xml result/valid/UTF16Entity.xml*: added the example to the regression tests Daniel svn path=/trunk/; revision=3700

041b687e

2008-02-08T10:37:18

apply patch from Andrew Tosh to fix behaviour when '.' is used in a * xmlregexp.c: apply patch from Andrew Tosh to fix behaviour when '.' is used in a posCharGroup * test/schemas/poschargrp0_0.* result/schemas/poschargrp0_0_0*: added the test to the regression suite Daniel svn path=/trunk/; revision=3687

c707d0b7

2008-01-24T14:48:54

fix a memeory leak in internal subset parsing with a fix from Ashwin add * parser.c: fix a memeory leak in internal subset parsing with a fix from Ashwin * test/errors/content1.xml result/errors/content1.xml*: add test to regressions Daniel svn path=/trunk/; revision=3680

c821e03c

2007-08-28T17:33:45

another nasty regexp case fixed. added to regression suite Daniel * xmlregexp.c: another nasty regexp case fixed. * test/regexp/ranges2 result/regexp/ranges2: added to regression suite Daniel svn path=/trunk/; revision=3658

3888f472

2007-08-23T09:29:03

applied patch from Frank Gross fixing Schemas IDC import bug #455953 and * xmlschemas.c test/schemas/*455953* result/schemas/bug455953*: applied patch from Frank Gross fixing Schemas IDC import bug #455953 and also add the test to the regression suite Daniel svn path=/trunk/; revision=3652

da629347

2007-08-01T07:49:06

fixed a parser bug where invalid char in comment may not be detected, * parser.c: fixed a parser bug where invalid char in comment may not be detected, reported by Ashwin Sinha * test/errors/comment1.xml result/errors/comment1.xml*: added the example to the regression suite Daniel svn path=/trunk/; revision=3647

dfac946c

2007-06-12T14:44:32

fixed the push mode when a big comment occurs before an internal subset, * parser.c: fixed the push mode when a big comment occurs before an internal subset, should close bug #438835 * test/comment6.xml result//comment6.xml*: added a special test in the regression suite Daniel svn path=/trunk/; revision=3635

b9e5acc4

2007-06-12T13:43:00

fix bug #414846 where invalid characters in attributes would sometimes not * parser.c: fix bug #414846 where invalid characters in attributes would sometimes not be detected. * test/errors/attr4.xml result/errors/attr4.xml*: added a specific test case to the regression tests Daniel svn path=/trunk/; revision=3634

a9cbf283

2007-03-21T13:16:33

fixed problem with 0x2d in Char Range (bug #420596) added regression test * xmlregexp.c: fixed problem with 0x2d in Char Range (bug #420596) * test/regexp/bug420596, result/regexp/bug420596: added regression test for this svn path=/trunk/; revision=3594

e96b47fd

2007-01-04T17:28:35

fix xmlTextReaderSetup() description tests which were apparently never * xmlreader.c: fix xmlTextReaderSetup() description * test/relaxng/empty1.rng test/relaxng/comps_0.xml test/relaxng/empty1_0.xml test/relaxng/comps.rng test/relaxng/empty0.rng test/relaxng/empty0_0.xml test/relaxng/empty1_1.xml: tests which were apparently never commited to CVS Daniel svn path=/trunk/; revision=3572

48519092

2006-10-17T15:56:35

fixing HTML entities in attributes parsing bug #362552 added to the * HTMLparser.c: fixing HTML entities in attributes parsing bug #362552 * result/HTML/entities2.html* test/HTML/entities2.html: added to the regression suite Daniel

be58a0a3

2006-10-13T16:39:14

Adding test file, Daniel

166e1a9b

2006-10-10T20:12:24

Adding extra test files, just in case ... Daniel

92b394fc

2006-05-09T19:59:54

Fixed bug #341150, reported by Michael Romer. In * xmlschemas.c: Fixed bug #341150, reported by Michael Romer. In xmlSchemaBuildContentModelForSubstGroup(), xmlAutomataNewOnceTrans2() was incorrectly used instead of xmlAutomataNewTransition2() to mimic a xs:choice for substitution-groups. * test/schemas/subst-group-1_1.xsd test/schemas/subst-group-1_0.xml result/schemas/subst-group-1_0_1 result/schemas/subst-group-1_0_1.err: Added regression test supplied by Michael Romer for bug #341150.

b63d2fab

2006-04-19T11:20:49

Fixed incorrect validation of restricted enumerations. Added related * xmlschemas.c test/schemas/restriction-enum-1* result/schemas/restriction-enum-1*: Fixed incorrect validation of restricted enumerations. Added related regression tests.

54eb0243

2006-03-21T23:17:57

applied patch from Youri Golovanov fixing bug #316338 and adding a couple * xmlregexp.c: applied patch from Youri Golovanov fixing bug #316338 and adding a couple of optimizations in the regexp compilation engine. * test/regexp/bug316338 result/regexp/bug316338: added regression tests based on the examples provided in the bug report. Daniel

79338009

2006-02-19T15:32:29

Added new regression tests for #331062, daniel

6974feb0

2006-02-05T02:43:36

fixed the comment streaming bug raised by Graham Bennett added to the * parser.c: fixed the comment streaming bug raised by Graham Bennett * test/badcomment.xml result//badcomment.xml*: added to the regression suite. Daniel

a617e24f

2006-01-09T14:38:44

reverted first patches for #319279 which led to #326295 and fixed the * parser.c: reverted first patches for #319279 which led to #326295 and fixed the problem in xmlParseChunk() instead * test/ent11 result//ent11*: added test for #326295 to the regression suite Daniel

bb2074e8

2006-01-05T14:49:40

Added regression tests for the latest XPath/pattern fixes. * test/XPath/docs/nodes test/XPath/tests/nodespat result/XPath/tests/nodespat: Added regression tests for the latest XPath/pattern fixes.

6977c6c4

2006-01-04T14:03:10

fix bug #324432 with <xml:foo/> added to the regression tests Daniel * SAX2.c: fix bug #324432 with <xml:foo/> * test/ns7 resul//ns7*: added to the regression tests Daniel

b0d74c66

2005-12-13T11:52:35

Added regression test for bug #321475 (reported by Gabor Nagy). Fixing of * test/schemas/bug321475* result/schemas/bug321475*: Added regression test for bug #321475 (reported by Gabor Nagy). Fixing of bug #323510 seemed to have fixed this bug as well.

183fa3e7

2005-12-12T15:20:28

Added regression test for bug #323510. * test/schemas/bug323510* result/schemas/bug323510*: Added regression test for bug #323510.

bf442eb2

2005-11-30T11:24:18

Added regression tests for the latest IDC and xs:decimal bugs. * test/schemas/decimal* test/schemas/bug322411*: Added regression tests for the latest IDC and xs:decimal bugs.

77e76829

2005-11-11T12:52:32

Changed xmlSchemaFormatIDCKeySequence() to use * xmlschemas.c: Changed xmlSchemaFormatIDCKeySequence() to use xmlSchemaGetCanonValueWhtspExt() in order to correctly report values for xs:anySimpleType. * test/schemas/idc-keyref-err1* result/schemas/idc-keyref-err1*: Added a test for this change.

fc6eca0d

2005-11-01T15:24:02

fix bug #319897, problem with counted atoms when the transition itself is * xmlregexp.c: fix bug #319897, problem with counted atoms when the transition itself is counted too * result/regexp/hard test/regexp/hard: augmented the regression tests with the problem exposed. Daniel

b2eabc0c

2005-10-28T03:15:18

fixed bug in exc-c14n namespace visibility + test case 319367(bug #319367)

b990008f

2005-10-25T12:36:29

script HTML parser error fix, corrects bug #319715 added test from Michael * HTMLparser.c: script HTML parser error fix, corrects bug #319715 * result/HTML/53867* test/HTML/53867.html: added test from Michael Day to the regression suite Daniel

91b23143

2005-09-12T19:44:00

And adapting another one. * test/schemas/import1_0.xsd: And adapting another one.

dbd61053

2005-09-12T14:03:26

applied second patch from David Madore to be less intrusive when handling * xmlsave.c: applied second patch from David Madore to be less intrusive when handling scripts and style elements in XHTML1 should fix #316041 * test/xhtml1 result//xhtml1\*: updated the test accordingly Daniel

96688263

2005-08-23T18:14:12

fixed bug #170489 reported by Jirka Kosek added the test to the regression * parser.c: fixed bug #170489 reported by Jirka Kosek * test/valid/objednavka.xml test/valid/dtds/objednavka.dtd result/valid/objednavka*: added the test to the regression suite. Daniel

4f917e24

2005-08-22T16:01:43

applied patch from Kuba Nowakowski fixing bug #313982 also added the test * xmlschemastypes.c: applied patch from Kuba Nowakowski fixing bug #313982 * result/schemas/bug313982* test/schemas/bug313982*: also added the test case to the regression suite. Daniel

355a0238

2005-08-22T12:58:05

added the first regression test suite set for the new expression support * Makefile.am result/expr/base test/expr/base: added the first regression test suite set for the new expression support Daniel

60faf528

2005-08-10T16:23:57

fixed bug #307377 about validation of choices in list values. added * relaxng.c: fixed bug #307377 about validation of choices in list values. * test/relaxng/307377* result/relaxng/307377* Makefile.am runtest.c: added examples to the regression tests, problem is that streaming version gives slightly more informations. Daniel

76d73f5b

2005-08-09T13:56:25

Added some more tests for element wildcards. * test/schemas/any7_2.xml test/schemas/any6_2.xsd test/schemas/any8_1.xsd test/schemas/any8_0.xml: Added some more tests for element wildcards.

800cbac3

2005-08-09T12:31:55

Fixed #312957 reported by Carol Hunter: streaming XPath states were not * xmlschemas.c: Fixed #312957 reported by Carol Hunter: streaming XPath states were not popped in every case, thus failed to resolve correctly for subsequent input. * test/schemas/bug312957* result/schemas/bug312957*: Added the test submitted by Carol Hunter.

6e65e157

2005-08-09T11:09:52

trying to nail down the remaining ##other issues completed the tests and * xmlregexp.c xmlschemas.c: trying to nail down the remaining ##other issues * result/schemas/any7* test/schemas/any7: completed the tests and added the results * result/schemas/any3_0_0.err result/schemas/any5_0_0.err result/schemas/any5_1_0.err: this slightly chnages the output from 3 existing tests Daniel

10752284

2005-08-08T13:05:13

fixed bug #310264, basically it's about reentrancy of count based * xmlregexp.c: fixed bug #310264, basically it's about reentrancy of count based transition, when going though the counter must be reset to 0 * test/schemas/bug310264* result/schemas/bug310264*: added the regression test. Daniel

kc3-lang/libxml2/test

test

Log