kc3-lang/libxml2

---

Log

Author	Commit	Date	CI	Message
	bd6fa2c1	2023-03-09T22:33:19		malloc-fail: Fix memory leak in xmlXPathRegisterNs Found by OSS-Fuzz.
	56cc2211	2023-03-09T22:27:58		parser: Merge xmlParserInputGrow into xmlGROW Simplifies the code and makes error handling easier.
	14604a44	2023-03-09T22:10:44		malloc-fail: Fix out-of-bounds read in xmlCurrentChar Found by OSS-Fuzz.
	42322eba	2023-03-08T13:59:03		fuzz: Inject random malloc failures Fixes #344.
	7cd26762	2023-03-08T14:03:44		fuzz: Add maxAlloc item to static seed corpus
	541b1e28	2023-03-08T13:59:00		fuzz: Support variable integer sizes in fuzz data Also switch to big-endian.
	3f69fc80	2023-03-08T13:58:49		parser: Tighten expansion limits - Lower the amount of expansion which is always allowed from 10MB to 1MB. - Lower the maximum amplification factor from 10 to 5. - Lower the "fixed cost" from 50 to 20.
	73bd5d52	2023-03-05T14:11:55		malloc-fail: Fix type confusion after xmlSchemaFixupTypeAttributeUses Found with libFuzzer, see #344.
	767ae50b	2023-03-05T14:11:24		malloc-fail: Fix null deref after xmlSchemaItemList{Add,Insert} Found with libFuzzer, see #344.
	19b197b6	2023-03-05T14:10:56		malloc-fail: Fix null deref after xmlSchemaCompareDates Found with libFuzzer, see #344.
	961a4f35	2023-03-05T14:10:41		malloc-fail: Fix memory leak in xmlSchemaParseUnion Also report malloc failure from xmlStrndup. Found with libFuzzer, see #344.
	e15838ab	2023-03-05T14:09:14		malloc-fail: Fix null deref in xmlSchemaParseWildcardNs Found with libFuzzer, see #344.
	260d6b8d	2023-03-05T14:10:26		malloc-fail: Fix another memory leak in xmlSchemaBucketCreate Found with libFuzzer, see #344.
	31844c74	2023-03-05T14:10:08		malloc-fail: Fix null deref in xmlSchemaParseUnion Found with libFuzzer, see #344.
	9afb6c5f	2023-03-05T14:09:49		malloc-fail: Fix memory leak in WXS_ADD_{LOCAL,GLOBAL} It's somewhat dangerous to add the cleanup code to a macro, but otherwise we'd have to fix all the call sites. Found with libFuzzer, see #344.
	a5787229	2023-03-05T14:09:34		malloc-fail: Fix memory leak in xmlSchemaBucketCreate Found with libFuzzer, see #344.
	ba290a86	2023-03-05T14:08:57		malloc-fail: Fix memory leak in xmlSchemaItemListAddSize Found with libFuzzer, see #344.
	0263b357	2023-03-05T14:08:35		malloc-fail: Fix null deref in xmlGet{Min,Max}Occurs Also report memory error in xmlSchemaGetNodeContent. Found with libFuzzer, see #344.
	7762e8ed	2023-03-05T14:08:15		malloc-fail: Fix null deref in xmlSchemaValAtomicType Found with libFuzzer, see #344.
	112340c6	2023-03-05T14:07:57		malloc-fail: Fix null deref in xmlSchemaInitTypes Found with libFuzzer, see #344.
	cfbc1f48	2023-03-05T14:06:51		malloc-fail: Fix memory leak in xmlSchemaParse Found with libFuzzer, see #344.
	dbc893f5	2023-03-03T13:02:11		malloc-fail: Fix memory leak in xmlCopyNamespaceList Found with libFuzzer, see #344.
	282b75f1	2023-02-28T12:14:33		malloc-fail: Fix memory leak in xmlXPathNameFunction Found with libFuzzer, see #344.
	f560065f	2023-02-28T21:16:12		fuzz: Fix duplicate detection in fuzzEntityRecorder Store a non-NULL value in the hash.
	791a1e80	2023-02-28T19:14:57		fuzz: Set filename in xmlFuzzEntityLoader
	cbd9c6c5	2023-02-28T19:14:22		fuzz: Allow xmlFuzzReadString(NULL)
	aa6b7ed1	2023-02-17T14:54:13		fuzz: Fix Makefile dependencies
	524654ed	2023-02-26T17:19:47		xpath: Fix harmless integer overflow in xmlXPathTranslateFunction
	8608b71f	2023-02-26T15:17:15		Revert "xpath: Fix popping of values in xmlXPathPopNodeset" This reverts commit 47b0e0a620d1e0e657b858986e3ebde80d4645b4.
	bc9f372c	2023-02-26T18:00:30		malloc-fail: Fix memory leak in xmlXPathDistinctSorted Found with libFuzzer, see #344.
	6f9604f0	2023-02-26T16:09:50		malloc-fail: Fix memory leak in xmlXPathCacheNewNodeSet Found with libFuzzer, see #344.
	4499143a	2023-02-26T15:43:50		malloc-fail: Check for malloc failure in xmlHashAddEntry Found with libFuzzer, see #344.
	a442d16a	2023-02-26T14:48:23		malloc-fail: Fix memory leak in xmlGetNsList Found with libFuzzer, see #344.
	44947afb	2023-02-26T14:41:35		malloc-fail: Fix null deref after xmlPointerListAddSize Found with libFuzzer, see #344.
	70b21c9f	2023-02-26T14:33:16		malloc-fail: Fix null deref in xmlXPathCompiledEvalInternal Found with libFuzzer, see #344.
	0f112d02	2023-02-24T18:00:03		malloc-fail: Fix use-after-free related to xmlXPathNodeSetFilter Found with libFuzzer, see #344.
	a3e11b38	2023-02-25T16:05:24		malloc-fail: Fix memory leak in xmlXPathEqualNodeSetFloat Found with libFuzzer, see #344.
	b51478dc	2023-02-24T16:21:17		Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" This reverts commit 6a12be77c6a94c374ab7476087edcee2ba41d9b4. There's too much code reading ctxt->value directly and making the wrong assumptions.
	f931178e	2023-02-24T12:45:01		cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is enabled
	47b0e0a6	2023-02-23T15:43:15		xpath: Fix popping of values in xmlXPathPopNodeset After 6a12be77, valuePop can fail even if ctxt->value is non-NULL. If it turns out that too much code relies on this assumption, a better fix is needed.
	359313c1	2023-02-23T14:26:32		threads: Really fix crash with weak pthread symbols Fix more regressions from 7010d877 and 71931233. Fixes #488.
	ae8a12f1	2023-02-22T14:25:29		schematron: Use logical and
	4f0a0fb7	2023-02-22T14:24:24		xinclude: Fix include guard
	1eb2ca9f	2023-02-21T15:39:44		relaxng: Remove useless if statement ctxt and define are non-NULL at this point. Fixes #482.
	0ce1f842	2023-02-21T15:38:04		schemas: Remove useless if statement bucket->origTargetNamespace is always NULL in this branch. Fixes #481.
	a509694c	2023-02-21T15:35:57		pattern: Merge identical branches Fixes #479.
	85057e51	2023-02-21T15:24:19		regexp: Add sanity check in xmlRegCalloc2 These arguments should be non-zero, but add a sanity check to avoid division by zero. Fixes #450.
	c9e4c6d4	2023-02-21T15:22:01		catalog: Fix memory leaks Fixes #377.
	7bd77873	2023-02-20T10:56:03		threads: Fix crash with weak pthread symbols Regressed in 7010d877. Should fix #488.
	5d55315e	2023-02-18T17:29:07		parser: Fix OOB read when formatting error message Don't try to print characters beyond the end of the buffer. Found by OSS-Fuzz.
	1743c4c3	2023-02-17T15:53:07		malloc-fail: Fix OOB read after xmlRegGetCounter Found with libFuzzer, see #344.
	40bc1c69	2023-02-17T15:40:32		malloc-fail: Fix memory leak in xmlFAParseCharProp Found with libFuzzer, see #344.
	e64653c0	2023-02-17T15:20:33		malloc-fail: Fix leak of xmlRegAtom Found with libFuzzer, see #344.
	ed615967	2023-02-17T15:23:42		malloc-fail: Fix memory leak in xmlRegexpCompile Found with libFuzzer, see #344.
	53d1cc98	2023-02-16T15:09:32		malloc-fail: Fix error code in htmlParseChunk Found with libFuzzer, see #344.
	15b0ed08	2023-02-16T15:09:02		malloc-fail: Fix infinite loop in htmlParseDocTypeDecl Found with libFuzzer, see #344.
	041789d9	2023-02-16T15:02:08		malloc-fail: Fix null deref in htmlnamePush Found with libFuzzer, see #344.
	0ec9c910	2023-02-16T14:57:24		malloc-fail: Fix infinite loop in htmlParseStartTag Found with libFuzzer, see #344.
	04c29551	2023-02-16T14:53:29		malloc-fail: Fix infinite loop in htmlParseContentInternal Found with libFuzzer, see #344.
	f3e62035	2023-02-16T14:49:06		malloc-fail: Fix memory leak in htmlCreatePushParserCtxt Found with libFuzzer, see #344.
	fc256953	2023-02-16T14:47:41		malloc-fail: Fix memory leak in htmlCreateMemoryParserCtxt Found with libFuzzer, see #344.
	c02df686	2023-02-16T12:10:36		malloc-fail: Fix memory leak in xmlXIncludeLoadDoc Found with libFuzzer, see #344.
	bc7740b3	2023-02-16T11:45:58		malloc-fail: Fix memory leak in xmlCopyPropList Found with libFuzzer, see #344.
	8d22e065	2023-02-15T14:41:11		malloc-fail: Fix memory leak after calling xmlXPathNodeSetMerge Destroy the first argument in xmlXPathNodeSetMerge if the function fails. This is somewhat dangerous but matches the expectations of users. Found with libFuzzer, see #344.
	d31a0e8e	2023-02-15T14:47:29		malloc-fail: Fix memory leak after calling xmlXPathWrapString Destroy the string in xmlXPathWrapString if the function fails. This is somewhat dangerous but matches the expectations of users. Found with libFuzzer, see #344.
	3dc64522	2023-02-15T14:30:40		malloc-fail: Fix memory leak in xmlXPathEqualValuesCommon Found with libFuzzer, see #344.
	643b4e90	2023-02-16T14:45:06		malloc-fail: Fix infinite loop in htmlParseStartTag Found with libFuzzer, see #344.
	ec05f04d	2023-02-16T12:40:02		malloc-fail: Fix memory leak in xmlXIncludeLoadTxt Found with libFuzzer, see #344.
	691f7eb4	2023-02-15T14:05:13		malloc-fail: Fix memory leak in xmlXPathCompareValues Found with libFuzzer, see #344.
	ac746afd	2023-02-15T13:54:55		malloc-fail: Fix memory leak in xmlXPathTryStreamCompile Found with libFuzzer, see #344.
	85bc313e	2023-02-15T13:49:28		malloc-fail: Fix memory leak after calling valuePush Destroy the object in valuePush if the function fails. This is somewhat dangerous but matches the expectations of users. Found with libFuzzer, see #344.
	f5e11749	2023-02-15T13:48:18		malloc-fail: Fix memory leak after calling xmlXPathWrapNodeSet Destroy the node set in xmlXPathWrapNodeSet if the function fails. This is somewhat dangerous but matches the expectations of users. Found with libFuzzer, see #344.
	3b59fdf0	2023-02-15T13:28:24		malloc-fail: Fix memory leak in xmlXIncludeAddNode Found with libFuzzer, see #344.
	e60c9f4c	2023-02-15T01:00:03		malloc-fail: Fix memory leak after xmlRegNewState Invoke xmlRegNewState from xmlRegStatePush to simplify error handling. Found with libFuzzer, see #344.
	cb4334b7	2023-02-14T18:10:14		malloc-fail: Fix memory leak in xmlSAX2StartElementNs Found with libFuzzer, see #344.
	9fa1b228	2023-02-14T16:43:35		malloc-fail: Fix memory leak in xmlGetDtdElementDesc2 Found with libFuzzer, see #344.
	c82701ff	2023-02-14T15:13:06		malloc-fail: Fix memory leak in xmlDocDumpFormatMemoryEnc Found with libFuzzer, see #344.
	97086fd7	2023-02-14T14:45:58		malloc-fail: Fix memory leak in xmlParserInputBufferCreateMem Found with libFuzzer, see #344.
	1c5e1fc1	2023-02-14T13:56:21		malloc-fail: Check for malloc failure in xmlFindCharEncodingHandler Don't return encoding handlers with a NULL name. Found with libFuzzer, see #344.
	d18f9c11	2023-02-14T13:50:46		malloc-fail: Fix leak of xmlCharEncodingHandler Also free handler if its name is NULL. Found with libFuzzer, see #344.
	f8852184	2023-02-14T13:03:13		malloc-fail: Fix memory leak in xmlParseEntityDecl Found with libFuzzer, see #344.
	bd33331b	2023-02-17T15:19:37		regexp: Simplify xmlRegAtomPush
	3cc900f0	2023-02-16T11:50:52		encoding: Cast toupper argument to unsigned char Fixes undefined behavior. Also cast return value explicitly to fix implicit-integer-sign-change checks.
	e20f4d7a	2023-02-13T14:38:05		xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt Also make text inclusions work with memory buffers, for example when using a custom entity loader, and fix a memory leak in case of invalid characters. Fixes #483.
	a96312db	2023-02-03T14:55:53		xinclude: Avoid timeouts when fuzzing Fix the check for maximum number of inclusions.
	be0ec005	2023-02-03T14:37:49		xinclude: Abort immediately if max depth was exceeded Avoids resource exhaustion if the maximum recursion depth was exceeded. Note that the XInclude engine offers no protection against other "billion laughs"-style amplification attacks as long as they stay below the maximum depth.
	dc2dde1a	2023-02-04T15:00:54		malloc-fail: Fix null deref in xmlXIncludeLoadTxt Found with libFuzzer, see #344.
	a3749551	2023-02-03T14:00:13		malloc-fail: Fix reallocation in xmlXIncludeNewRef Avoid null deref. Found with libFuzzer, see #344.
	d1272c2e	2023-02-13T11:16:57		fuzz: Add xinclude to .gitignore
	905386ec	2023-02-13T11:14:34		autotools: Fix make distcheck - Add private/xinclude.h to EXTRA_DIST - Add runsuite.log to CLEANFILES Fixes #485.
	15c9f435	2023-01-31T12:58:32		xpath: Only report the first error Don't overwrite the original error code. Besides, subsequent error reports are somewhat unreliable and not really useful.
	6a12be77	2023-01-31T12:46:30		malloc-fail: Avoid use-after-free after unsuccessful valuePush In xpath.c there's a lot of code like: valuePush(ctxt, xmlCacheNewX()); ... valuePop(ctxt); If xmlCacheNewX fails, no value will be pushed on the stack. If there's no error check in between, valuePop will pop an unrelated value which can lead to use-after-free errors. Instead of trying to fix all call sites, we simply stop popping values if an error was signaled. This requires to change the CHECK_TYPE macro which is often used to determine whether a value can be safely popped. Found with libFuzzer, see #344.
	7ec314ef	2023-01-30T15:59:55		malloc-fail: Add error checks in xmlXPathEqualValuesCommon Avoid null deref. Found with libFuzzer, see #344.
	08695683	2023-01-30T15:52:00		malloc-fail: Add error check in xmlXPathEqualNodeSetFloat Avoid null deref. Found with libFuzzer, see #344.
	621c222e	2023-01-30T15:48:11		malloc-fail: Fix error check in xmlXPathCompareValues Avoid null deref. Found with libFuzzer, see #344.
	75534401	2023-01-30T15:40:23		malloc-fail: Record malloc failure in xmlXPathCompLiteral Avoid OOB array access. Found with libFuzzer, see #344.
	0e4421e7	2023-01-30T15:05:58		malloc-fail: Check return value of xmlXPathNodeSetDupNs Avoid null deref if allocation fails. Found with libFuzzer, see #344.
	c7260a47	2023-01-23T10:19:59		malloc-fail: Don't call xmlErrMemory in xmlstring.c Functions like xmlStrdup are called in the error handling code (__xmlRaiseError) which can cause problems like use-after-free or infinite loops when invoked recursively. Calling xmlErrMemory without a context argument isn't helpful anyway. Found with libFuzzer, see #344.
	e6d22f92	2023-01-23T01:48:37		malloc-fail: Fix reallocation in inputPush Store xmlRealloc result in temporary variable to avoid null deref in error handler. Found with libFuzzer, see #344.
	6fd89041	2023-01-22T19:42:41		malloc-fail: Fix use-after-free in xmlParseStartTag2 Fix error handling in xmlCtxtGrowAttrs. Found with libFuzzer, see #344.