kmx git

Commit	Date	Message
80aabea1	2024-07-03T11:55:38	SAX2: Reenable 'directory' as base URI fallback Apparently, some users overwrite this member manually to set a base URI for memory streams. Fixes #753.
842a0448	2024-07-03T11:46:06	valid: Restore ID lookup Revert a change from d025cfbb and don't overwrite ID table entries, so that the first attribute will be returned if there are duplicate IDs. This requires two other changes: - Attributes in entity content are never added to the ID table. This seems reasonable. - Remove the optimization to skip ID lookup when copying and the target document has an empty ID table. This also seems more correct since the document could have ID declarations nevertheless or we could be copying xml:ids into the document for the first time. Fixes #757.
f9065261	2024-07-02T23:43:28	SAX2: Fix HTML IDs Short-lived regression. Fixes #755.
866be54e	2024-07-02T04:27:53	parser: Don't use deprecated xmlSplitQName
16e7ecd4	2024-07-01T16:01:24	xinclude: Check URI length Don't report long URIs as OOM errors.
f505dcae	2024-06-26T14:11:34	tree: Remove underscores from xmlRegisterCallbacks
8b1f79ce	2024-06-26T04:30:38	SAX2: Make xmlSAXDefaultVersion a no-op
5cf5b542	2024-06-26T04:30:10	SAX2: Deprecate xmlSAX2StartElement
860fb460	2024-06-17T20:58:27	SAX2: Fix null deref after malloc failure Short-lived regression.
faae3a91	2024-06-16T23:21:55	SAX2: Split out legacy SAX1 handling Split xmlSAX2StartElement into two functions handling legacy SAX1 and HTML.
11c3f84b	2024-06-15T23:57:39	SAX2: Always make xmlSAX2{Start,End}Element public Simplify symbol availability logic.
52384043	2024-06-11T19:10:41	parser: Pass resource type to resource loader
64ad2725	2024-06-11T03:51:43	parser: Introduce per-context resource loader
4ff2dccf	2024-05-10T02:04:52	SAX2: Warn if URI resolution failed
71a7a33e	2024-05-03T00:44:42	parser: Fix base URI of internal parameter entities Search parent inputs of internal parameter entities for base URI. Fixes a long-standing bug, which manifested in a different way after commit 955c177f. Reproduce with xmllint --noent xmlconf/eduni/errata-2e/E18.xml
af2bda4e	2024-04-05T13:09:45	SAX2: Also check URI length before resolving We don't want to exceed the size limit of 1 MB in uri.c. Such errors can't be distinguished from malloc failures.
2cc7f710	2024-03-29T11:55:20	SAX2: Fix xmlSAX2EntityDecl with empty base Short-lived regression.
730de88b	2024-03-28T15:42:02	SAX2: Optimize appending children xmlSAX2AppendChild can make several assumptions which make appending nodes more efficient. Also handle line numbers in xmlSAX2AppendChild.
05c147c3	2024-03-22T13:03:37	SAX2: Report malloc failure in xmlSAX2AttributeNs
6a49bb77	2024-03-17T17:16:55	tree: Introduce xmlSearchNsSafe After the failed experiment with a static XML namespace, introduce versions of xmlSearchNs that report malloc failures. Optimize the no-document case by only adding the XML namespace declaration if it wasn't found in an ancestor.
047ea3ec	2024-03-17T16:23:31	Revert "tree: Allocate XML namespace statically" This reverts commit 2840e33c5e4b51589a0b96e8102638eeaea6df72.
9f049afa	2024-03-11T15:57:14	tree: Refactor element creation and parsing of attribute values Replace xmlStringGetNodeList and xmlStringLenGetNodeList with xmlNodeParseContentInternal which also updates an optional parent node. Don't look up entities a second time via xmlNewReference.
2840e33c	2024-03-04T07:34:25	tree: Allocate XML namespace statically
84a71860	2024-02-26T15:14:28	xmlreader: Fix xmlTextReaderConstEncoding Regression from commit f1c1f5c6. Fixes #697.
7dc8600a	2024-02-20T12:32:17	SAX2: Report malloc failure in xmlCheckDefaultedAttributes
2e19d0ef	2024-01-26T11:39:51	SAX2: Make sure that OOM errors aren't overwritten
57c68759	2024-01-07T20:44:40	SAX2: Limit entity URI length to 2000 bytes Avoid quadratic behavior when loading entities with long URIs multiple times. This limitation could be dropped if we cached external entities.
02cc5c36	2024-01-05T04:17:14	parser: Add XML_PARSE_NO_XXE parser option
9912c369	2024-01-02T17:23:59	SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
37c6618b	2023-12-30T02:50:34	parser: Rework parsing of attribute and entity values Don't use a separate function to handle "complex" attributes. Validate UTF-8 byte sequences without decoding. This should improve performance considerably when parsing multi-byte UTF-8 sequences. Use a string buffer to avoid unnecessary allocations and copying when expanding entities. Normalize attribute values in a single pass while expanding entities. Be more lenient in recovery mode. If no entity substitution was requested, validate entities without expanding. Fixes #596. Also fixes #655.
6a9a88a1	2023-12-26T03:13:05	parser: Move progressive flag into input struct
d944a415	2023-12-26T02:10:35	parser: Fix in-parameter-entity and in-external-dtd checks Use in ctxt->input->entity instead of ctxt->inputNr to determine whether we are inside a parameter entity. Stop using ctxt->external to check whether we're in an external DTD. This is signaled by ctxt->inSubset == 2.
5f319304	2023-12-28T19:05:51	SAX2: Fix error code Today I learned that the TSCII character encoding [1] can blow up the size of text 12 times when converted to UTF-8: $ printf '\x82' \|iconv -f TSCII -t UTF-8 \|hexdump -C 00000000 e0 ae b8 e0 af 8d e0 ae b0 e0 af 80 0000000c [1] https://en.wikipedia.org/wiki/Tamil_Script_Code_for_Information_Interchange
955c177f	2023-12-23T00:58:36	parser: Stop using 'directory' struct member This was only used as a pointless fallback for URI resolution.
13043691	2023-12-20T00:33:34	parser: Rename xmlErrParser to xmlCtxtErr
54c70ed5	2023-12-18T19:31:29	parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.
e58ea29f	2023-12-10T18:10:42	SAX2: Report malloc failures Fix many places where malloc failures aren't reported. Improve error handling when parsing entity declarations. Fixes #308.
7f00273c	2023-12-01T19:21:17	parser: Fix invalid free in xmlParseBalancedChunkMemoryRecover Set the dictionary for newDoc in xmlParseBalancedChunkMemoryRecover. This is a long-standing bug which was masked by - xmlParseBalancedChunkMemoryRecover changing the document of the root node. This is a really bad idea, resulting in a mismatch between ctxt->myDoc and ctxt->node->doc. - SAX2.c preferring ctxt->node->doc over ctxt->myDoc until commit a31e1b06. Fixes #641.
a31e1b06	2023-11-04T20:21:54	SAX2: Fix quadratic behavior in xmlSAX2AttributeNs The last missing piece to make parsing of attributes O(n).
e0dd330b	2023-09-29T00:18:44	parser: Use hash tables to avoid quadratic behavior Use a hash table to lookup namespaces by prefix. The hash table stores an index into the namespace table. Auxiliary data for namespaces is stored in a separate array along the main namespace table. Use a hash table to verify attribute uniqueness. The hash table stores an index into the attribute table. Reuse hash value from the dictionary to avoid computing them twice. See #346.
da274bfa	2023-09-21T01:29:40	build: Fix build when certain modules are disabled
9b5cce7a	2023-09-21T00:44:50	include: Remove more unnecessary includes
699299ca	2023-09-20T18:54:39	globals: Stop including globals.h
a77f9ab8	2023-09-20T16:57:22	globals: Don't include SAX2.h from globals.h
4e1c13eb	2023-09-18T14:45:10	debug: Remove debugging code This is barely useful these days and only clutters the code base.
cde44997	2023-08-27T16:35:23	SAX2: Allow multiple top-level elements When parsing with HTML_PARSE_NOIMPLIED, the result document can contain multiple top-level elements. Rework xmlSAX2StartElement to simply add the element as a child of ctxt->node or ctxt->myDoc. Don't invoke xmlAddSibling for non-element parents. The context node should always be an element node. Fixes #584.
f1c1f5c6	2023-08-16T19:43:02	parser: Revert change to doc->encoding Fixes #579.
cb717d7e	2023-08-09T16:52:02	parser: Update line number after coalescing text nodes This should make the line number of text nodes deterministic. Before, it depended on the callback sequence which depends on the size of chunks fed to the parser.
ec7be506	2023-08-08T15:19:46	parser: Rework encoding detection Introduce XML_INPUT_HAS_ENCODING flag for xmlParserInput which is set when xmlSwitchEncoding is called. The parser can use the flag to reliably detect whether an encoding was already set via user override, BOM or other auto-detection. In this case, the encoding declaration won't be used to switch the encoding. Before, an inscrutable mix of ctxt->charset, ctxt->input->encoding and ctxt->input->buf->encoder was used. Introduce private helper functions to switch encodings used by both the XML and HTML parser: - xmlDetectEncoding which skips over the BOM, allowing to remove the BOM checks from other encoding functions. - xmlSetDeclaredEncoding, replacing htmlCheckEncodingDirect, which warns about encoding mismatches. If users override the encoding, store the declared instead of the actual encoding in xmlDoc. In this case, the actual encoding is known and the raw value from the doc is more useful. Also use the input flags to store the ISO-8859-1 fallback state. Restrict the fallback to cases where no encoding was specified. (The fallback is only useful in recovery mode and these days broken UTF-8 is probably more likely than ISO-8859-1, so it might eventually be removed completely.) The 'charset' member of xmlParserCtxt is now unused. The 'encoding' member of xmlParserInput is now unused. The 'standalone' member of xmlParserInput is renamed to 'flags'. A new parser state XML_PARSER_XML_DECL is added for the push parser.
d38e73f9	2023-08-08T15:19:44	parser: Always create UTF-8 in xmlParseReference It seems that this code path could only be triggered after an encoding error in recovery mode. Creating char-ref nodes is unnecessary and typically unexpected.
b8961df6	2023-05-09T03:25:24	SAX: Always validate xml:ids The behavior shouldn't depend on mostly random configuration options.
235b15a5	2023-05-08T17:58:02	SAX: Always initialize SAX1 element handlers Follow-up to commit d0c3f01e. A parser context will be initialized to SAX version 2, but this can be overridden with XML_PARSE_SAX1 later, so we must initialize the SAX1 element handlers as well. Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so we don't switch to SAX1 if the SAX2 element handlers are NULL.
250faf3c	2023-04-20T12:35:21	parser: Fix regression in xmlParserNodeInfo accounting Commit 62150ed2 broke begin_pos and begin_line when extra node info was recorded. Fixes #523.
d7d0bc65	2023-03-31T16:47:48	SAX2: Ignore namespaces in HTML documents In commit 21ca8829, we started to ignore namespaces in HTML element names but we still called xmlSplitQName, effectively stripping the namespace prefix. This would cause elements like <o:p> being parsed as <p>. Now we leave the name untouched. Fixes #508.
cb4334b7	2023-02-14T18:10:14	malloc-fail: Fix memory leak in xmlSAX2StartElementNs Found with libFuzzer, see #344.
0c5f40b7	2023-01-22T13:27:41	malloc-fail: Fix null deref in xmlSAX2AttributeInternal Found with libFuzzer, see #344.
b3b53dcc	2023-01-22T11:28:46	malloc-fail: Fix null deref in xmlSAX2Text Found with libFuzzer, see #344.
463bbeec	2022-12-19T18:39:45	entities: Rework entity amplification checks This commit implements robust detection of entity amplification attacks, better known as the "billion laughs" attack. We now limit the size of the document after substitution of entities to 10 times the size before expansion. This guarantees linear behavior by definition. There already was a similar check before, but the accounting of "sizeentities" (size of external entities) and "sizeentcopy" (size of all copies created by entity references) wasn't accurate. We also need saturation arithmetic since we're historically limited to "unsigned long" which is 32-bit on many platforms. A maximum of 10 MB of substitutions is always allowed. This should make use cases like DITA work which have caused problems in the past. The old checks based on the number of entities were removed. This is accounted for by adding a fixed cost to each entity reference. Entity amplification checks are now enabled even if XML_PARSE_HUGE is set. This option is mainly used to allow larger text nodes. Most users were unaware that it also disabled entity expansion checks. Some of the limits might be adjusted later. If this change turns out to affect legitimate use cases, we can add a separate parser option to disable the checks. Fixes #294. Fixes #345.
cecd364d	2022-11-24T16:38:47	parser: Don't call *DefaultSAXHandlerInit from xmlInitParser Change the default handler definitions to match the result after calling the initialization functions. This makes sure that no thread-local variables are accessed when calling xmlInitParser.
68a6518c	2022-11-15T18:23:33	parser: Rewrite push parser boundary checks Remove inaccurate xmlParseCheckTransition check. Remove non-incremental xmlParseGetLasts check. Add functions that check for several boundary constructs more accurately, keeping track of progress in ctxt->checkIndex. Fixes #439.
7ceaee94	2022-11-02T16:05:05	malloc-fail: Fix memory leak in xmlSAX2ExternalSubset Found with libFuzzer, see #344.
81621b1f	2022-09-02T18:38:33	Fix compiler warnings in SAX2.c
ad338ca7	2022-09-01T01:18:30	Remove explicit integer casts Remove explicit integer casts as final operation - in assignments - when passing arguments - when returning values Remove casts - to the same type - from certain range-bound values The main motivation is that these explicit casts don't change the result of operations and only render UBSan's implicit-conversion checks useless. Removing these casts allows UBSan to detect cases where truncation or sign-changes occur unexpectedly. Document some explicit casts as truncating and add a few missing ones.
aeb69fd3	2022-09-01T02:33:16	Fix overflow check in SAX2.c
0f568c0b	2022-08-26T01:22:33	Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.
0e49f882	2022-08-24T05:25:37	Mark most SAX1 functions as deprecated No compiler warnings generated yet.
4b184240	2022-08-22T14:11:15	Remove htmlDefaultSAXHandler from non-SAX1 build This matches long-standing behavior of the XML counterpart.
3e7b4f37	2022-05-20T23:28:25	Avoid calling xmlSetTreeDoc Create text nodes with xmlNewDocText or set the document directly to avoid xmlSetTreeDoc being called when the node is inserted.
40483d0c	2022-03-06T13:55:48	Deprecate module init and cleanup functions These functions shouldn't be part of the public API. Most init functions are only thread-safe when called from xmlInitParser. Global variables should only be cleaned up by calling xmlCleanupParser.
4a8c71eb	2022-03-04T03:35:57	Remove DOCBparser This code has been broken and deprecated since version 2.6.0, released in 2003. Because of a bug in commit 961b535c, DOCBparser.c was never compiled since 2012. I couldn't find a Debian package using any of its symbols, so it seems safe to remove this module.
c41bc10d	2022-02-22T19:57:12	Fix unused variable warnings with disabled features
346c3a93	2022-02-20T18:46:42	Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.
e03590c9	2022-02-08T02:42:30	Don't add IDs containing unexpanded entity references When parsing without entity substitution, IDs or IDREFs containing unexpanded entity reference like "abc&x;def" could be created. We could try to expand these entities like in validation mode, but it seems safer to honor the request not to expand entities. We silently ignore such IDs for now.
d7cb33cf	2022-01-13T17:06:14	Rework validation context flags Use a bitmask instead of magic values to - keep track whether the validation context is part of a parser context - keep track whether xmlValidateDtdFinal was called This allows to add addtional flags later. Note that this deliberately changes the name of a public struct member, assuming that this was always private data never to be used by client code.
a647e430	2022-01-25T02:59:40	Fix casting of line numbers in SAX2.c The line member is an unsigned short. Avoids integer conversion warnings with UBSan. Also use USHRT_MAX instead of hard-coded constant.
92bce68c	2021-07-14T11:37:07	Fix memory leak in xmlSAX2AttributeDecl Found by Coverity. https://bugzilla.redhat.com/show_bug.cgi?id=1938806
acb35667	2021-02-03T13:48:40	Fix quadratic runtime when parsing CDATA sections Use optimized concatenation for CDATA sections in addition to normal text. This also affects HTML script content. Found by OSS-Fuzz.
21ca8829	2020-07-25T17:57:29	Don't try to handle namespaces when building HTML documents Don't try to resolve namespace in xmlSAX2StartElement when parsing HTML documents. This useless operation could slow down the parser considerably. Found by OSS-Fuzz.
20c60886	2020-03-08T17:19:42	Fix typos Resolves #133.
eddfbc38	2020-01-22T22:03:45	Don't load external entity from xmlSAX2GetEntity Despite the comment, I can't see a reason why external entities must be loaded in the SAX handler. For external entities, the handler is typically first invoked via xmlParseReference which will later load the entity on its own if it wasn't loaded yet. The old code also lead to duplicated SAX events which makes it basically impossible to reuse xmlSAX2GetEntity for a custom SAX parser. See the change to the expected test output. Note that xmlSAX2GetEntity was loading the entity via xmlParseCtxtExternalEntity while xmlParseReference uses xmlParseExternalEntityPrivate. In the previous commit, the two functions were merged, trying to compensate for some slight differences between the two mostly identical implementations. But the more urgent reason for this change is that xmlParseReference has the facility to abort early when recursive entities are detected, avoiding what could practically amount to an infinite loop. If you want to backport this change, note that the previous three commits are required as well: f9ea1a24 Fix copying of entities in xmlParseReference 5c7e0a9a Copy some XMLReader option flags to parser context 1a3e584a Merge code paths loading external entities Found by OSS-Fuzz.
2a350ee9	2019-09-30T17:04:54	Large batch of typo fixes Closes #109.
6b49db2c	2019-01-07T17:14:21	Fix memory leak in xmlSAX2StartElement Introduced by a recent commit. Only happens if max depth is exceeded in SAX1 mode. Found by OSS-Fuzz.
1567b55b	2018-11-22T14:28:58	Set doc on element obtained from freeElems In commit 8c9daf79, a call to xmlFreeNode was added in xmlSAX2StartElementNs. If a node was obtained from the freeElems list, make sure to set the doc, otherwise xmlFreeNode wouldn't realize that the node name might be in the dictionary, causing an invalid free. Note that the issue fixed in commit 8c9daf79 requires commit 0ed6addb and this one to work properly. Found by OSS-Fuzz.
0ed6addb	2018-09-22T15:41:01	Unlink node before freeing it in xmlSAX2StartElement The node may have been added to the document already, so it must be unlinked first. Thanks to David Kilzer for spotting this.
8c9daf79	2018-09-12T13:42:27	Check return value of nodePush in xmlSAX2StartElement If the maximum depth is exceeded, nodePush halts the parser which results in freeing the input buffer since the previous commit. This invalidates the attribute pointers, so the error condition must be checked. Found by OSS-Fuzz.
d422b954	2017-10-09T13:37:42	Fix pointer/int cast warnings on 64-bit Windows On 64-bit Windows, `long` is 32 bits wide and can't hold a pointer. Switch to ptrdiff_t instead which should be the same size as a pointer on every somewhat sane platform without requiring C99 types like intptr_t. Fixes bug 788312. Thanks to J. Peter Mugaas for the report and initial patch.
83fb4119	2017-09-05T23:45:04	Fix memory leaks in SAX1 parser Found by OSS-Fuzz. I could only reproduce this with the (obsolete) SAX1 parser. One leak is caused by duplicate namespaced attribute names and can be reproduced in memory mode (testcase 4556417027538944): $ cat file <d xmlns:a="ns" a:x="v" xmlns:b="ns" b:x="v"/> $ xmllint --sax1 --memory file The other is caused by ATTLISTs with a normalized default for "xmlns" if they're processed after the entity recursion limit was hit (testcase 5580750034305024). $ cat file <!DOCTYPE d [ <!ENTITY a '<d>&a;'> <!ATTLIST d xmlns NMTOKEN 't'> ]> <d>&a; $ xmllint --sax1 --valid file Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2461
8bbe4508	2017-06-17T16:15:09	Spelling and grammar fixes Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other misspellings.
07418011	2017-04-05T10:22:40	Do not leak the new CData node if adding fails For https://bugzilla.gnome.org/show_bug.cgi?id=780918
4472c3a5	2016-05-13T15:13:17	Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.
a6ea72ad	2014-07-14T20:29:34	Fix processing in SAX2 in case of an allocation failure Related to https://bugzilla.gnome.org/show_bug.cgi?id=731360
3e0eec43	2014-06-13T14:45:20	Adding some missing NULL checks in SAX2 DOM building code and in the HTML parser
52010c63	2013-06-16T08:55:08	Compile out use of xmlValidateNCName() when not available. Fix compilation with minimum and valid.
77b5b464	2014-02-10T10:32:45	Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). Fix compilation with minimum and legacy.
a885f13a	2013-08-03T22:16:02	Fix a possible NULL dereference https://bugzilla.gnome.org/show_bug.cgi?id=705400 In case of allocation error the pointer was dereferenced before the test for a failure
ab0e3504	2013-03-27T13:21:38	Activate detection of encoding in external subset https://bugzilla.gnome.org/show_bug.cgi?id=694228 the ctxt->encoding was percolated down when parsing the external subset leading to failures
cff2546f	2013-03-11T15:57:55	Cache presence of '<' in entities content slightly modify how ent->checked is used, and use the lowest bit to keep the information
a3f1e3e5	2013-03-11T13:57:53	Avoid extra processing on entities If an entity has already been checked for correctness no need to check it on every reference
6c91aa38	2012-10-25T15:33:59	Fix a regression in 2.9.0 breaking validation while streaming https://bugzilla.gnome.org/show_bug.cgi?id=684774 with help from Kjell Ahlstedt <kjell.ahlstedt@bredband.net>
7651606f	2012-09-11T14:02:08	Various cleanups to avoid compiler warnings

80aabea1

2024-07-03T11:55:38

SAX2: Reenable 'directory' as base URI fallback Apparently, some users overwrite this member manually to set a base URI for memory streams. Fixes #753.

842a0448

2024-07-03T11:46:06

valid: Restore ID lookup Revert a change from d025cfbb and don't overwrite ID table entries, so that the first attribute will be returned if there are duplicate IDs. This requires two other changes: - Attributes in entity content are never added to the ID table. This seems reasonable. - Remove the optimization to skip ID lookup when copying and the target document has an empty ID table. This also seems more correct since the document could have ID declarations nevertheless or we could be copying xml:ids into the document for the first time. Fixes #757.

f9065261

2024-07-02T23:43:28

SAX2: Fix HTML IDs Short-lived regression. Fixes #755.

866be54e

2024-07-02T04:27:53

parser: Don't use deprecated xmlSplitQName

16e7ecd4

2024-07-01T16:01:24

xinclude: Check URI length Don't report long URIs as OOM errors.

f505dcae

2024-06-26T14:11:34

tree: Remove underscores from xmlRegisterCallbacks

8b1f79ce

2024-06-26T04:30:38

SAX2: Make xmlSAXDefaultVersion a no-op

5cf5b542

2024-06-26T04:30:10

SAX2: Deprecate xmlSAX2StartElement

860fb460

2024-06-17T20:58:27

SAX2: Fix null deref after malloc failure Short-lived regression.

faae3a91

2024-06-16T23:21:55

SAX2: Split out legacy SAX1 handling Split xmlSAX2StartElement into two functions handling legacy SAX1 and HTML.

11c3f84b

2024-06-15T23:57:39

SAX2: Always make xmlSAX2{Start,End}Element public Simplify symbol availability logic.

52384043

2024-06-11T19:10:41

parser: Pass resource type to resource loader

64ad2725

2024-06-11T03:51:43

parser: Introduce per-context resource loader

4ff2dccf

2024-05-10T02:04:52

SAX2: Warn if URI resolution failed

71a7a33e

2024-05-03T00:44:42

parser: Fix base URI of internal parameter entities Search parent inputs of internal parameter entities for base URI. Fixes a long-standing bug, which manifested in a different way after commit 955c177f. Reproduce with xmllint --noent xmlconf/eduni/errata-2e/E18.xml

af2bda4e

2024-04-05T13:09:45

SAX2: Also check URI length before resolving We don't want to exceed the size limit of 1 MB in uri.c. Such errors can't be distinguished from malloc failures.

2cc7f710

2024-03-29T11:55:20

SAX2: Fix xmlSAX2EntityDecl with empty base Short-lived regression.

730de88b

2024-03-28T15:42:02

SAX2: Optimize appending children xmlSAX2AppendChild can make several assumptions which make appending nodes more efficient. Also handle line numbers in xmlSAX2AppendChild.

05c147c3

2024-03-22T13:03:37

SAX2: Report malloc failure in xmlSAX2AttributeNs

6a49bb77

2024-03-17T17:16:55

tree: Introduce xmlSearchNsSafe After the failed experiment with a static XML namespace, introduce versions of xmlSearchNs that report malloc failures. Optimize the no-document case by only adding the XML namespace declaration if it wasn't found in an ancestor.

047ea3ec

2024-03-17T16:23:31

Revert "tree: Allocate XML namespace statically" This reverts commit 2840e33c5e4b51589a0b96e8102638eeaea6df72.

9f049afa

2024-03-11T15:57:14

tree: Refactor element creation and parsing of attribute values Replace xmlStringGetNodeList and xmlStringLenGetNodeList with xmlNodeParseContentInternal which also updates an optional parent node. Don't look up entities a second time via xmlNewReference.

2840e33c

2024-03-04T07:34:25

tree: Allocate XML namespace statically

84a71860

2024-02-26T15:14:28

xmlreader: Fix xmlTextReaderConstEncoding Regression from commit f1c1f5c6. Fixes #697.

7dc8600a

2024-02-20T12:32:17

SAX2: Report malloc failure in xmlCheckDefaultedAttributes

2e19d0ef

2024-01-26T11:39:51

SAX2: Make sure that OOM errors aren't overwritten

57c68759

2024-01-07T20:44:40

SAX2: Limit entity URI length to 2000 bytes Avoid quadratic behavior when loading entities with long URIs multiple times. This limitation could be dropped if we cached external entities.

02cc5c36

2024-01-05T04:17:14

parser: Add XML_PARSE_NO_XXE parser option

9912c369

2024-01-02T17:23:59

SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE

37c6618b

2023-12-30T02:50:34

parser: Rework parsing of attribute and entity values Don't use a separate function to handle "complex" attributes. Validate UTF-8 byte sequences without decoding. This should improve performance considerably when parsing multi-byte UTF-8 sequences. Use a string buffer to avoid unnecessary allocations and copying when expanding entities. Normalize attribute values in a single pass while expanding entities. Be more lenient in recovery mode. If no entity substitution was requested, validate entities without expanding. Fixes #596. Also fixes #655.

6a9a88a1

2023-12-26T03:13:05

parser: Move progressive flag into input struct

d944a415

2023-12-26T02:10:35

parser: Fix in-parameter-entity and in-external-dtd checks Use in ctxt->input->entity instead of ctxt->inputNr to determine whether we are inside a parameter entity. Stop using ctxt->external to check whether we're in an external DTD. This is signaled by ctxt->inSubset == 2.

5f319304

2023-12-28T19:05:51

SAX2: Fix error code Today I learned that the TSCII character encoding [1] can blow up the size of text 12 times when converted to UTF-8: $ printf '\x82' |iconv -f TSCII -t UTF-8 |hexdump -C 00000000 e0 ae b8 e0 af 8d e0 ae b0 e0 af 80 0000000c [1] https://en.wikipedia.org/wiki/Tamil_Script_Code_for_Information_Interchange

955c177f

2023-12-23T00:58:36

parser: Stop using 'directory' struct member This was only used as a pointless fallback for URI resolution.

13043691

2023-12-20T00:33:34

parser: Rename xmlErrParser to xmlCtxtErr

54c70ed5

2023-12-18T19:31:29

parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.

e58ea29f

2023-12-10T18:10:42

SAX2: Report malloc failures Fix many places where malloc failures aren't reported. Improve error handling when parsing entity declarations. Fixes #308.

7f00273c

2023-12-01T19:21:17

parser: Fix invalid free in xmlParseBalancedChunkMemoryRecover Set the dictionary for newDoc in xmlParseBalancedChunkMemoryRecover. This is a long-standing bug which was masked by - xmlParseBalancedChunkMemoryRecover changing the document of the root node. This is a really bad idea, resulting in a mismatch between ctxt->myDoc and ctxt->node->doc. - SAX2.c preferring ctxt->node->doc over ctxt->myDoc until commit a31e1b06. Fixes #641.

a31e1b06

2023-11-04T20:21:54

SAX2: Fix quadratic behavior in xmlSAX2AttributeNs The last missing piece to make parsing of attributes O(n).

e0dd330b

2023-09-29T00:18:44

parser: Use hash tables to avoid quadratic behavior Use a hash table to lookup namespaces by prefix. The hash table stores an index into the namespace table. Auxiliary data for namespaces is stored in a separate array along the main namespace table. Use a hash table to verify attribute uniqueness. The hash table stores an index into the attribute table. Reuse hash value from the dictionary to avoid computing them twice. See #346.

da274bfa

2023-09-21T01:29:40

build: Fix build when certain modules are disabled

9b5cce7a

2023-09-21T00:44:50

include: Remove more unnecessary includes

699299ca

2023-09-20T18:54:39

globals: Stop including globals.h

a77f9ab8

2023-09-20T16:57:22

globals: Don't include SAX2.h from globals.h

4e1c13eb

2023-09-18T14:45:10

debug: Remove debugging code This is barely useful these days and only clutters the code base.

cde44997

2023-08-27T16:35:23

SAX2: Allow multiple top-level elements When parsing with HTML_PARSE_NOIMPLIED, the result document can contain multiple top-level elements. Rework xmlSAX2StartElement to simply add the element as a child of ctxt->node or ctxt->myDoc. Don't invoke xmlAddSibling for non-element parents. The context node should always be an element node. Fixes #584.

f1c1f5c6

2023-08-16T19:43:02

parser: Revert change to doc->encoding Fixes #579.

cb717d7e

2023-08-09T16:52:02

parser: Update line number after coalescing text nodes This should make the line number of text nodes deterministic. Before, it depended on the callback sequence which depends on the size of chunks fed to the parser.

ec7be506

2023-08-08T15:19:46

parser: Rework encoding detection Introduce XML_INPUT_HAS_ENCODING flag for xmlParserInput which is set when xmlSwitchEncoding is called. The parser can use the flag to reliably detect whether an encoding was already set via user override, BOM or other auto-detection. In this case, the encoding declaration won't be used to switch the encoding. Before, an inscrutable mix of ctxt->charset, ctxt->input->encoding and ctxt->input->buf->encoder was used. Introduce private helper functions to switch encodings used by both the XML and HTML parser: - xmlDetectEncoding which skips over the BOM, allowing to remove the BOM checks from other encoding functions. - xmlSetDeclaredEncoding, replacing htmlCheckEncodingDirect, which warns about encoding mismatches. If users override the encoding, store the declared instead of the actual encoding in xmlDoc. In this case, the actual encoding is known and the raw value from the doc is more useful. Also use the input flags to store the ISO-8859-1 fallback state. Restrict the fallback to cases where no encoding was specified. (The fallback is only useful in recovery mode and these days broken UTF-8 is probably more likely than ISO-8859-1, so it might eventually be removed completely.) The 'charset' member of xmlParserCtxt is now unused. The 'encoding' member of xmlParserInput is now unused. The 'standalone' member of xmlParserInput is renamed to 'flags'. A new parser state XML_PARSER_XML_DECL is added for the push parser.

d38e73f9

2023-08-08T15:19:44

parser: Always create UTF-8 in xmlParseReference It seems that this code path could only be triggered after an encoding error in recovery mode. Creating char-ref nodes is unnecessary and typically unexpected.

b8961df6

2023-05-09T03:25:24

SAX: Always validate xml:ids The behavior shouldn't depend on mostly random configuration options.

235b15a5

2023-05-08T17:58:02

SAX: Always initialize SAX1 element handlers Follow-up to commit d0c3f01e. A parser context will be initialized to SAX version 2, but this can be overridden with XML_PARSE_SAX1 later, so we must initialize the SAX1 element handlers as well. Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so we don't switch to SAX1 if the SAX2 element handlers are NULL.

250faf3c

2023-04-20T12:35:21

parser: Fix regression in xmlParserNodeInfo accounting Commit 62150ed2 broke begin_pos and begin_line when extra node info was recorded. Fixes #523.

d7d0bc65

2023-03-31T16:47:48

SAX2: Ignore namespaces in HTML documents In commit 21ca8829, we started to ignore namespaces in HTML element names but we still called xmlSplitQName, effectively stripping the namespace prefix. This would cause elements like <o:p> being parsed as <p>. Now we leave the name untouched. Fixes #508.

cb4334b7

2023-02-14T18:10:14

malloc-fail: Fix memory leak in xmlSAX2StartElementNs Found with libFuzzer, see #344.

0c5f40b7

2023-01-22T13:27:41

malloc-fail: Fix null deref in xmlSAX2AttributeInternal Found with libFuzzer, see #344.

b3b53dcc

2023-01-22T11:28:46

malloc-fail: Fix null deref in xmlSAX2Text Found with libFuzzer, see #344.

463bbeec

2022-12-19T18:39:45

entities: Rework entity amplification checks This commit implements robust detection of entity amplification attacks, better known as the "billion laughs" attack. We now limit the size of the document after substitution of entities to 10 times the size before expansion. This guarantees linear behavior by definition. There already was a similar check before, but the accounting of "sizeentities" (size of external entities) and "sizeentcopy" (size of all copies created by entity references) wasn't accurate. We also need saturation arithmetic since we're historically limited to "unsigned long" which is 32-bit on many platforms. A maximum of 10 MB of substitutions is always allowed. This should make use cases like DITA work which have caused problems in the past. The old checks based on the number of entities were removed. This is accounted for by adding a fixed cost to each entity reference. Entity amplification checks are now enabled even if XML_PARSE_HUGE is set. This option is mainly used to allow larger text nodes. Most users were unaware that it also disabled entity expansion checks. Some of the limits might be adjusted later. If this change turns out to affect legitimate use cases, we can add a separate parser option to disable the checks. Fixes #294. Fixes #345.

cecd364d

2022-11-24T16:38:47

parser: Don't call *DefaultSAXHandlerInit from xmlInitParser Change the default handler definitions to match the result after calling the initialization functions. This makes sure that no thread-local variables are accessed when calling xmlInitParser.

68a6518c

2022-11-15T18:23:33

parser: Rewrite push parser boundary checks Remove inaccurate xmlParseCheckTransition check. Remove non-incremental xmlParseGetLasts check. Add functions that check for several boundary constructs more accurately, keeping track of progress in ctxt->checkIndex. Fixes #439.

7ceaee94

2022-11-02T16:05:05

malloc-fail: Fix memory leak in xmlSAX2ExternalSubset Found with libFuzzer, see #344.

81621b1f

2022-09-02T18:38:33

Fix compiler warnings in SAX2.c

ad338ca7

2022-09-01T01:18:30

Remove explicit integer casts Remove explicit integer casts as final operation - in assignments - when passing arguments - when returning values Remove casts - to the same type - from certain range-bound values The main motivation is that these explicit casts don't change the result of operations and only render UBSan's implicit-conversion checks useless. Removing these casts allows UBSan to detect cases where truncation or sign-changes occur unexpectedly. Document some explicit casts as truncating and add a few missing ones.

aeb69fd3

2022-09-01T02:33:16

Fix overflow check in SAX2.c

0f568c0b

2022-08-26T01:22:33

Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.

0e49f882

2022-08-24T05:25:37

Mark most SAX1 functions as deprecated No compiler warnings generated yet.

4b184240

2022-08-22T14:11:15

Remove htmlDefaultSAXHandler from non-SAX1 build This matches long-standing behavior of the XML counterpart.

3e7b4f37

2022-05-20T23:28:25

Avoid calling xmlSetTreeDoc Create text nodes with xmlNewDocText or set the document directly to avoid xmlSetTreeDoc being called when the node is inserted.

40483d0c

2022-03-06T13:55:48

Deprecate module init and cleanup functions These functions shouldn't be part of the public API. Most init functions are only thread-safe when called from xmlInitParser. Global variables should only be cleaned up by calling xmlCleanupParser.

4a8c71eb

2022-03-04T03:35:57

Remove DOCBparser This code has been broken and deprecated since version 2.6.0, released in 2003. Because of a bug in commit 961b535c, DOCBparser.c was never compiled since 2012. I couldn't find a Debian package using any of its symbols, so it seems safe to remove this module.

c41bc10d

2022-02-22T19:57:12

Fix unused variable warnings with disabled features

346c3a93

2022-02-20T18:46:42

Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.

e03590c9

2022-02-08T02:42:30

Don't add IDs containing unexpanded entity references When parsing without entity substitution, IDs or IDREFs containing unexpanded entity reference like "abc&x;def" could be created. We could try to expand these entities like in validation mode, but it seems safer to honor the request not to expand entities. We silently ignore such IDs for now.

d7cb33cf

2022-01-13T17:06:14

Rework validation context flags Use a bitmask instead of magic values to - keep track whether the validation context is part of a parser context - keep track whether xmlValidateDtdFinal was called This allows to add addtional flags later. Note that this deliberately changes the name of a public struct member, assuming that this was always private data never to be used by client code.

a647e430

2022-01-25T02:59:40

Fix casting of line numbers in SAX2.c The line member is an unsigned short. Avoids integer conversion warnings with UBSan. Also use USHRT_MAX instead of hard-coded constant.

92bce68c

2021-07-14T11:37:07

Fix memory leak in xmlSAX2AttributeDecl Found by Coverity. https://bugzilla.redhat.com/show_bug.cgi?id=1938806

acb35667

2021-02-03T13:48:40

Fix quadratic runtime when parsing CDATA sections Use optimized concatenation for CDATA sections in addition to normal text. This also affects HTML script content. Found by OSS-Fuzz.

21ca8829

2020-07-25T17:57:29

Don't try to handle namespaces when building HTML documents Don't try to resolve namespace in xmlSAX2StartElement when parsing HTML documents. This useless operation could slow down the parser considerably. Found by OSS-Fuzz.

20c60886

2020-03-08T17:19:42

Fix typos Resolves #133.

eddfbc38

2020-01-22T22:03:45

Don't load external entity from xmlSAX2GetEntity Despite the comment, I can't see a reason why external entities must be loaded in the SAX handler. For external entities, the handler is typically first invoked via xmlParseReference which will later load the entity on its own if it wasn't loaded yet. The old code also lead to duplicated SAX events which makes it basically impossible to reuse xmlSAX2GetEntity for a custom SAX parser. See the change to the expected test output. Note that xmlSAX2GetEntity was loading the entity via xmlParseCtxtExternalEntity while xmlParseReference uses xmlParseExternalEntityPrivate. In the previous commit, the two functions were merged, trying to compensate for some slight differences between the two mostly identical implementations. But the more urgent reason for this change is that xmlParseReference has the facility to abort early when recursive entities are detected, avoiding what could practically amount to an infinite loop. If you want to backport this change, note that the previous three commits are required as well: f9ea1a24 Fix copying of entities in xmlParseReference 5c7e0a9a Copy some XMLReader option flags to parser context 1a3e584a Merge code paths loading external entities Found by OSS-Fuzz.

2a350ee9

2019-09-30T17:04:54

Large batch of typo fixes Closes #109.

6b49db2c

2019-01-07T17:14:21

Fix memory leak in xmlSAX2StartElement Introduced by a recent commit. Only happens if max depth is exceeded in SAX1 mode. Found by OSS-Fuzz.

1567b55b

2018-11-22T14:28:58

Set doc on element obtained from freeElems In commit 8c9daf79, a call to xmlFreeNode was added in xmlSAX2StartElementNs. If a node was obtained from the freeElems list, make sure to set the doc, otherwise xmlFreeNode wouldn't realize that the node name might be in the dictionary, causing an invalid free. Note that the issue fixed in commit 8c9daf79 requires commit 0ed6addb and this one to work properly. Found by OSS-Fuzz.

0ed6addb

2018-09-22T15:41:01

Unlink node before freeing it in xmlSAX2StartElement The node may have been added to the document already, so it must be unlinked first. Thanks to David Kilzer for spotting this.

8c9daf79

2018-09-12T13:42:27

Check return value of nodePush in xmlSAX2StartElement If the maximum depth is exceeded, nodePush halts the parser which results in freeing the input buffer since the previous commit. This invalidates the attribute pointers, so the error condition must be checked. Found by OSS-Fuzz.

d422b954

2017-10-09T13:37:42

Fix pointer/int cast warnings on 64-bit Windows On 64-bit Windows, `long` is 32 bits wide and can't hold a pointer. Switch to ptrdiff_t instead which should be the same size as a pointer on every somewhat sane platform without requiring C99 types like intptr_t. Fixes bug 788312. Thanks to J. Peter Mugaas for the report and initial patch.

83fb4119

2017-09-05T23:45:04

Fix memory leaks in SAX1 parser Found by OSS-Fuzz. I could only reproduce this with the (obsolete) SAX1 parser. One leak is caused by duplicate namespaced attribute names and can be reproduced in memory mode (testcase 4556417027538944): $ cat file <d xmlns:a="ns" a:x="v" xmlns:b="ns" b:x="v"/> $ xmllint --sax1 --memory file The other is caused by ATTLISTs with a normalized default for "xmlns" if they're processed after the entity recursion limit was hit (testcase 5580750034305024). $ cat file <!DOCTYPE d [ <!ENTITY a '<d>&a;'> <!ATTLIST d xmlns NMTOKEN 't'> ]> <d>&a; $ xmllint --sax1 --valid file Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2461

8bbe4508

2017-06-17T16:15:09

Spelling and grammar fixes Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other misspellings.

07418011

2017-04-05T10:22:40

Do not leak the new CData node if adding fails For https://bugzilla.gnome.org/show_bug.cgi?id=780918

4472c3a5

2016-05-13T15:13:17

Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.

a6ea72ad

2014-07-14T20:29:34

Fix processing in SAX2 in case of an allocation failure Related to https://bugzilla.gnome.org/show_bug.cgi?id=731360

3e0eec43

2014-06-13T14:45:20

Adding some missing NULL checks in SAX2 DOM building code and in the HTML parser

52010c63

2013-06-16T08:55:08

Compile out use of xmlValidateNCName() when not available. Fix compilation with minimum and valid.

77b5b464

2014-02-10T10:32:45

Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). Fix compilation with minimum and legacy.

a885f13a

2013-08-03T22:16:02

Fix a possible NULL dereference https://bugzilla.gnome.org/show_bug.cgi?id=705400 In case of allocation error the pointer was dereferenced before the test for a failure

ab0e3504

2013-03-27T13:21:38

Activate detection of encoding in external subset https://bugzilla.gnome.org/show_bug.cgi?id=694228 the ctxt->encoding was percolated down when parsing the external subset leading to failures

cff2546f

2013-03-11T15:57:55

Cache presence of '<' in entities content slightly modify how ent->checked is used, and use the lowest bit to keep the information

a3f1e3e5

2013-03-11T13:57:53

Avoid extra processing on entities If an entity has already been checked for correctness no need to check it on every reference

6c91aa38

2012-10-25T15:33:59

Fix a regression in 2.9.0 breaking validation while streaming https://bugzilla.gnome.org/show_bug.cgi?id=684774 with help from Kjell Ahlstedt <kjell.ahlstedt@bredband.net>

7651606f

2012-09-11T14:02:08

Various cleanups to avoid compiler warnings

kc3-lang/libxml2/SAX2.c

SAX2.c

Log