kmx git

Commit	Date	Message
0ab5d7c5	2025-06-03T00:13:26	entities: Deprecate internal DTD-related functions
7bd8d1d9	2025-05-28T15:53:38	doc: Prefix autolinks with '#' Use `#func` instead of `func()` to ignore parameters and make all autolinks work.
c5b45fbc	2025-05-16T16:54:09	doc: Misc fixes
adfbeb7e	2025-05-14T04:58:21	doc: Stop using *Ptr typedefs in documentation
a40f36e7	2025-05-14T04:04:28	include: Stop using *Ptr typedefs in public headers
dad11630	2025-05-09T22:05:38	entities: Always replace invalid chars when escaping The previous refactor painstakingly recreated the different behavior of separate functions that were merged. It makes Optimize IS_CHAR check for non-ASCII chars.
63535d39	2025-05-09T20:13:43	tree: Make xmlNodeListGetStringInternal work with escape flags
777e2adf	2025-05-09T23:53:03	io: Consolidate escaping code Use generated table approach of xmlSerializeText for xmlEscapeText. Move most code to xmlIO.c.
cdaf657f	2025-05-09T23:02:32	html: Don't escape < and > when serializing attribute values Align with HTML5. This will break some test suites.
e0e0a1f0	2025-05-09T22:44:54	html: Remove special handling of &{...} when serializing See https://www.w3.org/TR/html401/appendix/notes.html#h-B.7.1 Align with HTML5.
9bbffec5	2025-05-06T17:42:46	doc: Move brief to top, params to bottom of doc comments
714decd6	2025-05-04T17:50:26	doc: Misc fixes to entities docs
cb1635a6	2025-05-02T19:05:25	doc: Use @since command
e78e05c9	2025-05-02T17:32:51	doc: Fix autolinks to functions Unfortunately, autolinks in .c files aren't converted by Doxygen for some reason.
e525564f	2025-05-01T19:20:06	doc: Remove empty lines at start of block These lines were left over after automatic conversion.
e549622b	2025-04-28T15:11:24	doc: Convert documentation to Doxygen Automated conversion based on a few regexes.
69879da8	2025-04-28T14:04:30	doc: Remove email addresses from documentation Also remove authorship information from generated files, hash.c and globals.c which were rewritten.
61890e39	2025-04-27T21:50:15	doc: Prepare for conversion to Doxygen Fix many params in internal functions (not really necessary but Doxygen warns about that in XML mode). Fix formatting in a few corner cases that automatic conversion can't handle. Rearrange some DOC_DISABLE blocks.
9c16a153	2025-02-13T18:41:33	Revert "include: Make most IS_* macros private" This reverts commit 84a6c82ff83d04963d6e1c5cd18ded68ea02d99f.
2e3a91a7	2024-12-26T21:05:18	doc: Fix documentation
84a6c82f	2024-12-19T20:59:10	include: Make most IS_* macros private Macros like IS_DIGIT or IS_LETTER severely pollute the C namespace.
3f72a579	2024-12-15T21:53:54	entities: Check reallocations for overflow
89b9f457	2024-10-25T18:02:58	entities: Allow control chars when serializing HTML
1cfc5b80	2024-07-12T03:07:57	entities: Rework serialization of numeric character references
8d160626	2024-07-12T02:01:06	entities: Rework text escaping
b0fc67aa	2024-06-15T22:53:55	build: Remove --with-tree configuration option This option would allow for a smaller, but mostly useless minimal build. But it complicates the symbol availability logic in an insane way and requires specialized tools like our custom C parser in doc/apibuild.py. See #717.
8318b5a6	2024-06-09T14:22:53	parser: Fix NULL checks for output arguments
f0d89158	2024-06-01T15:41:43	entities: Unconst predefined entities Partial revert of commit 63ce5f9a. For some reason, Chromium and WebKit set the etype member of predefined entities. This should be fixed first.
e75e878e	2024-05-20T13:58:22	doc: Update and fix documentation
63ce5f9a	2024-04-28T17:32:35	Make some globals const
ee0c1f87	2024-02-29T14:51:49	fuzz: New tree API fuzzer
edbf1eb6	2024-03-05T18:07:13	entities: Don't allow null name in xmlNewEntity
50816b8d	2024-03-05T18:06:38	entities: Check for illegal entity types in xmlAddEntity
ab345338	2024-03-05T19:58:17	valid: Report malloc failure in legacy DTD serialization
fbe10a46	2024-02-01T19:01:57	save: Move DTD serialization code to xmlsave.c
c2b3294f	2024-01-04T21:20:51	fuzz: Abort on invalid UTF-8 The parser should never generate invalid UTF-8 these days even in recovery mode.
d025cfbb	2023-12-27T03:53:24	parser: Always copy content from entity to target. Make sure that references from IDs are updated. Note that if there are IDs with the same value in a document, the last one will now be returned. IDs should be unique, but maybe this should be addressed.
a1f7ecae	2023-12-10T15:25:42	entities: Report malloc failures Fix places where malloc failures aren't reported. Introduce new API function xmlAddEntity that returns separate error codes. Don't invoke global error handler for low-level errors which should be handled by higher layers. Invalid redelcaration warnings will be fixed later.
713ded60	2023-10-06T10:43:38	entities: Make xmlFreeEntity public
699299ca	2023-09-20T18:54:39	globals: Stop including globals.h
9d80a2b1	2023-08-16T19:45:34	entities: Don't change doc when encoding entities doc->encoding shouldn't be touched by xmlEncodeEntitiesInternal.
ce76ebfd	2022-12-19T20:56:23	entities: Stop counting entities This was only used in the old version of xmlParserEntityCheck.
463bbeec	2022-12-19T18:39:45	entities: Rework entity amplification checks This commit implements robust detection of entity amplification attacks, better known as the "billion laughs" attack. We now limit the size of the document after substitution of entities to 10 times the size before expansion. This guarantees linear behavior by definition. There already was a similar check before, but the accounting of "sizeentities" (size of external entities) and "sizeentcopy" (size of all copies created by entity references) wasn't accurate. We also need saturation arithmetic since we're historically limited to "unsigned long" which is 32-bit on many platforms. A maximum of 10 MB of substitutions is always allowed. This should make use cases like DITA work which have caused problems in the past. The old checks based on the number of entities were removed. This is accounted for by adding a fixed cost to each entity reference. Entity amplification checks are now enabled even if XML_PARSE_HUGE is set. This option is mainly used to allow larger text nodes. Most users were unaware that it also disabled entity expansion checks. Some of the limits might be adjusted later. If this change turns out to affect legitimate use cases, we can add a separate parser option to disable the checks. Fixes #294. Fixes #345.
f34f184f	2022-12-19T15:24:53	entities: Add "flags" member to struct xmlEntity This will hold various flags and eventually replace the "checked" member.
2059df53	2022-11-14T22:27:58	buf: Deprecate static/immutable buffers
644a89e0	2022-08-31T22:11:25	[CVE-2022-40304] Fix dict corruption caused by entity reference cycles When an entity reference cycle is detected, the entity content is cleared by setting its first byte to zero. But the entity content might be allocated from a dict. In this case, the dict entry becomes corrupted leading to all kinds of logic errors, including memory errors like double-frees. Stop storing entity content, orig, ExternalID and SystemID in a dict. These values are unlikely to occur multiple times in a document, so they shouldn't have been stored in a dict in the first place. Thanks to Ned Williamson and Nathan Wachholz working with Google Project Zero for the report!
2cac6269	2022-09-01T03:14:13	Don't use sizeof(xmlChar) or sizeof(char)
0f568c0b	2022-08-26T01:22:33	Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.
776d15d3	2022-03-02T00:29:17	Don't check for standard C89 headers Don't check for - ctype.h - errno.h - float.h - limits.h - math.h - signal.h - stdarg.h - stdlib.h - string.h - time.h Stop including non-standard headers - malloc.h - strings.h
f5509772	2022-02-20T22:06:16	Fix documentation in entities.c
346c3a93	2022-02-20T18:46:42	Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.
ce0871e1	2022-02-20T16:44:41	Only warn on invalid redeclarations of predefined entities Downgrade the error message to a warning since the error was ignored, anyway. Also print the name of redeclared entity. For a proper fix that also shows filename and line number of the invalid redeclaration, we'd have to - pass the parser context to the entity functions somehow, or - make these functions return distinct error codes. Partial fix for #308.
bf227135	2020-08-16T17:19:35	Validate UTF8 in xmlEncodeEntities Code is currently assuming UTF-8 without validating. Truncated UTF-8 input can cause out-of-bounds array access. Adds further checks to partial fix in 50f06b3e. Fixes #178
cbe1212d	2021-02-09T17:07:21	Fix null deref introduced with previous commit Found by OSS-Fuzz.
01411e7c	2021-02-08T20:58:32	Check for invalid redeclarations of predefined entities Implement section "4.6 Predefined Entities" of the XML 1.0 spec and check whether redeclarations of predefined entities match the original definitions. Note that some test cases declared <!ENTITY lt "<"> But the XML spec clearly states that this is illegal: > If the entities lt or amp are declared, they MUST be declared as > internal entities whose replacement text is a character reference to > the respective character (less-than sign or ampersand) being escaped; > the double escaping is REQUIRED for these entities so that references > to them produce a well-formed result. Also fixes #217 but the connection is only tangential. The integer overflow discovered by fuzzing was more related to the fact that various parts of the parser disagreed on whether to prefer predefined entities over their redeclarations. The whole situation is a mess and even depends on legacy parser options. But now that redeclarations are validated, it shouldn't make a difference. As noted in the added comment, this is also one of the cases where overly defensive checks can hide interesting logic bugs from fuzzers.
20c60886	2020-03-08T17:19:42	Fix typos Resolves #133.
2a350ee9	2019-09-30T17:04:54	Large batch of typo fixes Closes #109.
e03f0a19	2017-11-09T16:42:47	Fix hash callback signatures Make sure that all parameters and return values of hash callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Fixes bug 784861.
454e397e	2017-08-28T14:30:43	Porting libxml2 on zOS encoding of code First set of patches for zOS - entities.c parser.c tree.c xmlschemas.c xmlschemastypes.c xpath.c xpointer.c: ask conversion of code to ISO Latin 1 to avoid having the compiler assume EBCDIC codepoint for characters. - xmlmodule.c: make sure we have support for modules - xmlIO.c: zOS path names are special avoid dsome of the expectstions from Unix/Windows
4472c3a5	2016-05-13T15:13:17	Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.
95ebe53b	2014-10-13T16:06:21	Fix and add const qualifiers For https://bugzilla.gnome.org/show_bug.cgi?id=689483 It seems there are functions that do use the const qualifier for some of the arguments, but it seems that there are a lot of functions that don't use it and probably should. So I created a patch against 2.9.0 that makes as much as possible const in tree.h, and changed other files as needed. There were a lot of cases like "const xmlNodePtr node". This doesn't actually do anything, there the pointer is constant not the object it points to. So I changed those to "const xmlNode *node". I also removed some consts, mostly in the Copy functions, because those functions can actually modify the doc or node they copy from
0ab8ce53	2013-03-28T08:47:42	Switched comment in file to UTF-8 encoding
7651606f	2012-09-11T14:02:08	Various cleanups to avoid compiler warnings
f8e3db04	2012-09-11T13:26:36	Big space and tab cleanup Remove all space before tabs and space and tabs at end of lines.
7d4c529a	2012-09-05T11:45:32	Improve HTML escaping of attribute on output Handle special cases of &{...} constructs as hinted in the spec http://www.w3.org/TR/html401/appendix/notes.html#h-B.7.1 and special values as comment <!-- ... --> used for server side includes This is limited to attribute values in HTML content.
baaf03f8	2012-07-20T15:41:34	Fix an error in previous commit
4f9fdc70	2012-07-18T11:38:17	Fix entities local buffers size problems
13cee4e3	2009-09-05T14:52:55	Fix a bunch of scan 'dead increments' and cleanup * HTMLparser.c c14n.c debugXML.c entities.c nanohttp.c parser.c testC14N.c uri.c xmlcatalog.c xmllint.c xmlregexp.c xpath.c: fix unused variables, or unneeded increments as well as a couple of space issues * runtest.c: check for NULL before calling unlink()
aa6de47e	2008-08-25T14:53:31	applied patch from Aswin to fix tree skipping fixed a comment and added a * xmlreader.c: applied patch from Aswin to fix tree skipping * include/libxml/entities.h entities.c: fixed a comment and added a new xmlNewEntity() entry point * runtest.c: be less verbose * tree.c: space and tabs cleanups daniel svn path=/trunk/; revision=3774
f4f4e485	2008-08-25T08:57:48	rework the patch to avoid some ABI issue with people allocating entities * include/libxml/entities.h entities.c SAX2.c parser.c: rework the patch to avoid some ABI issue with people allocating entities structure directly Daniel svn path=/trunk/; revision=3773
4bf899bf	2008-08-20T17:04:30	fix for CVE-2008-3281 Daniel * include/libxml/parser.h include/libxml/entities.h entities.c parserInternals.c parser.c: fix for CVE-2008-3281 Daniel svn path=/trunk/; revision=3772
a37a6ad9	2006-10-10T20:05:45	trying to fix entities behaviour when using SAX, had to extend entities * include/libxml/entities.h entities.c SAX2.c parser.c: trying to fix entities behaviour when using SAX, had to extend entities content and hack on the entities processing code, but that should fix the long standing bug #159219 Daniel
2728f845	2006-03-09T16:49:24	more cleanups based on coverity reports. Daniel * SAX2.c catalog.c encoding.c entities.c example/gjobread.c python/libxml.c: more cleanups based on coverity reports. Daniel
5d4644ef	2005-04-01T13:11:58	revamped the elfgcchack.h format to cope with gcc4 change of aliasing * doc/apibuild.py doc/elfgcchack.xsl: revamped the elfgcchack.h format to cope with gcc4 change of aliasing allowed scopes, had to add extra informations to doc/libxml2-api.xml to separate the header from the c module source. * .c: updated all c library files to add a #define bottom_xxx and reimport elfgcchack.h thereafter, and a bit of cleanups. doc//* testapi.c: regenerated when rebuilding the API Daniel
316a5c39	2005-01-23T22:56:39	added xmlHashCreateDict where the hash reuses the dictionnary for internal * hash.c include/libxml/hash.h: added xmlHashCreateDict where the hash reuses the dictionnary for internal strings * entities.c valid.c parser.c: reuse that new API, leads to a decent speedup when parsing for example DocBook documents. Daniel
7da92709	2005-01-23T20:15:53	small speedup in skipping blanks characters interning the entities strings * parser.c: small speedup in skipping blanks characters * entities.c: interning the entities strings Daniel
ce682bc2	2004-11-05T17:22:25	autogenerate a minimal NULL value sequence for unknown pointer types This * gentest.py testapi.c: autogenerate a minimal NULL value sequence for unknown pointer types * HTMLparser.c SAX2.c chvalid.c encoding.c entities.c parser.c parserInternals.c relaxng.c valid.c xmlIO.c xmlreader.c xmlsave.c xmlschemas.c xmlschemastypes.c xmlstring.c xpath.c xpointer.c: This uncovered an impressive amount of entry points not checking for NULL pointers when they ought to, closing all the open gaps. Daniel
8e725fb4	2004-11-05T14:16:50	fixed a compilation problem on a recent change Daniel * entities.c: fixed a compilation problem on a recent change Daniel
ce244ad5	2004-11-05T10:03:46	fixed the way the generator works, extended the testing, especially with * gentest.py testapi.c: fixed the way the generator works, extended the testing, especially with more real trees and nodes. * HTMLtree.c tree.c valid.c xinclude.c xmlIO.c xmlsave.c: a bunch of real problems found and fixed. * entities.c: fix error reporting to go through the new handlers Daniel
62040be3	2004-05-17T03:17:26	avoid returning default namespace when searching from an attribute reverse * tree.c: avoid returning default namespace when searching from an attribute * entities.c xmlwriter.c: reverse xmlEncodeSpecialChars() behaviour back to escaping " since the normal serialization routines do not use it anymore, should close bug #134477 . Tried to make the writer avoid it too but it didn't work. Daniel
18ab8721	2003-12-09T22:51:37	fixed an XML entites content serialization potentially triggered by * entities.c: fixed an XML entites content serialization potentially triggered by XInclude, see #126817 Daniel
d4532558	2003-11-25T18:29:55	fixed #127877, never output " in element content this changes the * entities.c: fixed #127877, never output " in element content * result/isolat3 result/slashdot16.xml result/noent/isolat3 result/noent/slashdot16.xml result/valid/REC-xml-19980210.xml result/valid/index.xml result/valid/xlink.xml: this changes the output of a few tests Daniel
9e66059f	2003-10-20T14:56:06	fixed problem reported on the mailing list by Melvyn Sopacua - wrong * entities.c, valid.c: fixed problem reported on the mailing list by Melvyn Sopacua - wrong argument order on functions called through xmlHashScan.
76e95df0	2003-10-18T16:20:14	Changed all (?) occurences where validation macros (IS_xxx) had * include/libxml/parserInternals.h HTMLparser.c HTMLtree.c SAX2.c catalog.c debugXML.c entities.c parser.c relaxng.c testSAX.c tree.c valid.c xmlschemas.c xmlschemastypes.c xpath.c: Changed all (?) occurences where validation macros (IS_xxx) had single-byte arguments to use IS_xxx_CH instead (e.g. IS_BLANK changed to IS_BLANK_CH). This gets rid of many warning messages on certain platforms, and also high- lights places in the library which may need to be enhanced for proper UTF8 handling.
b2517d85	2003-10-01T19:13:56	Fix error on output of high codepoint charref like 􏿿 , reported * entities.c: Fix error on output of high codepoint charref like 􏿿 , reported by Eric Hanchrow Daniel
d3a2e4c2	2003-09-30T13:38:04	made the predefined entities static predefined structures to avoid the * entities.c legacy.c parser.c: made the predefined entities static predefined structures to avoid the work, memory and hazards associated to initialization/cleanup. Daniel
652327a7	2003-09-29T18:02:38	Adding a configure option to remove tree manipulation code which is not * configure.in entities.c tree.c valid.c xmllint.c include/libxml/tree.h include/libxml/xmlversion.h.in: Adding a configure option to remove tree manipulation code which is not strictly needed by the parser. Daniel
a9cce9cd	2003-09-29T13:20:24	Okay this is scary but it is just adding a configure option to disable * HTMLtree.c SAX2.c c14n.c catalog.c configure.in debugXML.c encoding.c entities.c nanoftp.c nanohttp.c parser.c relaxng.c testAutomata.c testC14N.c testHTML.c testRegexp.c testRelax.c testSchemas.c testXPath.c threads.c tree.c valid.c xmlIO.c xmlcatalog.c xmllint.c xmlmemory.c xmlreader.c xmlschemas.c example/gjobread.c include/libxml/HTMLtree.h include/libxml/c14n.h include/libxml/catalog.h include/libxml/debugXML.h include/libxml/entities.h include/libxml/nanohttp.h include/libxml/relaxng.h include/libxml/tree.h include/libxml/valid.h include/libxml/xmlIO.h include/libxml/xmlschemas.h include/libxml/xmlversion.h.in include/libxml/xpathInternals.h python/libxml.c: Okay this is scary but it is just adding a configure option to disable output, this touches most of the files. Daniel
4432df23	2003-09-28T18:58:27	cleanup, creating a new legacy.c module, made sure make tests ran in * Makefile.am: cleanup, creating a new legacy.c module, made sure make tests ran in reduced conditions * SAX.c SAX2.c configure.in entities.c globals.c parser.c parserInternals.c tree.c valid.c xlink.c xmlIO.c xmlcatalog.c xmlmemory.c xpath.c xmlmemory.c include/libxml/xmlversion.h.in: increased the modularization, allow to configure out validation code and legacy code, added a configuration option --with-minimum compiling only the mandatory code which then shrink to 200KB. Daniel
9ee35f36	2003-09-28T00:19:54	fix a bug raised by the Mips compiler. move the SAXv1 block definitions to * parser.c: fix a bug raised by the Mips compiler. * include/libxml/SAX.h include/libxml/parser.h: move the SAXv1 block definitions to parser.h fixes bug #123380 * xmlreader.c include/libxml/xmlreader.h: reinstanciate the attribute and element pool borken 2 commits ago. Start playing with an entry point to preserve a subtree. * entities.c: remove a warning. Daniel
899e64aa	2003-09-26T18:03:42	minor change to avoid compilation warnings on some (e.g. AIX) systems * HTMLparser.c, entities.c, xmlreader.c: minor change to avoid compilation warnings on some (e.g. AIX) systems
34ba3879	2003-07-15T13:34:05	removed some warnings by casting xmlChar to unsigned int and a couple of * DOCBparser.c HTMLparser.c entities.c parser.c relaxng.c xmlschemas.c xpath.c: removed some warnings by casting xmlChar to unsigned int and a couple of others. * xmlschemastypes.c: fixes a segfault on empty hexBinary strings Daniel
8265a18a	2003-06-13T10:05:56	do not generate " for " outside of attributes this changes the output * entities.c: do not generate " for " outside of attributes * result//*: this changes the output of some tests Daniel
19ab45b5	2003-02-26T15:49:03	fixes again one of the problem raised by James Clark in #106788 Daniel * entities.c: fixes again one of the problem raised by James Clark in #106788 Daniel
0046c0fe	2003-02-23T13:52:30	another fix for nodeinfo in entities problem fixed bug #106788 from James * parser.c: another fix for nodeinfo in entities problem * tree.c entities.c: fixed bug #106788 from James Clark some spaces need to be serialized as character references. Daniel
2d84a894	2002-12-30T00:01:08	Fixed a really nasty problem raised by a DocBook XSLT transform provided * entities.c parser.c tree.c include/libxml/entities.h: Fixed a really nasty problem raised by a DocBook XSLT transform provided by Sebastian Bergmann Daniel
3487c8d9	2002-09-05T11:33:25	get rid of all the perror() calls made in the library execution paths. * DOCBparser.c HTMLparser.c c14n.c entities.c list.c parser.c parserInternals.c xmlIO.c: get rid of all the perror() calls made in the library execution paths. This should fix both #92059 and #92385 Daniel
34ce8bec	2002-03-18T19:37:11	preparing 2.4.18 updated and rebuilt the web site implement the new * configure.in: preparing 2.4.18 * doc/: updated and rebuilt the web site .c libxml.h: implement the new IN_LIBXML scheme discussed with the Windows and Cygwin maintainers. parser.c: humm, changed the way the SAX parser work when xmlSubstituteEntitiesDefault(1) is set, it will then do the entity registration and loading by itself in case the user provided SAX getEntity() returns NULL. * testSAX.c: added --noent to test the behaviour. Daniel
2875770e	2002-02-18T11:19:30	fixed a couple of conformances issues deep into the validation code * SAX.c entities.c: fixed a couple of conformances issues deep into the validation code (standalone and undeclared Notations) Daniel
8ee9c8f6	2002-01-26T21:42:58	applied patch from Anthony Jones to implement copy of DTD subtree too. Had * entities.c tree.c include/libxml/entities.h: applied patch from Anthony Jones to implement copy of DTD subtree too. Had just to keep 2 function private which really ought to become public ones. Daniel

0ab5d7c5

2025-06-03T00:13:26

entities: Deprecate internal DTD-related functions

7bd8d1d9

2025-05-28T15:53:38

doc: Prefix autolinks with '#' Use `#func` instead of `func()` to ignore parameters and make all autolinks work.

c5b45fbc

2025-05-16T16:54:09

doc: Misc fixes

adfbeb7e

2025-05-14T04:58:21

doc: Stop using *Ptr typedefs in documentation

a40f36e7

2025-05-14T04:04:28

include: Stop using *Ptr typedefs in public headers

dad11630

2025-05-09T22:05:38

entities: Always replace invalid chars when escaping The previous refactor painstakingly recreated the different behavior of separate functions that were merged. It makes Optimize IS_CHAR check for non-ASCII chars.

63535d39

2025-05-09T20:13:43

tree: Make xmlNodeListGetStringInternal work with escape flags

777e2adf

2025-05-09T23:53:03

io: Consolidate escaping code Use generated table approach of xmlSerializeText for xmlEscapeText. Move most code to xmlIO.c.

cdaf657f

2025-05-09T23:02:32

html: Don't escape < and > when serializing attribute values Align with HTML5. This will break some test suites.

e0e0a1f0

2025-05-09T22:44:54

html: Remove special handling of &{...} when serializing See https://www.w3.org/TR/html401/appendix/notes.html#h-B.7.1 Align with HTML5.

9bbffec5

2025-05-06T17:42:46

doc: Move brief to top, params to bottom of doc comments

714decd6

2025-05-04T17:50:26

doc: Misc fixes to entities docs

cb1635a6

2025-05-02T19:05:25

doc: Use @since command

e78e05c9

2025-05-02T17:32:51

doc: Fix autolinks to functions Unfortunately, autolinks in .c files aren't converted by Doxygen for some reason.

e525564f

2025-05-01T19:20:06

doc: Remove empty lines at start of block These lines were left over after automatic conversion.

e549622b

2025-04-28T15:11:24

doc: Convert documentation to Doxygen Automated conversion based on a few regexes.

69879da8

2025-04-28T14:04:30

doc: Remove email addresses from documentation Also remove authorship information from generated files, hash.c and globals.c which were rewritten.

61890e39

2025-04-27T21:50:15

doc: Prepare for conversion to Doxygen Fix many params in internal functions (not really necessary but Doxygen warns about that in XML mode). Fix formatting in a few corner cases that automatic conversion can't handle. Rearrange some DOC_DISABLE blocks.

9c16a153

2025-02-13T18:41:33

Revert "include: Make most IS_* macros private" This reverts commit 84a6c82ff83d04963d6e1c5cd18ded68ea02d99f.

2e3a91a7

2024-12-26T21:05:18

doc: Fix documentation

84a6c82f

2024-12-19T20:59:10

include: Make most IS_* macros private Macros like IS_DIGIT or IS_LETTER severely pollute the C namespace.

3f72a579

2024-12-15T21:53:54

entities: Check reallocations for overflow

89b9f457

2024-10-25T18:02:58

entities: Allow control chars when serializing HTML

1cfc5b80

2024-07-12T03:07:57

entities: Rework serialization of numeric character references

8d160626

2024-07-12T02:01:06

entities: Rework text escaping

b0fc67aa

2024-06-15T22:53:55

build: Remove --with-tree configuration option This option would allow for a smaller, but mostly useless minimal build. But it complicates the symbol availability logic in an insane way and requires specialized tools like our custom C parser in doc/apibuild.py. See #717.

8318b5a6

2024-06-09T14:22:53

parser: Fix NULL checks for output arguments

f0d89158

2024-06-01T15:41:43

entities: Unconst predefined entities Partial revert of commit 63ce5f9a. For some reason, Chromium and WebKit set the etype member of predefined entities. This should be fixed first.

e75e878e

2024-05-20T13:58:22

doc: Update and fix documentation

63ce5f9a

2024-04-28T17:32:35

Make some globals const

ee0c1f87

2024-02-29T14:51:49

fuzz: New tree API fuzzer

edbf1eb6

2024-03-05T18:07:13

entities: Don't allow null name in xmlNewEntity

50816b8d

2024-03-05T18:06:38

entities: Check for illegal entity types in xmlAddEntity

ab345338

2024-03-05T19:58:17

valid: Report malloc failure in legacy DTD serialization

fbe10a46

2024-02-01T19:01:57

save: Move DTD serialization code to xmlsave.c

c2b3294f

2024-01-04T21:20:51

fuzz: Abort on invalid UTF-8 The parser should never generate invalid UTF-8 these days even in recovery mode.

d025cfbb

2023-12-27T03:53:24

parser: Always copy content from entity to target. Make sure that references from IDs are updated. Note that if there are IDs with the same value in a document, the last one will now be returned. IDs should be unique, but maybe this should be addressed.

a1f7ecae

2023-12-10T15:25:42

entities: Report malloc failures Fix places where malloc failures aren't reported. Introduce new API function xmlAddEntity that returns separate error codes. Don't invoke global error handler for low-level errors which should be handled by higher layers. Invalid redelcaration warnings will be fixed later.

713ded60

2023-10-06T10:43:38

entities: Make xmlFreeEntity public

699299ca

2023-09-20T18:54:39

globals: Stop including globals.h

9d80a2b1

2023-08-16T19:45:34

entities: Don't change doc when encoding entities doc->encoding shouldn't be touched by xmlEncodeEntitiesInternal.

ce76ebfd

2022-12-19T20:56:23

entities: Stop counting entities This was only used in the old version of xmlParserEntityCheck.

463bbeec

2022-12-19T18:39:45

entities: Rework entity amplification checks This commit implements robust detection of entity amplification attacks, better known as the "billion laughs" attack. We now limit the size of the document after substitution of entities to 10 times the size before expansion. This guarantees linear behavior by definition. There already was a similar check before, but the accounting of "sizeentities" (size of external entities) and "sizeentcopy" (size of all copies created by entity references) wasn't accurate. We also need saturation arithmetic since we're historically limited to "unsigned long" which is 32-bit on many platforms. A maximum of 10 MB of substitutions is always allowed. This should make use cases like DITA work which have caused problems in the past. The old checks based on the number of entities were removed. This is accounted for by adding a fixed cost to each entity reference. Entity amplification checks are now enabled even if XML_PARSE_HUGE is set. This option is mainly used to allow larger text nodes. Most users were unaware that it also disabled entity expansion checks. Some of the limits might be adjusted later. If this change turns out to affect legitimate use cases, we can add a separate parser option to disable the checks. Fixes #294. Fixes #345.

f34f184f

2022-12-19T15:24:53

entities: Add "flags" member to struct xmlEntity This will hold various flags and eventually replace the "checked" member.

2059df53

2022-11-14T22:27:58

buf: Deprecate static/immutable buffers

644a89e0

2022-08-31T22:11:25

[CVE-2022-40304] Fix dict corruption caused by entity reference cycles When an entity reference cycle is detected, the entity content is cleared by setting its first byte to zero. But the entity content might be allocated from a dict. In this case, the dict entry becomes corrupted leading to all kinds of logic errors, including memory errors like double-frees. Stop storing entity content, orig, ExternalID and SystemID in a dict. These values are unlikely to occur multiple times in a document, so they shouldn't have been stored in a dict in the first place. Thanks to Ned Williamson and Nathan Wachholz working with Google Project Zero for the report!

2cac6269

2022-09-01T03:14:13

Don't use sizeof(xmlChar) or sizeof(char)

0f568c0b

2022-08-26T01:22:33

Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.

776d15d3

2022-03-02T00:29:17

Don't check for standard C89 headers Don't check for - ctype.h - errno.h - float.h - limits.h - math.h - signal.h - stdarg.h - stdlib.h - string.h - time.h Stop including non-standard headers - malloc.h - strings.h

f5509772

2022-02-20T22:06:16

Fix documentation in entities.c

346c3a93

2022-02-20T18:46:42

Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.

ce0871e1

2022-02-20T16:44:41

Only warn on invalid redeclarations of predefined entities Downgrade the error message to a warning since the error was ignored, anyway. Also print the name of redeclared entity. For a proper fix that also shows filename and line number of the invalid redeclaration, we'd have to - pass the parser context to the entity functions somehow, or - make these functions return distinct error codes. Partial fix for #308.

bf227135

2020-08-16T17:19:35

Validate UTF8 in xmlEncodeEntities Code is currently assuming UTF-8 without validating. Truncated UTF-8 input can cause out-of-bounds array access. Adds further checks to partial fix in 50f06b3e. Fixes #178

cbe1212d

2021-02-09T17:07:21

Fix null deref introduced with previous commit Found by OSS-Fuzz.

01411e7c

2021-02-08T20:58:32

Check for invalid redeclarations of predefined entities Implement section "4.6 Predefined Entities" of the XML 1.0 spec and check whether redeclarations of predefined entities match the original definitions. Note that some test cases declared <!ENTITY lt "<"> But the XML spec clearly states that this is illegal: > If the entities lt or amp are declared, they MUST be declared as > internal entities whose replacement text is a character reference to > the respective character (less-than sign or ampersand) being escaped; > the double escaping is REQUIRED for these entities so that references > to them produce a well-formed result. Also fixes #217 but the connection is only tangential. The integer overflow discovered by fuzzing was more related to the fact that various parts of the parser disagreed on whether to prefer predefined entities over their redeclarations. The whole situation is a mess and even depends on legacy parser options. But now that redeclarations are validated, it shouldn't make a difference. As noted in the added comment, this is also one of the cases where overly defensive checks can hide interesting logic bugs from fuzzers.

20c60886

2020-03-08T17:19:42

Fix typos Resolves #133.

2a350ee9

2019-09-30T17:04:54

Large batch of typo fixes Closes #109.

e03f0a19

2017-11-09T16:42:47

Fix hash callback signatures Make sure that all parameters and return values of hash callback functions exactly match the callback function type. This is required to pass clang's Control Flow Integrity checks and to allow compilation to asm.js with Emscripten. Fixes bug 784861.

454e397e

2017-08-28T14:30:43

Porting libxml2 on zOS encoding of code First set of patches for zOS - entities.c parser.c tree.c xmlschemas.c xmlschemastypes.c xpath.c xpointer.c: ask conversion of code to ISO Latin 1 to avoid having the compiler assume EBCDIC codepoint for characters. - xmlmodule.c: make sure we have support for modules - xmlIO.c: zOS path names are special avoid dsome of the expectstions from Unix/Windows

4472c3a5

2016-05-13T15:13:17

Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.

95ebe53b

2014-10-13T16:06:21

Fix and add const qualifiers For https://bugzilla.gnome.org/show_bug.cgi?id=689483 It seems there are functions that do use the const qualifier for some of the arguments, but it seems that there are a lot of functions that don't use it and probably should. So I created a patch against 2.9.0 that makes as much as possible const in tree.h, and changed other files as needed. There were a lot of cases like "const xmlNodePtr node". This doesn't actually do anything, there the *pointer* is constant not the object it points to. So I changed those to "const xmlNode *node". I also removed some consts, mostly in the Copy functions, because those functions can actually modify the doc or node they copy from

0ab8ce53

2013-03-28T08:47:42

Switched comment in file to UTF-8 encoding

7651606f

2012-09-11T14:02:08

Various cleanups to avoid compiler warnings

f8e3db04

2012-09-11T13:26:36

Big space and tab cleanup Remove all space before tabs and space and tabs at end of lines.

7d4c529a

2012-09-05T11:45:32

Improve HTML escaping of attribute on output Handle special cases of &{...} constructs as hinted in the spec http://www.w3.org/TR/html401/appendix/notes.html#h-B.7.1 and special values as comment  used for server side includes This is limited to attribute values in HTML content.

baaf03f8

2012-07-20T15:41:34

Fix an error in previous commit

4f9fdc70

2012-07-18T11:38:17

Fix entities local buffers size problems

13cee4e3

2009-09-05T14:52:55

Fix a bunch of scan 'dead increments' and cleanup * HTMLparser.c c14n.c debugXML.c entities.c nanohttp.c parser.c testC14N.c uri.c xmlcatalog.c xmllint.c xmlregexp.c xpath.c: fix unused variables, or unneeded increments as well as a couple of space issues * runtest.c: check for NULL before calling unlink()

aa6de47e

2008-08-25T14:53:31

applied patch from Aswin to fix tree skipping fixed a comment and added a * xmlreader.c: applied patch from Aswin to fix tree skipping * include/libxml/entities.h entities.c: fixed a comment and added a new xmlNewEntity() entry point * runtest.c: be less verbose * tree.c: space and tabs cleanups daniel svn path=/trunk/; revision=3774

f4f4e485

2008-08-25T08:57:48

rework the patch to avoid some ABI issue with people allocating entities * include/libxml/entities.h entities.c SAX2.c parser.c: rework the patch to avoid some ABI issue with people allocating entities structure directly Daniel svn path=/trunk/; revision=3773

4bf899bf

2008-08-20T17:04:30

fix for CVE-2008-3281 Daniel * include/libxml/parser.h include/libxml/entities.h entities.c parserInternals.c parser.c: fix for CVE-2008-3281 Daniel svn path=/trunk/; revision=3772

a37a6ad9

2006-10-10T20:05:45

trying to fix entities behaviour when using SAX, had to extend entities * include/libxml/entities.h entities.c SAX2.c parser.c: trying to fix entities behaviour when using SAX, had to extend entities content and hack on the entities processing code, but that should fix the long standing bug #159219 Daniel

2728f845

2006-03-09T16:49:24

more cleanups based on coverity reports. Daniel * SAX2.c catalog.c encoding.c entities.c example/gjobread.c python/libxml.c: more cleanups based on coverity reports. Daniel

5d4644ef

2005-04-01T13:11:58

revamped the elfgcchack.h format to cope with gcc4 change of aliasing * doc/apibuild.py doc/elfgcchack.xsl: revamped the elfgcchack.h format to cope with gcc4 change of aliasing allowed scopes, had to add extra informations to doc/libxml2-api.xml to separate the header from the c module source. * *.c: updated all c library files to add a #define bottom_xxx and reimport elfgcchack.h thereafter, and a bit of cleanups. * doc//* testapi.c: regenerated when rebuilding the API Daniel

316a5c39

2005-01-23T22:56:39

added xmlHashCreateDict where the hash reuses the dictionnary for internal * hash.c include/libxml/hash.h: added xmlHashCreateDict where the hash reuses the dictionnary for internal strings * entities.c valid.c parser.c: reuse that new API, leads to a decent speedup when parsing for example DocBook documents. Daniel

7da92709

2005-01-23T20:15:53

small speedup in skipping blanks characters interning the entities strings * parser.c: small speedup in skipping blanks characters * entities.c: interning the entities strings Daniel

ce682bc2

2004-11-05T17:22:25

autogenerate a minimal NULL value sequence for unknown pointer types This * gentest.py testapi.c: autogenerate a minimal NULL value sequence for unknown pointer types * HTMLparser.c SAX2.c chvalid.c encoding.c entities.c parser.c parserInternals.c relaxng.c valid.c xmlIO.c xmlreader.c xmlsave.c xmlschemas.c xmlschemastypes.c xmlstring.c xpath.c xpointer.c: This uncovered an impressive amount of entry points not checking for NULL pointers when they ought to, closing all the open gaps. Daniel

8e725fb4

2004-11-05T14:16:50

fixed a compilation problem on a recent change Daniel * entities.c: fixed a compilation problem on a recent change Daniel

ce244ad5

2004-11-05T10:03:46

fixed the way the generator works, extended the testing, especially with * gentest.py testapi.c: fixed the way the generator works, extended the testing, especially with more real trees and nodes. * HTMLtree.c tree.c valid.c xinclude.c xmlIO.c xmlsave.c: a bunch of real problems found and fixed. * entities.c: fix error reporting to go through the new handlers Daniel

62040be3

2004-05-17T03:17:26

avoid returning default namespace when searching from an attribute reverse * tree.c: avoid returning default namespace when searching from an attribute * entities.c xmlwriter.c: reverse xmlEncodeSpecialChars() behaviour back to escaping " since the normal serialization routines do not use it anymore, should close bug #134477 . Tried to make the writer avoid it too but it didn't work. Daniel

18ab8721

2003-12-09T22:51:37

fixed an XML entites content serialization potentially triggered by * entities.c: fixed an XML entites content serialization potentially triggered by XInclude, see #126817 Daniel

d4532558

2003-11-25T18:29:55

fixed #127877, never output " in element content this changes the * entities.c: fixed #127877, never output " in element content * result/isolat3 result/slashdot16.xml result/noent/isolat3 result/noent/slashdot16.xml result/valid/REC-xml-19980210.xml result/valid/index.xml result/valid/xlink.xml: this changes the output of a few tests Daniel

9e66059f

2003-10-20T14:56:06

fixed problem reported on the mailing list by Melvyn Sopacua - wrong * entities.c, valid.c: fixed problem reported on the mailing list by Melvyn Sopacua - wrong argument order on functions called through xmlHashScan.

76e95df0

2003-10-18T16:20:14

Changed all (?) occurences where validation macros (IS_xxx) had * include/libxml/parserInternals.h HTMLparser.c HTMLtree.c SAX2.c catalog.c debugXML.c entities.c parser.c relaxng.c testSAX.c tree.c valid.c xmlschemas.c xmlschemastypes.c xpath.c: Changed all (?) occurences where validation macros (IS_xxx) had single-byte arguments to use IS_xxx_CH instead (e.g. IS_BLANK changed to IS_BLANK_CH). This gets rid of many warning messages on certain platforms, and also high- lights places in the library which may need to be enhanced for proper UTF8 handling.

b2517d85

2003-10-01T19:13:56

Fix error on output of high codepoint charref like 􏿿 , reported * entities.c: Fix error on output of high codepoint charref like 􏿿 , reported by Eric Hanchrow Daniel

d3a2e4c2

2003-09-30T13:38:04

made the predefined entities static predefined structures to avoid the * entities.c legacy.c parser.c: made the predefined entities static predefined structures to avoid the work, memory and hazards associated to initialization/cleanup. Daniel

652327a7

2003-09-29T18:02:38

Adding a configure option to remove tree manipulation code which is not * configure.in entities.c tree.c valid.c xmllint.c include/libxml/tree.h include/libxml/xmlversion.h.in: Adding a configure option to remove tree manipulation code which is not strictly needed by the parser. Daniel

a9cce9cd

2003-09-29T13:20:24

Okay this is scary but it is just adding a configure option to disable * HTMLtree.c SAX2.c c14n.c catalog.c configure.in debugXML.c encoding.c entities.c nanoftp.c nanohttp.c parser.c relaxng.c testAutomata.c testC14N.c testHTML.c testRegexp.c testRelax.c testSchemas.c testXPath.c threads.c tree.c valid.c xmlIO.c xmlcatalog.c xmllint.c xmlmemory.c xmlreader.c xmlschemas.c example/gjobread.c include/libxml/HTMLtree.h include/libxml/c14n.h include/libxml/catalog.h include/libxml/debugXML.h include/libxml/entities.h include/libxml/nanohttp.h include/libxml/relaxng.h include/libxml/tree.h include/libxml/valid.h include/libxml/xmlIO.h include/libxml/xmlschemas.h include/libxml/xmlversion.h.in include/libxml/xpathInternals.h python/libxml.c: Okay this is scary but it is just adding a configure option to disable output, this touches most of the files. Daniel

4432df23

2003-09-28T18:58:27

cleanup, creating a new legacy.c module, made sure make tests ran in * Makefile.am: cleanup, creating a new legacy.c module, made sure make tests ran in reduced conditions * SAX.c SAX2.c configure.in entities.c globals.c parser.c parserInternals.c tree.c valid.c xlink.c xmlIO.c xmlcatalog.c xmlmemory.c xpath.c xmlmemory.c include/libxml/xmlversion.h.in: increased the modularization, allow to configure out validation code and legacy code, added a configuration option --with-minimum compiling only the mandatory code which then shrink to 200KB. Daniel

9ee35f36

2003-09-28T00:19:54

fix a bug raised by the Mips compiler. move the SAXv1 block definitions to * parser.c: fix a bug raised by the Mips compiler. * include/libxml/SAX.h include/libxml/parser.h: move the SAXv1 block definitions to parser.h fixes bug #123380 * xmlreader.c include/libxml/xmlreader.h: reinstanciate the attribute and element pool borken 2 commits ago. Start playing with an entry point to preserve a subtree. * entities.c: remove a warning. Daniel

899e64aa

2003-09-26T18:03:42

minor change to avoid compilation warnings on some (e.g. AIX) systems * HTMLparser.c, entities.c, xmlreader.c: minor change to avoid compilation warnings on some (e.g. AIX) systems

34ba3879

2003-07-15T13:34:05

removed some warnings by casting xmlChar to unsigned int and a couple of * DOCBparser.c HTMLparser.c entities.c parser.c relaxng.c xmlschemas.c xpath.c: removed some warnings by casting xmlChar to unsigned int and a couple of others. * xmlschemastypes.c: fixes a segfault on empty hexBinary strings Daniel

8265a18a

2003-06-13T10:05:56

do not generate " for " outside of attributes this changes the output * entities.c: do not generate " for " outside of attributes * result//*: this changes the output of some tests Daniel

19ab45b5

2003-02-26T15:49:03

fixes again one of the problem raised by James Clark in #106788 Daniel * entities.c: fixes again one of the problem raised by James Clark in #106788 Daniel

0046c0fe

2003-02-23T13:52:30

another fix for nodeinfo in entities problem fixed bug #106788 from James * parser.c: another fix for nodeinfo in entities problem * tree.c entities.c: fixed bug #106788 from James Clark some spaces need to be serialized as character references. Daniel

2d84a894

2002-12-30T00:01:08

Fixed a really nasty problem raised by a DocBook XSLT transform provided * entities.c parser.c tree.c include/libxml/entities.h: Fixed a really nasty problem raised by a DocBook XSLT transform provided by Sebastian Bergmann Daniel

3487c8d9

2002-09-05T11:33:25

get rid of all the perror() calls made in the library execution paths. * DOCBparser.c HTMLparser.c c14n.c entities.c list.c parser.c parserInternals.c xmlIO.c: get rid of all the perror() calls made in the library execution paths. This should fix both #92059 and #92385 Daniel

34ce8bec

2002-03-18T19:37:11

preparing 2.4.18 updated and rebuilt the web site implement the new * configure.in: preparing 2.4.18 * doc/*: updated and rebuilt the web site * *.c libxml.h: implement the new IN_LIBXML scheme discussed with the Windows and Cygwin maintainers. * parser.c: humm, changed the way the SAX parser work when xmlSubstituteEntitiesDefault(1) is set, it will then do the entity registration and loading by itself in case the user provided SAX getEntity() returns NULL. * testSAX.c: added --noent to test the behaviour. Daniel

2875770e

2002-02-18T11:19:30

fixed a couple of conformances issues deep into the validation code * SAX.c entities.c: fixed a couple of conformances issues deep into the validation code (standalone and undeclared Notations) Daniel

8ee9c8f6

2002-01-26T21:42:58

applied patch from Anthony Jones to implement copy of DTD subtree too. Had * entities.c tree.c include/libxml/entities.h: applied patch from Anthony Jones to implement copy of DTD subtree too. Had just to keep 2 function private which really ought to become public ones. Daniel

kc3-lang/libxml2/entities.c

entities.c

Log