kc3-lang/libxml2
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
d5f2f74d | 2019-11-11 11:27:40 | Fix memory leak in error path of XPath expr parser Also propagate memory errors. Found by OSS-Fuzz. | |
|
bf2e9617 | 2019-11-07 12:54:01 | Fix overflow handling in xmlBufBackToBuffer Don't overwrite 'use' and 'size' members after clamping to INT_MAX. Thanks to Ranier Vilela for pointing this out in merge request !56. | |
 |
d7248615 | 2019-11-04 23:19:28 | Null pointer handling in catalog.c Fix potential deferencing potential null pointers; Small optimizations. Closes #123. | |
 |
29740ed1 | 2019-11-02 17:51:39 | xml2-config.in: fix regressions introduced by commit 2f2bf4b2c One of regressions introduced by commit 2f2bf4b2caa1cb9a4a5039b7a44db101943382d1 aka v2.9.10-rc1~56 is that cflags and libs variables are used uninitialized, resulting to the following behaviour: $ cflags=foo libs=bar sh ./xml2-config.in --prefix @prefix@ foo bar Another regression is that the test for these variables is flawed. Fixes: 2f2bf4b2c ("xml2-config.in: Output CFLAGS and LIBS on the same line") | |
|
db0c0450 | 2019-11-02 15:14:10 | Enable more undefined behavior sanitizers Minor fix to xmlStringLenGetNodeList to avoid a pointer overflow during API test. Enable pointer-overflow and unsigned-integer-overflow sanitizers in CI tests. Technically, unsigned integer overflows aren't undefined behavior, but they typically indicate programming errors. Some hash functions that really require unsigned integer overflows have already been annotated. | |
 |
41a34e1f | 2019-10-30 20:14:56 | Release of libxml2-2.9.10 * configure.ac doc/xml.html: updated for the release * doc/*: regenerated docs, APIs, etc ... | |
|
9737ec07 | 2019-10-29 16:19:37 | Another fix for conditional sections at end of document The previous fix introduced an uninitialized read. | |
|
a5bb6aaa | 2019-10-29 14:21:54 | Run XML conformance tests under CI Also add llvm to Docker image so that backtraces can be symbolized. | |
|
9acef289 | 2019-10-23 18:13:08 | Fix some release issues on Fedora 30 * doc/Makefile.am: xzlib.html seems not generated anymore since it was only containing an internal define we can drop it * libxml.spec.in: don't run python tests as part of %check as this is now breaking on F30 | |
|
c1035664 | 2019-10-23 11:40:34 | Fix for conditional sections at end of document Parsing conditional sections would fail if the final ']]>' was at the end of the document. Short-lived regression caused by commit c51e38cb. | |
|
d188eb92 | 2019-10-21 12:44:59 | Make sure that Python tests exit with error code Closes #108. | |
|
55d95dcf | 2019-10-20 18:03:21 | Update GitLab CI config - Update Dockerfile - Don't configure with -Werror - Don't mention Travis in CONTRIBUTING | |
|
bfc0f674 | 2019-10-20 14:39:46 | Audit memory error handling in xpath.c Memory allocation errors in the following functions a often ignored. Add TODO comments. - xmlXPathNodeSetCreate - xmlXPathNodeSetAdd* - xmlXPathNodeSetMerge* - xmlXPathNodeSetDupNs Note that the following functions currently lack a way to propagate memory errors: - xmlXPathCompareNodeSets - xmlXPathEqualNodeSets | |
|
429d4eca | 2019-10-20 14:22:20 | Propagate memory errors in valuePush Currently, many memory allocation errors in xpath.c aren't propagated to the parser/evaluation context and for the most part ignored. Most XPath objects allocated via one of the New, Wrap or Copy functions end up being pushed on the stack, so adding a check in valuePush handles many cases without much effort. Also simplify the code a little and make sure to return -1 in case of error. | |
|
390f05e7 | 2019-10-20 13:42:19 | Propagate memory errors in xmlXPathCompExprAdd Make sure that memory errors in xmlXPathCompExprAdd are propagated to the parser context. Hitting the step limit or running out of memory without raising an error could also lead to an out-of-bounds read. Also fixes a memory leak in xmlXPathErrMemory. Found by OSS-Fuzz. | |
|
aec2bf71 | 2019-10-14 18:01:51 | Make xmlFreeDocElementContent non-recursive Avoid call stack overflow when freeing element type declarations with deeply nested contents. Found by OSS-Fuzz. | |
|
d8999b1d | 2019-10-14 17:04:04 | Fix error code in xmlTextWriterStartDocument Return XML_ERR_UNSUPPORTED_ENCODING if no encoding handler could be found. Fixes bug #521808: https://bugzilla.gnome.org/show_bug.cgi?id=521808 Resolves !53. | |
|
40e00bc5 | 2019-10-14 16:56:59 | Fix integer overflow when counting written bytes Check for integer overflow when updating the `written` member of struct xmlOutputBuffer in xmlIO.c. Closes #112. Resolves !54 and !55. | |
 |
1fda3248 | 2019-10-14 16:48:32 | Fix exponent digits when running tests under old MSVC Switch printf output format to two-digit exponent under certain MSVC versions. Closes #111. | |
|
f9f8df0a | 2019-10-03 04:15:52 | Fix uninitialized memory access in HTML parser The SAX2 character handler expects NULL-terminated buffer. Closes #106. Also see https://github.com/lxml/lxml/pull/288 | |
|
5eeb9d5f | 2019-10-14 16:35:00 | Fix memory leak in xmlSchemaValAtomicType Don't collapse anyUris twice. Closes #104. | |
|
61f2abb1 | 2019-10-04 00:21:24 | Enable continuous integration via GitLab CI Port the Travis CI setup to GitLab. We currently run three builds: - GCC with -std=c89 - clang with ASan and UBSan - clang with MSan Closes #110. | |
|
b88ae6d2 | 2019-10-14 15:38:28 | Avoid ignored attribute warnings under GCC GCC doesn't support the unsigned-integer-overflow sanitizer. | |
|
24e3973b | 2019-10-04 14:42:59 | Make xmlDumpElementContent non-recursive Avoid call stack overflow when dumping deeply nested element declarations. Found by OSS-Fuzz. | |
|
64966ebe | 2019-09-30 17:34:32 | Rebuild docs | |
|
2e55f6dc | 2019-09-30 17:30:17 | Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE | |
|
74a8a91f | 2019-09-30 17:58:59 | Fix a few more typos ("fonction") | |
 |
2a350ee9 | 2019-09-30 17:04:54 | Large batch of typo fixes Closes #109. | |
|
80b110a9 | 2019-09-30 14:37:57 | Mark xmlExp* symbols as removed | |
|
c2f209c0 | 2019-09-30 14:13:21 | Disallow conditional sections in internal subset Conditional sections are only allowed in *external* parameter entities referenced from the internal subset. | |
|
c51e38cb | 2019-09-30 13:50:02 | Make xmlParseConditionalSections non-recursive Avoid call stack overflow in deeply nested conditional sections. Found by OSS-Fuzz. | |
|
9d461ac7 | 2019-09-26 16:17:31 | Adjust expected error in Python tests Closes #107. | |
|
d56184a0 | 2019-09-26 12:11:39 | Disable xmlExp regex code This is apparently another regex engine that was never used, see commit 81a8ec6. | |
|
664f8810 | 2019-09-26 11:01:58 | Fix use-after-free in xmlTextReaderFreeNodeList Recent commit 1fbcf40 caused a use-after-free read because it didn't account for the fact that xmlTextReaderFreeDoc frees entities before freeing entity references via xmlTextReaderFreeNodeList. Found by OSS-Fuzz. | |
|
99a864a1 | 2019-09-25 15:27:45 | Fix Regextests - One of the bug316338 test cases is expected to succeed. - Memory leak in testRegexp.c. - Refcount handling in xmlExpHashGetEntry. | |
|
c2b0a184 | 2019-09-25 13:57:42 | Fix empty branch in regex Fixes bug 649244: https://bugzilla.gnome.org/show_bug.cgi?id=649244 Closes #57. | |
|
1fbcf409 | 2019-09-23 17:13:05 | Make xmlTextReaderFreeNodeList non-recursive Avoid call stack overflow when freeing deeply nested documents. Found by OSS-Fuzz. | |
|
0762c9b6 | 2019-09-23 17:07:40 | Make xmlFreeNodeList non-recursive Avoid call stack overflow when freeing deeply nested documents. | |
|
62150ed2 | 2019-09-23 14:46:41 | Make xmlParseContent and xmlParseElement non-recursive Split xmlParseElement into subfunctions. Use nameNsPush to store prefix, URI and nsNr on the heap, similar to the push parser. Closes #84. | |
|
a28bc751 | 2019-09-20 13:46:58 | Fix integer overflow in entity recursion check | |
|
e91cbcf6 | 2019-09-20 12:44:17 | Don't read external entities or XIncludes from stdin The file input callbacks try to read from stdin if "-" is passed as URL. This should never be done when loading indirect resources like external entities or XIncludes. Unfortunately, the stdin substitution happens deep inside the IO code, so we simply replace "-" with "./-" in specific locations. This issue also affects other users of the library like libxslt. Ideally, stdin should only be substituted on explicit request. But more intrusive changes could break existing code. Closes #90 and #102. | |
|
6705f4d2 | 2019-09-16 15:45:27 | Remove executable bit from non-executable files | |
|
eee1dd5a | 2019-09-16 15:36:44 | Fix expected output of test/schemas/any4 libxml2 correctly rejects any4_0.xsd as invalid schema. I can't figure out what the intent behind this test case was. Simply adjust the expected output to match the current behavior. Closes #92. | |
|
e8c9cd5c | 2019-09-16 15:36:02 | Fix Schema determinism check of ##other namespaces Non-compound (##local) and compound string atoms are always disjoint regardless of whether the compound atom is negated (##other). Closes #40. | |
 |
4e326a3a | 2019-09-02 14:16:12 | Fix potential null deref in xmlSchemaIDCFillNodeTables Merge request !45 | |
|
5f1f455c | 2019-09-13 15:51:16 | Fix potential memory leak in xmlBufBackToBuffer Fixes bug #794373 https://bugzilla.gnome.org/show_bug.cgi?id=794373 Also see merge request !42 | |
|
e32afd3f | 2019-09-13 15:45:21 | Fix error message when processing XIncludes with fallbacks Fixes bug #616491 https://bugzilla.gnome.org/show_bug.cgi?id=616491 Based on merge request !41 | |
|
fa5e8ca6 | 2019-08-27 19:09:20 | Optimize build instructions in README Fixes bug #792181 https://bugzilla.gnome.org/show_bug.cgi?id=792181 Merge request !40 | |
 |
0b793591 | 2019-08-26 15:24:12 | Fix memory leak in xmlRegEpxFromParse Merge request !39 | |
|
8efc5b28 | 2019-09-13 12:24:23 | 14:00 is a valid timezone for xs:dateTime Closes #100 | |
 |
5a02583c | 2019-08-07 17:39:17 | Fix memory leak in xmlParseBalancedChunkMemoryRecover When doc is NULL, namespace created in xmlTreeEnsureXMLDecl is bind to newDoc->oldNs, in this case, set newDoc->oldNs to NULL and free newDoc will cause a memory leak. Found with libFuzzer. Closes #82. | |
|
09b6f818 | 2019-08-25 13:58:41 | Fix potential null deref in xmlRelaxNGParsePatterns Thanks to Zhongyuan Zhou for the initial patch. | |
|
01d8cf07 | 2019-08-15 15:15:42 | Misleading error message with xs:{min|max}Inclusive Closes #53. | |
 |
a6a57867 | 2019-08-13 20:08:53 | Fix memory leak in xmlXIncludeLoadTxt | |
|
e3f1c7f7 | 2019-08-25 14:12:23 | Partial fix for comparison of xs:durations See https://bugzilla.gnome.org/show_bug.cgi?id=777139 Thanks to Zhongyuan Zhou for the initial merge request !34. | |
 |
39f10232 | 2019-08-09 09:44:11 | Fix typos: tree: move{ -> s}, reconcil{i -> }ed, h{o -> e}ld by... ...seems to { -> be to} add. Signed-off-by: Jan Pokorný <jpokorny@redhat.com> | |
|
5c0e48b8 | 2019-07-25 18:46:30 | Fix typo: xpath: simpli{ -> fi}ed Signed-off-by: Jan Pokorný <jpokorny@redhat.com> | |
|
0571b4e6 | 2019-08-09 15:39:17 | Fix null deref in xmlreader buffer | |
|
ea695ac0 | 2019-08-09 15:09:22 | Fix unability to RelaxNG-validate grammar with choice-based name class Previously, test/relaxng/ambig_name-class2.xml would fail to validate against test/relaxng/ambig_name-class2.rng: > test/relaxng/ambig_name-class2.rng:4: > element attribute: Relax-NG parser error : > Found anyName attribute without oneOrMore ancestor > Relax-NG schema test/relaxng/ambig_name-class2.rng failed to compile Signed-off-by: Jan Pokorný <jpokorny@redhat.com> | |
|
8074b881 | 2019-08-08 23:33:48 | Fix unability to validate ambiguously constructed interleave for RelaxNG Previously, test/relaxng/ambig_name-class.xml would fail to validate for a simple reason -- interleave within "open-name-class" context is supposed to be fine with whatever else is pending the consumption, since effectively, it's unrelated from a higher parsing perspective. Signed-off-by: Jan Pokorný <jpokorny@redhat.com> | |
|
81958b6e | 2019-07-11 19:24:11 | Doc: do not mislead towards "infeasible" scenario wrt. xmlBufNodeDump At least when merely public API is to be leveraged, one cannot use xmlBufCreate function that would otherwise be a clear fit, and relying on some invariants wrt. how some other struct fields will get initialized along the construction/filling such parent struct and (ab)using that instead does not appear clever, either. Hence, instruct people what's the Right Thing for the moment, that is, make them use xmlNodeDumpOutput instead (together with likewise public xmlAllocOutputBuffer). Going forward, it's questionable what do with xmlBuf* family of functions that are once public, since they, for any practical purpose, cannot be used by the library clients (that's how I've run into this). Signed-off-by: Jan Pokorný <jpokorny@redhat.com> | |
|
59028ba0 | 2019-08-07 14:38:07 | Fix possible null dereference in xmlXPathIdFunction If a certain memory allocation fails, xmlXPathIdFunction would dereference a null pointer. Closes #77. | |
|
6c91dd94 | 2019-08-01 15:01:47 | Don't call printf with NULL string in runtest.c Avoids undefined behavior causing problems on HP-UX and Solaris. Closes #78. | |
|
b17e3d1c | 2019-08-01 15:04:16 | Work around buggy ceil() function on AIX AIX has a buggy ceil() function that does not handle negative-zero correctly. Closes #79. | |
 |
2f2bf4b2 | 2019-07-31 20:21:47 | xml2-config.in: Output CFLAGS and LIBS on the same line xml2-config currently outputs the results of '--cflags --libs' on two lines. Printing this information on one line is far more useful. | |
|
0c1b4fd2 | 2019-07-13 10:47:25 | Fix comments in test code | |
|
4f67dbb0 | 2019-07-09 15:11:01 | fix memory leak in xmlAllocOutputBuffer | |
|
1fc410d3 | 2019-07-01 22:22:14 | xml2-config: Add a --dynamic switch to print only shared libraries `xml2-config --libs` prints static library linking information by default. This is un-necessary for most programs, so introduce a new option, --dynamic, which, when combined with --libs, only prints shared library linking information. | |
 |
87125732 | 2019-07-08 12:54:21 | Switched from unsigned long to ptrdiff_t in parser.c Using unsigned long instead of ptrdiff_t results in non-zero pointer deltas being stored as zero delta, giving incorrect offsets into arrays and hence out of bounds reads. This patch fixes the issue in all places in parser.c and adds a macro to reduce the chances of cut-and-paste errors. Only affects platforms where 'sizeof(long) < sizeof(size_t)' like 64-bit Windows. See https://bugs.chromium.org/p/chromium/issues/detail?id=894933 Closes #44. | |
|
63484962 | 2019-07-08 12:28:39 | Remove redundant code in xmlRelaxNGValidateState Closes #70. | |
 |
b3a95d57 | 2019-05-21 11:21:29 | Fix unsigned int overflow | |
|
0df3c2c9 | 2019-06-28 17:34:24 | fix comment in testReader.c | |
|
37189c08 | 2019-07-08 12:18:24 | dict.h: gcc 2.95 doesn't allow multiple storage classes This is a partial revert of commit c71f9305. I'm not sure what issue this commit was trying to solve but it seems to be related to a circular dependency. It might be related to tree.h being included from dict.h which is unnecessary. Resolves !22. | |
|
01ea9c5a | 2019-07-08 11:29:40 | Fix another code path in xmlParseQName Check for buffer errors in another code path missed in the previous commit. Found by OSS-Fuzz. | |
|
5ccac8ce | 2019-06-27 10:23:36 | Make sure that xmlParseQName returns NULL in error case If there's an error growing the input buffer when recovering from invalid QNames, make sure to return NULL. Otherwise, callers could be confused. In xmlParseStartTag2, for example, `tlen` could become negative. Found by OSS-Fuzz. | |
|
f209e551 | 2019-06-25 11:45:16 | Fix build without reader but with pattern Broken by commit dbc6b55b. | |
|
f824a4bd | 2019-05-20 13:26:08 | Fix memory leak in xmlAllocOutputBufferInternal error path Thanks to Anish K Kurian for the report. Closes #60. | |
|
e79a903f | 2019-05-20 13:22:49 | Remove redundant code in xmlXPathCompRelationalExpr Thanks to Anish K Kurian for the report. Closes #59. | |
|
44e7a0d5 | 2019-05-16 21:17:28 | Annotate functions with __attribute__((no_sanitize)) | |
|
f9fce963 | 2019-05-16 21:16:01 | Fix unsigned integer overflow It's defined behavior but -fsanitize=unsigned-integer-overflow is useful to discover bugs. | |
|
dbc6b55b | 2019-05-16 21:06:56 | Fix warnings when compiling without reader or push parser | |
|
407b393d | 2019-05-15 12:47:28 | Fix return value of xmlOutputBufferWrite When using memory buffers, the total size of the buffer was added again and again, potentially leading to an integer overflow. Found by OSS-Fuzz. | |
 |
3c0d62b4 | 2019-05-13 07:15:44 | Fix parser termination from "Double hyphen within comment" error The patch fixes the parser not halting immediately when the error handler attempts to stop the parser. Rather it was running on and continuing to reference the freed buffer in the while loop termination test. This is only a problem if xmlStopParser is called from an error handler. Probably caused by commit 123234f2. Fixes #58. | |
|
96125557 | 2019-05-10 12:30:03 | Remove unused member `doc` in xmlSaveCtxt | |
|
14ed63b7 | 2019-05-08 12:00:51 | Limit recursion depth in xmlXPathCompOpEvalPredicate | |
|
ad93f087 | 2019-04-25 12:47:49 | Remove -Wno-array-bounds It's unsupported on GCC versions older than 4.3 and the false positives seem to be fixed in newer versions. | |
 |
9948a9a3 | 2019-04-05 06:34:59 | timsort.h: support older GCCs cherry-pick upstream pull request: __builtin_clzll isn't available on older GCCs | |
|
346febc6 | 2019-04-25 11:34:08 | Fix call stack overflow in xmlFreePattern Since xmlFreePattern tried to free the next pattern recursively, its behavior is identical to xmlFreePatternList. Make it call xmlFreePatternList to avoid call stack overflows. Found by OSS-Fuzz. | |
|
f75256e7 | 2019-04-23 17:23:39 | Remove unreachable code in xmlXPathCountFunction After the initial test, the condition (type == XPATH_NODESET) || (type == XPATH_XSLT_TREE) always holds true. | |
|
949eced4 | 2019-04-22 16:04:26 | Fix null deref in previous commit | |
|
c2f4da1a | 2017-05-21 22:08:50 | Improve XPath predicate and filter evaluation Consolidate code paths evaluating XPath predicates and filters. Don't push context node on stack when evaluating predicates. I have no idea why this was done. It seems completely useless and trying to pop the context node from a corrupted stack has already caused security issues. Filter nodesets in-place and don't create node sets with NULL gaps which allows to simplify merging a great deal. Simply move matched nodes backward and create a compact node set. Merge xmlXPathCompOpEvalPositionalPredicate into xmlXPathCompOpEvalPredicate. | |
|
012f8e92 | 2019-04-20 17:01:19 | Limit recursion depth in xmlXPathOptimizeExpression | |
|
93a1d223 | 2019-04-16 13:37:47 | Fix memory leaks in xmlXPathParseNameComplex error paths Found by OSS-Fuzz. | |
|
fa3166c2 | 2019-04-12 12:03:04 | Disable hash randomization when fuzzing Use the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION macro proposed by libFuzzer. | |
|
2d97a97a | 2019-03-15 16:27:58 | Optional recursion limit when parsing XPath expressions Useful to avoid call stack overflows when fuzzing. Note that parsing a parenthesized expression currently consumes more than 10 stack frames, so this limit should be set rather low. | |
|
64115ed6 | 2019-03-18 11:34:26 | Optional recursion limit when evaluating XPath expressions Useful to avoid call stack overflows when fuzzing. | |
|
5153c7ba | 2019-03-18 11:18:31 | Use break statements in xmlXPathCompOpEval This prepares for the next commit. | |
|
852c93a2 | 2019-03-12 16:12:05 | Optional XPath operation limit Optionally limit the maximum numbers of XPath operations when evaluating an expression. Useful to avoid timeouts when fuzzing. The following operations count towards the limit: - XPath operations - Location step iterations - Union operations Enabled by setting opLimit to a non-zero value. Note that it's the user's responsibility to reset opCount. This allows to enforce the operation limit across multiple reuses of an XPath context. | |
|
91d576de | 2019-04-09 13:16:50 | Make configure.ac work with older pkg-config Older versions of pkg.m4 require the action-if-not-found argument of the PKG_CHECK_MODULES macro to be non-empty. Use a colon (null command) instead of an empty string. Fixes #50. | |
|
0f518611 | 2019-04-08 14:02:11 | Fix compilation with --with-minimum Presence of xmlEncodeAttributeEntities doesn't depend on output module. Fixes #52. |