kmx git

Commit	Date	Message
ce0871e1	2022-02-20T16:44:41	Only warn on invalid redeclarations of predefined entities Downgrade the error message to a warning since the error was ignored, anyway. Also print the name of redeclared entity. For a proper fix that also shows filename and line number of the invalid redeclaration, we'd have to - pass the parser context to the entity functions somehow, or - make these functions return distinct error codes. Partial fix for #308.
9edc20c1	2022-02-07T20:38:30	Fix double counting of CRLF in comments Fixes #151.
01411e7c	2021-02-08T20:58:32	Check for invalid redeclarations of predefined entities Implement section "4.6 Predefined Entities" of the XML 1.0 spec and check whether redeclarations of predefined entities match the original definitions. Note that some test cases declared <!ENTITY lt "<"> But the XML spec clearly states that this is illegal: > If the entities lt or amp are declared, they MUST be declared as > internal entities whose replacement text is a character reference to > the respective character (less-than sign or ampersand) being escaped; > the double escaping is REQUIRED for these entities so that references > to them produce a well-formed result. Also fixes #217 but the connection is only tangential. The integer overflow discovered by fuzzing was more related to the fact that various parts of the parser disagreed on whether to prefer predefined entities over their redeclarations. The whole situation is a mess and even depends on legacy parser options. But now that redeclarations are validated, it shouldn't make a difference. As noted in the added comment, this is also one of the cases where overly defensive checks can hide interesting logic bugs from fuzzers.
32cb5dcc	2020-02-11T13:16:10	Add test case for recursive external parsed entities
6705f4d2	2019-09-16T15:45:27	Remove executable bit from non-executable files
69936b12	2017-08-30T14:16:01	Revert "Print error messages for truncated UTF-8 sequences" This reverts commit 79c8a6b which caused a serious regression in streaming mode. Also reverts part of commit 52ceced "Fix infinite loops with push parser in recovery mode". Fixes bug 786554.
899a5d9f	2017-07-25T14:59:49	Detect infinite recursion in parameter entities When expanding a parameter entity in a DTD, infinite recursion could lead to an infinite loop or memory exhaustion. Thanks to Wei Lei for the first of many reports. Fixes bug 759579.
5f440d8c	2017-06-12T14:32:34	Rework entity boundary checks Make sure to finish all entities in the internal subset. Nevertheless, readd a sanity check in xmlParseStartTag2 that was lost in my previous commit. Also add a sanity check in xmlPopInput. Popping an input unexpectedly was the source of many recent memory bugs. The check doesn't mitigate such issues but helps with diagnosis. Always base entity boundary checks on the input ID, not the input pointer. The pointer could have been reallocated to the old address. Always throw a well-formedness error if a boundary check fails. In a few places, a validity error was thrown. Fix a few error codes and improve indentation.
79c8a6b1	2017-06-10T17:01:27	Print error messages for truncated UTF-8 sequences Before, truncated UTF-8 sequences at the end of a file were treated as EOF. Create an error message containing the offending bytes. xmlStringCurrentChar would also print characters from the input stream, not the string it's working on.
00906759	2016-01-26T16:57:03	Heap-based buffer-underreads due to xmlParseName For https://bugzilla.gnome.org/show_bug.cgi?id=759573 * parser.c: (xmlParseElementDecl): Return early on invalid input to fix non-minimized test case (759573-2.xml). Otherwise the parser gets into a bad state in SKIP(3) at the end of the function. (xmlParseConditionalSections): Halt parsing when hitting invalid input that would otherwise caused xmlParserHandlePEReference() to recurse unexpectedly. This fixes the minimized test case (759573.xml). * result/errors/759573-2.xml: Add. * result/errors/759573-2.xml.err: Add. * result/errors/759573-2.xml.str: Add. * result/errors/759573.xml: Add. * result/errors/759573.xml.err: Add. * result/errors/759573.xml.str: Add. * test/errors/759573-2.xml: Add. * test/errors/759573.xml: Add.
38eae571	2016-03-07T14:04:08	Heap use-after-free in xmlSAX2AttributeNs For https://bugzilla.gnome.org/show_bug.cgi?id=759020 * parser.c: (xmlParseStartTag2): Attribute strings are only valid if the base does not change, so add another check where the base may change. Make sure to set 'attvalue' to NULL after freeing it. * result/errors/759020.xml: Added. * result/errors/759020.xml.err: Added. * result/errors/759020.xml.str: Added. * test/errors/759020.xml: Added test case.
45752d2c	2016-03-03T11:50:34	Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> * parser.c: (xmlParseNCNameComplex): Store start position instead of a pointer to the name since the underlying buffer may change, resulting in a stale pointer being used. * result/errors/759398.xml: Added. * result/errors/759398.xml.err: Added. * result/errors/759398.xml.str: Added. * test/errors/759398.xml: Added test case.
db07dd61	2016-02-12T09:58:29	Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> * parser.c: (xmlParseEndTag2): Add bounds checks before dereferencing ctxt->input->cur past the end of the buffer, or incrementing the pointer past the end of the buffer. * result/errors/758588.xml: Add test result. * result/errors/758588.xml.err: Ditto. * result/errors/758588.xml.str: Ditto. * test/errors/758588.xml: Add regression test.
4a5d80ad	2015-09-18T15:06:46	Fix a bug in CData error handling in the push parser For https://bugzilla.gnome.org/show_bug.cgi?id=754947 The checking function was returning incorrect args in some cases Adds the test to teh reg suite and fix one of the existing test output
51f02b0a	2015-09-15T16:50:32	Fix a bug on name parsing at the end of current input buffer For https://bugzilla.gnome.org/show_bug.cgi?id=754946 When hitting the end of the current input buffer while parsing a name we could end up loosing the beginning of the name, which led to various issues.
4629ee02	2012-07-23T14:15:40	Do not fetch external parsed entities Unless explicietely asked for when validating or replacing entities with their value. Problem pointed out by Tom Lane <tgl@redhat.com> * parser.c: do not load external parsed entities unless needed * test/errors/extparsedent.xml result/errors/extparsedent.xml*: add a regression test to avoid change of the behaviour in the future
d7af5553	2008-08-04T15:29:44	rewrite the URI parser to update to rfc3986 (from 2396) removed the error * uri.c include/libxml/uri.h: rewrite the URI parser to update to rfc3986 (from 2396) * test/errors/webdav.xml result/errors/webdav.xml: removed the error test, 'DAV:' is a correct URI under 3986 Makefile.am: small cleanup in make check Daniel svn path=/trunk/; revision=3763
c707d0b7	2008-01-24T14:48:54	fix a memeory leak in internal subset parsing with a fix from Ashwin add * parser.c: fix a memeory leak in internal subset parsing with a fix from Ashwin * test/errors/content1.xml result/errors/content1.xml*: add test to regressions Daniel svn path=/trunk/; revision=3680
da629347	2007-08-01T07:49:06	fixed a parser bug where invalid char in comment may not be detected, * parser.c: fixed a parser bug where invalid char in comment may not be detected, reported by Ashwin Sinha * test/errors/comment1.xml result/errors/comment1.xml*: added the example to the regression suite Daniel svn path=/trunk/; revision=3647
b9e5acc4	2007-06-12T13:43:00	fix bug #414846 where invalid characters in attributes would sometimes not * parser.c: fix bug #414846 where invalid characters in attributes would sometimes not be detected. * test/errors/attr4.xml result/errors/attr4.xml*: added a specific test case to the regression tests Daniel svn path=/trunk/; revision=3634
f810de04	2005-07-06T22:48:41	fixed problem with free on dupl attribute in dtd (bug309637). added * parser.c: fixed problem with free on dupl attribute in dtd (bug309637). * test/errors/attr3.xml, result/errors/attr3.*: added regression test for this
3fa5e7e4	2005-07-04T11:12:25	fixed a bug failing to detect UTF-8 violations in CData in push mode. * parser.c: fixed a bug failing to detect UTF-8 violations in CData in push mode. * result/errors/cdata.xml* test/errors/cdata.xml: added the test to the regressions Daniel
b8590d4c	2005-01-21T15:10:23	fixed bug #164556 where non-fatal errors stopped push parsing and * parser.c: fixed bug #164556 where non-fatal errors stopped push parsing and xmlreader. * Makefile.am: fixup * test/errors/webdav.xml result/errors/webdav*: adding regression test for this problem. Daniel
37fd3074	2004-06-03T11:22:31	fixed a bug where invalid charrefs may not be detected sometimes as * parser.c: fixed a bug where invalid charrefs may not be detected sometimes as pointed by Morus Walter. * test/errors/charref1.xm result/errors/charref1.xml*: added the test in the regression suite. Daniel
6c662996	2004-02-21T11:55:44	Beuah ! Daniel Beuah ! Daniel
b05deb7f	1999-08-10T19:04:08	Huge commit: 1.5.0, XML validation, Xpath, bugfixes, examples .... Daniel

ce0871e1

2022-02-20T16:44:41

Only warn on invalid redeclarations of predefined entities Downgrade the error message to a warning since the error was ignored, anyway. Also print the name of redeclared entity. For a proper fix that also shows filename and line number of the invalid redeclaration, we'd have to - pass the parser context to the entity functions somehow, or - make these functions return distinct error codes. Partial fix for #308.

9edc20c1

2022-02-07T20:38:30

Fix double counting of CRLF in comments Fixes #151.

01411e7c

2021-02-08T20:58:32

Check for invalid redeclarations of predefined entities Implement section "4.6 Predefined Entities" of the XML 1.0 spec and check whether redeclarations of predefined entities match the original definitions. Note that some test cases declared <!ENTITY lt "<"> But the XML spec clearly states that this is illegal: > If the entities lt or amp are declared, they MUST be declared as > internal entities whose replacement text is a character reference to > the respective character (less-than sign or ampersand) being escaped; > the double escaping is REQUIRED for these entities so that references > to them produce a well-formed result. Also fixes #217 but the connection is only tangential. The integer overflow discovered by fuzzing was more related to the fact that various parts of the parser disagreed on whether to prefer predefined entities over their redeclarations. The whole situation is a mess and even depends on legacy parser options. But now that redeclarations are validated, it shouldn't make a difference. As noted in the added comment, this is also one of the cases where overly defensive checks can hide interesting logic bugs from fuzzers.

32cb5dcc

2020-02-11T13:16:10

Add test case for recursive external parsed entities

6705f4d2

2019-09-16T15:45:27

Remove executable bit from non-executable files

69936b12

2017-08-30T14:16:01

Revert "Print error messages for truncated UTF-8 sequences" This reverts commit 79c8a6b which caused a serious regression in streaming mode. Also reverts part of commit 52ceced "Fix infinite loops with push parser in recovery mode". Fixes bug 786554.

899a5d9f

2017-07-25T14:59:49

Detect infinite recursion in parameter entities When expanding a parameter entity in a DTD, infinite recursion could lead to an infinite loop or memory exhaustion. Thanks to Wei Lei for the first of many reports. Fixes bug 759579.

5f440d8c

2017-06-12T14:32:34

Rework entity boundary checks Make sure to finish all entities in the internal subset. Nevertheless, readd a sanity check in xmlParseStartTag2 that was lost in my previous commit. Also add a sanity check in xmlPopInput. Popping an input unexpectedly was the source of many recent memory bugs. The check doesn't mitigate such issues but helps with diagnosis. Always base entity boundary checks on the input ID, not the input pointer. The pointer could have been reallocated to the old address. Always throw a well-formedness error if a boundary check fails. In a few places, a validity error was thrown. Fix a few error codes and improve indentation.

79c8a6b1

2017-06-10T17:01:27

Print error messages for truncated UTF-8 sequences Before, truncated UTF-8 sequences at the end of a file were treated as EOF. Create an error message containing the offending bytes. xmlStringCurrentChar would also print characters from the input stream, not the string it's working on.

00906759

2016-01-26T16:57:03

Heap-based buffer-underreads due to xmlParseName For https://bugzilla.gnome.org/show_bug.cgi?id=759573 * parser.c: (xmlParseElementDecl): Return early on invalid input to fix non-minimized test case (759573-2.xml). Otherwise the parser gets into a bad state in SKIP(3) at the end of the function. (xmlParseConditionalSections): Halt parsing when hitting invalid input that would otherwise caused xmlParserHandlePEReference() to recurse unexpectedly. This fixes the minimized test case (759573.xml). * result/errors/759573-2.xml: Add. * result/errors/759573-2.xml.err: Add. * result/errors/759573-2.xml.str: Add. * result/errors/759573.xml: Add. * result/errors/759573.xml.err: Add. * result/errors/759573.xml.str: Add. * test/errors/759573-2.xml: Add. * test/errors/759573.xml: Add.

38eae571

2016-03-07T14:04:08

Heap use-after-free in xmlSAX2AttributeNs For https://bugzilla.gnome.org/show_bug.cgi?id=759020 * parser.c: (xmlParseStartTag2): Attribute strings are only valid if the base does not change, so add another check where the base may change. Make sure to set 'attvalue' to NULL after freeing it. * result/errors/759020.xml: Added. * result/errors/759020.xml.err: Added. * result/errors/759020.xml.str: Added. * test/errors/759020.xml: Added test case.

45752d2c

2016-03-03T11:50:34

Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> * parser.c: (xmlParseNCNameComplex): Store start position instead of a pointer to the name since the underlying buffer may change, resulting in a stale pointer being used. * result/errors/759398.xml: Added. * result/errors/759398.xml.err: Added. * result/errors/759398.xml.str: Added. * test/errors/759398.xml: Added test case.

db07dd61

2016-02-12T09:58:29

Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> * parser.c: (xmlParseEndTag2): Add bounds checks before dereferencing ctxt->input->cur past the end of the buffer, or incrementing the pointer past the end of the buffer. * result/errors/758588.xml: Add test result. * result/errors/758588.xml.err: Ditto. * result/errors/758588.xml.str: Ditto. * test/errors/758588.xml: Add regression test.

4a5d80ad

2015-09-18T15:06:46

Fix a bug in CData error handling in the push parser For https://bugzilla.gnome.org/show_bug.cgi?id=754947 The checking function was returning incorrect args in some cases Adds the test to teh reg suite and fix one of the existing test output

51f02b0a

2015-09-15T16:50:32

Fix a bug on name parsing at the end of current input buffer For https://bugzilla.gnome.org/show_bug.cgi?id=754946 When hitting the end of the current input buffer while parsing a name we could end up loosing the beginning of the name, which led to various issues.

4629ee02

2012-07-23T14:15:40

Do not fetch external parsed entities Unless explicietely asked for when validating or replacing entities with their value. Problem pointed out by Tom Lane <tgl@redhat.com> * parser.c: do not load external parsed entities unless needed * test/errors/extparsedent.xml result/errors/extparsedent.xml*: add a regression test to avoid change of the behaviour in the future

d7af5553

2008-08-04T15:29:44

rewrite the URI parser to update to rfc3986 (from 2396) removed the error * uri.c include/libxml/uri.h: rewrite the URI parser to update to rfc3986 (from 2396) * test/errors/webdav.xml result/errors/webdav.xml*: removed the error test, 'DAV:' is a correct URI under 3986 * Makefile.am: small cleanup in make check Daniel svn path=/trunk/; revision=3763

c707d0b7

2008-01-24T14:48:54

fix a memeory leak in internal subset parsing with a fix from Ashwin add * parser.c: fix a memeory leak in internal subset parsing with a fix from Ashwin * test/errors/content1.xml result/errors/content1.xml*: add test to regressions Daniel svn path=/trunk/; revision=3680

da629347

2007-08-01T07:49:06

fixed a parser bug where invalid char in comment may not be detected, * parser.c: fixed a parser bug where invalid char in comment may not be detected, reported by Ashwin Sinha * test/errors/comment1.xml result/errors/comment1.xml*: added the example to the regression suite Daniel svn path=/trunk/; revision=3647

b9e5acc4

2007-06-12T13:43:00

fix bug #414846 where invalid characters in attributes would sometimes not * parser.c: fix bug #414846 where invalid characters in attributes would sometimes not be detected. * test/errors/attr4.xml result/errors/attr4.xml*: added a specific test case to the regression tests Daniel svn path=/trunk/; revision=3634

f810de04

2005-07-06T22:48:41

fixed problem with free on dupl attribute in dtd (bug309637). added * parser.c: fixed problem with free on dupl attribute in dtd (bug309637). * test/errors/attr3.xml, result/errors/attr3.*: added regression test for this

3fa5e7e4

2005-07-04T11:12:25

fixed a bug failing to detect UTF-8 violations in CData in push mode. * parser.c: fixed a bug failing to detect UTF-8 violations in CData in push mode. * result/errors/cdata.xml* test/errors/cdata.xml: added the test to the regressions Daniel

b8590d4c

2005-01-21T15:10:23

fixed bug #164556 where non-fatal errors stopped push parsing and * parser.c: fixed bug #164556 where non-fatal errors stopped push parsing and xmlreader. * Makefile.am: fixup * test/errors/webdav.xml result/errors/webdav*: adding regression test for this problem. Daniel

37fd3074

2004-06-03T11:22:31

fixed a bug where invalid charrefs may not be detected sometimes as * parser.c: fixed a bug where invalid charrefs may not be detected sometimes as pointed by Morus Walter. * test/errors/charref1.xm result/errors/charref1.xml*: added the test in the regression suite. Daniel

6c662996

2004-02-21T11:55:44

Beuah ! Daniel Beuah ! Daniel

b05deb7f

1999-08-10T19:04:08

Huge commit: 1.5.0, XML validation, Xpath, bugfixes, examples .... Daniel

kc3-lang/libxml2/test/errors

test/errors

Log