kmx git

Commit	Date	Message
48ed5a74	2022-02-21T09:35:59	Update `xmlStrlen()` to use POSIX / ISO C `strlen()` This should be faster on a wide range of platforms. Closes #212
346c3a93	2022-02-20T18:46:42	Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.
6010a536	2022-01-28T16:27:12	Avoid potential integer overflow in xmlstring.c For historical reasons, the string API operates with int indices which can overflow, especially on 64-bit systems. libxml2 always made the tacit assumption that strings will be never larger than INT_MAX bytes. It should be considered a bug if any part of the code can produce larger strings, whether they are externally visible or not. Likewise, API users are expected not to supply strings larger than INT_MAX bytes. This requirement isn't documented. But even if it was, we must handle larger strings passed in by accident without causing memory errors. - xmlStrndup, xmlCharStrndup, xmlUTF8Strndup Avoid integer overflow if len == INT_MAX. - xmlStrlen, xmlUTF8Strsize, xmlUTF8Strloc Avoid integer overflow by using size_t for index. If an input string larger than INT_MAX bytes is detected, these functions now return 0 instead of a wrong and possibly negative value. - xmlCheckUTF8 Avoid integer overflow by limiting index range. - xmlStrncat, xmlStrncatNew, xmlEscapeFormatString Avoid integer overflow. Return NULL instead of producing strings larger than INT_MAX bytes.
6f95273e	2022-01-25T01:46:59	Fix integer conversion warnings in xmlstring.c Use an int to avoid an integer conversion warning with UBSan when left-shifting a char.
9de7b94d	2020-08-08T20:37:30	Use strcmp when fuzzing This should improve data-flow-guided fuzzing.
5a0ae66d	2017-06-17T23:20:38	Documentation fixes Fixes bug 347465, bug 599433, bug 624550, bug 698253.
8bbe4508	2017-06-17T16:15:09	Spelling and grammar fixes Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other misspellings.
502f6a6d	2016-05-23T14:58:41	More format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 adds a new xmlEscapeFormatString() function to escape composed format strings
4472c3a5	2016-05-13T15:13:17	Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.
8fbbf551	2016-03-08T17:29:00	Bug 763071: heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> * xmlstring.c: (xmlStrncat): Return NULL if xmlStrlen returns a negative length. (xmlStrncatNew): Ditto.
96a5c17e	2016-04-21T19:03:47	Fix OOB read with invalid UTF-8 in xmlUTF8Strsize With certain invalid UTF-8, xmlUTF8Strsize can read up to 6 bytes beyond the end of the string and return the wrong size. This means that in xmlUTF8Strndup and similar code, some content behind the string is copied. But since the terminating \0 is copied as well, this probably can't be exploited to leak sensitive information. Found by afl-fuzz and ASan.
f8e3db04	2012-09-11T13:26:36	Big space and tab cleanup Remove all space before tabs and space and tabs at end of lines.
fcf2457d	2009-08-12T23:02:08	Both args of xmlStrcasestr are const * include/libxml/xmlstring.h xmlstring.c: fix the constness of the second arg of xmlStrcasestr()
d95ecf0b	2005-12-22T14:58:32	Fixed xmlStrEqual() doc, Daniel
5bb0c08d	2005-12-20T10:48:33	Fixed a segfault during text concatenation when validating a node tree: * xmlschemas.c xmlstring.c: Fixed a segfault during text concatenation when validating a node tree: xmlStrncat was called with a @len of -1; but unlike xmlStrncatNew, it does not calculate the length automatically in such a case (reported by Judy Hay on the mailing list). Updated the descriptions of the involved string functions to note this.
6a0baa0c	2005-12-10T11:11:12	fixed a number of warnings shown by HP-UX compiler and reported by Rick * HTMLparser.c configure.in parserInternals.c runsuite.c runtest.c testapi.c xmlschemas.c xmlschemastypes.c xmlstring.c: fixed a number of warnings shown by HP-UX compiler and reported by Rick Jones Daniel
ffa3c749	2005-07-21T13:24:09	applied a patch from Marcus Boerger to fix problems with calling * error.c globals.c parser.c runtest.c testHTML.c testSAX.c threads.c valid.c xmllint.c xmlreader.c xmlschemas.c xmlstring.c xmlwriter.c include/libxml/parser.h include/libxml/relaxng.h include/libxml/valid.h include/libxml/xmlIO.h include/libxml/xmlerror.h include/libxml/xmlexports.h include/libxml/xmlschemas.h: applied a patch from Marcus Boerger to fix problems with calling conventions on Windows this should fix #309757 Daniel
5d4644ef	2005-04-01T13:11:58	revamped the elfgcchack.h format to cope with gcc4 change of aliasing * doc/apibuild.py doc/elfgcchack.xsl: revamped the elfgcchack.h format to cope with gcc4 change of aliasing allowed scopes, had to add extra informations to doc/libxml2-api.xml to separate the header from the c module source. * .c: updated all c library files to add a #define bottom_xxx and reimport elfgcchack.h thereafter, and a bit of cleanups. doc//* testapi.c: regenerated when rebuilding the API Daniel
230c5504	2004-12-20T16:18:49	reset input->base within xmlStopParser removed call to xmlUTF8Strlen from * parser.c: reset input->base within xmlStopParser * xmlstring.c: removed call to xmlUTF8Strlen from within xmlUTF8Strpos (Bill Moseley pointed out it was not useful)
5ea30d7f	2004-11-08T11:54:28	more fixes. Daniel * parser.c testapi.c xmlIO.c xmlstring.c: more fixes. Daniel
ce682bc2	2004-11-05T17:22:25	autogenerate a minimal NULL value sequence for unknown pointer types This * gentest.py testapi.c: autogenerate a minimal NULL value sequence for unknown pointer types * HTMLparser.c SAX2.c chvalid.c encoding.c entities.c parser.c parserInternals.c relaxng.c valid.c xmlIO.c xmlreader.c xmlsave.c xmlschemas.c xmlschemastypes.c xmlstring.c xpath.c xpointer.c: This uncovered an impressive amount of entry points not checking for NULL pointers when they ought to, closing all the open gaps. Daniel
8a32fe48	2004-11-02T22:10:16	more testing and coverage more cleanups rebuilt Daniel * gentest.py testapi.c: more testing and coverage * elfgcchack.h xmlstring.c include/libxml/xmlstring.h: more cleanups * doc/*: rebuilt Daniel
36e5cd50	2004-11-02T14:52:23	adding xmlMemBlocks() work on generator of an automatic API regression * xmlmemory.c include/libxml/xmlmemory.h: adding xmlMemBlocks() * Makefile.am gentest.py testapi.c: work on generator of an automatic API regression test tool. * SAX2.c nanoftp.c parser.c parserInternals.c tree.c xmlIO.c xmlstring.c: various API hardeing changes as a result of running teh first set of automatic API regression tests. * test/slashdot16.xml: apparently missing from CVS, commited it Daniel
b7b54de6	2004-10-06T16:38:01	added code to handle <group>, including dumping to output (bug 151924). * catalog.c: added code to handle <group>, including dumping to output (bug 151924). * xmlcatalog.c, xmlstring.c, parser.c: minor compiler warning cleanup (no change to logic)
3e530169	2004-09-03T17:10:08	modified comments on xmlGetUTF8Char in response to bug 151760 (no change * xmlstring.c: modified comments on xmlGetUTF8Char in response to bug 151760 (no change to logic)
f409515f	2004-08-31T16:49:26	fixed error reported on the list caused by my last change * xmlstring.c: fixed error reported on the list caused by my last change
bf5cf219	2004-08-31T06:47:17	fixed bug introduced during OOM fixup causing problems with default * SAX2.c: fixed bug introduced during OOM fixup causing problems with default namespace when a named prefix with the same href was present (reported on the mailing list by Karl Eichwalder. * xmlstring.c: modified xmlCheckUTF8 with suggested code from Julius Mittenzwei. * dict.c: added a typecast to try to avoid problem reported by Pascal Rodes.
3ffe90ea	2004-08-28T01:33:30	fixed a problem with xmlCheckUTF8 reported on the mailing list by Julius * xmlstring.c: fixed a problem with xmlCheckUTF8 reported on the mailing list by Julius Mittenzwei
1f8658a7	2004-08-14T21:46:31	Dodji pointed out a bug in xmlGetNodePath() applied patch from Albert Chin * tree.c: Dodji pointed out a bug in xmlGetNodePath() * xmlcatalog.c: applied patch from Albert Chin to add a --no-super-update option to xmlcatalog see #145461 and another patch also from Albert Chin to not crash on -sgml --del without args see #145462 * Makefile.am: applied another patch from Albert Chin to fix a problem with diff on Solaris #145511 * xmlstring.c: fix xmlCheckUTF8() according to the suggestion in bug #148115 * python/libxml.py: apply fix from Marc-Antoine Parent about the errors in libxml(2).py on the node wrapper #135547 Daniel
c82c57e6	2004-01-12T16:24:34	some parser optimizations, xmllint --memory --timing --repeat --stream * dict.c parser.c xmlstring.c: some parser optimizations, xmllint --memory --timing --repeat --stream ./db10000.xml went down from 16.5 secs to 15.5 secs. Daniel
a2e844a3	2004-01-06T11:52:13	moved string and UTF8 routines out of parser.c and encoding.c into a new * encoding.c, parser.c, xmlstring.c, Makefile.am, include/libxml/Makefile.am, include/libxml/catalog.c, include/libxml/chvalid.h, include/libxml/encoding.h, include/libxml/parser.h, include/libxml/relaxng.h, include/libxml/tree.h, include/libxml/xmlwriter.h, include/libxml/xmlstring.h: moved string and UTF8 routines out of parser.c and encoding.c into a new module xmlstring.c with include file include/libxml/xmlstring.h mostly using patches from Reid Spencer. Since xmlChar now defined in xmlstring.h, several include files needed to have a #include added for safety. * doc/apibuild.py: added some additional sorting for various references displayed in the APIxxx.html files. Rebuilt the docs, and also added new file for xmlstring module. * configure.in: small addition to help my testing; no effect on normal usage. * doc/search.php: added $_GET[query] so that persistent globals can be disabled (for recent versions of PHP)

48ed5a74

2022-02-21T09:35:59

Update `xmlStrlen()` to use POSIX / ISO C `strlen()` This should be faster on a wide range of platforms. Closes #212

346c3a93

2022-02-20T18:46:42

Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.

6010a536

2022-01-28T16:27:12

Avoid potential integer overflow in xmlstring.c For historical reasons, the string API operates with int indices which can overflow, especially on 64-bit systems. libxml2 always made the tacit assumption that strings will be never larger than INT_MAX bytes. It should be considered a bug if any part of the code can produce larger strings, whether they are externally visible or not. Likewise, API users are expected not to supply strings larger than INT_MAX bytes. This requirement isn't documented. But even if it was, we must handle larger strings passed in by accident without causing memory errors. - xmlStrndup, xmlCharStrndup, xmlUTF8Strndup Avoid integer overflow if len == INT_MAX. - xmlStrlen, xmlUTF8Strsize, xmlUTF8Strloc Avoid integer overflow by using size_t for index. If an input string larger than INT_MAX bytes is detected, these functions now return 0 instead of a wrong and possibly negative value. - xmlCheckUTF8 Avoid integer overflow by limiting index range. - xmlStrncat, xmlStrncatNew, xmlEscapeFormatString Avoid integer overflow. Return NULL instead of producing strings larger than INT_MAX bytes.

6f95273e

2022-01-25T01:46:59

Fix integer conversion warnings in xmlstring.c Use an int to avoid an integer conversion warning with UBSan when left-shifting a char.

9de7b94d

2020-08-08T20:37:30

Use strcmp when fuzzing This should improve data-flow-guided fuzzing.

5a0ae66d

2017-06-17T23:20:38

Documentation fixes Fixes bug 347465, bug 599433, bug 624550, bug 698253.

8bbe4508

2017-06-17T16:15:09

Spelling and grammar fixes Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other misspellings.

502f6a6d

2016-05-23T14:58:41

More format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 adds a new xmlEscapeFormatString() function to escape composed format strings

4472c3a5

2016-05-13T15:13:17

Fix some format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 Decorate every method in libxml2 with the appropriate LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups following the reports.

8fbbf551

2016-03-08T17:29:00

Bug 763071: heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> * xmlstring.c: (xmlStrncat): Return NULL if xmlStrlen returns a negative length. (xmlStrncatNew): Ditto.

96a5c17e

2016-04-21T19:03:47

Fix OOB read with invalid UTF-8 in xmlUTF8Strsize With certain invalid UTF-8, xmlUTF8Strsize can read up to 6 bytes beyond the end of the string and return the wrong size. This means that in xmlUTF8Strndup and similar code, some content behind the string is copied. But since the terminating \0 is copied as well, this probably can't be exploited to leak sensitive information. Found by afl-fuzz and ASan.

f8e3db04

2012-09-11T13:26:36

Big space and tab cleanup Remove all space before tabs and space and tabs at end of lines.

fcf2457d

2009-08-12T23:02:08

Both args of xmlStrcasestr are const * include/libxml/xmlstring.h xmlstring.c: fix the constness of the second arg of xmlStrcasestr()

d95ecf0b

2005-12-22T14:58:32

Fixed xmlStrEqual() doc, Daniel

5bb0c08d

2005-12-20T10:48:33

Fixed a segfault during text concatenation when validating a node tree: * xmlschemas.c xmlstring.c: Fixed a segfault during text concatenation when validating a node tree: xmlStrncat was called with a @len of -1; but unlike xmlStrncatNew, it does not calculate the length automatically in such a case (reported by Judy Hay on the mailing list). Updated the descriptions of the involved string functions to note this.

6a0baa0c

2005-12-10T11:11:12

fixed a number of warnings shown by HP-UX compiler and reported by Rick * HTMLparser.c configure.in parserInternals.c runsuite.c runtest.c testapi.c xmlschemas.c xmlschemastypes.c xmlstring.c: fixed a number of warnings shown by HP-UX compiler and reported by Rick Jones Daniel

ffa3c749

2005-07-21T13:24:09

applied a patch from Marcus Boerger to fix problems with calling * error.c globals.c parser.c runtest.c testHTML.c testSAX.c threads.c valid.c xmllint.c xmlreader.c xmlschemas.c xmlstring.c xmlwriter.c include/libxml/parser.h include/libxml/relaxng.h include/libxml/valid.h include/libxml/xmlIO.h include/libxml/xmlerror.h include/libxml/xmlexports.h include/libxml/xmlschemas.h: applied a patch from Marcus Boerger to fix problems with calling conventions on Windows this should fix #309757 Daniel

5d4644ef

2005-04-01T13:11:58

revamped the elfgcchack.h format to cope with gcc4 change of aliasing * doc/apibuild.py doc/elfgcchack.xsl: revamped the elfgcchack.h format to cope with gcc4 change of aliasing allowed scopes, had to add extra informations to doc/libxml2-api.xml to separate the header from the c module source. * *.c: updated all c library files to add a #define bottom_xxx and reimport elfgcchack.h thereafter, and a bit of cleanups. * doc//* testapi.c: regenerated when rebuilding the API Daniel

230c5504

2004-12-20T16:18:49

reset input->base within xmlStopParser removed call to xmlUTF8Strlen from * parser.c: reset input->base within xmlStopParser * xmlstring.c: removed call to xmlUTF8Strlen from within xmlUTF8Strpos (Bill Moseley pointed out it was not useful)

5ea30d7f

2004-11-08T11:54:28

more fixes. Daniel * parser.c testapi.c xmlIO.c xmlstring.c: more fixes. Daniel

ce682bc2

2004-11-05T17:22:25

autogenerate a minimal NULL value sequence for unknown pointer types This * gentest.py testapi.c: autogenerate a minimal NULL value sequence for unknown pointer types * HTMLparser.c SAX2.c chvalid.c encoding.c entities.c parser.c parserInternals.c relaxng.c valid.c xmlIO.c xmlreader.c xmlsave.c xmlschemas.c xmlschemastypes.c xmlstring.c xpath.c xpointer.c: This uncovered an impressive amount of entry points not checking for NULL pointers when they ought to, closing all the open gaps. Daniel

8a32fe48

2004-11-02T22:10:16

more testing and coverage more cleanups rebuilt Daniel * gentest.py testapi.c: more testing and coverage * elfgcchack.h xmlstring.c include/libxml/xmlstring.h: more cleanups * doc/*: rebuilt Daniel

36e5cd50

2004-11-02T14:52:23

adding xmlMemBlocks() work on generator of an automatic API regression * xmlmemory.c include/libxml/xmlmemory.h: adding xmlMemBlocks() * Makefile.am gentest.py testapi.c: work on generator of an automatic API regression test tool. * SAX2.c nanoftp.c parser.c parserInternals.c tree.c xmlIO.c xmlstring.c: various API hardeing changes as a result of running teh first set of automatic API regression tests. * test/slashdot16.xml: apparently missing from CVS, commited it Daniel

b7b54de6

2004-10-06T16:38:01

added code to handle <group>, including dumping to output (bug 151924). * catalog.c: added code to handle <group>, including dumping to output (bug 151924). * xmlcatalog.c, xmlstring.c, parser.c: minor compiler warning cleanup (no change to logic)

3e530169

2004-09-03T17:10:08

modified comments on xmlGetUTF8Char in response to bug 151760 (no change * xmlstring.c: modified comments on xmlGetUTF8Char in response to bug 151760 (no change to logic)

f409515f

2004-08-31T16:49:26

fixed error reported on the list caused by my last change * xmlstring.c: fixed error reported on the list caused by my last change

bf5cf219

2004-08-31T06:47:17

fixed bug introduced during OOM fixup causing problems with default * SAX2.c: fixed bug introduced during OOM fixup causing problems with default namespace when a named prefix with the same href was present (reported on the mailing list by Karl Eichwalder. * xmlstring.c: modified xmlCheckUTF8 with suggested code from Julius Mittenzwei. * dict.c: added a typecast to try to avoid problem reported by Pascal Rodes.

3ffe90ea

2004-08-28T01:33:30

fixed a problem with xmlCheckUTF8 reported on the mailing list by Julius * xmlstring.c: fixed a problem with xmlCheckUTF8 reported on the mailing list by Julius Mittenzwei

1f8658a7

2004-08-14T21:46:31

Dodji pointed out a bug in xmlGetNodePath() applied patch from Albert Chin * tree.c: Dodji pointed out a bug in xmlGetNodePath() * xmlcatalog.c: applied patch from Albert Chin to add a --no-super-update option to xmlcatalog see #145461 and another patch also from Albert Chin to not crash on -sgml --del without args see #145462 * Makefile.am: applied another patch from Albert Chin to fix a problem with diff on Solaris #145511 * xmlstring.c: fix xmlCheckUTF8() according to the suggestion in bug #148115 * python/libxml.py: apply fix from Marc-Antoine Parent about the errors in libxml(2).py on the node wrapper #135547 Daniel

c82c57e6

2004-01-12T16:24:34

some parser optimizations, xmllint --memory --timing --repeat --stream * dict.c parser.c xmlstring.c: some parser optimizations, xmllint --memory --timing --repeat --stream ./db10000.xml went down from 16.5 secs to 15.5 secs. Daniel

a2e844a3

2004-01-06T11:52:13

moved string and UTF8 routines out of parser.c and encoding.c into a new * encoding.c, parser.c, xmlstring.c, Makefile.am, include/libxml/Makefile.am, include/libxml/catalog.c, include/libxml/chvalid.h, include/libxml/encoding.h, include/libxml/parser.h, include/libxml/relaxng.h, include/libxml/tree.h, include/libxml/xmlwriter.h, include/libxml/xmlstring.h: moved string and UTF8 routines out of parser.c and encoding.c into a new module xmlstring.c with include file include/libxml/xmlstring.h mostly using patches from Reid Spencer. Since xmlChar now defined in xmlstring.h, several include files needed to have a #include added for safety. * doc/apibuild.py: added some additional sorting for various references displayed in the APIxxx.html files. Rebuilt the docs, and also added new file for xmlstring module. * configure.in: small addition to help my testing; no effect on normal usage. * doc/search.php: added $_GET[query] so that persistent globals can be disabled (for recent versions of PHP)

kc3-lang/libxml2/xmlstring.c

xmlstring.c

Log