kmx git

Commit	Date	Message
7c913850	2025-06-22T20:12:48	parser: Remove unnecessary dict checks when freeing strings The following strings are never allocated from a dict: - xmlParserCtxt.version - xmlParserCtxt.encoding - xmlParserCtxt.extSubURI - xmlParserCtxt.extSubSystem - xmlDoc.version - xmlDoc.encoding - xmlDoc.URL - xmlDTD.ExternalID - xmlDTD.SystemID - xmlID.value Also make the struct members point to non-const chars to avoid casts when freeing.
7cfa3a26	2025-06-22T22:52:47	reader: Remove unused member xinclude_name
6a6a46f0	2025-05-28T16:02:41	doc: Fix autolink errors Fix links, remove links to internal functions.
7bd8d1d9	2025-05-28T15:53:38	doc: Prefix autolinks with '#' Use `#func` instead of `func()` to ignore parameters and make all autolinks work.
6f4b4527	2025-05-15T23:43:32	parser: Stop using ctxt->linenumbers I think this was used to avoid setting the `line` member before it was added (20+ years ago).
adfbeb7e	2025-05-14T04:58:21	doc: Stop using *Ptr typedefs in documentation
a40f36e7	2025-05-14T04:04:28	include: Stop using *Ptr typedefs in public headers
442c1903	2025-05-09T18:52:36	doc: Fix some damage from automated conversions Add some newlines, fix returns.
b3854fe9	2025-05-07T20:20:31	reader: Fix null deref on malloc failure Short-lived regression from 177067ea.
9bbffec5	2025-05-06T17:42:46	doc: Move brief to top, params to bottom of doc comments
cb1635a6	2025-05-02T19:05:25	doc: Use @since command
e78e05c9	2025-05-02T17:32:51	doc: Fix autolinks to functions Unfortunately, autolinks in .c files aren't converted by Doxygen for some reason.
f7c41287	2025-05-02T15:57:17	doc: Remove more comment block headers
e549622b	2025-04-28T15:11:24	doc: Convert documentation to Doxygen Automated conversion based on a few regexes.
69879da8	2025-04-28T14:04:30	doc: Remove email addresses from documentation Also remove authorship information from generated files, hash.c and globals.c which were rewritten.
61890e39	2025-04-27T21:50:15	doc: Prepare for conversion to Doxygen Fix many params in internal functions (not really necessary but Doxygen warns about that in XML mode). Fix formatting in a few corner cases that automatic conversion can't handle. Rearrange some DOC_DISABLE blocks.
177067ea	2025-04-25T15:34:07	reader: Fix reading compressed data Also make sure that functions that don't return error codes set the global error.
0bac84b1	2025-04-24T18:37:16	Add missing NULL checks to public API functions
e50d314a	2025-02-25T23:07:19	build: Add separate configuration option for RELAX NG Support for RELAX NG used to be enabled together with XML Schema support (--with-schemas). Now there's a separate option and a new feature macro LIBXML_RELAXNG_ENABLED.
be579a26	2025-01-15T12:52:53	reader: Fix return value of xmlTextReaderReadString again Make sure to return NULL for node types except elements or text to match the old behavior. Note that CDATA sections are still treated like text nodes and will have their content returned. Fixes #838.
58e2e724	2024-12-15T21:23:34	reader: Check reallocations for overflow
e6045ed7	2024-12-12T22:09:25	reader: Add argument checks
49164610	2024-12-12T22:08:50	reader: Forward catastrophic errors from XInclude
0f4f8900	2024-11-17T20:13:14	parser: Rename inputPush to xmlCtxtPushInput
9201173c	2024-11-05T11:41:28	xmlreader: Fix return value of xmlTextReaderReadString Return NULL if the node has no children or the children were already deleted to match the 2.12 behavior. Fixes #817.
b7c0f9d2	2024-10-19T14:26:39	string: Fix va_copy fallback Fix va_copy fallback reworked in 5cffba83. Should fix #812.
0c56eb82	2024-08-12T21:38:50	tree: Restore return value of xmlNodeListGetString with NULL list When passing a NULL list to xmlNodeListGetString or xmlNodeListGetRawString, return NULL instead of "" to match the old behavior. Fixes #783.
92f30711	2024-07-07T03:02:11	parser: Optimize buffer shrinking Remove checks now that we can shrink memory buffers efficiently. Shrink more aggressively.
a221cd78	2024-07-07T03:01:51	buf: Rework xmlBuf code Always use what the old implementation called the "IO" allocation scheme, allowing to move the content pointer past the initial allocation. This is inexpensive and allows efficient shrinking. Optimize xmlBufGrow, reusing shrunken memory as much as possible. Simplify xmlBufAdd. Make xmlBufBackToBuffer return an error on overflow. Make "size" exclude the terminating NULL byte. Always provide an initial size. Reintroduce static buffers. Remove xmlBufResize and several other functions.
6be79014	2024-07-15T14:18:26	Remove unused code
440d11af	2024-07-13T00:11:35	reader: Deprecate xmlTextReaderByteConsumed Document that this function is useless. Stop trying to handle encoding via xmlByteConsumed which can be expensive.
2e63656e	2024-07-07T19:21:46	parser: Check return value of inputPush inputPush typically doesn't fail because we pre-allocate the input table. The return value should be checked nevertheless.
f505dcae	2024-06-26T14:11:34	tree: Remove underscores from xmlRegisterCallbacks
57004006	2024-06-17T14:37:54	reader: Fix xmlTextReaderReadString Regressed in commit 7cbf609a. Should fix #738.
fd7d9e5e	2024-06-11T14:47:03	reader: Add callbacks for resource loader
e75e878e	2024-05-20T13:58:22	doc: Update and fix documentation
16fb1028	2024-05-10T12:00:12	reader: Fix error reporting with walker Abort earlier in xmlTextReaderRead if an error was raised.
81611e06	2024-05-05T18:16:44	reader: Don't call xmlCtxtErrMemory with NULL ctxt This can happen in "walker" mode.
d2f623d1	2024-04-30T16:36:44	reader: Report malloc failure in xmlTextReaderConstValue
7cbf609a	2024-04-18T12:57:15	reader: Make xmlTextReaderReadString non-recursive Also report malloc failures. Fixes #607.
f6964781	2024-04-22T12:23:39	reader: Rework xmlTextReaderRead{Inner,Outer}Xml Use an xmlOutputBuffer. Report malloc failures.
cdb3103b	2024-04-22T12:23:06	reader: Report malloc failures
d2daf33e	2024-04-16T14:53:07	reader: Fix preservation of attributes Don't use 'curnode' which might be an attribute or namespace node which doesn't have an 'extra' member.
1b4bf22c	2024-03-17T15:05:42	xmlreader: Fix memory leak in xmlTextReaderFreeProp Short-lived regression.
d0d6174e	2024-02-29T19:38:29	valid: Rework xmlAddID
84a71860	2024-02-26T15:14:28	xmlreader: Fix xmlTextReaderConstEncoding Regression from commit f1c1f5c6. Fixes #697.
13962b06	2023-10-15T13:56:34	xmlreader: Clean up error handling Make sure that xmlTextReaderRead returns -1 immediately if the reader is in an error state.
ddda373e	2024-02-06T12:53:03	xmlreader: Make xmlTextReaderValidateEntity return an error code This makes sure that xmlTextReaderRead returns -1 if a memory allocation fails.
1a66b176	2023-10-14T22:45:54	[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604.
12f0bb94	2024-01-05T01:14:28	parser: Synchronize more options
a5dcf0f4	2023-12-26T03:27:23	parser: Mark more parser context members as unused
955c177f	2023-12-23T00:58:36	parser: Stop using 'directory' struct member This was only used as a pointless fallback for URI resolution.
c8f1f4a2	2023-12-21T17:30:38	doc: Improve documentation of error handlers
23345a1c	2023-12-19T19:52:28	io: Report IO errors through xmlCtxtErrIO This is also a new public API function to be used in external entity loaders.
ed6596a4	2023-12-18T19:47:47	reader: Simplify error handling Only use structured error handlers for parser, Schemas and RelaxNG contexts. Also use structured error handler for XInclude context. Remove TODO macro.
54c70ed5	2023-12-18T19:31:29	parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.
157df344	2023-12-10T18:23:53	xmlreader: Report malloc failures Fix many places where malloc failures aren't reported. Introduce a new API function xmlTextReaderGetLastError.
5cffba83	2023-11-28T15:34:28	Rework va_copy fallback va_copy is a macro, so it can be detected without a feature test. Fallback to __va_copy or memcpy.
61034116	2023-10-24T15:02:36	error: Make more xmlError structs constant Prepare for future changes, see 45470611.
81741ea4	2023-09-21T16:29:28	xmlreader: Fix EOF detection in xmlTextReaderPushData
4e1c13eb	2023-09-18T14:45:10	debug: Remove debugging code This is barely useful these days and only clutters the code base.
ed3bd052	2023-08-20T20:48:10	parser: Allow to set maximum amplification factor
e2ab48b9	2023-08-14T15:05:30	malloc-fail: Fix unsigned integer overflow in xmlTextReaderPushData Return immediately if xmlParserInputBufferRead fails. Found by OSS-Fuzz, see #344.
320f5084	2023-04-30T18:25:09	parser: Improve handling of encoding and IO errors Make sure that xmlCharEncInput, xmlParserInputBufferPush and xmlParserInputBufferGrow set the correct error code in the xmlParserInputBuffer. Handle errors when calling these functions.
c266a220	2023-01-22T18:18:00	malloc-fail: Handle memory errors in xmlTextReaderEntPush Unfortunately, there's no way to properly report memory errors. Found with libFuzzer, see #344.
f67dc618	2022-12-17T00:14:56	xmlreader: Try to fix regression when reading from memory This reverts a change from commit 2059df53, see #462.
dd3569ea	2022-12-08T02:43:17	Remove XMLDECL macro from .c files
2059df53	2022-11-14T22:27:58	buf: Deprecate static/immutable buffers
1ca0dfec	2022-11-14T22:00:50	reader: Switch to xmlParserInputBufferCreateMem This is less efficient but can't result in input buffer overreads. Fixes #326.
4955e0c9	2022-11-14T20:16:22	io: Don't shrink memory input buffers
eef0a739	2022-10-30T12:21:20	xinclude: Implement "streaming" mode When using xmlreader, XPointer expressions in XIncludes simply cannot work. Expressions can reference nodes which weren't parsed yet or which were already deleted. After fixing nested XIncludes, we reference includes which were parsed previously. When streaming, these nodes could have been deleted, leading to use-after-free errors. Disallow XPointer expressions and truncate the include table in streaming mode.
ad338ca7	2022-09-01T01:18:30	Remove explicit integer casts Remove explicit integer casts as final operation - in assignments - when passing arguments - when returning values Remove casts - to the same type - from certain range-bound values The main motivation is that these explicit casts don't change the result of operations and only render UBSan's implicit-conversion checks useless. Removing these casts allows UBSan to detect cases where truncation or sign-changes occur unexpectedly. Document some explicit casts as truncating and add a few missing ones.
0f568c0b	2022-08-26T01:22:33	Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.
c50196c1	2022-04-10T20:02:47	Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser When creating an xmlTextReaderPtr using xmlReaderForMemory(), there are two optional API functions that can be used: - xmlTextReaderClose() may be called prior to calling xmlFreeTextReader() to free parsing resources and close the xmlTextReaderPtr without freeing it. - xmlTextReaderCurrentDoc() may be called to return an xmlDocPtr that's owned by the caller, and must be free using xmlFreeDoc() after calling xmlFreeTextReader(). The use-after-free issues occur when calling xmlTextReaderClose() before xmlFreeTextReader(), with different issues occurring depending on whether xmlTextReaderCurrentDoc() is also called. * xmlreader.c: (xmlFreeTextReader): - Move code to xmlTextReaderClose(), remove duplicate code, and call xmlTextReaderClose() if it hasn't been called yet. (xmlTextReaderClose): - Move call to xmlFreeNode(reader->faketext) from xmlFreeTextReader() to fix a use-after-free bug when calling xmlTextReaderClose() before xmlFreeTextReader(), but not when using xmlTextReaderCurrentDoc(). The bug was introduced in 2002 by commit beb70bd39. In 2009 commit f4653dcd8 fixed the use-after-free that occurred every time xmlFreeTextReader() was called, but not the case where xmlTextReaderClose() was called first. - Move post-parsing validation code from xmlFreeTextReader() to fix a second use-after-free when calling xmlTextReaderClose() before xmlFreeTextReader(). This regressed in v2.9.10 with commit 57a3af56f.
d99ddd9b	2022-03-05T21:46:40	Improve buffer allocation scheme In most places, we really need the double-it scheme to avoid quadratic behavior. The hybrid scheme still can cause many reallocations and the bounded scheme doesn't seem to provide meaningful protection in xmlreader.c.
4a8c71eb	2022-03-04T03:35:57	Remove DOCBparser This code has been broken and deprecated since version 2.6.0, released in 2003. Because of a bug in commit 961b535c, DOCBparser.c was never compiled since 2012. I couldn't find a Debian package using any of its symbols, so it seems safe to remove this module.
776d15d3	2022-03-02T00:29:17	Don't check for standard C89 headers Don't check for - ctype.h - errno.h - float.h - limits.h - math.h - signal.h - stdarg.h - stdlib.h - string.h - time.h Stop including non-standard headers - malloc.h - strings.h
346c3a93	2022-02-20T18:46:42	Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.
274a1b5b	2022-02-20T16:05:53	Remove unneeded code in xmlreader.c Now that no references to ID and IDREF attributes are stored in streaming validation mode, there's no need to try and remove them. Also remove xmlTextReaderFreeIDTable which was identical to xmlFreeIDTable.
31c6ce3b	2020-11-09T17:55:44	Avoid call stack overflow with XML reader and recursive XIncludes Don't process XIncludes in the result of another inclusion to avoid infinite recursion resulting in a call stack overflow. This is something the XInclude engine shouldn't allow but correct handling of intra-document includes would require major changes. Found by OSS-Fuzz.
b215c270	2020-09-13T12:19:48	Fix cleanup of attributes in XML reader xml:id creates ID attributes even in documents without a DTD, so the check in xmlTextReaderFreeProp must be changed to avoid use after free. Found by OSS-Fuzz.
f0fd1b67	2020-08-26T00:16:38	Limit size of free lists in XML reader when fuzzing Keeping objects on a free list can hide memory errors. Only allow a single node on free lists used by the XML reader when fuzzing. This should hide fewer errors while still exercising the free list logic.
ba589adc	2020-08-25T23:50:39	Fix double free in XML reader with XIncludes An XInclude with empty fallback could lead to a double free in xmlTextReaderRead. Found by OSS-Fuzz.
2af3c2a8	2020-06-08T12:49:51	Fix use-after-free with validating reader Just like IDs, IDREF attributes must be removed from the document's refs table when they're freed by a reader. This bug is often hidden because xmlAttr structs are reused and strings are stored in a dictionary unless XML_PARSE_NODICT is specified. Found by OSS-Fuzz.
106757e8	2020-04-10T14:52:03	Guard new calls to xmlValidatePopElement in xml_reader.c Closes #154.
386fb276	2020-04-28T17:00:37	Add LIBXML_VALID_ENABLED to xmlreader There are already LIBXML_VALID_ENABLED in this file to guard against "--without-valid" at "./configure" step, but here they were missing.
20c60886	2020-03-08T17:19:42	Fix typos Resolves #133.
c005c7a0	2020-02-11T16:35:20	Stop calling SAX getEntity handler from XMLReader The getEntity handler was already invoked by xmlParseReference, so it's useless to call it again. After the recent change, xmlSAX2GetEntity won't load any kind of entities anyway.
5c7e0a9a	2020-02-11T16:29:30	Copy some XMLReader option flags to parser context The parser context stores some options both in the "options" bits and extra members like "validate" or "replaceEntities". Which of these are actually read is inconsistent, so make sure to also update the bit field.
2a350ee9	2019-09-30T17:04:54	Large batch of typo fixes Closes #109.
664f8810	2019-09-26T11:01:58	Fix use-after-free in xmlTextReaderFreeNodeList Recent commit 1fbcf40 caused a use-after-free read because it didn't account for the fact that xmlTextReaderFreeDoc frees entities before freeing entity references via xmlTextReaderFreeNodeList. Found by OSS-Fuzz.
1fbcf409	2019-09-23T17:13:05	Make xmlTextReaderFreeNodeList non-recursive Avoid call stack overflow when freeing deeply nested documents. Found by OSS-Fuzz.
6705f4d2	2019-09-16T15:45:27	Remove executable bit from non-executable files
0571b4e6	2019-08-09T15:39:17	Fix null deref in xmlreader buffer
8161b463	2019-02-28T12:25:05	Remove debug printf in xmlreader.c Fixes #46.
2c8dc715	2019-02-25T12:00:50	Fix null pointer dereference in xmlTextReaderReadOuterXml Fix a regression caused by commit 39fbfb4f. If xmlTextReaderReadOuterXml is called on a pristine xmlReader, the current node is NULL and must not be dereferenced. Move the call to xmlTextReaderExpand to the start of the function to make sure that we have a valid node. Fixes #43.
26828cb3	2019-01-07T16:52:42	Fix commit "Memory leak in xmlFreeID (xmlreader.c)" The recent commit "Memory leak in xmlFreeID (xmlreader.c)" introduced a double-free.
157cd3ae	2018-11-24T15:46:00	Fix NULL pointer deref in xmlTextReaderValidateEntity Found by OSS-Fuzz.
57a3af56	2018-11-24T12:14:55	Memory leak in xmlFreeTextReader In error cases, there might still be elements in the vstate table. Since vstateVPop in valid.c is private, we have to pop the elements with xmlValidatePopElement. This inspects nodes of the document, so the reader doc must be freed after the clearing the vstate table. Found by OSS-Fuzz.
efe8c093	2018-11-24T11:39:32	Memory leak in xmlFreeID (xmlreader.c) Fix a memory leak in xmlReader's private copy of xmlFreeID. Only affects validation with NODICT. Found by OSS-Fuzz.

7c913850

2025-06-22T20:12:48

parser: Remove unnecessary dict checks when freeing strings The following strings are never allocated from a dict: - xmlParserCtxt.version - xmlParserCtxt.encoding - xmlParserCtxt.extSubURI - xmlParserCtxt.extSubSystem - xmlDoc.version - xmlDoc.encoding - xmlDoc.URL - xmlDTD.ExternalID - xmlDTD.SystemID - xmlID.value Also make the struct members point to non-const chars to avoid casts when freeing.

7cfa3a26

2025-06-22T22:52:47

reader: Remove unused member xinclude_name

6a6a46f0

2025-05-28T16:02:41

doc: Fix autolink errors Fix links, remove links to internal functions.

7bd8d1d9

2025-05-28T15:53:38

doc: Prefix autolinks with '#' Use `#func` instead of `func()` to ignore parameters and make all autolinks work.

6f4b4527

2025-05-15T23:43:32

parser: Stop using ctxt->linenumbers I think this was used to avoid setting the `line` member before it was added (20+ years ago).

adfbeb7e

2025-05-14T04:58:21

doc: Stop using *Ptr typedefs in documentation

a40f36e7

2025-05-14T04:04:28

include: Stop using *Ptr typedefs in public headers

442c1903

2025-05-09T18:52:36

doc: Fix some damage from automated conversions Add some newlines, fix returns.

b3854fe9

2025-05-07T20:20:31

reader: Fix null deref on malloc failure Short-lived regression from 177067ea.

9bbffec5

2025-05-06T17:42:46

doc: Move brief to top, params to bottom of doc comments

cb1635a6

2025-05-02T19:05:25

doc: Use @since command

e78e05c9

2025-05-02T17:32:51

doc: Fix autolinks to functions Unfortunately, autolinks in .c files aren't converted by Doxygen for some reason.

f7c41287

2025-05-02T15:57:17

doc: Remove more comment block headers

e549622b

2025-04-28T15:11:24

doc: Convert documentation to Doxygen Automated conversion based on a few regexes.

69879da8

2025-04-28T14:04:30

doc: Remove email addresses from documentation Also remove authorship information from generated files, hash.c and globals.c which were rewritten.

61890e39

2025-04-27T21:50:15

doc: Prepare for conversion to Doxygen Fix many params in internal functions (not really necessary but Doxygen warns about that in XML mode). Fix formatting in a few corner cases that automatic conversion can't handle. Rearrange some DOC_DISABLE blocks.

177067ea

2025-04-25T15:34:07

reader: Fix reading compressed data Also make sure that functions that don't return error codes set the global error.

0bac84b1

2025-04-24T18:37:16

Add missing NULL checks to public API functions

e50d314a

2025-02-25T23:07:19

build: Add separate configuration option for RELAX NG Support for RELAX NG used to be enabled together with XML Schema support (--with-schemas). Now there's a separate option and a new feature macro LIBXML_RELAXNG_ENABLED.

be579a26

2025-01-15T12:52:53

reader: Fix return value of xmlTextReaderReadString again Make sure to return NULL for node types except elements or text to match the old behavior. Note that CDATA sections are still treated like text nodes and will have their content returned. Fixes #838.

58e2e724

2024-12-15T21:23:34

reader: Check reallocations for overflow

e6045ed7

2024-12-12T22:09:25

reader: Add argument checks

49164610

2024-12-12T22:08:50

reader: Forward catastrophic errors from XInclude

0f4f8900

2024-11-17T20:13:14

parser: Rename inputPush to xmlCtxtPushInput

9201173c

2024-11-05T11:41:28

xmlreader: Fix return value of xmlTextReaderReadString Return NULL if the node has no children or the children were already deleted to match the 2.12 behavior. Fixes #817.

b7c0f9d2

2024-10-19T14:26:39

string: Fix va_copy fallback Fix va_copy fallback reworked in 5cffba83. Should fix #812.

0c56eb82

2024-08-12T21:38:50

tree: Restore return value of xmlNodeListGetString with NULL list When passing a NULL list to xmlNodeListGetString or xmlNodeListGetRawString, return NULL instead of "" to match the old behavior. Fixes #783.

92f30711

2024-07-07T03:02:11

parser: Optimize buffer shrinking Remove checks now that we can shrink memory buffers efficiently. Shrink more aggressively.

a221cd78

2024-07-07T03:01:51

buf: Rework xmlBuf code Always use what the old implementation called the "IO" allocation scheme, allowing to move the content pointer past the initial allocation. This is inexpensive and allows efficient shrinking. Optimize xmlBufGrow, reusing shrunken memory as much as possible. Simplify xmlBufAdd. Make xmlBufBackToBuffer return an error on overflow. Make "size" exclude the terminating NULL byte. Always provide an initial size. Reintroduce static buffers. Remove xmlBufResize and several other functions.

6be79014

2024-07-15T14:18:26

Remove unused code

440d11af

2024-07-13T00:11:35

reader: Deprecate xmlTextReaderByteConsumed Document that this function is useless. Stop trying to handle encoding via xmlByteConsumed which can be expensive.

2e63656e

2024-07-07T19:21:46

parser: Check return value of inputPush inputPush typically doesn't fail because we pre-allocate the input table. The return value should be checked nevertheless.

f505dcae

2024-06-26T14:11:34

tree: Remove underscores from xmlRegisterCallbacks

57004006

2024-06-17T14:37:54

reader: Fix xmlTextReaderReadString Regressed in commit 7cbf609a. Should fix #738.

fd7d9e5e

2024-06-11T14:47:03

reader: Add callbacks for resource loader

e75e878e

2024-05-20T13:58:22

doc: Update and fix documentation

16fb1028

2024-05-10T12:00:12

reader: Fix error reporting with walker Abort earlier in xmlTextReaderRead if an error was raised.

81611e06

2024-05-05T18:16:44

reader: Don't call xmlCtxtErrMemory with NULL ctxt This can happen in "walker" mode.

d2f623d1

2024-04-30T16:36:44

reader: Report malloc failure in xmlTextReaderConstValue

7cbf609a

2024-04-18T12:57:15

reader: Make xmlTextReaderReadString non-recursive Also report malloc failures. Fixes #607.

f6964781

2024-04-22T12:23:39

reader: Rework xmlTextReaderRead{Inner,Outer}Xml Use an xmlOutputBuffer. Report malloc failures.

cdb3103b

2024-04-22T12:23:06

reader: Report malloc failures

d2daf33e

2024-04-16T14:53:07

reader: Fix preservation of attributes Don't use 'curnode' which might be an attribute or namespace node which doesn't have an 'extra' member.

1b4bf22c

2024-03-17T15:05:42

xmlreader: Fix memory leak in xmlTextReaderFreeProp Short-lived regression.

d0d6174e

2024-02-29T19:38:29

valid: Rework xmlAddID

84a71860

2024-02-26T15:14:28

xmlreader: Fix xmlTextReaderConstEncoding Regression from commit f1c1f5c6. Fixes #697.

13962b06

2023-10-15T13:56:34

xmlreader: Clean up error handling Make sure that xmlTextReaderRead returns -1 immediately if the reader is in an error state.

ddda373e

2024-02-06T12:53:03

xmlreader: Make xmlTextReaderValidateEntity return an error code This makes sure that xmlTextReaderRead returns -1 if a memory allocation fails.

1a66b176

2023-10-14T22:45:54

[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604.

12f0bb94

2024-01-05T01:14:28

parser: Synchronize more options

a5dcf0f4

2023-12-26T03:27:23

parser: Mark more parser context members as unused

955c177f

2023-12-23T00:58:36

parser: Stop using 'directory' struct member This was only used as a pointless fallback for URI resolution.

c8f1f4a2

2023-12-21T17:30:38

doc: Improve documentation of error handlers

23345a1c

2023-12-19T19:52:28

io: Report IO errors through xmlCtxtErrIO This is also a new public API function to be used in external entity loaders.

ed6596a4

2023-12-18T19:47:47

reader: Simplify error handling Only use structured error handlers for parser, Schemas and RelaxNG contexts. Also use structured error handler for XInclude context. Remove TODO macro.

54c70ed5

2023-12-18T19:31:29

parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.

157df344

2023-12-10T18:23:53

xmlreader: Report malloc failures Fix many places where malloc failures aren't reported. Introduce a new API function xmlTextReaderGetLastError.

5cffba83

2023-11-28T15:34:28

Rework va_copy fallback va_copy is a macro, so it can be detected without a feature test. Fallback to __va_copy or memcpy.

61034116

2023-10-24T15:02:36

error: Make more xmlError structs constant Prepare for future changes, see 45470611.

81741ea4

2023-09-21T16:29:28

xmlreader: Fix EOF detection in xmlTextReaderPushData

4e1c13eb

2023-09-18T14:45:10

debug: Remove debugging code This is barely useful these days and only clutters the code base.

ed3bd052

2023-08-20T20:48:10

parser: Allow to set maximum amplification factor

e2ab48b9

2023-08-14T15:05:30

malloc-fail: Fix unsigned integer overflow in xmlTextReaderPushData Return immediately if xmlParserInputBufferRead fails. Found by OSS-Fuzz, see #344.

320f5084

2023-04-30T18:25:09

parser: Improve handling of encoding and IO errors Make sure that xmlCharEncInput, xmlParserInputBufferPush and xmlParserInputBufferGrow set the correct error code in the xmlParserInputBuffer. Handle errors when calling these functions.

c266a220

2023-01-22T18:18:00

malloc-fail: Handle memory errors in xmlTextReaderEntPush Unfortunately, there's no way to properly report memory errors. Found with libFuzzer, see #344.

f67dc618

2022-12-17T00:14:56

xmlreader: Try to fix regression when reading from memory This reverts a change from commit 2059df53, see #462.

dd3569ea

2022-12-08T02:43:17

Remove XMLDECL macro from .c files

2059df53

2022-11-14T22:27:58

buf: Deprecate static/immutable buffers

1ca0dfec

2022-11-14T22:00:50

reader: Switch to xmlParserInputBufferCreateMem This is less efficient but can't result in input buffer overreads. Fixes #326.

4955e0c9

2022-11-14T20:16:22

io: Don't shrink memory input buffers

eef0a739

2022-10-30T12:21:20

xinclude: Implement "streaming" mode When using xmlreader, XPointer expressions in XIncludes simply cannot work. Expressions can reference nodes which weren't parsed yet or which were already deleted. After fixing nested XIncludes, we reference includes which were parsed previously. When streaming, these nodes could have been deleted, leading to use-after-free errors. Disallow XPointer expressions and truncate the include table in streaming mode.

ad338ca7

2022-09-01T01:18:30

Remove explicit integer casts Remove explicit integer casts as final operation - in assignments - when passing arguments - when returning values Remove casts - to the same type - from certain range-bound values The main motivation is that these explicit casts don't change the result of operations and only render UBSan's implicit-conversion checks useless. Removing these casts allows UBSan to detect cases where truncation or sign-changes occur unexpectedly. Document some explicit casts as truncating and add a few missing ones.

0f568c0b

2022-08-26T01:22:33

Consolidate private header files Private functions were previously declared - in header files in the root directory - in public headers guarded with IN_LIBXML - in libxml.h - redundantly in source files that used them. Consolidate all private header files in include/private.

c50196c1

2022-04-10T20:02:47

Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser When creating an xmlTextReaderPtr using xmlReaderForMemory(), there are two optional API functions that can be used: - xmlTextReaderClose() may be called prior to calling xmlFreeTextReader() to free parsing resources and close the xmlTextReaderPtr without freeing it. - xmlTextReaderCurrentDoc() may be called to return an xmlDocPtr that's owned by the caller, and must be free using xmlFreeDoc() after calling xmlFreeTextReader(). The use-after-free issues occur when calling xmlTextReaderClose() before xmlFreeTextReader(), with different issues occurring depending on whether xmlTextReaderCurrentDoc() is also called. * xmlreader.c: (xmlFreeTextReader): - Move code to xmlTextReaderClose(), remove duplicate code, and call xmlTextReaderClose() if it hasn't been called yet. (xmlTextReaderClose): - Move call to xmlFreeNode(reader->faketext) from xmlFreeTextReader() to fix a use-after-free bug when calling xmlTextReaderClose() before xmlFreeTextReader(), but not when using xmlTextReaderCurrentDoc(). The bug was introduced in 2002 by commit beb70bd39. In 2009 commit f4653dcd8 fixed the use-after-free that occurred every time xmlFreeTextReader() was called, but not the case where xmlTextReaderClose() was called first. - Move post-parsing validation code from xmlFreeTextReader() to fix a second use-after-free when calling xmlTextReaderClose() before xmlFreeTextReader(). This regressed in v2.9.10 with commit 57a3af56f.

d99ddd9b

2022-03-05T21:46:40

Improve buffer allocation scheme In most places, we really need the double-it scheme to avoid quadratic behavior. The hybrid scheme still can cause many reallocations and the bounded scheme doesn't seem to provide meaningful protection in xmlreader.c.

4a8c71eb

2022-03-04T03:35:57

Remove DOCBparser This code has been broken and deprecated since version 2.6.0, released in 2003. Because of a bug in commit 961b535c, DOCBparser.c was never compiled since 2012. I couldn't find a Debian package using any of its symbols, so it seems safe to remove this module.

776d15d3

2022-03-02T00:29:17

Don't check for standard C89 headers Don't check for - ctype.h - errno.h - float.h - limits.h - math.h - signal.h - stdarg.h - stdlib.h - string.h - time.h Stop including non-standard headers - malloc.h - strings.h

346c3a93

2022-02-20T18:46:42

Remove elfgcchack.h The same optimization can be enabled with -fno-semantic-interposition since GCC 5. clang has always used this option by default.

274a1b5b

2022-02-20T16:05:53

Remove unneeded code in xmlreader.c Now that no references to ID and IDREF attributes are stored in streaming validation mode, there's no need to try and remove them. Also remove xmlTextReaderFreeIDTable which was identical to xmlFreeIDTable.

31c6ce3b

2020-11-09T17:55:44

Avoid call stack overflow with XML reader and recursive XIncludes Don't process XIncludes in the result of another inclusion to avoid infinite recursion resulting in a call stack overflow. This is something the XInclude engine shouldn't allow but correct handling of intra-document includes would require major changes. Found by OSS-Fuzz.

b215c270

2020-09-13T12:19:48

Fix cleanup of attributes in XML reader xml:id creates ID attributes even in documents without a DTD, so the check in xmlTextReaderFreeProp must be changed to avoid use after free. Found by OSS-Fuzz.

f0fd1b67

2020-08-26T00:16:38

Limit size of free lists in XML reader when fuzzing Keeping objects on a free list can hide memory errors. Only allow a single node on free lists used by the XML reader when fuzzing. This should hide fewer errors while still exercising the free list logic.

ba589adc

2020-08-25T23:50:39

Fix double free in XML reader with XIncludes An XInclude with empty fallback could lead to a double free in xmlTextReaderRead. Found by OSS-Fuzz.

2af3c2a8

2020-06-08T12:49:51

Fix use-after-free with validating reader Just like IDs, IDREF attributes must be removed from the document's refs table when they're freed by a reader. This bug is often hidden because xmlAttr structs are reused and strings are stored in a dictionary unless XML_PARSE_NODICT is specified. Found by OSS-Fuzz.

106757e8

2020-04-10T14:52:03

Guard new calls to xmlValidatePopElement in xml_reader.c Closes #154.

386fb276

2020-04-28T17:00:37

Add LIBXML_VALID_ENABLED to xmlreader There are already LIBXML_VALID_ENABLED in this file to guard against "--without-valid" at "./configure" step, but here they were missing.

20c60886

2020-03-08T17:19:42

Fix typos Resolves #133.

c005c7a0

2020-02-11T16:35:20

Stop calling SAX getEntity handler from XMLReader The getEntity handler was already invoked by xmlParseReference, so it's useless to call it again. After the recent change, xmlSAX2GetEntity won't load any kind of entities anyway.

5c7e0a9a

2020-02-11T16:29:30

Copy some XMLReader option flags to parser context The parser context stores some options both in the "options" bits and extra members like "validate" or "replaceEntities". Which of these are actually read is inconsistent, so make sure to also update the bit field.

2a350ee9

2019-09-30T17:04:54

Large batch of typo fixes Closes #109.

664f8810

2019-09-26T11:01:58

Fix use-after-free in xmlTextReaderFreeNodeList Recent commit 1fbcf40 caused a use-after-free read because it didn't account for the fact that xmlTextReaderFreeDoc frees entities before freeing entity references via xmlTextReaderFreeNodeList. Found by OSS-Fuzz.

1fbcf409

2019-09-23T17:13:05

Make xmlTextReaderFreeNodeList non-recursive Avoid call stack overflow when freeing deeply nested documents. Found by OSS-Fuzz.

6705f4d2

2019-09-16T15:45:27

Remove executable bit from non-executable files

0571b4e6

2019-08-09T15:39:17

Fix null deref in xmlreader buffer

8161b463

2019-02-28T12:25:05

Remove debug printf in xmlreader.c Fixes #46.

2c8dc715

2019-02-25T12:00:50

Fix null pointer dereference in xmlTextReaderReadOuterXml Fix a regression caused by commit 39fbfb4f. If xmlTextReaderReadOuterXml is called on a pristine xmlReader, the current node is NULL and must not be dereferenced. Move the call to xmlTextReaderExpand to the start of the function to make sure that we have a valid node. Fixes #43.

26828cb3

2019-01-07T16:52:42

Fix commit "Memory leak in xmlFreeID (xmlreader.c)" The recent commit "Memory leak in xmlFreeID (xmlreader.c)" introduced a double-free.

157cd3ae

2018-11-24T15:46:00

Fix NULL pointer deref in xmlTextReaderValidateEntity Found by OSS-Fuzz.

57a3af56

2018-11-24T12:14:55

Memory leak in xmlFreeTextReader In error cases, there might still be elements in the vstate table. Since vstateVPop in valid.c is private, we have to pop the elements with xmlValidatePopElement. This inspects nodes of the document, so the reader doc must be freed after the clearing the vstate table. Found by OSS-Fuzz.

efe8c093

2018-11-24T11:39:32

Memory leak in xmlFreeID (xmlreader.c) Fix a memory leak in xmlReader's private copy of xmlFreeID. Only affects validation with NODICT. Found by OSS-Fuzz.

kc3-lang/libxml2/xmlreader.c

xmlreader.c

Log