summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* libxml2.syms: Remove LIBXML2_2.11.0 version nodeNick Wellnhofer2023-04-261-1/+0
| | | | | This was never part of a public release and can be removed after commit bbb2b8f1.
* parser: Deprecate more internal functionsNick Wellnhofer2023-04-265-0/+44
|
* testchar: Fix return value in testUserEncodingNick Wellnhofer2023-04-211-3/+4
|
* xmllint: Validate --maxmem integer optionNick Wellnhofer2023-04-201-4/+21
| | | | Fixes #520.
* parser: Fix regression in xmlParserNodeInfo accountingNick Wellnhofer2023-04-202-46/+27
| | | | | | | Commit 62150ed2 broke begin_pos and begin_line when extra node info was recorded. Fixes #523.
* testchar: Add test for memory pull parser with encodingNick Wellnhofer2023-04-201-0/+57
|
* parser: Fix regression in memory pull parser with encodingNick Wellnhofer2023-04-192-1/+17
| | | | | | | Revert another change from commit 98840d40. Decode the whole buffer when reading from memory and switching to the initial encoding. Add some comments about potential improvements.
* autoconf: Warn about outdated C compilersNick Wellnhofer2023-04-191-1/+7
|
* encoding: Fix compiler warning in ICU buildNick Wellnhofer2023-04-171-1/+1
|
* Fix use-after-free in xmlParseContentInternal()David Kilzer2023-04-161-1/+2
| | | | | | | | | | * parser.c: (xmlParseCharData): - Check if the parser has stopped before advancing `ctxt->input->cur`. This only occurs if a custom SAX error handler calls xmlStopParser() on fatal errors. Fixes #518.
* parser: Fix regression when switching input encodingsNick Wellnhofer2023-04-131-4/+12
| | | | | | | | Revert some changes from commit 98840d40. WebKit/Chromium can actually switch from ISO-8859-1 to UTF-16 in the middle of parsing. This is a bad idea, but we have to keep supporting this use case.
* parser: Remove first line handling in xmlParseChunkNick Wellnhofer2023-04-121-49/+1
| | | | After reworking EBCDIC detection, this isn't necessary.
* parser: Don't grow push parser buffersNick Wellnhofer2023-04-121-0/+3
| | | | | This should fix a short-lived regression when push parsing with encodings.
* [CVE-2023-29469] Hashing of empty dict strings isn't deterministicNick Wellnhofer2023-04-111-1/+2
| | | | | | | | | | | | | When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results. This could lead to various logic or memory errors, including double frees. For consistency the seed is also taken into account, but this shouldn't have an impact on security. Found by OSS-Fuzz. Fixes #510.
* [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexTypeNick Wellnhofer2023-04-114-1/+21
| | | | | | | | Fix a null pointer dereference when parsing (invalid) XML schemas. Thanks to Robby Simpson for the report! Fixes #491.
* xmlValidatePopElement() can return invalid value (-1)David Kilzer2023-04-106-6/+10
| | | | | | | | | | | | | | | | | | | | | | | | | Covered by: test/VC/ElementValid5 This only affects XML Reader API with LIBXML_REGEXP_ENABLED and LIBXML_VALID_ENABLED turned on. * result/VC/ElementValid5.rdr: - Update result to add missing error message. * python/tests/reader2.py: * result/VC/ElementValid6.rdr: * result/VC/ElementValid7.rdr: * result/valid/781333.xml.err.rdr: - Update result to fix grammar issue. * valid.c: (xmlValidatePopElement): - Check return value of xmlRegExecPushString() to handle -1, and assign 'ret = 0;' to return 0 from xmlValidatePopElement(). This change affects xmlTextReaderValidatePop() from xmlreader.c. - Fix grammar of error message by changing 'child' to 'children'.
* SAX2: Ignore namespaces in HTML documentsNick Wellnhofer2023-03-315-6/+43
| | | | | | | | | In commit 21ca8829, we started to ignore namespaces in HTML element names but we still called xmlSplitQName, effectively stripping the namespace prefix. This would cause elements like <o:p> being parsed as <p>. Now we leave the name untouched. Fixes #508.
* parser: Halt parser if switching encodings failsNick Wellnhofer2023-03-301-0/+2
| | | | | | Avoids buffer overread in htmlParseHTMLAttribute. Found by OSS-Fuzz.
* malloc-fail: Fix buffer overread with HTML doctype declarationsNick Wellnhofer2023-03-261-2/+2
| | | | Found by OSS-Fuzz, see #344.
* encoding: Fix error code in asciiToUTF8Nick Wellnhofer2023-03-261-1/+1
| | | | | | Use correct error code when invalid ASCII bytes are encountered. Found by OSS-Fuzz.
* parser: Fix buffer overread in xmlDetectEBCDICNick Wellnhofer2023-03-261-1/+2
| | | | Short-lived regression found by OSS-Fuzz.
* parser: Grow input buffer earlier when reading charactersNick Wellnhofer2023-03-212-3/+3
| | | | Make more bytes available after invoking CUR_CHAR or NEXT.
* parser: Rework EBCDIC code page detectionNick Wellnhofer2023-03-215-315/+94
| | | | | | | | | | To detect EBCDIC code pages, we used to switch the encoding twice and had to be very careful not to decode data after the XML declaration before the second switch. This relied on a hard-coded expected size of the XML declaration and was complicated and unreliable. Now we convert the first 200 bytes to EBCDIC-US and parse the encoding declaration manually.
* parser: Limit name length in xmlParseEncNameNick Wellnhofer2023-03-211-5/+8
|
* parser: Rework shrinking of input buffersNick Wellnhofer2023-03-214-44/+10
| | | | | | | | | | Don't try to grow the input buffer in xmlParserShrink. This makes sure that no memory allocations are made and the function always succeeds. Remove unnecessary invocations of SHRINK. Invoke SHRINK at the end of DTD parsing loops. Shrink before growing.
* malloc-fail: Fix buffer overread after htmlParseScriptNick Wellnhofer2023-03-201-1/+1
| | | | Found by OSS-Fuzz, see #344.
* malloc-fail: Check for malloc failures when creating XPath stringsNick Wellnhofer2023-03-181-69/+42
| | | | | | Prevent null derefs. Found by OSS-Fuzz, see #344.
* parser: Fix regressions from previous commitsNick Wellnhofer2023-03-182-2/+4
| | | | | - Fix memory leak in xmlParseNmtoken. - Fix buffer overread after htmlParseCharDataInternal.
* html: Rely on CUR_CHAR to grow the input bufferNick Wellnhofer2023-03-171-42/+21
| | | | | | - Remove useless invocations of GROW. - Add some error checks. - Fix invocations of SHRINK.
* parser: Rely on CUR_CHAR/NEXT to grow the input bufferNick Wellnhofer2023-03-171-189/+57
| | | | | | The input buffer is now grown reliably when calling CUR_CHAR (xmlCurrentChar) or NEXT (xmlNextChar). This allows to remove many other invocations of GROW.
* malloc-fail: Add error check in htmlParseHTMLAttributeNick Wellnhofer2023-03-171-0/+4
| | | | | | This function must return NULL is an error occurs. Found by OSS-Fuzz, see #344.
* malloc-fail: Add more error checks when parsing namesNick Wellnhofer2023-03-171-0/+8
| | | | | | xmlParseName and similar functions must return NULL if an error occurs. Found by OSS-Fuzz, see #344.
* malloc-fail: Fix buffer overread in htmlParseScriptNick Wellnhofer2023-03-171-1/+1
| | | | Found by OSS-Fuzz, see #344.
* parser: More fixes to xmlParserGrowNick Wellnhofer2023-03-161-20/+5
| | | | | xmlHaltParser must be called after reporting an error. Switch to xmlBufSetInputBaseCur.
* valid: Make xmlValidateElement non-recursiveNick Wellnhofer2023-03-161-43/+43
| | | | | | Fixes call stack overflows when validating deeply nested documents. Found by OSS-Fuzz.
* malloc-fail: Fix buffer overread when reading from inputNick Wellnhofer2023-03-152-52/+38
| | | | Found by OSS-Fuzz, see #344.
* html: Fix quadratic behavior in htmlParseTryOrFinishNick Wellnhofer2023-03-151-1/+7
| | | | | | Fix check for end of script content. Found by OSS-Fuzz.
* html: Use NEXTL in htmlParseHTMLAttributeNick Wellnhofer2023-03-151-1/+1
| | | | This is more efficient than NEXT.
* parser: Fix short-lived regression causing infinite loopsNick Wellnhofer2023-03-143-46/+42
| | | | | Fix 3eb6bf03. We really have to halt the parser, so the input buffer gets reset.
* xzlib: Fix implicit sign change in xz_openNick Wellnhofer2023-03-141-2/+5
|
* malloc-fail: Handle malloc failures in xmlSchemaInitTypesNick Wellnhofer2023-03-143-46/+163
| | | | | | | | Note that this changes the return value of public function xmlSchemaInitTypes from void to int. This shouldn't break the ABI on most platforms. Found when investigating #500.
* xmllint: Fix memory leak with --pattern --streamNick Wellnhofer2023-03-141-9/+0
| | | | Fixes #499.
* xmllint: Fix use-after-free with --maxmemNick Wellnhofer2023-03-143-9/+29
| | | | Fixes #498.
* parser: Deprecate some parser input functionsNick Wellnhofer2023-03-133-0/+5
|
* parser: Stop calling xmlParserInputShrinkNick Wellnhofer2023-03-134-12/+62
| | | | | Introduce xmlParserShrink which takes a parser context to simplify error handling.
* malloc-fail: Stop using XPath stack framesNick Wellnhofer2023-03-132-54/+5
| | | | | | | | | | | | | There's too much code which assumes that if ctxt->value is non-null, a value can be successfully popped off the stack. This assumption can break with stack frames when malloc fails. Instead of trying to fix all call sites, remove the stack frame logic. It only offered very little protection against misbehaving extension functions. We already check the stack size after a function call which should be enough. Found by OSS-Fuzz.
* malloc-fail: Fix null deref in xmlParserInputShrinkNick Wellnhofer2023-03-131-0/+7
| | | | Found by OSS-Fuzz.
* fuzz: Add valid.optionsNick Wellnhofer2023-03-121-0/+3
|
* parser: Simplify calculation of available buffer spaceNick Wellnhofer2023-03-122-49/+10
|
* parser: Use size_t when subtracting input buffer pointersNick Wellnhofer2023-03-122-3/+4
| | | | Avoid integer overflows.
View Lorry Controller Status