| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
| |
This was never part of a public release and can be removed after commit
bbb2b8f1.
|
| |
|
| |
|
|
|
|
| |
Fixes #520.
|
|
|
|
|
|
|
| |
Commit 62150ed2 broke begin_pos and begin_line when extra node info was
recorded.
Fixes #523.
|
| |
|
|
|
|
|
|
|
| |
Revert another change from commit 98840d40.
Decode the whole buffer when reading from memory and switching to the
initial encoding. Add some comments about potential improvements.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* parser.c:
(xmlParseCharData):
- Check if the parser has stopped before advancing
`ctxt->input->cur`. This only occurs if a custom SAX error
handler calls xmlStopParser() on fatal errors.
Fixes #518.
|
|
|
|
|
|
|
|
| |
Revert some changes from commit 98840d40.
WebKit/Chromium can actually switch from ISO-8859-1 to UTF-16 in the
middle of parsing. This is a bad idea, but we have to keep supporting
this use case.
|
|
|
|
| |
After reworking EBCDIC detection, this isn't necessary.
|
|
|
|
|
| |
This should fix a short-lived regression when push parsing with
encodings.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When hashing empty strings which aren't null-terminated,
xmlDictComputeFastKey could produce inconsistent results. This could
lead to various logic or memory errors, including double frees.
For consistency the seed is also taken into account, but this shouldn't
have an impact on security.
Found by OSS-Fuzz.
Fixes #510.
|
|
|
|
|
|
|
|
| |
Fix a null pointer dereference when parsing (invalid) XML schemas.
Thanks to Robby Simpson for the report!
Fixes #491.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Covered by: test/VC/ElementValid5
This only affects XML Reader API with LIBXML_REGEXP_ENABLED and
LIBXML_VALID_ENABLED turned on.
* result/VC/ElementValid5.rdr:
- Update result to add missing error message.
* python/tests/reader2.py:
* result/VC/ElementValid6.rdr:
* result/VC/ElementValid7.rdr:
* result/valid/781333.xml.err.rdr:
- Update result to fix grammar issue.
* valid.c:
(xmlValidatePopElement):
- Check return value of xmlRegExecPushString() to handle -1, and
assign 'ret = 0;' to return 0 from xmlValidatePopElement().
This change affects xmlTextReaderValidatePop() from
xmlreader.c.
- Fix grammar of error message by changing 'child' to
'children'.
|
|
|
|
|
|
|
|
|
| |
In commit 21ca8829, we started to ignore namespaces in HTML element
names but we still called xmlSplitQName, effectively stripping the
namespace prefix. This would cause elements like <o:p> being parsed
as <p>. Now we leave the name untouched.
Fixes #508.
|
|
|
|
|
|
| |
Avoids buffer overread in htmlParseHTMLAttribute.
Found by OSS-Fuzz.
|
|
|
|
| |
Found by OSS-Fuzz, see #344.
|
|
|
|
|
|
| |
Use correct error code when invalid ASCII bytes are encountered.
Found by OSS-Fuzz.
|
|
|
|
| |
Short-lived regression found by OSS-Fuzz.
|
|
|
|
| |
Make more bytes available after invoking CUR_CHAR or NEXT.
|
|
|
|
|
|
|
|
|
|
| |
To detect EBCDIC code pages, we used to switch the encoding twice and
had to be very careful not to decode data after the XML declaration
before the second switch. This relied on a hard-coded expected size of
the XML declaration and was complicated and unreliable.
Now we convert the first 200 bytes to EBCDIC-US and parse the encoding
declaration manually.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Don't try to grow the input buffer in xmlParserShrink. This makes sure
that no memory allocations are made and the function always succeeds.
Remove unnecessary invocations of SHRINK. Invoke SHRINK at the end of
DTD parsing loops.
Shrink before growing.
|
|
|
|
| |
Found by OSS-Fuzz, see #344.
|
|
|
|
|
|
| |
Prevent null derefs.
Found by OSS-Fuzz, see #344.
|
|
|
|
|
| |
- Fix memory leak in xmlParseNmtoken.
- Fix buffer overread after htmlParseCharDataInternal.
|
|
|
|
|
|
| |
- Remove useless invocations of GROW.
- Add some error checks.
- Fix invocations of SHRINK.
|
|
|
|
|
|
| |
The input buffer is now grown reliably when calling CUR_CHAR
(xmlCurrentChar) or NEXT (xmlNextChar). This allows to remove many
other invocations of GROW.
|
|
|
|
|
|
| |
This function must return NULL is an error occurs.
Found by OSS-Fuzz, see #344.
|
|
|
|
|
|
| |
xmlParseName and similar functions must return NULL if an error occurs.
Found by OSS-Fuzz, see #344.
|
|
|
|
| |
Found by OSS-Fuzz, see #344.
|
|
|
|
|
| |
xmlHaltParser must be called after reporting an error. Switch to
xmlBufSetInputBaseCur.
|
|
|
|
|
|
| |
Fixes call stack overflows when validating deeply nested documents.
Found by OSS-Fuzz.
|
|
|
|
| |
Found by OSS-Fuzz, see #344.
|
|
|
|
|
|
| |
Fix check for end of script content.
Found by OSS-Fuzz.
|
|
|
|
| |
This is more efficient than NEXT.
|
|
|
|
|
| |
Fix 3eb6bf03. We really have to halt the parser, so the input buffer
gets reset.
|
| |
|
|
|
|
|
|
|
|
| |
Note that this changes the return value of public function
xmlSchemaInitTypes from void to int. This shouldn't break the ABI on
most platforms.
Found when investigating #500.
|
|
|
|
| |
Fixes #499.
|
|
|
|
| |
Fixes #498.
|
| |
|
|
|
|
|
| |
Introduce xmlParserShrink which takes a parser context to simplify error
handling.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's too much code which assumes that if ctxt->value is non-null,
a value can be successfully popped off the stack. This assumption can
break with stack frames when malloc fails.
Instead of trying to fix all call sites, remove the stack frame logic.
It only offered very little protection against misbehaving extension
functions. We already check the stack size after a function call which
should be enough.
Found by OSS-Fuzz.
|
|
|
|
| |
Found by OSS-Fuzz.
|
| |
|
| |
|
|
|
|
| |
Avoid integer overflows.
|