shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-01-15 23:24:06 +03:00
Code
5,806 Commits 8 Branches 224 Tags
Commit Graph

5806 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Wellnhofer
0f112d0289 malloc-fail: Fix use-after-free related to xmlXPathNodeSetFilter 
Found with libFuzzer, see #344.
 2023-02-26 13:25:01 +01:00
Nick Wellnhofer
a3e11b385c malloc-fail: Fix memory leak in xmlXPathEqualNodeSetFloat 
Found with libFuzzer, see #344.
 2023-02-26 13:24:55 +01:00
Nick Wellnhofer
b51478dc95 Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" 
This reverts commit 6a12be77c6a94c374ab7476087edcee2ba41d9b4.

There's too much code reading ctxt->value directly and making the wrong
assumptions.
 2023-02-26 13:23:47 +01:00
Alexander Kutelev
f931178e5f cmake: Link against dl and dld only when LIBXML2_WITH_MODULES is enabled 2023-02-24 12:45:01 +00:00
Nick Wellnhofer
47b0e0a620 xpath: Fix popping of values in xmlXPathPopNodeset 
After 6a12be77, valuePop can fail even if ctxt->value is non-NULL.

If it turns out that too much code relies on this assumption, a better
fix is needed.
 2023-02-23 15:43:15 +01:00
Nick Wellnhofer
359313c1a7 threads: Really fix crash with weak pthread symbols 
Fix more regressions from 7010d877 and 71931233.

Fixes #488.
 2023-02-23 14:30:45 +01:00
Nick Wellnhofer
ae8a12f175 schematron: Use logical and 2023-02-22 14:25:29 +01:00
Nick Wellnhofer
4f0a0fb7a2 xinclude: Fix include guard 2023-02-22 14:24:24 +01:00
Nick Wellnhofer
1eb2ca9f47 relaxng: Remove useless if statement 
ctxt and define are non-NULL at this point.

Fixes #482.
 2023-02-21 15:46:06 +01:00
Nick Wellnhofer
0ce1f8427b schemas: Remove useless if statement 
bucket->origTargetNamespace is always NULL in this branch.

Fixes #481.
 2023-02-21 15:46:06 +01:00
Nick Wellnhofer
a509694c17 pattern: Merge identical branches 
Fixes #479.
 2023-02-21 15:46:06 +01:00
Nick Wellnhofer
85057e5131 regexp: Add sanity check in xmlRegCalloc2 
These arguments should be non-zero, but add a sanity check to avoid
division by zero.

Fixes #450.
 2023-02-21 15:43:32 +01:00
Nick Wellnhofer
c9e4c6d416 catalog: Fix memory leaks 
Fixes #377.
 2023-02-21 15:22:01 +01:00
Nick Wellnhofer
7bd77873db threads: Fix crash with weak pthread symbols 
Regressed in 7010d877. Should fix #488.
 2023-02-20 10:56:03 +01:00
Nick Wellnhofer
5d55315e32 parser: Fix OOB read when formatting error message 
Don't try to print characters beyond the end of the buffer.

Found by OSS-Fuzz.
 2023-02-18 17:29:07 +01:00
Nick Wellnhofer
1743c4c3fc malloc-fail: Fix OOB read after xmlRegGetCounter 
Found with libFuzzer, see #344.
 2023-02-17 17:18:59 +01:00
Nick Wellnhofer
40bc1c699a malloc-fail: Fix memory leak in xmlFAParseCharProp 
Found with libFuzzer, see #344.
 2023-02-17 17:18:55 +01:00
Nick Wellnhofer
e64653c0e7 malloc-fail: Fix leak of xmlRegAtom 
Found with libFuzzer, see #344.
 2023-02-17 17:18:55 +01:00
Nick Wellnhofer
ed615967df malloc-fail: Fix memory leak in xmlRegexpCompile 
Found with libFuzzer, see #344.
 2023-02-17 17:18:55 +01:00
Nick Wellnhofer
53d1cc98cf malloc-fail: Fix error code in htmlParseChunk 
Found with libFuzzer, see #344.
 2023-02-17 17:18:51 +01:00
Nick Wellnhofer
15b0ed0815 malloc-fail: Fix infinite loop in htmlParseDocTypeDecl 
Found with libFuzzer, see #344.
 2023-02-17 17:18:47 +01:00
Nick Wellnhofer
041789d9ec malloc-fail: Fix null deref in htmlnamePush 
Found with libFuzzer, see #344.
 2023-02-17 17:18:43 +01:00
Nick Wellnhofer
0ec9c91064 malloc-fail: Fix infinite loop in htmlParseStartTag 
Found with libFuzzer, see #344.
 2023-02-17 17:18:38 +01:00
Nick Wellnhofer
04c2955197 malloc-fail: Fix infinite loop in htmlParseContentInternal 
Found with libFuzzer, see #344.
 2023-02-17 17:18:34 +01:00
Nick Wellnhofer
f3e62035d8 malloc-fail: Fix memory leak in htmlCreatePushParserCtxt 
Found with libFuzzer, see #344.
 2023-02-17 17:18:29 +01:00
Nick Wellnhofer
fc256953d2 malloc-fail: Fix memory leak in htmlCreateMemoryParserCtxt 
Found with libFuzzer, see #344.
 2023-02-17 17:18:25 +01:00
Nick Wellnhofer
643b4e90eb malloc-fail: Fix infinite loop in htmlParseStartTag 
Found with libFuzzer, see #344.
 2023-02-17 17:16:52 +01:00
Nick Wellnhofer
ec05f04d8b malloc-fail: Fix memory leak in xmlXIncludeLoadTxt 
Found with libFuzzer, see #344.
 2023-02-17 17:16:52 +01:00
Nick Wellnhofer
c02df68651 malloc-fail: Fix memory leak in xmlXIncludeLoadDoc 
Found with libFuzzer, see #344.
 2023-02-17 17:16:52 +01:00
Nick Wellnhofer
bc7740b3c3 malloc-fail: Fix memory leak in xmlCopyPropList 
Found with libFuzzer, see #344.
 2023-02-17 17:16:52 +01:00
Nick Wellnhofer
8d22e06588 malloc-fail: Fix memory leak after calling xmlXPathNodeSetMerge 
Destroy the first argument in xmlXPathNodeSetMerge if the function
fails. This is somewhat dangerous but matches the expectations of users.

Found with libFuzzer, see #344.
 2023-02-17 17:16:52 +01:00
Nick Wellnhofer
d31a0e8e75 malloc-fail: Fix memory leak after calling xmlXPathWrapString 
Destroy the string in xmlXPathWrapString if the function fails. This is
somewhat dangerous but matches the expectations of users.

Found with libFuzzer, see #344.
 2023-02-17 17:16:52 +01:00
Nick Wellnhofer
3dc645227e malloc-fail: Fix memory leak in xmlXPathEqualValuesCommon 
Found with libFuzzer, see #344.
 2023-02-17 17:16:52 +01:00
Nick Wellnhofer
691f7eb44d malloc-fail: Fix memory leak in xmlXPathCompareValues 
Found with libFuzzer, see #344.
 2023-02-17 17:16:51 +01:00
Nick Wellnhofer
ac746afd33 malloc-fail: Fix memory leak in xmlXPathTryStreamCompile 
Found with libFuzzer, see #344.
 2023-02-17 17:16:51 +01:00
Nick Wellnhofer
85bc313e79 malloc-fail: Fix memory leak after calling valuePush 
Destroy the object in valuePush if the function fails. This is somewhat
dangerous but matches the expectations of users.

Found with libFuzzer, see #344.
 2023-02-17 17:16:51 +01:00
Nick Wellnhofer
f5e1174933 malloc-fail: Fix memory leak after calling xmlXPathWrapNodeSet 
Destroy the node set in xmlXPathWrapNodeSet if the function fails.
This is somewhat dangerous but matches the expectations of users.

Found with libFuzzer, see #344.
 2023-02-17 17:16:51 +01:00
Nick Wellnhofer
3b59fdf001 malloc-fail: Fix memory leak in xmlXIncludeAddNode 
Found with libFuzzer, see #344.
 2023-02-17 17:16:51 +01:00
Nick Wellnhofer
e60c9f4c4b malloc-fail: Fix memory leak after xmlRegNewState 
Invoke xmlRegNewState from xmlRegStatePush to simplify error handling.

Found with libFuzzer, see #344.
 2023-02-17 17:16:51 +01:00
Nick Wellnhofer
cb4334b7ab malloc-fail: Fix memory leak in xmlSAX2StartElementNs 
Found with libFuzzer, see #344.
 2023-02-17 17:16:51 +01:00
Nick Wellnhofer
9fa1b228a5 malloc-fail: Fix memory leak in xmlGetDtdElementDesc2 
Found with libFuzzer, see #344.
 2023-02-17 17:16:51 +01:00
Nick Wellnhofer
c82701ff0b malloc-fail: Fix memory leak in xmlDocDumpFormatMemoryEnc 
Found with libFuzzer, see #344.
 2023-02-17 17:16:51 +01:00
Nick Wellnhofer
97086fd76b malloc-fail: Fix memory leak in xmlParserInputBufferCreateMem 
Found with libFuzzer, see #344.
 2023-02-17 17:16:50 +01:00
Nick Wellnhofer
1c5e1fc194 malloc-fail: Check for malloc failure in xmlFindCharEncodingHandler 
Don't return encoding handlers with a NULL name.

Found with libFuzzer, see #344.
 2023-02-17 17:16:50 +01:00
Nick Wellnhofer
d18f9c1102 malloc-fail: Fix leak of xmlCharEncodingHandler 
Also free handler if its name is NULL.

Found with libFuzzer, see #344.
 2023-02-17 17:16:50 +01:00
Nick Wellnhofer
f8852184a1 malloc-fail: Fix memory leak in xmlParseEntityDecl 
Found with libFuzzer, see #344.
 2023-02-17 17:16:50 +01:00
Nick Wellnhofer
bd33331bb9 regexp: Simplify xmlRegAtomPush 2023-02-17 17:16:50 +01:00
Nick Wellnhofer
3cc900f098 encoding: Cast toupper argument to unsigned char 
Fixes undefined behavior.

Also cast return value explicitly to fix implicit-integer-sign-change
checks.
 2023-02-17 17:16:50 +01:00
Nick Wellnhofer
e20f4d7a65 xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt 
Also make text inclusions work with memory buffers, for example when
using a custom entity loader, and fix a memory leak in case of invalid
characters.

Fixes #483.
 2023-02-14 12:25:07 +01:00
Nick Wellnhofer
a96312db51 xinclude: Avoid timeouts when fuzzing 
Fix the check for maximum number of inclusions.
 2023-02-13 11:29:26 +01:00