1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-12-24 21:33:51 +03:00
Commit Graph

45 Commits

Author SHA1 Message Date
Nick Wellnhofer
a279aae30f io: Allocate output buffer with XML_BUFFER_ALLOC_IO
This allows efficient shrinking of memory buffers.

Support IO buffers in xmlBufDetach.
2024-03-18 15:14:43 +01:00
Nick Wellnhofer
9c2d451c02 malloc-fail: Fix use-after-free in xmlBufBackToBuffer 2024-03-15 19:47:08 +01:00
Nick Wellnhofer
c1fe9e72ef io: Report more malloc failures when writing to output buffer 2024-03-15 19:47:08 +01:00
Nick Wellnhofer
e314109ad1 save: Don't write directly to internal buffer
Make sure that OOM errors are reported.
2024-02-16 16:14:05 +01:00
Nick Wellnhofer
fbe10a466f save: Move DTD serialization code to xmlsave.c 2024-02-04 14:33:19 +01:00
Nick Wellnhofer
8e13133dbd malloc-fail: Don't truncate parser input buffer
We now follow a laissez-faire approach when handling malloc failures and
removed many checks whether the parser was stopped by such an error.
This means the parser input must not be truncated to avoid out-of-bounds
reads.

Short-lived regression.
2023-12-12 15:22:23 +01:00
Nick Wellnhofer
c37a9051b0 buf: Stop invoking global error handler
Memory errors from low-level code should be handled by higher layers.
2023-12-11 22:05:47 +01:00
Nick Wellnhofer
fef12ed816 buf: Also reset input in error case
Avoid dangling pointers if memory allocation failed. This could cause
a use-after-free after recent changes.

Found by OSS-Fuzz.
2023-10-11 13:32:54 +02:00
Nick Wellnhofer
699299cae3 globals: Stop including globals.h 2023-09-20 22:07:40 +02:00
Nick Wellnhofer
4e1c13ebfd debug: Remove debugging code
This is barely useful these days and only clutters the code base.
2023-09-19 17:35:09 +02:00
Nick Wellnhofer
59fa0bb383 parser: Simplify input pointer updates
The base member always points to the beginning of the buffer.
2023-08-08 15:21:14 +02:00
Nick Wellnhofer
b236b7a588 parser: Halt parser when growing buffer results in OOM
Fix short-lived regression from previous commit.

It might be safer to make xmlBufSetInputBaseCur use the original buffer
even in case of errors.

Found by OSS-Fuzz.
2023-06-08 21:59:20 +02:00
Nick Wellnhofer
1aabc9db40 malloc-fail: Fix null deref in xmlBufResize
Found with libFuzzer, see #344.
2023-01-24 11:32:15 +01:00
Nick Wellnhofer
f8c5e7fb75 buf: Fix return value of xmlBufGetInputBase
Don't return (size_t) -1 in error case.

Found with libFuzzer and -fsanitize=implicit-conversion.
2023-01-24 11:32:15 +01:00
Nick Wellnhofer
2059df5358 buf: Deprecate static/immutable buffers 2022-11-20 21:16:03 +01:00
Nick Wellnhofer
2cac626976 Don't use sizeof(xmlChar) or sizeof(char) 2022-09-01 03:35:19 +02:00
Nick Wellnhofer
ad338ca737 Remove explicit integer casts
Remove explicit integer casts as final operation

- in assignments
- when passing arguments
- when returning values

Remove casts

- to the same type
- from certain range-bound values

The main motivation is that these explicit casts don't change the result
of operations and only render UBSan's implicit-conversion checks
useless. Removing these casts allows UBSan to detect cases where
truncation or sign-changes occur unexpectedly.

Document some explicit casts as truncating and add a few missing ones.
2022-09-01 02:33:57 +02:00
Nick Wellnhofer
0f568c0b73 Consolidate private header files
Private functions were previously declared

- in header files in the root directory
- in public headers guarded with IN_LIBXML
- in libxml.h
- redundantly in source files that used them.

Consolidate all private header files in include/private.
2022-08-26 02:11:56 +02:00
David Kilzer
6ef16dee7a Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer
This is a follow-up to commit 6c283d83.

* buf.c:
(xmlBufGrowInternal):
- Call xmlBufMemoryError() when the buffer size would overflow.
- Account for NUL terminator byte when using XML_MAX_TEXT_LENGTH.
- Do not include NUL terminator byte when returning length.
(xmlBufAdd):
- Call xmlBufMemoryError() when the buffer size would overflow.

* tree.c:
(xmlBufferGrow):
- Call xmlTreeErrMemory() when the buffer size would overflow.
- Do not include NUL terminator byte when returning length.
(xmlBufferResize):
- Update error message in xmlTreeErrMemory() to be consistent
  with other similar messages.
(xmlBufferAdd):
- Call xmlTreeErrMemory() when the buffer size would overflow.
(xmlBufferAddHead):
- Add overflow checks similar to those in xmlBufferAdd().
2022-06-16 12:01:27 +00:00
David Kilzer
4ce2abf6f6 Fix missing NUL terminators in xmlBuf and xmlBuffer functions
* buf.c:
(xmlBufAddLen):
- Change check for remaining space to account for the NUL
  terminator.  When adding a length exactly equal to the number
  of unused bytes, a NUL terminator was not written.
(xmlBufResize):
- Set `buf->use` and NUL terminator when allocating a new
  buffer.
* tree.c:
(xmlBufferResize):
- Set `buf->use` and NUL terminator when allocating a new
  buffer.
(xmlBufferAddHead):
- Set NUL terminator before returning early when shifting
  contents.
2022-06-16 11:23:06 +00:00
David Kilzer
c14cac8bba xmlBufAvail() should return length without including a byte for NUL terminator
* buf.c:
(xmlBufAvail):
- Return the number of bytes available in the buffer, but do not
  include a byte for the NUL terminator so that it is reserved.

* encoding.c:
(xmlCharEncFirstLineInput):
(xmlCharEncInput):
(xmlCharEncOutput):
* xmlIO.c:
(xmlOutputBufferWriteEscape):
- Remove code that subtracts 1 from the return value of
  xmlBufAvail().  It was implemented inconsistently anyway.
2022-05-25 18:25:19 -07:00
David Kilzer
fe9f76ebb8 Remove unused xmlBuf functions
Remove the following functions:
- xmlBufAddHead()
- xmlBufErase()
- xmlBufInflate()
- xmlBufWriteCHAR()
- xmlBufWriteChar()
2022-05-25 16:01:35 -07:00
Nick Wellnhofer
6c283d83ec [CVE-2022-29824] Fix integer overflows in xmlBuf and xmlBuffer
In several places, the code handling string buffers didn't check for
integer overflow or used wrong types for buffer sizes. This could
result in out-of-bounds writes or other memory errors when working on
large, multi-gigabyte buffers.

Thanks to Felix Wilhelm for the report.
2022-05-02 14:11:07 +02:00
David Kilzer
a15f2abef1 Use UPDATE_COMPAT() consistently in buf.c
* buf.c:
(xmlBufCreate):
(xmlBufCreateSize):
(xmlBufDetach):
(xmlBufCreateStatic):
(xmlBufFromBuffer):
2022-04-10 12:55:52 +00:00
Nick Wellnhofer
776d15d383 Don't check for standard C89 headers
Don't check for

- ctype.h
- errno.h
- float.h
- limits.h
- math.h
- signal.h
- stdarg.h
- stdlib.h
- string.h
- time.h

Stop including non-standard headers

- malloc.h
- strings.h
2022-03-02 00:43:54 +01:00
Nick Wellnhofer
346c3a930c Remove elfgcchack.h
The same optimization can be enabled with -fno-semantic-interposition
since GCC 5. clang has always used this option by default.
2022-02-20 21:49:04 +01:00
Nick Wellnhofer
3f18e7486d Reset HTML parser input before reporting error
Avoid use-after-free, similar to 13ba5b61. Also make sure that
xmlBufSetInputBaseCur sets valid pointers in case of buffer errors.

Found by OSS-Fuzz.
2020-07-11 14:39:52 +02:00
Nick Wellnhofer
20c60886e4 Fix typos
Resolves #133.
2020-03-08 17:41:53 +01:00
Nick Wellnhofer
bf2e96173d Fix overflow handling in xmlBufBackToBuffer
Don't overwrite 'use' and 'size' members after clamping to INT_MAX.

Thanks to Ranier Vilela for pointing this out in merge request !56.
2019-11-07 12:54:01 +01:00
Jared Yanovich
2a350ee9b4 Large batch of typo fixes
Closes #109.
2019-09-30 18:04:38 +02:00
Nick Wellnhofer
6705f4d28e Remove executable bit from non-executable files 2019-09-16 15:48:59 +02:00
Nick Wellnhofer
5f1f455c2f Fix potential memory leak in xmlBufBackToBuffer
Fixes bug #794373
https://bugzilla.gnome.org/show_bug.cgi?id=794373

Also see merge request !42
2019-09-13 15:51:16 +02:00
Nick Wellnhofer
8bbe4508ef Spelling and grammar fixes
Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other
misspellings.
2017-06-17 16:34:23 +02:00
Nick Wellnhofer
94f6ce838c Allow zero sized memory input buffers
Useful for a fuzz target I'm working on.
2017-06-10 17:42:04 +02:00
Daniel Veillard
213f1fe0d7 CVE-2015-1819 Enforce the reader to run in constant memory
One of the operation on the reader could resolve entities
leading to the classic expansion issue. Make sure the
buffer used for xmlreader operation is bounded.
Introduce a new allocation type for the buffers for this effect.
2015-04-14 17:41:48 +08:00
Kurt Roeckx
95ebe53b50 Fix and add const qualifiers
For https://bugzilla.gnome.org/show_bug.cgi?id=689483

It seems there are functions that do use the const qualifier for some of the
arguments, but it seems that there are a lot of functions that don't use it and
probably should.

So I created a patch against 2.9.0 that makes as much as possible const in
tree.h, and changed other files as needed.

There were a lot of cases like "const xmlNodePtr node".  This doesn't actually
do anything, there the *pointer* is constant not the object it points to. So I
changed those to "const xmlNode *node".

I also removed some consts, mostly in the Copy functions, because those
functions can actually modify the doc or node they copy from
2014-10-13 16:06:21 +08:00
Roumen Petrov
2ff9284325 elfgcchack for buf module 2013-04-01 16:48:44 +08:00
Daniel Veillard
28cc42d068 Regenerating docs and API files
Various cleanups
* configure.in: force regeneration of APIs in my environment
* buf.c buf.h enc.h encoding.c include/libxml/tree.h
  include/libxml/xmlerror.h save.h tree.c: various comment cleanups
  pointed by apibuild
* doc/apibuild.py: added the 3 new internal headers in the excludes
* doc/libxml2-api.xml doc/libxml2-refs.xml: regenerated the API
* doc/symbols.xml: listing new entry points for 2.9.0
* doc/devhelp/*: regenerated
2012-08-10 10:00:18 +08:00
Daniel Veillard
7f713494ad Improve compatibility between xmlBuf and xmlBuffer
An old xsltproc binary now works correctly with the new libxml2
2012-08-07 14:39:07 +08:00
Daniel Veillard
18e1f1f118 Improvements for old buffer compatibility
Now tree.h exports LIBXML2_NEW_BUFFER macro indicating that the
API uses the new buffers, important to keep code working with
both versions.
* tree.h buf.h: also export xmlBufContent(), xmlBufEnd(), and xmlBufUse()
          to help port the old code
* buf.c: make sure the compatibility counters are updated on
          buffer usage, to keep proper working of application compiled
	  against the old structures, but take care of int overflow
2012-08-06 10:16:41 +08:00
Daniel Veillard
6f6feba876 Fixup for buf.c 2012-07-25 16:30:56 +08:00
Daniel Veillard
9ee02f80a4 Harden the buffer code and make it more compatible
Mimic the old xmlBuffer strcture in xmlBuf to avaoid catastrophic
failures in case of old code directly reading ctxt->input->buf->buffer

Check on all buffer entry points if an error previously occured on
the buffer, and fail the operation if this is the case, the buffer
becomes immutable and unreadable.
2012-07-23 14:24:27 +08:00
Daniel Veillard
00ac0d3b96 More cleanups for input/buffers code
When calling xmlParserInputBufferPush, the buffer may be reallocated
and at the input level the pointers for base, cur and end need to
be reevaluated.
* buf.c buf.h: add two new functions, one to get the base from the
  input of the buffer, and another one to reset the pointers based
  on the cur and base inded
* HTMLparser.c parser.c: cleanup to use the new helper functions
  as well as making sure size_t is used for the indexes computations
2012-07-23 14:24:27 +08:00
Daniel Veillard
61551a1eb7 Cleanup function xmlBufResetInput() to set input from Buffer
This was scattered in a number of modules, xmlParserInputPtr
have usually their base, cur and end pointer set from an
xmlBuf used as input.
* buf.c buf.h: add a new function implementing this setup
* parser.c HTMLparser.c catalog.c parserInternals.c xmlreader.c
  use the new function instead of digging into the buffer in
  all those modules
2012-07-23 14:24:27 +08:00
Daniel Veillard
bca22f40c3 Adding a new buf module for buffers
This also add converter functions between xmlBuf and xmlBuffer
* buf.c buf.h: the old xmlBuffer routines but modified for size_t
  and using xmlBuf instead of xmlBuffer
* Makefile.am: add the 2 new files
* include/libxml/xmlerror.h: add an entry for the new module
* include/libxml/tree.h: expose the xmlBufPtr type but not the
  structure which stay private
2012-07-23 14:24:26 +08:00