IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
With certain invalid UTF-8, xmlUTF8Strsize can read up to 6 bytes
beyond the end of the string and return the wrong size.
This means that in xmlUTF8Strndup and similar code, some content behind
the string is copied. But since the terminating \0 is copied as well,
this probably can't be exploited to leak sensitive information.
Found by afl-fuzz and ASan.
* xmlschemas.c xmlstring.c: Fixed a segfault during
text concatenation when validating a node tree:
xmlStrncat was called with a @len of -1; but unlike
xmlStrncatNew, it does not calculate the length
automatically in such a case (reported by Judy Hay
on the mailing list).
Updated the descriptions of the involved string
functions to note this.
* HTMLparser.c configure.in parserInternals.c runsuite.c runtest.c
testapi.c xmlschemas.c xmlschemastypes.c xmlstring.c: fixed a number
of warnings shown by HP-UX compiler and reported by Rick Jones
Daniel
* error.c globals.c parser.c runtest.c testHTML.c testSAX.c
threads.c valid.c xmllint.c xmlreader.c xmlschemas.c xmlstring.c
xmlwriter.c include/libxml/parser.h include/libxml/relaxng.h
include/libxml/valid.h include/libxml/xmlIO.h
include/libxml/xmlerror.h include/libxml/xmlexports.h
include/libxml/xmlschemas.h: applied a patch from Marcus Boerger
to fix problems with calling conventions on Windows this should
fix#309757
Daniel
* doc/apibuild.py doc/elfgcchack.xsl: revamped the elfgcchack.h
format to cope with gcc4 change of aliasing allowed scopes, had
to add extra informations to doc/libxml2-api.xml to separate
the header from the c module source.
* *.c: updated all c library files to add a #define bottom_xxx
and reimport elfgcchack.h thereafter, and a bit of cleanups.
* doc//* testapi.c: regenerated when rebuilding the API
Daniel
* parser.c: reset input->base within xmlStopParser
* xmlstring.c: removed call to xmlUTF8Strlen from within
xmlUTF8Strpos (Bill Moseley pointed out it was not
useful)
* gentest.py testapi.c: autogenerate a minimal NULL value sequence
for unknown pointer types
* HTMLparser.c SAX2.c chvalid.c encoding.c entities.c parser.c
parserInternals.c relaxng.c valid.c xmlIO.c xmlreader.c
xmlsave.c xmlschemas.c xmlschemastypes.c xmlstring.c xpath.c
xpointer.c: This uncovered an impressive amount of entry points
not checking for NULL pointers when they ought to, closing all
the open gaps.
Daniel
* xmlmemory.c include/libxml/xmlmemory.h: adding xmlMemBlocks()
* Makefile.am gentest.py testapi.c: work on generator of an
automatic API regression test tool.
* SAX2.c nanoftp.c parser.c parserInternals.c tree.c xmlIO.c
xmlstring.c: various API hardeing changes as a result of running
teh first set of automatic API regression tests.
* test/slashdot16.xml: apparently missing from CVS, commited it
Daniel
* catalog.c: added code to handle <group>, including dumping
to output (bug 151924).
* xmlcatalog.c, xmlstring.c, parser.c: minor compiler warning
cleanup (no change to logic)
* SAX2.c: fixed bug introduced during OOM fixup causing problems
with default namespace when a named prefix with the same href
was present (reported on the mailing list by Karl Eichwalder.
* xmlstring.c: modified xmlCheckUTF8 with suggested code from
Julius Mittenzwei.
* dict.c: added a typecast to try to avoid problem reported by
Pascal Rodes.
* tree.c: Dodji pointed out a bug in xmlGetNodePath()
* xmlcatalog.c: applied patch from Albert Chin to add a
--no-super-update option to xmlcatalog see #145461
and another patch also from Albert Chin to not crash
on -sgml --del without args see #145462
* Makefile.am: applied another patch from Albert Chin to
fix a problem with diff on Solaris #145511
* xmlstring.c: fix xmlCheckUTF8() according to the suggestion
in bug #148115
* python/libxml.py: apply fix from Marc-Antoine Parent about
the errors in libxml(2).py on the node wrapper #135547
Daniel
* dict.c parser.c xmlstring.c: some parser optimizations,
xmllint --memory --timing --repeat --stream ./db10000.xml
went down from 16.5 secs to 15.5 secs.
Daniel
* encoding.c, parser.c, xmlstring.c, Makefile.am,
include/libxml/Makefile.am, include/libxml/catalog.c,
include/libxml/chvalid.h, include/libxml/encoding.h,
include/libxml/parser.h, include/libxml/relaxng.h,
include/libxml/tree.h, include/libxml/xmlwriter.h,
include/libxml/xmlstring.h:
moved string and UTF8 routines out of parser.c and encoding.c
into a new module xmlstring.c with include file
include/libxml/xmlstring.h mostly using patches from Reid
Spencer. Since xmlChar now defined in xmlstring.h, several
include files needed to have a #include added for safety.
* doc/apibuild.py: added some additional sorting for various
references displayed in the APIxxx.html files. Rebuilt the
docs, and also added new file for xmlstring module.
* configure.in: small addition to help my testing; no effect on
normal usage.
* doc/search.php: added $_GET[query] so that persistent globals
can be disabled (for recent versions of PHP)
