IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in
xmlXPathCompOpEvalPositionalPredicate to make sure that the context
object on the stack is actually protected. Otherwise, memory corruption
can occur when calling sloppily coded XPath extension functions.
Fixes bug 783160.
Commit c851970 removed a redundant error message if XPath evaluation
failed. This uncovered a case where an undefined XPath variable error
wasn't reported correctly.
Thanks to Petr Pisar for the report.
Fixes bug 787941.
In attribute content, don't emit entity references if there are
problems with the entity value. Otherwise some illegal entity values
like
<!ENTITY a '&#x123456789;'>
would later cause problems like integer overflow.
Make xmlStringLenDecodeEntities return NULL on more error conditions
including invalid char refs and errors from recursive calls. Remove
some fragile error checks based on lastError that shouldn't be
needed now. Clear the entity content in xmlParseAttValueComplex if
an error was found.
Found by OSS-Fuzz. Should fix bug 783052.
Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3343
Otherwise malicious LZMA compressed files could consume large amounts
of memory when decompressed.
According to the xz man page, files compressed with `xz -9` currently
require 65 MB to decompress, so set the limit to 100 MB.
Should fix bug 786696.
Found by OSS-Fuzz. I could only reproduce this with the (obsolete)
SAX1 parser.
One leak is caused by duplicate namespaced attribute names and can be
reproduced in memory mode (testcase 4556417027538944):
$ cat file
<d xmlns:a="ns" a:x="v" xmlns:b="ns" b:x="v"/>
$ xmllint --sax1 --memory file
The other is caused by ATTLISTs with a normalized default for "xmlns"
if they're processed after the entity recursion limit was hit
(testcase 5580750034305024).
$ cat file
<!DOCTYPE d [
<!ENTITY a '<d>&a;'>
<!ATTLIST d xmlns NMTOKEN 't'>
]>
<d>&a;
$ xmllint --sax1 --valid file
Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2461
This reverts commit 79c8a6b which caused a serious regression in
streaming mode.
Also reverts part of commit 52ceced "Fix infinite loops with push
parser in recovery mode".
Fixes bug 786554.
Raised by Matthias Pigulla <mp@webfactory.de>
In a nutshell we had that bug on URI composition after some fixes in
the area of localhost empty shortcuts :
./testURI --base file:///some/where file
Without patch: file:/some/file
With patch: file:///some/file
This patch hold the necessary changes to build libxml2 with Visual
Studio 2017 for WIN32 on a 64 bit machine.
Today 64 bit windows installation are very common, and Visual Studio
2017 community is the most recent version i have access to.
I have chosen 32 bit and SDK 8.1 to be as close as possible to Igor Zlatkovic work.
First set of patches for zOS
- entities.c parser.c tree.c xmlschemas.c xmlschemastypes.c xpath.c xpointer.c:
ask conversion of code to ISO Latin 1 to avoid having the compiler assume
EBCDIC codepoint for characters.
- xmlmodule.c: make sure we have support for modules
- xmlIO.c: zOS path names are special avoid dsome of the expectstions from
Unix/Windows
this is used in a callback which will pass a name, the name is ignored
but it's best to have the signature of the function match, pointed out
by Claude Petit
* xmlschemas.c: fix xmlSchemaAugmentImportedIDC() signature no functional
change
OS/400 version V5R3 is not supported by IBM anymore.
In addition, the iSeries system I have here for development has been changed
and the new system is not able to compile for an OS version lower than V6R1.
Thus I made some updates to the libxml2 os400 scripts accordingly:
- Oldest supported OS version is now V6R1.
- Adjust ILE/RPG wrappers comments.
- Update copyright year range.
- Do not log compiler informational messages.
When expanding a parameter entity in a DTD, infinite recursion could
lead to an infinite loop or memory exhaustion.
Thanks to Wei Lei for the first of many reports.
Fixes bug 759579.
If called from xmlParseExternalEntity, oldctxt is NULL which leads to
a NULL deref if an error occurs. This only affects external code that
calls xmlParseExternalEntity.
Patch from David Kilzer with minor changes.
Fixes bug 780159.
Now that replacement of parameter entities goes exclusively through
xmlSkipBlankChars, we can account for the surrounding space characters
there and remove the "blanks wrapper" hack.
It's enough if xmlPopInput is called from xmlSkipBlankChars. Since the
replacement text of a parameter entity is surrounded with space
characters, that's the only place where the replacement can end in a
well-formed document.
This is also required to get rid of the "blanks wrapper" hack.
There are only two places where parameter entity references must be
handled. For the internal subset in xmlParseInternalSubset. For the
external subset or content from other external PEs in xmlSkipBlankChars.
Make sure that xmlSkipBlankChars skips over sequences of PEs and
whitespace. Rely on xmlSkipBlankChars instead of calling
xmlParsePEReference directly when in the external subset or a
conditional section.
xmlParserHandlePEReference is unused now.
Pop all extra input streams before resetting the input. Otherwise,
a call to xmlPopInput could make input available again.
Also set input->end to input->cur.
Changes the test output for some error tests. Unfortunately, some
fuzzed test cases were added to the test suite without manual cleanup.
This makes it almost impossible to review the impact of later changes
on the test output.
If a character can't be represented in the output encoding, it is
converted to a character reference. This used to to replace the
character in the input stream by calling xmlBufAddHead or
xmlBufferAddHead. These functions shifted the entire input array
around, leading to quadratic performance when converting a run of
non-representable characters. This is most pronounced when dumping to
memory.
Output the charref directly instead.
Found with libFuzzer.
In my previous commit that silenced some test output I didn't realize
that doc/examples/Makefile.am was autogenerated.
Also make index.py output deterministic by sorting the glob results.
- Suppress warnings in xmlmemory.c by casting to 'void *'.
- Remove unneeded cast in xmlschemas.c that caused a macro precedence
error.
- Add dummy fields to short structs in xmlschemas.c. This increases the
size of the structs, but I can't see a better solution without using
C11's _Alignof operator.
There are still a couple of cast-align warnings in encoding.c. These
are legitimate portability issues that can't be fixed without reworking
the conversion functions.
