1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-12-24 21:33:51 +03:00
Commit Graph

215 Commits

Author SHA1 Message Date
Nick Wellnhofer
322e733b84 xinclude: Fix fallback for text includes
Fixes #772.
2024-07-18 19:32:23 +02:00
Nick Wellnhofer
a221cd7849 buf: Rework xmlBuf code
Always use what the old implementation called the "IO" allocation
scheme, allowing to move the content pointer past the initial
allocation. This is inexpensive and allows efficient shrinking.

Optimize xmlBufGrow, reusing shrunken memory as much as possible.

Simplify xmlBufAdd.

Make xmlBufBackToBuffer return an error on overflow.

Make "size" exclude the terminating NULL byte.

Always provide an initial size.

Reintroduce static buffers.

Remove xmlBufResize and several other functions.
2024-07-16 17:42:10 +02:00
Nick Wellnhofer
6be79014d7 Remove unused code 2024-07-15 16:33:38 +02:00
Nick Wellnhofer
2e63656ec6 parser: Check return value of inputPush
inputPush typically doesn't fail because we pre-allocate the input
table. The return value should be checked nevertheless.
2024-07-08 11:27:52 +02:00
Nick Wellnhofer
16e7ecd478 xinclude: Check URI length
Don't report long URIs as OOM errors.
2024-07-01 18:03:06 +02:00
Nick Wellnhofer
598ee0d2c6 error: Remove underscores from xmlRaiseError 2024-06-27 14:43:10 +02:00
Nick Wellnhofer
1dd5e76a69 xinclude: Don't remove root element
Don't replace include element at root with empty nodeset.
2024-06-18 20:12:03 +02:00
Nick Wellnhofer
3c7c831c7c xinclude: Set XPath context doc
Regressed in commit 78eab7a1.
2024-06-17 15:47:43 +02:00
Nick Wellnhofer
1ff484339e xinclude: Load included documents with XML_PARSE_DTDLOAD
We must detect ID attributes declared in external DTDs.

Regressed in 12f0bb94.
2024-06-17 15:47:43 +02:00
Nick Wellnhofer
1aa37db04c xinclude: Don't raise error on empty nodeset
xmlXPtrEval returning NULL means an empty nodeset if no error code is
set.

See #733.
2024-06-14 20:55:29 +02:00
Nick Wellnhofer
669bd34993 xpointer: Remove support for XPointer locations
The latest spec for what it essentially an XPath extension seems to be
this working draft from 2002:

    https://www.w3.org/TR/xptr-xpointer/

The xpointer() scheme is listed as "being reviewed" in the XPointer
registry since at least 2006. libxml2 seems to be the only modern
software that tries to implement this spec, but the code has many bugs
and quality issues.

If you configure --with-legacy, old symbols are retained for ABI
compatibility.
2024-06-12 18:20:01 +02:00
Nick Wellnhofer
5238404325 parser: Pass resource type to resource loader 2024-06-12 16:36:12 +02:00
Nick Wellnhofer
fa2592b384 xinclude: Add callbacks for resource loader 2024-06-12 16:36:12 +02:00
Nick Wellnhofer
15ed75664b xinclude: Fix warning when building --without-xptr 2024-06-06 22:18:05 +02:00
Nick Wellnhofer
e75e878e02 doc: Update and fix documentation 2024-05-20 14:23:39 +02:00
Nick Wellnhofer
577fb0e380 xinclude: Report malloc failure in xmlXIncludeMergeEntities 2024-04-27 16:31:01 +02:00
Nick Wellnhofer
087a346448 xinclude: Increase error count in xmlXIncludeErrMemory 2024-04-22 12:44:12 +02:00
Nick Wellnhofer
16ccb61dc1 xinclude: Don't try to fix base of non-elements
This would result in a spurious error.
2024-04-05 13:19:56 +02:00
Nick Wellnhofer
365976dbe0 xinclude: Don't use xmlHasNsProp
This function can malloc and doesn't report failures.

Another design mistake is that xmlUnsetNsProp requires an xmlNs
struct.
2024-03-30 17:17:21 +01:00
Nick Wellnhofer
f43197fca7 tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling
Commit 9e1c72da from 2001 introduced a bug where xmlAddPrevSibling and
xmlAddNextSibling would only try to merge text nodes with one of its
new siblings. Commit 4ccd3eb8 fixed this bug but unfortunately, lxml
and possibly other downstream code depend on text nodes not being
merged.

To avoid breaking downstream code while still having somewhat
consistent API behavior, it's probably best to make these functions
never coalesce text nodes.
2024-03-29 14:21:11 +01:00
Nick Wellnhofer
1ace0e8529 xinclude: Report malloc failure in xmlXIncludeAddNode 2024-03-24 12:28:22 +01:00
Nick Wellnhofer
0d04d79cd4 xinclude: Report malloc failures in xmlXIncludeIncludeNode 2024-03-22 12:26:28 +01:00
Nick Wellnhofer
3bdd0d7b30 xinclude: Set errNo in xmlXIncludeErrMemory 2024-03-18 14:13:15 +01:00
Nick Wellnhofer
12f0bb9478 parser: Synchronize more options 2024-01-05 20:39:40 +01:00
Nick Wellnhofer
0821efc8ee encoding: Check whether encoding handlers support input/output
The "HTML" encoding handler doesn't support input which could lead to a
wrong error report.
2024-01-02 19:48:23 +01:00
Nick Wellnhofer
e8fb3d639f parser: Convert some "internal errors" to meaningful codes 2024-01-02 19:48:23 +01:00
Nick Wellnhofer
2a2fbe1e5b xinclude: Only set xml:base if necessary 2023-12-28 16:47:45 +01:00
Nick Wellnhofer
8a685a3dfc xinclude: Allow empty nodesets
There's no reason to treat an empty nodeset as error.
2023-12-28 16:47:45 +01:00
Nick Wellnhofer
955c177f69 parser: Stop using 'directory' struct member
This was only used as a pointless fallback for URI resolution.
2023-12-25 23:38:40 +01:00
Nick Wellnhofer
6e3a2ac660 xinclude: Rework xml:base fixup
The xml:base fixup was broken in more complex cases.

Also avoid parsing and building the included URI multiple times.
2023-12-25 23:38:40 +01:00
Nick Wellnhofer
35a4bc50d0 xinclude: Report to xmlGenericError 2023-12-25 23:38:40 +01:00
Nick Wellnhofer
c8f1f4a280 doc: Improve documentation of error handlers 2023-12-21 17:36:17 +01:00
Nick Wellnhofer
0a658c0f0a io: Don't use "-" to read from stdin
To implement this feature on such a low level is a disaster waiting to
happen. Remove these checks from the IO code and move them to xmllint.

Note that the serialization API will still treat "-" as stdout.
2023-12-21 15:02:24 +01:00
Nick Wellnhofer
2829a21a95 xinclude: Improve error handling
Introduce xmlXIncludeSetErrorHandler allowing to set a structured error
handler for an XInclude context and forwarding errors from parser.

Remove arguments from memory error handlers.

Use xmlRaiseMemoryError.
2023-12-21 02:46:27 +01:00
Nick Wellnhofer
78eab7a130 xinclude: Report malloc failures
Fix many places where malloc failures aren't reported.

Introduce a new API function xmlXIncludeGetLastError.
2023-12-11 22:13:05 +01:00
Nick Wellnhofer
80a0580f23 xinclude: Expand comment about fuzz timeouts 2023-09-30 15:47:46 +02:00
Nick Wellnhofer
b9db3d7d02 parser: Simplify xmlStringCurrentChar
Start to move away from using this function.
2023-09-22 19:01:11 +02:00
Nick Wellnhofer
699299cae3 globals: Stop including globals.h 2023-09-20 22:07:40 +02:00
Nick Wellnhofer
4e1c13ebfd debug: Remove debugging code
This is barely useful these days and only clutters the code base.
2023-09-19 17:35:09 +02:00
Nick Wellnhofer
4aa08c80b7 xinclude: Fix 'last' pointer in xmlXIncludeCopyNode
Also set the 'last' pointer for the root node.

Fixes https://gitlab.gnome.org/GNOME/libxslt/-/issues/93
2023-09-08 14:52:22 +02:00
Nick Wellnhofer
687a2b719e xinclude: Lower initial table size when fuzzing
We don't have test cases with many documents, so set the initial table
size to 1 when fuzzing, so there is a chance to detect reallocation
issues.
2023-05-11 13:27:52 +02:00
Nick Wellnhofer
c40cbf07a3 malloc-fail: Fix null deref after xmlXIncludeNewRef
See #344.
2023-05-11 13:27:52 +02:00
Nick Wellnhofer
105ce73da0 xinclude: Fix false positives in inclusion loop detection
xmlXIncludeRecurseDoc can realloc the cache.
2023-05-11 13:27:52 +02:00
Nick Wellnhofer
ec05f04d8b malloc-fail: Fix memory leak in xmlXIncludeLoadTxt
Found with libFuzzer, see #344.
2023-02-17 17:16:52 +01:00
Nick Wellnhofer
c02df68651 malloc-fail: Fix memory leak in xmlXIncludeLoadDoc
Found with libFuzzer, see #344.
2023-02-17 17:16:52 +01:00
Nick Wellnhofer
3b59fdf001 malloc-fail: Fix memory leak in xmlXIncludeAddNode
Found with libFuzzer, see #344.
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
e20f4d7a65 xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt
Also make text inclusions work with memory buffers, for example when
using a custom entity loader, and fix a memory leak in case of invalid
characters.

Fixes #483.
2023-02-14 12:25:07 +01:00
Nick Wellnhofer
a96312db51 xinclude: Avoid timeouts when fuzzing
Fix the check for maximum number of inclusions.
2023-02-13 11:29:26 +01:00
Nick Wellnhofer
be0ec005f3 xinclude: Abort immediately if max depth was exceeded
Avoids resource exhaustion if the maximum recursion depth was exceeded.

Note that the XInclude engine offers no protection against other
"billion laughs"-style amplification attacks as long as they stay below
the maximum depth.
2023-02-13 11:29:26 +01:00
Nick Wellnhofer
dc2dde1ab9 malloc-fail: Fix null deref in xmlXIncludeLoadTxt
Found with libFuzzer, see #344.
2023-02-13 11:19:55 +01:00