IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Found by OSS-Fuzz. I could only reproduce this with the (obsolete)
SAX1 parser.
One leak is caused by duplicate namespaced attribute names and can be
reproduced in memory mode (testcase 4556417027538944):
$ cat file
<d xmlns:a="ns" a:x="v" xmlns:b="ns" b:x="v"/>
$ xmllint --sax1 --memory file
The other is caused by ATTLISTs with a normalized default for "xmlns"
if they're processed after the entity recursion limit was hit
(testcase 5580750034305024).
$ cat file
<!DOCTYPE d [
<!ENTITY a '<d>&a;'>
<!ATTLIST d xmlns NMTOKEN 't'>
]>
<d>&a;
$ xmllint --sax1 --valid file
Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2461
This reverts commit 79c8a6b which caused a serious regression in
streaming mode.
Also reverts part of commit 52ceced "Fix infinite loops with push
parser in recovery mode".
Fixes bug 786554.
Raised by Matthias Pigulla <mp@webfactory.de>
In a nutshell we had that bug on URI composition after some fixes in
the area of localhost empty shortcuts :
./testURI --base file:///some/where file
Without patch: file:/some/file
With patch: file:///some/file
This patch hold the necessary changes to build libxml2 with Visual
Studio 2017 for WIN32 on a 64 bit machine.
Today 64 bit windows installation are very common, and Visual Studio
2017 community is the most recent version i have access to.
I have chosen 32 bit and SDK 8.1 to be as close as possible to Igor Zlatkovic work.
First set of patches for zOS
- entities.c parser.c tree.c xmlschemas.c xmlschemastypes.c xpath.c xpointer.c:
ask conversion of code to ISO Latin 1 to avoid having the compiler assume
EBCDIC codepoint for characters.
- xmlmodule.c: make sure we have support for modules
- xmlIO.c: zOS path names are special avoid dsome of the expectstions from
Unix/Windows
this is used in a callback which will pass a name, the name is ignored
but it's best to have the signature of the function match, pointed out
by Claude Petit
* xmlschemas.c: fix xmlSchemaAugmentImportedIDC() signature no functional
change
OS/400 version V5R3 is not supported by IBM anymore.
In addition, the iSeries system I have here for development has been changed
and the new system is not able to compile for an OS version lower than V6R1.
Thus I made some updates to the libxml2 os400 scripts accordingly:
- Oldest supported OS version is now V6R1.
- Adjust ILE/RPG wrappers comments.
- Update copyright year range.
- Do not log compiler informational messages.
When expanding a parameter entity in a DTD, infinite recursion could
lead to an infinite loop or memory exhaustion.
Thanks to Wei Lei for the first of many reports.
Fixes bug 759579.
If called from xmlParseExternalEntity, oldctxt is NULL which leads to
a NULL deref if an error occurs. This only affects external code that
calls xmlParseExternalEntity.
Patch from David Kilzer with minor changes.
Fixes bug 780159.
Now that replacement of parameter entities goes exclusively through
xmlSkipBlankChars, we can account for the surrounding space characters
there and remove the "blanks wrapper" hack.
It's enough if xmlPopInput is called from xmlSkipBlankChars. Since the
replacement text of a parameter entity is surrounded with space
characters, that's the only place where the replacement can end in a
well-formed document.
This is also required to get rid of the "blanks wrapper" hack.
There are only two places where parameter entity references must be
handled. For the internal subset in xmlParseInternalSubset. For the
external subset or content from other external PEs in xmlSkipBlankChars.
Make sure that xmlSkipBlankChars skips over sequences of PEs and
whitespace. Rely on xmlSkipBlankChars instead of calling
xmlParsePEReference directly when in the external subset or a
conditional section.
xmlParserHandlePEReference is unused now.
Pop all extra input streams before resetting the input. Otherwise,
a call to xmlPopInput could make input available again.
Also set input->end to input->cur.
Changes the test output for some error tests. Unfortunately, some
fuzzed test cases were added to the test suite without manual cleanup.
This makes it almost impossible to review the impact of later changes
on the test output.
If a character can't be represented in the output encoding, it is
converted to a character reference. This used to to replace the
character in the input stream by calling xmlBufAddHead or
xmlBufferAddHead. These functions shifted the entire input array
around, leading to quadratic performance when converting a run of
non-representable characters. This is most pronounced when dumping to
memory.
Output the charref directly instead.
Found with libFuzzer.
In my previous commit that silenced some test output I didn't realize
that doc/examples/Makefile.am was autogenerated.
Also make index.py output deterministic by sorting the glob results.
- Suppress warnings in xmlmemory.c by casting to 'void *'.
- Remove unneeded cast in xmlschemas.c that caused a macro precedence
error.
- Add dummy fields to short structs in xmlschemas.c. This increases the
size of the structs, but I can't see a better solution without using
C11's _Alignof operator.
There are still a couple of cast-align warnings in encoding.c. These
are legitimate portability issues that can't be fixed without reworking
the conversion functions.
Make sure to finish all entities in the internal subset. Nevertheless,
readd a sanity check in xmlParseStartTag2 that was lost in my previous
commit. Also add a sanity check in xmlPopInput. Popping an input
unexpectedly was the source of many recent memory bugs. The check
doesn't mitigate such issues but helps with diagnosis.
Always base entity boundary checks on the input ID, not the input
pointer. The pointer could have been reallocated to the old address.
Always throw a well-formedness error if a boundary check fails. In a
few places, a validity error was thrown.
Fix a few error codes and improve indentation.
xmlParsePEReference is essentially a subset of
xmlParserHandlePEReference, so make xmlParserHandlePEReference call
xmlParsePEReference. The code paths in these functions differed
slighty, but the code from xmlParserHandlePEReference seems more solid
and tested.
Reset 'was_checked' to prevent entity from being parsed twice and SAX
callbacks being invoked twice if XML_PARSE_NOENT was set.
This regressed in version 2.9.3 and caused problems with WebKit.
Fixes bug 760367.
- Silence test output.
- Clean up after doc/examples tests.
- Adjust expected output for script tests.
- Add missing results for relaxng/pattern3
There are still two test failures I can't comment on:
- regexp/bug316338
- schemas/any4_0
test/HTML/758518-entity.html exposed a bug in pushParseTest() in
runtest.c which assumed that an input file was at least 4 bytes long.
That test case is only 3 bytes, so we now take the minimum of 4 bytes
or the length of the test input. We also now use 'chunkSize' in place
of the hard-coded value '1024' later in the function.
