IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
XML_LIBS should include LZMA_LIBS. This ensures that 'xml2-config --libs'
shows -llzma when xz is enabled. Otherwise static link fails because of
missing xz symbols.
Make sure that xmlXPathNodeSetAddNs is called for namespace nodes when
matched with a namespace::node() step. This correctly sets the parent
of namespace nodes. Note that xmlXPathNodeSetAddNs must only be called
if working on the namespace axis. Otherwise, the context node is not
the parent of the namespace node and the standard XP_TEST_HIT macro
must be invoked. This explains the errors in the C14N tests that the
old TODO comment mentioned.
xmlXPathEmptyNodeSet would write a NULL pointer just beyond the end of
the nodeTab array. This macro isn't used in libxml2, but in some of the
math functions in libexslt where it can result in heap corruption and
denial of service.
Found by afl-fuzz and ASan.
The NCName parser would allow any NameChar as start character. For
example, the following XPath expressions would compile:
self::-abc
self::0abc
self::.abc
With certain invalid UTF-8, xmlUTF8Strsize can read up to 6 bytes
beyond the end of the string and return the wrong size.
This means that in xmlUTF8Strndup and similar code, some content behind
the string is copied. But since the terminating \0 is copied as well,
this probably can't be exploited to leak sensitive information.
Found by afl-fuzz and ASan.
Add missing test results to fix the following errors when
running "make Schemastests":
## Schemas regression tests
diff: ./result/schemas/regexp-char-ref_0_0.err: No such file or directory
diff: ./result/schemas/regexp-char-ref_1_0.err: No such file or directory
* result/schemas/regexp-char-ref_0_0.err: Added.
* result/schemas/regexp-char-ref_1_0.err: Added.
* configure.ac: Add fallback tests if the icu-config tool is not
installed (like on Mac OS X). This also allows an include
prefix to be set using "--with-icu=/prefix/to/icu", similar to
--with-iconv.
* parser.c:
(xmlCheckCdataPush): Add 'complete' argument to describe whether
the buffer passed in is the whole CDATA buffer, or if there is
more data to parse. If there is more data to parse, don't
return a negative value for an invalid multi-byte UTF-8
character that is split between buffers.
(xmlParseTryOrFinish): Pass 'complete' argument to
xmlCheckCdataPush() as appropriate.
* result/cdata-2-byte-UTF-8.xml: Added.
* result/cdata-2-byte-UTF-8.xml.rde: Added.
* result/cdata-2-byte-UTF-8.xml.rdr: Added.
* result/cdata-2-byte-UTF-8.xml.sax: Added.
* result/cdata-2-byte-UTF-8.xml.sax2: Added.
* result/cdata-3-byte-UTF-8.xml: Added.
* result/cdata-3-byte-UTF-8.xml.rde: Added.
* result/cdata-3-byte-UTF-8.xml.rdr: Added.
* result/cdata-3-byte-UTF-8.xml.sax: Added.
* result/cdata-3-byte-UTF-8.xml.sax2: Added.
* result/cdata-4-byte-UTF-8.xml: Added.
* result/cdata-4-byte-UTF-8.xml.rde: Added.
* result/cdata-4-byte-UTF-8.xml.rdr: Added.
* result/cdata-4-byte-UTF-8.xml.sax: Added.
* result/cdata-4-byte-UTF-8.xml.sax2: Added.
* result/noent/cdata-2-byte-UTF-8.xml: Added.
* result/noent/cdata-3-byte-UTF-8.xml: Added.
* result/noent/cdata-4-byte-UTF-8.xml: Added.
* test/cdata-2-byte-UTF-8.xml: Added.
* test/cdata-3-byte-UTF-8.xml: Added.
* test/cdata-4-byte-UTF-8.xml: Added.
- Add tests and results. Only 'make Readertests XMLPushtests'
fails prior to the fix.
--047d7bacb4ee71848a052d7c673a
Content-Type: text/plain; charset=UTF-8
The config.h file in win32\VC10 is incompatible with VS 2015 because VS
2015 provides an implementation of snprintf and prohibits using the
preprocessor to define it. Therefor an ifdef check is needed around that
definition in VC10\config.h. Here is a patch that is compatible with the
change that we made to Chromium's copy:
For https://bugzilla.gnome.org/show_bug.cgi?id=761782
autogen.sh was not included in the tarball releases which complicates
situations when users have to make changes to e.g. configure.ac andi
have to re-generate configure.
For https://bugzilla.gnome.org/show_bug.cgi?id=761784
I wasn't able to build libxml2 because aclocal-1.13 was missing from
my machine. With AM_MAINTAINER_MODE, I'm able to configure libxml2 with
'--disable-maintainer-mode' which will disable checks for aclocal.
For https://bugzilla.gnome.org/show_bug.cgi?id=759671
when the end of the internal subset isn't properly detected
xmlParseInternalSubset should just return instead of trying
to process input further.
For https://bugzilla.gnome.org/show_bug.cgi?id=756372
Error in the code pointing to the codepoint in the stack for the
current char value instead of the pointer in the input that the SAX
callback expects
Reported and fixed by Hugh Davenport
For https://bugzilla.gnome.org/show_bug.cgi?id=756525
handle properly the case where we popped out of the current entity
while processing a start tag
Reported by Kostya Serebryany @ Google
This slightly modifies the output of 754946 in regression tests
Unify the various place where either xmlStopParser was called
(which resets the error as a side effect) and places where we
used ctxt->instate = XML_PARSER_EOF to stop further processing
The problem is doing it in a consistent and safe fashion
It's more complex than just setting ctxt->instate = XML_PARSER_EOF
Update the public function to reuse that new internal routine
For https://bugzilla.gnome.org/show_bug.cgi?id=756733
It is one case where the code in place to detect entities expansions
failed to exit when the situation was detected, leading to DoS
Problem reported by Kostya Serebryany @ Google
Patch provided by David Drysdale @ Google
For https://bugzilla.gnome.org/show_bug.cgi?id=756528
It was possible to hit a negative offset in the name indexing
used to randomize the dictionary key generation
Reported and fix provided by David Drysdale @ Google
For https://bugzilla.gnome.org/show_bug.cgi?id=756527
and was also raised by Chromium team in the past
When we hit a convwersion failure when switching encoding
it is bestter to stop parsing there, this was treated as a
fatal error but the parser was continuing to process to extract
more errors, unfortunately that makes little sense as the data
is obviously corrupt and can potentially lead to unexpected behaviour.
