IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In commit 8c9daf79, a call to xmlFreeNode was added in
xmlSAX2StartElementNs. If a node was obtained from the freeElems list,
make sure to set the doc, otherwise xmlFreeNode wouldn't realize that
the node name might be in the dictionary, causing an invalid free.
Note that the issue fixed in commit 8c9daf79 requires commit 0ed6addb
and this one to work properly.
Found by OSS-Fuzz.
If the maximum depth is exceeded, nodePush halts the parser which
results in freeing the input buffer since the previous commit. This
invalidates the attribute pointers, so the error condition must be
checked.
Found by OSS-Fuzz.
On 64-bit Windows, `long` is 32 bits wide and can't hold a pointer.
Switch to ptrdiff_t instead which should be the same size as a pointer
on every somewhat sane platform without requiring C99 types like
intptr_t.
Fixes bug 788312.
Thanks to J. Peter Mugaas for the report and initial patch.
Found by OSS-Fuzz. I could only reproduce this with the (obsolete)
SAX1 parser.
One leak is caused by duplicate namespaced attribute names and can be
reproduced in memory mode (testcase 4556417027538944):
$ cat file
<d xmlns:a="ns" a:x="v" xmlns:b="ns" b:x="v"/>
$ xmllint --sax1 --memory file
The other is caused by ATTLISTs with a normalized default for "xmlns"
if they're processed after the entity recursion limit was hit
(testcase 5580750034305024).
$ cat file
<!DOCTYPE d [
<!ENTITY a '<d>&a;'>
<!ATTLIST d xmlns NMTOKEN 't'>
]>
<d>&a;
$ xmllint --sax1 --valid file
Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2461
Fix the lack of line number as reported by Johan Corveleyn <jcorvel@gmail.com>
* parser.c include/libxml/parser.h: add an XML_PARSE_BIG_LINES parser
option not switch on by default, it's an opt-in
* SAX2.c: if XML_PARSE_BIG_LINES is set store the long line numbers
in the psvi field of text nodes
* tree.c: expand xmlGetLineNo to extract those informations, also
make sure we can't fail on recursive behaviour
* error.c: in __xmlRaiseError, if a node is provided, call
xmlGetLineNo() if we can't get a valid line number.
* xmllint.c: switch on XML_PARSE_BIG_LINES in xmllint
When you call xmlParseNodeInContext on a fragment node with an
empty document, the parser associates the first new node twice --
once with the document, and once with the fragment node.
This fixes the issue by only associating the new node with the
fragment node.
The data in node_seq in xmlParserCtxt was not updated properly
when parsing HTML. This patch fixes the accounting for both
pull and push mode of HTML parsing.
Work as in XML-1.0 before namespaces, and use prefix:localname
as the new element name (and no namespace of course)
Also fix 3 cases in the regression tests where the prefix: was
erroneously dropped in such case
Usually 'xml' namespace for XML-1.0 declaration does not need
to be carried but Mike Hommey raised the problem that the SVG
XSD file fails to parse due to a mishandling.
- SAX2.c: failure to create a namespace should not be interpreted
as a memory allocation error
- tree.c: document better xmlNewNs behaviour, and fix it in the
case the 'xml' prefix is being used.
* HTMLparser.c: don't default value of HTML boolean attributes in the
parser
* SAX2.c: move this to SAX2 tree building backend
* result/HTML/doc2.htm.sax result/HTML/doc3.htm.sax
result/HTML/wired.html.sax: this changes a few HTML SAX regression
tests
* SAX2.c dict.c error.c hash.c nanohttp.c parser.c python/libxml.c
relaxng.c runtest.c tree.c valid.c xinclude.c xmlregexp.c xmlsave.c
xmlschemas.c xpath.c xpointer.c: mostly removing unneded affectations,
but this led to a few real bugs and some part not yet understood
(relaxng/interleave)
* SAX2.c: don't leak in xmlCheckDefaultedAttributes for standalone
checking
* xmllint.c: fix xmllint --sax1 to actually use XML_PARSE_SAX1
* debugXML.c: don't raise an error if markup wasn't allocated from
dictionary if document was parsed with option disabling it
* configure.in doc/xml.html doc/*: preparing 0.7.3 release
* include/libxml/parserInternals.h SAX2.c: fix a typo in a name
Daniel
svn path=/trunk/; revision=3814
* include/libxml/parserInternals.h SAX2.c: add a new define
XML_MAX_TEXT_LENGHT limiting the maximum size of a single text
node, the defaultis 10MB and can be removed with the HUGE
parsing option
Daniel
svn path=/trunk/; revision=3808
* SAX2.c parser.c: fix for CVE-2008-4226, a memory overflow
when building gigantic text nodes, and a bit of cleanup
to better handled out of memory problem in that code.
* tree.c: fix for CVE-2008-4225, lack of testing leads to
a busy loop test assuming one have enough core memory.
Daniel
svn path=/trunk/; revision=3803
* include/libxml/entities.h entities.c SAX2.c parser.c: rework
the patch to avoid some ABI issue with people allocating
entities structure directly
Daniel
svn path=/trunk/; revision=3773
* runxmlconf.c: more progresses against the official regression tests
* runsuite.c: small cleanup for non-leak reports
* include/libxml/tree.h: parsing flags and other properties are
now added to the document node, this is generally useful and
allow to make Name and NmToken validations based on the parser
flags, more specifically the 5th edition of XML or not
* HTMLparser.c tree.c: small side effects for the previous changes
* parser.c SAX2.c valid.c: the bulk of teh changes are here,
the parser and validation behaviour can be affected, parsing
flags need to be copied, lot of changes. Also fixing various
validation problems in the regression tests.
Daniel
svn path=/trunk/; revision=3762
* dict.c: applied patch from Florent Guilian to remove an
useless mutex in the xmlDict structure.
older, not commited ...
* SAX2.c: another leak reported by Ashwin
* xinclude.c: fixed the behaviour when XIncluding a fragment
of the current document, patch from Chris Ryan
Daniel
svn path=/trunk/; revision=3686
* include/libxml/entities.h entities.c SAX2.c parser.c: trying to
fix entities behaviour when using SAX, had to extend entities
content and hack on the entities processing code, but that should
fix the long standing bug #159219
Daniel
* uri.c include/libxml/uri.h: add a new function xmlPathToUri()
to provide a clean conversion when setting up a base
* SAX2.c tree.c: use said function when setting up doc->URL
or using the xmlSetBase function. Should fix#346261
Daniel
* SAX2.c tree.c valid.c: fixing a number of issues raised by xml:id
but more generally related to attributes and ID handling, fixes
#314358 among other things
Daniel
* HTMLparser.c parser.c SAX2.c debugXML.c tree.c valid.c xmlreader.c
xmllint.c include/libxml/HTMLparser.h include/libxml/parser.h:
added a parser XML_PARSE_COMPACT option to allocate small
text nodes (less than 8 bytes on 32bits, less than 16bytes on 64bits)
directly within the node, various changes to cope with this.
* result/XPath/tests/* result/XPath/xptr/* result/xmlid/*: this
slightly change the output
Daniel
