Alexander Kutelev
f931178e5f
cmake: Link against dl and dld only when LIBXML2_WITH_MODULES is enabled
2023-02-24 12:45:01 +00:00
Nick Wellnhofer
47b0e0a620
xpath: Fix popping of values in xmlXPathPopNodeset
...
After 6a12be77
2023-02-23 15:43:15 +01:00
Nick Wellnhofer
359313c1a7
threads: Really fix crash with weak pthread symbols
...
Fix more regressions from 7010d87771931233Fixes #488 .
2023-02-23 14:30:45 +01:00
Nick Wellnhofer
ae8a12f175
schematron: Use logical and
2023-02-22 14:25:29 +01:00
Nick Wellnhofer
4f0a0fb7a2
xinclude: Fix include guard
2023-02-22 14:24:24 +01:00
Nick Wellnhofer
1eb2ca9f47
relaxng: Remove useless if statement
...
ctxt and define are non-NULL at this point.
Fixes #482 .
2023-02-21 15:46:06 +01:00
Nick Wellnhofer
0ce1f8427b
schemas: Remove useless if statement
...
bucket->origTargetNamespace is always NULL in this branch.
Fixes #481 .
2023-02-21 15:46:06 +01:00
Nick Wellnhofer
a509694c17
pattern: Merge identical branches
...
Fixes #479 .
2023-02-21 15:46:06 +01:00
Nick Wellnhofer
85057e5131
regexp: Add sanity check in xmlRegCalloc2
...
These arguments should be non-zero, but add a sanity check to avoid
division by zero.
Fixes #450 .
2023-02-21 15:43:32 +01:00
Nick Wellnhofer
c9e4c6d416
catalog: Fix memory leaks
...
Fixes #377 .
2023-02-21 15:22:01 +01:00
Nick Wellnhofer
7bd77873db
threads: Fix crash with weak pthread symbols
...
Regressed in 7010d877fix #488 .
2023-02-20 10:56:03 +01:00
Nick Wellnhofer
5d55315e32
parser: Fix OOB read when formatting error message
...
Don't try to print characters beyond the end of the buffer.
Found by OSS-Fuzz.
2023-02-18 17:29:07 +01:00
Nick Wellnhofer
1743c4c3fc
malloc-fail: Fix OOB read after xmlRegGetCounter
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:59 +01:00
Nick Wellnhofer
40bc1c699a
malloc-fail: Fix memory leak in xmlFAParseCharProp
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:55 +01:00
Nick Wellnhofer
e64653c0e7
malloc-fail: Fix leak of xmlRegAtom
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:55 +01:00
Nick Wellnhofer
ed615967df
malloc-fail: Fix memory leak in xmlRegexpCompile
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:55 +01:00
Nick Wellnhofer
53d1cc98cf
malloc-fail: Fix error code in htmlParseChunk
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:51 +01:00
Nick Wellnhofer
15b0ed0815
malloc-fail: Fix infinite loop in htmlParseDocTypeDecl
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:47 +01:00
Nick Wellnhofer
041789d9ec
malloc-fail: Fix null deref in htmlnamePush
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:43 +01:00
Nick Wellnhofer
0ec9c91064
malloc-fail: Fix infinite loop in htmlParseStartTag
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:38 +01:00
Nick Wellnhofer
04c2955197
malloc-fail: Fix infinite loop in htmlParseContentInternal
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:34 +01:00
Nick Wellnhofer
f3e62035d8
malloc-fail: Fix memory leak in htmlCreatePushParserCtxt
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:29 +01:00
Nick Wellnhofer
fc256953d2
malloc-fail: Fix memory leak in htmlCreateMemoryParserCtxt
...
Found with libFuzzer, see #344 .
2023-02-17 17:18:25 +01:00
Nick Wellnhofer
643b4e90eb
malloc-fail: Fix infinite loop in htmlParseStartTag
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:52 +01:00
Nick Wellnhofer
ec05f04d8b
malloc-fail: Fix memory leak in xmlXIncludeLoadTxt
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:52 +01:00
Nick Wellnhofer
c02df68651
malloc-fail: Fix memory leak in xmlXIncludeLoadDoc
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:52 +01:00
Nick Wellnhofer
bc7740b3c3
malloc-fail: Fix memory leak in xmlCopyPropList
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:52 +01:00
Nick Wellnhofer
8d22e06588
malloc-fail: Fix memory leak after calling xmlXPathNodeSetMerge
...
Destroy the first argument in xmlXPathNodeSetMerge if the function
fails. This is somewhat dangerous but matches the expectations of users.
Found with libFuzzer, see #344 .
2023-02-17 17:16:52 +01:00
Nick Wellnhofer
d31a0e8e75
malloc-fail: Fix memory leak after calling xmlXPathWrapString
...
Destroy the string in xmlXPathWrapString if the function fails. This is
somewhat dangerous but matches the expectations of users.
Found with libFuzzer, see #344 .
2023-02-17 17:16:52 +01:00
Nick Wellnhofer
3dc645227e
malloc-fail: Fix memory leak in xmlXPathEqualValuesCommon
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:52 +01:00
Nick Wellnhofer
691f7eb44d
malloc-fail: Fix memory leak in xmlXPathCompareValues
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
ac746afd33
malloc-fail: Fix memory leak in xmlXPathTryStreamCompile
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
85bc313e79
malloc-fail: Fix memory leak after calling valuePush
...
Destroy the object in valuePush if the function fails. This is somewhat
dangerous but matches the expectations of users.
Found with libFuzzer, see #344 .
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
f5e1174933
malloc-fail: Fix memory leak after calling xmlXPathWrapNodeSet
...
Destroy the node set in xmlXPathWrapNodeSet if the function fails.
This is somewhat dangerous but matches the expectations of users.
Found with libFuzzer, see #344 .
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
3b59fdf001
malloc-fail: Fix memory leak in xmlXIncludeAddNode
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
e60c9f4c4b
malloc-fail: Fix memory leak after xmlRegNewState
...
Invoke xmlRegNewState from xmlRegStatePush to simplify error handling.
Found with libFuzzer, see #344 .
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
cb4334b7ab
malloc-fail: Fix memory leak in xmlSAX2StartElementNs
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
9fa1b228a5
malloc-fail: Fix memory leak in xmlGetDtdElementDesc2
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
c82701ff0b
malloc-fail: Fix memory leak in xmlDocDumpFormatMemoryEnc
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:51 +01:00
Nick Wellnhofer
97086fd76b
malloc-fail: Fix memory leak in xmlParserInputBufferCreateMem
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:50 +01:00
Nick Wellnhofer
1c5e1fc194
malloc-fail: Check for malloc failure in xmlFindCharEncodingHandler
...
Don't return encoding handlers with a NULL name.
Found with libFuzzer, see #344 .
2023-02-17 17:16:50 +01:00
Nick Wellnhofer
d18f9c1102
malloc-fail: Fix leak of xmlCharEncodingHandler
...
Also free handler if its name is NULL.
Found with libFuzzer, see #344 .
2023-02-17 17:16:50 +01:00
Nick Wellnhofer
f8852184a1
malloc-fail: Fix memory leak in xmlParseEntityDecl
...
Found with libFuzzer, see #344 .
2023-02-17 17:16:50 +01:00
Nick Wellnhofer
bd33331bb9
regexp: Simplify xmlRegAtomPush
2023-02-17 17:16:50 +01:00
Nick Wellnhofer
3cc900f098
encoding: Cast toupper argument to unsigned char
...
Fixes undefined behavior.
Also cast return value explicitly to fix implicit-integer-sign-change
checks.
2023-02-17 17:16:50 +01:00
Nick Wellnhofer
e20f4d7a65
xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt
...
Also make text inclusions work with memory buffers, for example when
using a custom entity loader, and fix a memory leak in case of invalid
characters.
Fixes #483 .
2023-02-14 12:25:07 +01:00
Nick Wellnhofer
a96312db51
xinclude: Avoid timeouts when fuzzing
...
Fix the check for maximum number of inclusions.
2023-02-13 11:29:26 +01:00
Nick Wellnhofer
be0ec005f3
xinclude: Abort immediately if max depth was exceeded
...
Avoids resource exhaustion if the maximum recursion depth was exceeded.
Note that the XInclude engine offers no protection against other
"billion laughs"-style amplification attacks as long as they stay below
the maximum depth.
2023-02-13 11:29:26 +01:00
Nick Wellnhofer
dc2dde1ab9
malloc-fail: Fix null deref in xmlXIncludeLoadTxt
...
Found with libFuzzer, see #344 .
2023-02-13 11:19:55 +01:00
Nick Wellnhofer
a3749551e6
malloc-fail: Fix reallocation in xmlXIncludeNewRef
...
Avoid null deref.
Found with libFuzzer, see #344 .
2023-02-13 11:19:55 +01:00
