IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Entities which reference out-of-scope namespace have always been broken.
xmlParseBalancedChunkMemoryInternal tried to reuse the namespaces
currently in scope but these namespaces were ignored by the SAX handler.
Besides, there could be different namespaces in scope when expanding the
entity again. For example:
<!DOCTYPE doc [
<!ENTITY ent "<ns:elem/>">
]>
<doc>
<decl1 xmlns:ns="urn:ns1">
&ent;
</decl1>
<decl2 xmlns:ns="urn:ns2">
&ent;
</decl2>
</doc>
Add some comments outlining possible solutions to this problem.
For now, we stop copying namespaces to the temporary parser context
in xmlParseBalancedChunkMemoryInternal. This has never really worked
and the recent changes contained a partial fix which uncovered other
problems like a use-after-free with the XML Reader interface, found
by OSS-Fuzz.
Use a hash table to lookup namespaces by prefix. The hash table stores
an index into the namespace table. Auxiliary data for namespaces is
stored in a separate array along the main namespace table.
Use a hash table to verify attribute uniqueness. The hash table stores
an index into the attribute table.
Reuse hash value from the dictionary to avoid computing them twice.
See #346.
This is a complete rewrite of the code in hash.c
Move from a chained hash table implementation to open addressing with
Robin Hood probing. This allows to increase the maximum fill factor and
further reduce the growth factor, saving considerable amounts of memory
without sacrificing performance.
To make this work, hash values are now cached in the table entry
also avoiding many key comparisons.
Tables are created lazily with a smaller minimum size.
Insertion functions now report an error if growing the table resulted in
a memory allocation failure.
Some string comparisons were optimized to call directly into libc
instead of using the xmlstring API.
The length of inserted keys is computed along with the hash improving
allocation performance.
Bounds checking was made more robust.
In dictionary-based mode, unneeded interning of strings is avoided.
Using `pkg_check_modules(FOO IMPORTED_TARGET foo)` with
`target_link_libraries()` leads to `INTERFACE_LINK_LIBRARIES` in the
resulting export file having `\$<LINK_ONLY:PkgConfig::FOO>` rather than
the currently expected `\$<LINK_ONLY:FOO::FOO>`, leading to breakage.
This can be worked around like so:
target_link_libraries(UseFoo
PUBLIC "$<BUILD_INTERFACE:PkgConfig::FOO>"
INTERFACE "$<INSTALL_INTERFACE:FOO::FOO>"
)
However, following some discussion, it is preferable to primarily use
find modules as before and only use `pkg_check_modules` for correctly
populating the .pc file.
Also move `find_package()` calls earlier so that builds fail faster when
dependencies are missing.
If they were required when building libxml2 then they will also be
required when statically linking against it. Failing to find them will
just lead to undefined references later so detect this early.
It seems that thread-local storage destructors are run before pthread
thread-specific data destructors on Darwin, defeating our scheme to use
TSD to clean up TLS.
Here's an example program that reports a use-after-free when compiled
with `-fsanitize=address` on macOS:
#include <pthread.h>
typedef struct {
int v;
} my_struct;
static _Thread_local my_struct tls;
pthread_key_t key;
void dtor(void *tsd) {
my_struct *s = (my_struct *) tsd;
/*
* This will crash ASan, apparently because
* TLS has already been freed.
*/
s->v = 1;
}
void *thread(void *p) {
pthread_setspecific(key, &tls);
return NULL;
}
int main(void) {
pthread_key_create(&key, dtor);
pthread_t handle;
pthread_create(&handle, NULL, thread, NULL);
pthread_join(handle, NULL);
return 0;
}
This is a slight break of the API, but users really shouldn't modify the
global error struct. The goal is to make xmlLastError use static buffers
for its strings eventually. This should warn people if they're abusing
the struct.
On Windows, malloc hooks can be called after the final call to
xmlCleanupParser in various tests. This means that xmlMemMutex can still
be accessed if memory debugging is enabled, so the mutex should not be
cleaned.
This also means that tests may report spurious memory leaks on Windows.
The old implementation avoided the issue by keeping track of all
global state objects in a doubly linked list, so they could be cleaned
during xmlCleanupParser.
But as far as I can tell all memory will be freed eventually, so this is
mostly an issue with our test suite.
