shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-04-22 10:50:08 +03:00
Code
6,737 Commits 9 Branches 231 Tags
Commit Graph

6737 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Wellnhofer
9835ec2b97 valid: Fix xmlAddIDSafe in "streaming" mode 
Make sure that IDs and attributes never reference each other in
streaming (XML reader) mode, even when attributes are copied from an
entity.

Also update lineno.

Fixes a short-lived use-after-free.
 2024-02-13 12:05:21 +01:00
Nick Wellnhofer
e97b4d843f autotools: Remove useless substitution 
Fixes #689.
 2024-02-13 12:00:02 +01:00
Nick Wellnhofer
4d774612f3 parser: Fix column number in attribute values 
Short-lived regression from 37c6618b.
 2024-02-13 12:00:02 +01:00
Nick Wellnhofer
87bebd25f1 xmllint: Return error code if XPath returns empty nodeset 
Return an error code as before but make it possible to distinguish from
real errors.

Fixes #690.
 2024-02-12 16:47:12 +01:00
Nick Wellnhofer
a9e73f11c0 catalog: Remove Windows hack 
Shouldn't be necessary after commit 865520f0.

Fixes #688.
 2024-02-11 12:49:45 +01:00
Nick Wellnhofer
b53562bde5 examples: Readd xpath1 test 
This was removed for some reason in fc119e32.

Fixes #685.
 2024-02-11 12:33:02 +01:00
Nick Wellnhofer
13962b06d5 xmlreader: Clean up error handling 
Make sure that xmlTextReaderRead returns -1 immediately if the reader is
in an error state.
 2024-02-06 12:56:56 +01:00
Nick Wellnhofer
ddda373eb5 xmlreader: Make xmlTextReaderValidateEntity return an error code 
This makes sure that xmlTextReaderRead returns -1 if a memory
allocation fails.
 2024-02-06 12:56:56 +01:00
Nick Wellnhofer
2807df9a4a valid: Fix another use-after-free in xmlAddIDSafe 
Short-lived regression.
 2024-02-06 12:07:19 +01:00
Nick Wellnhofer
2963a097b9 xpath: Report malloc failure in xmlXPathTranslateFunction 2024-02-05 15:35:54 +01:00
Nick Wellnhofer
1a66b17605 [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking 
Fixes a use-after-free if XML Reader if used with DTD validation and
XInclude expansion.

Fixes #604.
 2024-02-04 15:23:49 +01:00
Nick Wellnhofer
921ab01ea7 c14n: Improve error handling 
Stop raising meaningless internal errors.
 2024-02-04 14:33:19 +01:00
Nick Wellnhofer
70da4c089c valid: Fix use-after-free in xmlAddIDSafe 
Short-lived regression.
 2024-02-04 14:33:19 +01:00
Nick Wellnhofer
d463733fce fuzz: Reenable malloc failure check when serializing 2024-02-04 14:33:19 +01:00
Nick Wellnhofer
cf8751942b valid: Deprecate old DTD serialization API 2024-02-04 14:33:19 +01:00
Nick Wellnhofer
fbe10a466f save: Move DTD serialization code to xmlsave.c 2024-02-04 14:33:19 +01:00
Nick Wellnhofer
84e50a0c48 fuzz: Don't check for malloc failures when serializing 
DTD serialization doesn't report malloc failures yet.
 2024-02-01 17:02:24 +01:00
Nick Wellnhofer
6aae176798 tree: Fix error condition in xmlNodeListGetString 
Don't return NULL in case of undeclared entities.
 2024-02-01 15:18:26 +01:00
Nick Wellnhofer
4a8f707b90 Update .gitignore 2024-02-01 13:55:20 +01:00
Nick Wellnhofer
0d170acaba io: Report malloc failure in xmlOutputBufferWrite 
Fixes #676.
 2024-02-01 11:51:58 +01:00
Nick Wellnhofer
2835337a1a doc: Mark xmllint --xpath as experimental 
This feature was poorly thought-out.
 2024-01-30 14:18:45 +01:00
Nick Wellnhofer
6b089473e0 doc: Update xmllint man page after fixing #180 
Fixes #673.
 2024-01-30 13:38:54 +01:00
Nick Wellnhofer
95f2a17440 parser: Fix crash in xmlParseInNodeContext with HTML documents 
Ignore namespaces if we have an HTML document with namespaces added
manually.

Fixes #672.
 2024-01-30 13:35:41 +01:00
Nick Wellnhofer
2e19d0ef04 SAX2: Make sure that OOM errors aren't overwritten 2024-01-26 11:39:51 +01:00
Nick Wellnhofer
12ce9b5ffe dict: Fix warnings with older clang 2024-01-25 20:41:42 +01:00
Nick Wellnhofer
8961056f9b parser: Make experimental input API private 
This needs to be reworked.
 2024-01-23 00:47:44 +01:00
Nick Wellnhofer
63986c45b9 parser: Report fatal error if document entity couldn't be loaded 
Only lower error level when loading entities.

Fixes #667.
 2024-01-22 21:07:41 +01:00
Nick Wellnhofer
37d474ff7e xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest 
Don't return NULL node-sets. Ultimately, we should make sure that
obj->nodesetval is always non-NULL even for empty node-sets.

See #663.
 2024-01-17 14:19:42 +01:00
Nick Wellnhofer
df618f08a6 tests: Add test for issue #661 2024-01-15 17:15:02 +01:00
Nick Wellnhofer
d636ef1de1 tests: Remove testOOM 
This was never part of the standard test suite and we now test OOM error
handling more comprehensively with fuzz testing.
 2024-01-11 00:43:44 +01:00
Nick Wellnhofer
24059ae92e autotools: Readd --with-xptr-locs configuration option 
The option was removed accidentally in 4e4c89a4.
 2024-01-10 18:10:10 +01:00
Nick Wellnhofer
29f4d69e2f xpath: Report malloc failure in xmlXPtrEvalXPtrPart 2024-01-10 16:02:33 +01:00
Nick Wellnhofer
2cebf2098d gitlab-ci: Disable Python tests on MinGW for now 
See #658.
 2024-01-10 15:58:23 +01:00
Nick Wellnhofer
57c687592f SAX2: Limit entity URI length to 2000 bytes 
Avoid quadratic behavior when loading entities with long URIs multiple
times.

This limitation could be dropped if we cached external entities.
 2024-01-10 15:58:23 +01:00
Nick Wellnhofer
6dc2fdb2bd parser: Account for full size of non-well-formed entities 
Account for the full size of the entity if parsing stops because of
errors. In our cost model, we have to assume that the entity loader
processes the whole entity regardless of its content.
 2024-01-10 15:58:23 +01:00
Nick Wellnhofer
29beef653c parser: Pop inputs if parsing DTD failed 
This should provide some statistics in ctxt->sizeentcopy even in the
error or recovery case.
 2024-01-10 15:58:23 +01:00
Nick Wellnhofer
02a2038de4 parser: Handle NOCDATA properly when expanding entities 
Short-lived regression from e1153832.
 2024-01-10 14:17:49 +01:00
Nick Wellnhofer
fd801845c8 fuzz: Cap URL size 
Cap URL size to avoid quadratic behavior when generating error messages.
 2024-01-07 16:33:30 +01:00
Nick Wellnhofer
83c1ae13d8 fuzz: Add missing include 
Fix build failure.
 2024-01-07 15:42:46 +01:00
Nick Wellnhofer
e1153832b0 parser: Fix quadratic behavior when copying entities 
Process the first and last text node with the SAX handler to make the
text merging optimization kick in.

Fixes #657.
 2024-01-07 15:42:39 +01:00
Nick Wellnhofer
d2b55a7a02 writer: Implement xmlTextWriterClose 
This function can be used to make sure that closing the output stream
succeeded.

Fixes #513.
 2024-01-05 20:50:00 +01:00
Nick Wellnhofer
f237e5b934 parser: Avoid duplicate namespace errors 
Don't report an extra attribute uniqueness error if a namespace is
undeclared. This matches old behavior.
 2024-01-05 20:39:40 +01:00
Nick Wellnhofer
02cc5c3609 parser: Add XML_PARSE_NO_XXE parser option 2024-01-05 20:39:40 +01:00
Nick Wellnhofer
12f0bb9478 parser: Synchronize more options 2024-01-05 20:39:40 +01:00
Nick Wellnhofer
3efbe916a1 parser: Mark 'token' member as unused in xmlParserCtxt 2024-01-05 20:39:40 +01:00
Nick Wellnhofer
b82fd81d06 parser: Rework xmlCtxtParseDocument 
Make xmlCtxtParseDocument take a parser input which can be popped after
parsing.
 2024-01-05 20:39:40 +01:00
Nick Wellnhofer
c2b3294f60 fuzz: Abort on invalid UTF-8 
The parser should never generate invalid UTF-8 these days even in
recovery mode.
 2024-01-04 21:20:51 +01:00
Michele Bianchi
df098e3bf6 Set LIBXML2_FOUND if it has been properly configured 2024-01-04 19:22:57 +00:00
Nick Wellnhofer
d7d300ba04 parser: Remove remnants of runtime debugging feature 
Apparently, this feature was remove long ago.

Fixes #651.
 2024-01-04 17:50:11 +01:00
Nick Wellnhofer
8c5848bdd5 parser: Make xmlParseContent more useful 
This is an internal function which isn't really usable without some
hacks. See WebKit/Chromium trying to recreate the effects of
xmlDetectSAX2 manually, for example.

Make xmlParseContent perform late initialization and check whether the
content was fully parsed.

Also rename xmlDetectSAX2 and document why it's needed.
 2024-01-04 17:45:03 +01:00