1. 07 Sep, 2017 2 commits
  2. 06 Sep, 2017 1 commit
  3. 05 Sep, 2017 1 commit
    • Nick Wellnhofer's avatar
      Fix memory leaks in SAX1 parser · 83fb4119
      Nick Wellnhofer authored
      Found by OSS-Fuzz. I could only reproduce this with the (obsolete)
      SAX1 parser.
      One leak is caused by duplicate namespaced attribute names and can be
      reproduced in memory mode (testcase 4556417027538944):
          $ cat file
          <d xmlns:a="ns" a:x="v" xmlns:b="ns" b:x="v"/>
          $ xmllint --sax1 --memory file
      The other is caused by ATTLISTs with a normalized default for "xmlns"
      if they're processed after the entity recursion limit was hit
      (testcase 5580750034305024).
          $ cat file
          <!DOCTYPE d [
      	<!ENTITY a '<d>&a;'>
      	<!ATTLIST d xmlns NMTOKEN 't'>
          $ xmllint --sax1 --valid file
      Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2461
  4. 04 Sep, 2017 1 commit
  5. 30 Aug, 2017 1 commit
  6. 29 Aug, 2017 1 commit
  7. 28 Aug, 2017 9 commits
  8. 21 Aug, 2017 1 commit
  9. 27 Jul, 2017 2 commits
    • Daniel Veillard's avatar
      Fix signature of xmlSchemaAugmentImportedIDC · 27f310d4
      Daniel Veillard authored
      this is used in a callback which will pass a name, the name is ignored
      but it's best to have the signature of the function match, pointed out
      by Claude Petit
      * xmlschemas.c: fix xmlSchemaAugmentImportedIDC() signature no functional
    • Patrick Monnerat's avatar
      small changes for OS/400 · d1f90624
      Patrick Monnerat authored
      OS/400 version V5R3 is not supported by IBM anymore.
      In addition, the iSeries system I have here for development has been changed
      and the new system is not able to compile for an OS version lower than V6R1.
      Thus I made some updates to the libxml2 os400 scripts accordingly:
      - Oldest supported OS version is now V6R1.
      - Adjust ILE/RPG wrappers comments.
      - Update copyright year range.
      - Do not log compiler informational messages.
  10. 25 Jul, 2017 1 commit
  11. 04 Jul, 2017 4 commits
  12. 20 Jun, 2017 6 commits
    • Nick Wellnhofer's avatar
      Fix NULL deref in xmlParseExternalEntityPrivate · 3eef3f39
      Nick Wellnhofer authored
      If called from xmlParseExternalEntity, oldctxt is NULL which leads to
      a NULL deref if an error occurs. This only affects external code that
      calls xmlParseExternalEntity.
      Patch from David Kilzer with minor changes.
      Fixes bug 780159.
    • Nick Wellnhofer's avatar
      Get rid of "blanks wrapper" for parameter entities · 872fea94
      Nick Wellnhofer authored
      Now that replacement of parameter entities goes exclusively through
      xmlSkipBlankChars, we can account for the surrounding space characters
      there and remove the "blanks wrapper" hack.
    • Nick Wellnhofer's avatar
      Make sure not to call IS_BLANK_CH when parsing the DTD · d9e43c7d
      Nick Wellnhofer authored
      This is required to get rid of the "blanks wrapper" hack. Checking the
      return value of xmlSkipBlankChars is more efficient, too.
    • Nick Wellnhofer's avatar
      Remove unnecessary calls to xmlPopInput · 453dff1e
      Nick Wellnhofer authored
      It's enough if xmlPopInput is called from xmlSkipBlankChars. Since the
      replacement text of a parameter entity is surrounded with space
      characters, that's the only place where the replacement can end in a
      well-formed document.
      This is also required to get rid of the "blanks wrapper" hack.
    • Nick Wellnhofer's avatar
      Simplify handling of parameter entity references · aa267cd1
      Nick Wellnhofer authored
      There are only two places where parameter entity references must be
      handled. For the internal subset in xmlParseInternalSubset. For the
      external subset or content from other external PEs in xmlSkipBlankChars.
      Make sure that xmlSkipBlankChars skips over sequences of PEs and
      whitespace. Rely on xmlSkipBlankChars instead of calling
      xmlParsePEReference directly when in the external subset or a
      conditional section.
      xmlParserHandlePEReference is unused now.
    • Nick Wellnhofer's avatar
      Fix xmlHaltParser · 24246c76
      Nick Wellnhofer authored
      Pop all extra input streams before resetting the input. Otherwise,
      a call to xmlPopInput could make input available again.
      Also set input->end to input->cur.
      Changes the test output for some error tests. Unfortunately, some
      fuzzed test cases were added to the test suite without manual cleanup.
      This makes it almost impossible to review the impact of later changes
      on the test output.
  13. 19 Jun, 2017 2 commits
    • Nick Wellnhofer's avatar
      Fix pathological performance when outputting charrefs · e5107772
      Nick Wellnhofer authored
      If a character can't be represented in the output encoding, it is
      converted to a character reference. This used to to replace the
      character in the input stream by calling xmlBufAddHead or
      xmlBufferAddHead. These functions shifted the entire input array
      around, leading to quadratic performance when converting a run of
      non-representable characters. This is most pronounced when dumping to
      Output the charref directly instead.
      Found with libFuzzer.
    • Nick Wellnhofer's avatar
      Deduplicate code in encoding.c · c9ccbd6a
      Nick Wellnhofer authored
      Introduce static functions xmlEncInputChunk and xmlEncOutputChunk
      that handle the internal/iconv/ICU branching.
  14. 18 Jun, 2017 1 commit
  15. 17 Jun, 2017 7 commits