GitLab

Otherwise, the initial node of the copy could be a text node with a
NULL document. This results in the NULL document being propagated to
copies of other nodes, losing information about the dictionary in which
node data is stored, and freeing a dict-allocated string.

See discussion in !175.

Avoids hangs when trying to make network connections.

Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser

When creating an xmlTextReaderPtr using xmlReaderForMemory(),
there are two optional API functions that can be used:
- xmlTextReaderClose() may be called prior to calling
  xmlFreeTextReader() to free parsing resources and close the
  xmlTextReaderPtr without freeing it.
- xmlTextReaderCurrentDoc() may be called to return an
  xmlDocPtr that's owned by the caller, and must be free using
  xmlFreeDoc() after calling xmlFreeTextReader().

The use-after-free issues occur when calling
xmlTextReaderClose() before xmlFreeTextReader(), with different
issues occurring depending on whether xmlTextReaderCurrentDoc()
is also called.

* xmlreader.c:
(xmlFreeTextReader):
- Move code to xmlTextReaderClose(), remove duplicate code, and
  call xmlTextReaderClose() if it hasn't been called yet.
(xmlTextReaderClose):
- Move call to xmlFreeNode(reader->faketext) from
  xmlFreeTextReader() to fix a use-after-free bug when calling
  xmlTextReaderClose() before xmlFreeTextReader(), but not when
  using xmlTextReaderCurrentDoc().  The bug was introduced in
  2002 by commit beb70bd3.  In 2009 commit f4653dcd fixed the
  use-after-free that occurred every time xmlFreeTextReader()
  was called, but not the case where xmlTextReaderClose() was
  called first.
- Move post-parsing validation code from xmlFreeTextReader() to
  fix a second use-after-free when calling xmlTextReaderClose()
  before xmlFreeTextReader().  This regressed in v2.9.10 with
  commit 57a3af56.

Patch by J Pascoe of Apple.

* HTMLtree.c:
(htmlDocContentDumpFormatOutput):
- Prior to commit b79ab6e6, xmlDoc.type was set to
  XML_HTML_DOCUMENT_NODE before dumping the HTML output, then
  restored before returning.

The xptr_locs flag was added in commit 67070107 but no flag was added to
win32/configure.js, leading a compile error I had on windows where the
@WITH_XPTR_LOCS@ macro was not replaced properly on windows.

In several places, the code handling string buffers didn't check for
integer overflow or used wrong types for buffer sizes. This could
result in out-of-bounds writes or other memory errors when working on
large, multi-gigabyte buffers.

Thanks to Felix Wilhelm for the report.

xmlstring.h includes stdarg.h, so it must be included after defining
macros like _FILE_OFFSET_BITS.

Fixes #370.

Regressed in commit c61e1273.

This would result in an error, aborting the whole copy operation.
Regressed in commit 7618a3b1.

Fixes #371.

Fixes an error when running tests in a sandbox on Gentoo Linux.

Bug: https://bugs.gentoo.org/839804

There's no simple way to make the doc/examples tests handle different
configurations. But these tests aren't especially valuable, so remove
the result file checks.

See https://www.w3.org/2005/04/xpointer-schemes/

Add a new configuration flag that controls whether the outdated support
for XPointer locations (ranges and points) is enabled.

    --with-xptr-locs          # Autotools
    LIBXML2_WITH_XPTR_LOCS    # CMake

The latest spec for what it essentially an XPath extension seems to be
this working draft from 2002:

    https://www.w3.org/TR/xptr-xpointer/

The xpointer() scheme is listed as "being reviewed" in the XPointer
registry since at least 2006. libxml2 seems to be the only modern
software that tries to implement this spec, but the code has many bugs
and quality issues.

The flag defaults to "off" and support for this extensions has to be
requested explicitly. The relevant API functions are deprecated.

Sync with Autotools build.

Move configure_file(config.h) below pthreads check.

Fix regression caused by commit f5659a12.

Sync with Autotools build.

These modules are disabled by default. Enable them when testing.

Add more deprecated functions to avoid compiler warnings when building
the Python bindings.

Only check for pthread.h if threads are enabled.

Fixes #367.

* HTMLparser.c:
(htmlSkipBlankChars):
* parser.c:
(xmlSkipBlankChars):
- Cap the return value at INT_MAX.
- The commit range that OSS-Fuzz listed for the fix didn't make
  any changes to xmlSkipBlankChars(), so it seems like this
  issue may still exist.

Found by OSS-Fuzz Issue 44803.

David Kilzer authored Apr 08, 2022 and Nick Wellnhofer committed Apr 10, 2022

* buf.c:
(xmlBufCreate):
(xmlBufCreateSize):
(xmlBufDetach):
(xmlBufCreateStatic):
(xmlBufFromBuffer):

Commit 7618a3b1 didn't account for coalesced text nodes.

I think it would be better if xmlStaticCopyNode didn't try to coalesce
text nodes at all. This code path can only be triggered if some other
code doesn't coalesce text nodes properly. In this case, OSS-Fuzz found
such behavior in xinclude.c.

Sync with recent Autotools change.

Sync with commit 95766541
Don't install man pages in docs directory, these are already installed
in the correct path and while at it sort list

Similar to 8f571037, mark more static data structures with
`const` keyword.

Also fix placement of `const` in encoding.c.

Original patch by Sarah Wilkin.

David Kilzer authored Apr 06, 2022 and Nick Wellnhofer committed Apr 07, 2022

* valid.c:
(xmlCopyDocElementContent):
- Set `tmp->parent` properly to fix a leak that occurs in
  xmlFreeDocElementContent().
- Appears to be a regresion from cee2b3a5.

Found by OSS-Fuzz Issue 44509.

Also fix LIBXML_VERSION and remove LIBXML_VERSION_STRING.

Fixes #365.

* In conda or Gentoo Prefix, we don't want to use the system python and
  instead rely on PATH lookup.

Daniel E authored Apr 03, 2022 and Nick Wellnhofer committed Apr 04, 2022

Don't install files that are used to generate the documentation