1. 10 Mar, 2020 1 commit
    • Miro Hrončok's avatar
      Parenthesize Py<type>_Check() in ifs · e4fb3684
      Miro Hrončok authored
      In C, if expressions should be parenthesized.
      PyLong_Check, PyUnicode_Check etc. happened to expand to a parenthesized
      expression before, but that's not API to rely on.
      
      Since Python 3.9.0a4 it needs to be parenthesized explicitly.
      
      Fixes #149
      e4fb3684
  2. 08 Mar, 2020 1 commit
  3. 02 Mar, 2020 1 commit
  4. 11 Feb, 2020 12 commits
    • Nick Wellnhofer's avatar
      Stop calling SAX getEntity handler from XMLReader · c005c7a0
      Nick Wellnhofer authored
      The getEntity handler was already invoked by xmlParseReference, so it's
      useless to call it again. After the recent change, xmlSAX2GetEntity
      won't load any kind of entities anyway.
      c005c7a0
    • Nick Wellnhofer's avatar
      32cb5dcc
    • Nick Wellnhofer's avatar
      f20daa9e
    • Nick Wellnhofer's avatar
      Don't load external entity from xmlSAX2GetEntity · eddfbc38
      Nick Wellnhofer authored
      Despite the comment, I can't see a reason why external entities must be
      loaded in the SAX handler. For external entities, the handler is
      typically first invoked via xmlParseReference which will later load the
      entity on its own if it wasn't loaded yet.
      
      The old code also lead to duplicated SAX events which makes it
      basically impossible to reuse xmlSAX2GetEntity for a custom SAX parser.
      See the change to the expected test output.
      
      Note that xmlSAX2GetEntity was loading the entity via
      xmlParseCtxtExternalEntity while xmlParseReference uses
      xmlParseExternalEntityPrivate. In the previous commit, the two
      functions were merged, trying to compensate for some slight differences
      between the two mostly identical implementations.
      
      But the more urgent reason for this change is that xmlParseReference
      has the facility to abort early when recursive entities are detected,
      avoiding what could practically amount to an infinite loop.
      
      If you want to backport this change, note that the previous three
      commits are required as well:
      
      f9ea1a24 Fix copying of entities in xmlParseReference
      5c7e0a9a Copy some XMLReader option flags to parser context
      1a3e584a Merge code paths loading external entities
      
      Found by OSS-Fuzz.
      eddfbc38
    • Nick Wellnhofer's avatar
      Merge code paths loading external entities · 1a3e584a
      Nick Wellnhofer authored
      Merge xmlParseCtxtExternalEntity into xmlParseExternalEntityPrivate.
      1a3e584a
    • Nick Wellnhofer's avatar
      Copy some XMLReader option flags to parser context · 5c7e0a9a
      Nick Wellnhofer authored
      The parser context stores some options both in the "options" bits and
      extra members like "validate" or "replaceEntities". Which of these
      are actually read is inconsistent, so make sure to also update the
      bit field.
      5c7e0a9a
    • Nick Wellnhofer's avatar
      Fix copying of entities in xmlParseReference · f9ea1a24
      Nick Wellnhofer authored
      Before, reader mode would end up in a branch that didn't handle
      entities with multiple children and failed to update ent->last, so the
      hack copying the "extra" reader data wouldn't trigger. Consequently,
      some empty nodes in entities are correctly detected now in the test
      suite. (The detection of empty nodes in entities is still buggy,
      though.)
      f9ea1a24
    • Zhipeng Xie's avatar
      Fix memory leak in xmlSchemaValidateStream · 7ffcd44d
      Zhipeng Xie authored
      When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
      alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
      to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
      vctxt->xsiAssemble to 0 again which cause the alloced schema
      can not be freed anymore.
      
      Found with libFuzzer.
      Signed-off-by: Zhipeng Xie's avatarZhipeng Xie <xiezhipeng1@huawei.com>
      7ffcd44d
    • Kevin Puetz's avatar
      Fix xmlSchemaGetCanonValue formatting for date and dateTime · e45e06de
      Kevin Puetz authored
      Per https://www.w3.org/TR/xmlschema-2/#dateTime-lexical-representation,
      the date portion is supposed to use '-' as the delimiter
      e45e06de
    • Kevin Puetz's avatar
      Fix memory leak when shared libxml.dll is unloaded · c7c526d6
      Kevin Puetz authored
      When a multiple modules (process/plugins) all link to libxml2.dll
      they will in fact share a single loaded instance of it.
      It is unsafe for any of them to call xmlCleanupParser,
      as this would deinitialize the shared state and break others that might
      still have ongoing use.
      
      However, on windows atexit is per-module (rather process-wide), so if used
      *within* libxml2 it is possible to register a clean up when all users
      are done and libxml2.dll is about to actually unload.
      
      This allows multiple plugins to link with and share libxml2 without
      a premature cleanup if one is unloaded, while still cleaning up if *all*
      such callers are themselves unloaded.
      c7c526d6
    • Kevin Puetz's avatar
      Fix potentially-uninitialized critical section in Win32 DLL builds · 453bdfb9
      Kevin Puetz authored
      If non-parser parts of libxml (e.g. xmlwriter) are used before a parser,
      xmlOnceInit may have run (e.g. via the many paths to xmlGetGlobalState),
      but not xmlInitThreads (which is called only by xmlInitParser)
      
      Once globalkey != TLS_OUT_OF_INDEXES (which can happen in many ways),
      DLLMAIN(DLL_THREAD_DETACH) may attempt to lock cleanup_helpers_cs
      before it is valid. This may happen even if the thread whose exit
      is triggering DllMain is from code which is not linked to libxml.
      
      globalkey and cleanup_helpers_cs should be initialized together,
      with cleanup_helpers_cs initialized first and deleted last.
      453bdfb9
    • Nick Wellnhofer's avatar
      Add xmlPopOutputCallbacks · c2e09f44
      Nick Wellnhofer authored
      Add function to pop a single set of output callbacks from the stack.
      This was only implemented for input callbacks before.
      
      Fixes #135.
      c2e09f44
  5. 10 Jan, 2020 1 commit
  6. 02 Jan, 2020 7 commits
  7. 06 Dec, 2019 1 commit
    • Nick Wellnhofer's avatar
      Fix freeing of nested documents · 0815302d
      Nick Wellnhofer authored
      Apparently, some libxslt RVTs can contain nested document nodes, see
      issue #132. I'm not sure how this happens exactly but it can cause a
      segfault in xmlFreeNodeList after the changes in commit 0762c9b6.
      
      Make sure not to touch the (nonexistent) `content` member of xmlDocs.
      0815302d
  8. 02 Dec, 2019 1 commit
  9. 11 Nov, 2019 4 commits
  10. 07 Nov, 2019 1 commit
  11. 06 Nov, 2019 1 commit
  12. 02 Nov, 2019 2 commits
    • Dmitry V. Levin's avatar
      xml2-config.in: fix regressions introduced by commit 2f2bf4b2 · 29740ed1
      Dmitry V. Levin authored
      One of regressions introduced by commit
      2f2bf4b2 aka v2.9.10-rc1~56 is that
      cflags and libs variables are used uninitialized, resulting to
      the following behaviour:
      
      $ cflags=foo libs=bar sh ./xml2-config.in --prefix
      @prefix@
      foo bar
      
      Another regression is that the test for these variables is flawed.
      
      Fixes: 2f2bf4b2 ("xml2-config.in: Output CFLAGS and LIBS on the same line")
      29740ed1
    • Nick Wellnhofer's avatar
      Enable more undefined behavior sanitizers · db0c0450
      Nick Wellnhofer authored
      Minor fix to xmlStringLenGetNodeList to avoid a pointer overflow
      during API test.
      
      Enable pointer-overflow and unsigned-integer-overflow sanitizers in CI
      tests. Technically, unsigned integer overflows aren't undefined
      behavior, but they typically indicate programming errors. Some hash
      functions that really require unsigned integer overflows have already
      been annotated.
      db0c0450
  13. 30 Oct, 2019 1 commit
  14. 29 Oct, 2019 2 commits
  15. 23 Oct, 2019 2 commits
  16. 21 Oct, 2019 1 commit
  17. 20 Oct, 2019 1 commit