1. 30 Oct, 2019 1 commit
  2. 29 Oct, 2019 2 commits
  3. 23 Oct, 2019 2 commits
  4. 21 Oct, 2019 1 commit
  5. 20 Oct, 2019 4 commits
    • Nick Wellnhofer's avatar
      Update GitLab CI config · 55d95dcf
      Nick Wellnhofer authored
      - Update Dockerfile
      - Don't configure with -Werror
      - Don't mention Travis in CONTRIBUTING
      55d95dcf
    • Nick Wellnhofer's avatar
      Audit memory error handling in xpath.c · bfc0f674
      Nick Wellnhofer authored
      Memory allocation errors in the following functions a often ignored.
      Add TODO comments.
      
      - xmlXPathNodeSetCreate
      - xmlXPathNodeSetAdd*
      - xmlXPathNodeSetMerge*
      - xmlXPathNodeSetDupNs
      
      Note that the following functions currently lack a way to propagate
      memory errors:
      
      - xmlXPathCompareNodeSets
      - xmlXPathEqualNodeSets
      bfc0f674
    • Nick Wellnhofer's avatar
      Propagate memory errors in valuePush · 429d4eca
      Nick Wellnhofer authored
      Currently, many memory allocation errors in xpath.c aren't propagated to
      the parser/evaluation context and for the most part ignored. Most
      XPath objects allocated via one of the New, Wrap or Copy functions end
      up being pushed on the stack, so adding a check in valuePush handles
      many cases without much effort.
      
      Also simplify the code a little and make sure to return -1 in case of
      error.
      429d4eca
    • Nick Wellnhofer's avatar
      Propagate memory errors in xmlXPathCompExprAdd · 390f05e7
      Nick Wellnhofer authored
      Make sure that memory errors in xmlXPathCompExprAdd are propagated to
      the parser context. Hitting the step limit or running out of memory
      without raising an error could also lead to an out-of-bounds read.
      
      Also fixes a memory leak in xmlXPathErrMemory.
      
      Found by OSS-Fuzz.
      390f05e7
  6. 14 Oct, 2019 8 commits
  7. 04 Oct, 2019 1 commit
  8. 30 Sep, 2019 7 commits
  9. 26 Sep, 2019 3 commits
  10. 25 Sep, 2019 2 commits
  11. 23 Sep, 2019 3 commits
  12. 20 Sep, 2019 2 commits
    • Nick Wellnhofer's avatar
      a28bc751
    • Nick Wellnhofer's avatar
      Don't read external entities or XIncludes from stdin · e91cbcf6
      Nick Wellnhofer authored
      The file input callbacks try to read from stdin if "-" is passed as URL.
      This should never be done when loading indirect resources like external
      entities or XIncludes. Unfortunately, the stdin substitution happens
      deep inside the IO code, so we simply replace "-" with "./-" in specific
      locations.
      
      This issue also affects other users of the library like libxslt.
      Ideally, stdin should only be substituted on explicit request. But more
      intrusive changes could break existing code.
      
      Closes #90 and #102.
      e91cbcf6
  13. 16 Sep, 2019 3 commits
  14. 13 Sep, 2019 1 commit