1. 08 Jul, 2019 6 commits
  2. 27 Jun, 2019 1 commit
  3. 25 Jun, 2019 1 commit
  4. 20 May, 2019 4 commits
  5. 16 May, 2019 1 commit
  6. 15 May, 2019 1 commit
  7. 14 May, 2019 1 commit
    • David Warring's avatar
      Fix parser termination from "Double hyphen within comment" error · 3c0d62b4
      David Warring authored
      The patch fixes the parser not halting immediately when the error
      handler attempts to stop the parser.
      
      Rather it was running on and continuing to reference the freed buffer
      in the while loop termination test.
      
      This is only a problem if xmlStopParser is called from an error
      handler. Probably caused by commit 123234f2. Fixes #58.
      3c0d62b4
  8. 10 May, 2019 1 commit
  9. 08 May, 2019 1 commit
  10. 01 May, 2019 2 commits
  11. 25 Apr, 2019 1 commit
    • Nick Wellnhofer's avatar
      Fix call stack overflow in xmlFreePattern · 346febc6
      Nick Wellnhofer authored
      Since xmlFreePattern tried to free the next pattern recursively, its
      behavior is identical to xmlFreePatternList. Make it call
      xmlFreePatternList to avoid call stack overflows.
      
      Found by OSS-Fuzz.
      346febc6
  12. 23 Apr, 2019 1 commit
  13. 22 Apr, 2019 2 commits
    • Nick Wellnhofer's avatar
      Fix null deref in previous commit · 949eced4
      Nick Wellnhofer authored
      949eced4
    • Nick Wellnhofer's avatar
      Improve XPath predicate and filter evaluation · c2f4da1a
      Nick Wellnhofer authored
      Consolidate code paths evaluating XPath predicates and filters.
      
      Don't push context node on stack when evaluating predicates. I have no
      idea why this was done. It seems completely useless and trying to pop
      the context node from a corrupted stack has already caused security
      issues.
      
      Filter nodesets in-place and don't create node sets with NULL gaps which
      allows to simplify merging a great deal. Simply move matched nodes
      backward and create a compact node set.
      
      Merge xmlXPathCompOpEvalPositionalPredicate into
      xmlXPathCompOpEvalPredicate.
      c2f4da1a
  14. 20 Apr, 2019 1 commit
  15. 16 Apr, 2019 1 commit
  16. 12 Apr, 2019 1 commit
  17. 11 Apr, 2019 4 commits
  18. 09 Apr, 2019 1 commit
  19. 08 Apr, 2019 1 commit
  20. 29 Mar, 2019 2 commits
  21. 13 Mar, 2019 1 commit
  22. 08 Mar, 2019 1 commit
    • Nick Wellnhofer's avatar
      Fix float casts in xmlXPathSubstringFunction · 30a6533e
      Nick Wellnhofer authored
      Rewrite conversion of double to int in xmlXPathSubstringFunction, adding
      range checks to avoid undefined behavior. Make sure to add start and
      length as floating-point numbers before converting to int. Fix a bug
      when rounding negative start indices.
      
      Remove unneeded calls to xmlXPathIs{Inf,NaN} and rely on IEEE math
      instead. Avoid computing the string length. xmlUTF8Strsub works as
      expected if the length of the requested substring exceeds the input.
      
      Found with libFuzzer and UBSan.
      30a6533e
  23. 05 Mar, 2019 1 commit
  24. 28 Feb, 2019 3 commits