1. 30 Sep, 2019 3 commits
  2. 23 Sep, 2019 1 commit
  3. 20 Sep, 2019 2 commits
    • Nick Wellnhofer's avatar
    • Nick Wellnhofer's avatar
      Don't read external entities or XIncludes from stdin · e91cbcf6
      Nick Wellnhofer authored
      The file input callbacks try to read from stdin if "-" is passed as URL.
      This should never be done when loading indirect resources like external
      entities or XIncludes. Unfortunately, the stdin substitution happens
      deep inside the IO code, so we simply replace "-" with "./-" in specific
      This issue also affects other users of the library like libxslt.
      Ideally, stdin should only be substituted on explicit request. But more
      intrusive changes could break existing code.
      Closes #90 and #102.
  4. 26 Aug, 2019 1 commit
  5. 08 Jul, 2019 2 commits
  6. 27 Jun, 2019 1 commit
  7. 20 May, 2019 1 commit
  8. 14 May, 2019 1 commit
    • David Warring's avatar
      Fix parser termination from "Double hyphen within comment" error · 3c0d62b4
      David Warring authored
      The patch fixes the parser not halting immediately when the error
      handler attempts to stop the parser.
      Rather it was running on and continuing to reference the freed buffer
      in the while loop termination test.
      This is only a problem if xmlStopParser is called from an error
      handler. Probably caused by commit 123234f2. Fixes #58.
  9. 07 Jan, 2019 1 commit
  10. 06 Jan, 2019 1 commit
  11. 11 Sep, 2018 1 commit
  12. 23 Jan, 2018 1 commit
    • Nick Wellnhofer's avatar
      Fix xmlParserEntityCheck · 707ad080
      Nick Wellnhofer authored
      A previous commit removed the check for XML_ERR_ENTITY_LOOP which is
      required to abort early in case of excessive entity recursion.
  13. 22 Jan, 2018 2 commits
  14. 08 Jan, 2018 1 commit
  15. 08 Dec, 2017 1 commit
  16. 27 Nov, 2017 1 commit
    • Nick Wellnhofer's avatar
      Fix libz and liblzma detection · cb5541c9
      Nick Wellnhofer authored
      If libz or liblzma are detected with pkg-config, AC_CHECK_HEADERS must
      not be run because the correct CPPFLAGS aren't set. It is actually not
      required have separate checks for LIBXML_ZLIB_ENABLED and HAVE_ZLIB_H.
      Only check for LIBXML_ZLIB_ENABLED and remove HAVE_ZLIB_H macro.
      Fixes bug 764657, bug 787041.
  17. 09 Nov, 2017 2 commits
    • Nick Wellnhofer's avatar
      Fix hash callback signatures · e03f0a19
      Nick Wellnhofer authored
      Make sure that all parameters and return values of hash callback
      functions exactly match the callback function type. This is required
      to pass clang's Control Flow Integrity checks and to allow compilation
      to asm.js with Emscripten.
      Fixes bug 784861.
    • Vlad Tsyrklevich's avatar
      Refactor name and type signature for xmlNop · 28f52fe8
      Vlad Tsyrklevich authored
      Update xmlNop's name to xmlInputReadCallbackNop and its type signature
      to match xmlInputReadCallback.
      Fixes bug 786134.
  18. 09 Oct, 2017 2 commits
    • Nick Wellnhofer's avatar
      Fix the Windows header mess · e3890546
      Nick Wellnhofer authored
      Don't include windows.h and wsockcompat.h from config.h but only when
      Don't define _WINSOCKAPI_ manually. This was apparently done to stop
      windows.h from including winsock.h which is a problem if winsock2.h
      wasn't included first. But on MinGW, this causes compiler warnings.
      Define WIN32_LEAN_AND_MEAN instead which has the same effect.
      Always use the compiler-defined _WIN32 macro instead of WIN32.
    • Nick Wellnhofer's avatar
      Fix pointer/int cast warnings on 64-bit Windows · d422b954
      Nick Wellnhofer authored
      On 64-bit Windows, `long` is 32 bits wide and can't hold a pointer.
      Switch to ptrdiff_t instead which should be the same size as a pointer
      on every somewhat sane platform without requiring C99 types like
      Fixes bug 788312.
      Thanks to J. Peter Mugaas for the report and initial patch.
  19. 19 Sep, 2017 1 commit
  20. 13 Sep, 2017 1 commit
    • Nick Wellnhofer's avatar
      Handle more invalid entity values in recovery mode · abbda93c
      Nick Wellnhofer authored
      In attribute content, don't emit entity references if there are
      problems with the entity value. Otherwise some illegal entity values
          <!ENTITY a '&#38;#x123456789;'>
      would later cause problems like integer overflow.
      Make xmlStringLenDecodeEntities return NULL on more error conditions
      including invalid char refs and errors from recursive calls. Remove
      some fragile error checks based on lastError that shouldn't be
      needed now. Clear the entity content in xmlParseAttValueComplex if
      an error was found.
      Found by OSS-Fuzz. Should fix bug 783052.
      Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3343
  21. 07 Sep, 2017 1 commit
  22. 30 Aug, 2017 1 commit
  23. 28 Aug, 2017 1 commit
    • Stéphane Michaut's avatar
      Porting libxml2 on zOS encoding of code · 454e397e
      Stéphane Michaut authored
      First set of patches for zOS
      - entities.c parser.c tree.c xmlschemas.c xmlschemastypes.c xpath.c xpointer.c:
        ask conversion of code to ISO Latin 1 to avoid having the compiler assume
        EBCDIC codepoint for characters.
      - xmlmodule.c: make sure we have support for modules
      - xmlIO.c: zOS path names are special avoid dsome of the expectstions from
  24. 25 Jul, 2017 1 commit
  25. 04 Jul, 2017 1 commit
  26. 20 Jun, 2017 6 commits
    • Nick Wellnhofer's avatar
      Fix NULL deref in xmlParseExternalEntityPrivate · 3eef3f39
      Nick Wellnhofer authored
      If called from xmlParseExternalEntity, oldctxt is NULL which leads to
      a NULL deref if an error occurs. This only affects external code that
      calls xmlParseExternalEntity.
      Patch from David Kilzer with minor changes.
      Fixes bug 780159.
    • Nick Wellnhofer's avatar
      Get rid of "blanks wrapper" for parameter entities · 872fea94
      Nick Wellnhofer authored
      Now that replacement of parameter entities goes exclusively through
      xmlSkipBlankChars, we can account for the surrounding space characters
      there and remove the "blanks wrapper" hack.
    • Nick Wellnhofer's avatar
      Make sure not to call IS_BLANK_CH when parsing the DTD · d9e43c7d
      Nick Wellnhofer authored
      This is required to get rid of the "blanks wrapper" hack. Checking the
      return value of xmlSkipBlankChars is more efficient, too.
    • Nick Wellnhofer's avatar
      Remove unnecessary calls to xmlPopInput · 453dff1e
      Nick Wellnhofer authored
      It's enough if xmlPopInput is called from xmlSkipBlankChars. Since the
      replacement text of a parameter entity is surrounded with space
      characters, that's the only place where the replacement can end in a
      well-formed document.
      This is also required to get rid of the "blanks wrapper" hack.
    • Nick Wellnhofer's avatar
      Simplify handling of parameter entity references · aa267cd1
      Nick Wellnhofer authored
      There are only two places where parameter entity references must be
      handled. For the internal subset in xmlParseInternalSubset. For the
      external subset or content from other external PEs in xmlSkipBlankChars.
      Make sure that xmlSkipBlankChars skips over sequences of PEs and
      whitespace. Rely on xmlSkipBlankChars instead of calling
      xmlParsePEReference directly when in the external subset or a
      conditional section.
      xmlParserHandlePEReference is unused now.
    • Nick Wellnhofer's avatar
      Fix xmlHaltParser · 24246c76
      Nick Wellnhofer authored
      Pop all extra input streams before resetting the input. Otherwise,
      a call to xmlPopInput could make input available again.
      Also set input->end to input->cur.
      Changes the test output for some error tests. Unfortunately, some
      fuzzed test cases were added to the test suite without manual cleanup.
      This makes it almost impossible to review the impact of later changes
      on the test output.
  27. 17 Jun, 2017 2 commits
    • Nick Wellnhofer's avatar
      Spelling and grammar fixes · 8bbe4508
      Nick Wellnhofer authored
      Fixes bug 743172, bug 743489, bug 769632, bug 782400 and a few other
    • Nick Wellnhofer's avatar
      Rework entity boundary checks · 5f440d8c
      Nick Wellnhofer authored
      Make sure to finish all entities in the internal subset. Nevertheless,
      readd a sanity check in xmlParseStartTag2 that was lost in my previous
      commit. Also add a sanity check in xmlPopInput. Popping an input
      unexpectedly was the source of many recent memory bugs. The check
      doesn't mitigate such issues but helps with diagnosis.
      Always base entity boundary checks on the input ID, not the input
      pointer. The pointer could have been reallocated to the old address.
      Always throw a well-formedness error if a boundary check fails. In a
      few places, a validity error was thrown.
      Fix a few error codes and improve indentation.