1. 03 Feb, 2017 1 commit
  2. 16 Jan, 2017 1 commit
  3. 03 Jan, 2017 11 commits
  4. 12 Oct, 2016 1 commit
  5. 13 Aug, 2016 1 commit
  6. 13 Jul, 2016 3 commits
  7. 03 Jul, 2016 5 commits
  8. 21 Jun, 2016 13 commits
    • Nick Wellnhofer's avatar
      Avoid infinite recursion after failed param evaluation · 7893a468
      Nick Wellnhofer authored
      Always mark variables as computed even if evaluation fails. This
      avoids infinite recursion and a stack overflow if a parameter whose
      evaluation failed is looked up again.
      Found with afl-fuzz.
    • Nick Wellnhofer's avatar
      Consolidate recursion checks · 1c8e0e55
      Nick Wellnhofer authored
      Move the check for potentially infinite recursion to
      xsltApplySequenceConstructor. In this function, both template and
      func:function calls can be handled. This also checks for the following
      case of infinite recursion in attribute sets found with afl-fuzz:
      <x:attribute-set name="set">
          <x:attribute name="attr">
              <elem x:use-attribute-sets="set"/>
      Rename funcLevel to depth and check against maxTemplateDepth. I hope it
      isn't a problem to rename an internal struct item.
    • Nick Wellnhofer's avatar
      Treat XSLT_STATE_STOPPED same as errors · 5816849e
      Nick Wellnhofer authored
      xsltApplyStylesheetInternal should treat a stopped transform the same
      as an error that didn't stop the transform and return NULL.
      Changes the output of some tests that cause errors.
    • Nick Wellnhofer's avatar
      Make sure that XSLT_STATE_STOPPED isn't overwritten · 91789dba
      Nick Wellnhofer authored
      Overwriting XSLT_STATE_STOPPED with XSLT_STATE_ERROR makes the
      transform continue. This is not what we want.
    • Nick Wellnhofer's avatar
      Stop if potential recursion is detected · ca745c6d
      Nick Wellnhofer authored
      Otherwise, processing can continue for an extremely long time.
    • Nick Wellnhofer's avatar
    • Nick Wellnhofer's avatar
      Consider built-in templates in apply-imports · 45ea7fc4
      Nick Wellnhofer authored
      The XSLT specification says about the built-in templates: "The built-in
      template rules are treated as if they were imported implicitly before
      the stylesheet and so have lower import precedence than all other
      template rules."
      That means that the apply-imports instruction needs to consider
      built-in templates, as "xsl:apply-imports processes the current node
      using only template rules that were imported into the stylesheet
      Fixes bug #654150:
    • Nick Wellnhofer's avatar
      Rewrite memory management of local RVTs · 470b1734
      Nick Wellnhofer authored
      The psvi slot of RVTs documents is used to store ownership information.
      XSLT_RVT_LOCAL for RVTs that are destroyed after the current instructions
      XSLT_RVT_VARIABLE for RVTs that are part of a local variable and are
      destroyed after the variable goes out of scope.
      XSLT_RVT_FUNC_RESULT for RVTs that are part of results returned with
      func:result. These RVTs won't be destroyed after exiting a template and
      will be reset to XSLT_RVT_LOCAL or XSLT_RVT_VARIABLE in the template
      that receives the return value.
      XSLT_RVT_GLOBAL for RVTs that are part of a global variable.
      The function xsltFlagRVTs is used for the following ownership
      - LOCAL or VARIABLE to FUNC_RESULT when returning a value with
      - FUNC_RESULT to LOCAL or VARIABLE when receiving a func:result.
      - LOCAL to GLOBAL after evaluating global variables or parameters.
      This obsoletes the element localRVTBase in the context struct and the
      xsltExtensionInstructionResultRegister function. Aside from the
      func:result implementation, the only reason for the old mechanism was
      to protect RVTs (which can only be returned from extension functions)
      in global variables from being destroyed too early. This is done
      automatically now, so there's no need for extension authors to call
      this function anymore.
      The function xsltExtensionInstructionResultFinalize is unsupported
      now. To the best of my knowledge, it isn't used outside of libxslt.
      Another benefit is that, in some cases, RVTs are freed earlier now.
      Also fixes bug #602531.
    • Nick Wellnhofer's avatar
      Validate QNames of attribute sets · fe54d5e0
      Nick Wellnhofer authored
    • Nick Wellnhofer's avatar
      Add xsl:attribute-set regression tests · b14acdfb
      Nick Wellnhofer authored
    • Nick Wellnhofer's avatar
      Ignore imported stylesheets in xsltApplyAttributeSet · 6b15a8fc
      Nick Wellnhofer authored
      All attribute sets are moved to the top stylesheets in the resolution
    • Nick Wellnhofer's avatar
      Fix precedence with multiple attribute sets · 05f70130
      Nick Wellnhofer authored
      Move the duplicate attribute check from xsltAttributeInternal to
      xsltMergeAttrSets. Fixes bug 764411:
    • Nick Wellnhofer's avatar
      Rework attribute set resolution · ca9edf23
      Nick Wellnhofer authored
      The old code
      - merged the use-attribute-sets and xsl:attributes of xsl:attribute-sets
        from imported stylesheets in a single step, resulting in precedence
        errors like bug #704071.
      - didn't handle namespaces of use-attribute-sets properly,
      - detected recursion but would still recurse infinitely leading to a
        stack overflow.
      Introduce a new struct xsltAttrSet that contains separate linked lists
      for xsl:attributes and QNames from use-attribute-sets. Resolve
      use-attribute-sets first. Merge attribute sets afterwards.
      Fixes bug #704071:
  9. 24 May, 2016 1 commit
    • Daniel Veillard's avatar
      Release of libxslt-1.1.29 · 9a1b3ddf
      Daniel Veillard authored
      * doc/xslt.html libxslt.spec.in configure.in: updated for the release
      * NEWS doc/news.html libxslt/xsltwin32config.h: regenerated
  10. 18 May, 2016 1 commit
  11. 17 May, 2016 1 commit
  12. 05 May, 2016 1 commit
    • Nick Wellnhofer's avatar
      Fix OOB heap read in xsltExtModuleRegisterDynamic · 87c3d9ea
      Nick Wellnhofer authored
      xsltExtModuleRegisterDynamic would read a byte before the start of a
      string under certain circumstances. I looks like this piece code was
      supposed to strip characters from the end of the extension name, but
      it didn't have any effect. Don't read beyond the beginning of the
      string and actually strip unwanted characters.
      Found with afl-fuzz and ASan.