This allows to perform XML element validation skipping errors without recreating
a validation context. Tested it in runsuite.c in the rngTestStreaming() method.
Also added xmlRegExecClearErrors(exec) as necessary.
Use C11 atomics if available. Otherwise, fall back to pthread mutex
inlined in xmlDict struct or Win32 atomics.
This should fix lock contention reported in #970.
Relying on a plain integer flag, with no synchronization primitives does
not give thread-safe initialization. All reads & writes of the
xmlSchemaTypesInitialized flag need to be protected by a mutex to ensure
suitable memory barriers & thus correct ordering wrt any speculative
execution.
A separate internal initializer tied to xmlParserInit is used to create
the mutex used for synchronization, similarly to how catalog.c works.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Relying on a plain integer flag, with no synchronization primitives does
not give thread-safe initialization. All reads & writes of the
xmlSchemaTypesInitialized flag need to be protected by a mutex to ensure
suitable memory barriers & thus correct ordering wrt any speculative
execution.
A separate internal initializer tied to xmlParserInit is used to create
the mutex used for synchronization, similarly to how catalog.c works.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
We currently only handle "Validity constraint: Proper Declaration/PE
Nesting", but we must detect "Well-formedness constraint: PE Between
Declarations" separately:
> The replacement text of a parameter entity reference in a DeclSep must
> match the production extSubsetDecl.
PEs in DeclSeps are PEs that start with a full markup declaration (or
another PE). These are handled in xmParse{Internal|External}Subset. We
set a flag on these PEs and don't close them implicitly in
xmlSkipBlankCharsPE. This will make unterminated declarations in such
PEs cause a parser error. The PEs are closed explicitly in
xmParse{Internal|External}Subset, the only location where they are
allowed to end.
The previous refactor painstakingly recreated the different behavior of
separate functions that were merged. It makes
Optimize IS_CHAR check for non-ASCII chars.
Don't use encoding from meta tags when serializing. Only use the value
in `doc->encoding`, matching the XML serializer. This is the actual
encoding used when parsing.
Stop modifying the input document by setting meta tags before
serializing. Meta tags are now injected during serialization.
Add full support for <meta charset=""> which is also used when adding
meta tags.
Align with HTML5 and implement the "algorithm for extracting a character
encoding from a meta element". Only modify the encoding substring in
Content-Type meta tags.
Only switch encoding once when parsing.
Fix htmlSaveFileFormat with a NULL encoding not to declare a misleading
UTF-8 charset.
Fixes#909.
Unlike iconv or the internal converters, ICU consumes truncated multi-
byte sequences at the end of an input buffer. We currently check for a
non-empty raw input buffer to detect truncated sequences, so this fails
with ICU.
It might be possible to inspect the pivot buffer pointers, but it seems
cleaner to implement a `flush` flag for some encoding and I/O functions.
After flushing, we can check for U_TRUNCATED_CHAR_FOUND with ICU, or
detect remaining input with other converters.
Also fix detection of truncated sequences for HTML, XML content and
DTDs with iconv.
Another regression related to reading from stdin.
Making a "-" filename read from stdin was deeply baked into the core
IO code but is inherently insecure. I really want to reenable this
dangerous feature as sparingly as possible.
This now enables compressed input when using the "Fd" API functions
which wan't supported before. But XML_PARSE_NO_UNZIP will be
inverted later.
Allow compressed stdin in xmlReadFile to support xmlstarlet and older
versions of xsltproc. So far, these are the only known command-line
tools that rely on "-" meaning stdin.
Growing by a factor lower than the golden ratio increases the chances of
reusing memory freed from earlier allocations. Set growth rate to 1.5
which also reduces internal fragmentation.
xmlGrowCapacity makes sure that dynamic arrays don't grow beyond an
explicit maximum size. size_t considerations are also taken into account.
A macro XML_MAX_ITEMS is provided as default maximum with value
1 billion.
When fuzzing, the initial size is set to 1 to cause more reallocations.
This can require adjustments if callers really need larger arrays.
When push parsing, we want to convert as much of the input as possible.
When pull parsing memory buffers, we want to convert data chunk by chunk
to save memory.
Always use what the old implementation called the "IO" allocation
scheme, allowing to move the content pointer past the initial
allocation. This is inexpensive and allows efficient shrinking.
Optimize xmlBufGrow, reusing shrunken memory as much as possible.
Simplify xmlBufAdd.
Make xmlBufBackToBuffer return an error on overflow.
Make "size" exclude the terminating NULL byte.
Always provide an initial size.
Reintroduce static buffers.
Remove xmlBufResize and several other functions.
