Setting these deprecated globals hasn't had an effect for a long time.
Make them constants. This reduces the size of per-thread storage from
~700 to ~250 bytes.
Linking executables will fail on systems with glibc < 2.34 without
declaring these symbols as weak references.
In commit c19771c1f1 these references
were moved to globals.c from threads.c, but the `#pragma weak`
declarations were lost in the process.
Also removing unneeded weak declarations from threads.c.
It seems that thread-local storage destructors are run before pthread
thread-specific data destructors on Darwin, defeating our scheme to use
TSD to clean up TLS.
Here's an example program that reports a use-after-free when compiled
with `-fsanitize=address` on macOS:
#include <pthread.h>
typedef struct {
int v;
} my_struct;
static _Thread_local my_struct tls;
pthread_key_t key;
void dtor(void *tsd) {
my_struct *s = (my_struct *) tsd;
/*
* This will crash ASan, apparently because
* TLS has already been freed.
*/
s->v = 1;
}
void *thread(void *p) {
pthread_setspecific(key, &tls);
return NULL;
}
int main(void) {
pthread_key_create(&key, dtor);
pthread_t handle;
pthread_create(&handle, NULL, thread, NULL);
pthread_join(handle, NULL);
return 0;
}
Also use thread-local storage to store globals on POSIX platforms.
Most importantly, this makes sure that global variable access can't fail
when allocating the global state struct.
If DllMain is used, rely on it working as expected. The old code seemed
to attempt to free global state of other threads if, for some reason,
the DllMain mechanism didn't work.
In a static build, register a destructor with
RegisterWaitForSingleObject.
Make public functions xmlGetGlobalState and xmlInitializeGlobalState
no-ops.
Move initialization and registration of global state objects to
xmlInitGlobalState. Lookup global state with xmlGetThreadLocalStorage
which can be inlined nicely.
Also cleanup global state when using TLS. xmlLastError must be reset.
Change the default handler definitions to match the result after calling
the initialization functions.
This makes sure that no thread-local variables are accessed when calling
xmlInitParser.
Remove explicit integer casts as final operation
- in assignments
- when passing arguments
- when returning values
Remove casts
- to the same type
- from certain range-bound values
The main motivation is that these explicit casts don't change the result
of operations and only render UBSan's implicit-conversion checks
useless. Removing these casts allows UBSan to detect cases where
truncation or sign-changes occur unexpectedly.
Document some explicit casts as truncating and add a few missing ones.
Private functions were previously declared
- in header files in the root directory
- in public headers guarded with IN_LIBXML
- in libxml.h
- redundantly in source files that used them.
Consolidate all private header files in include/private.
Somewhat misleadingly, the DOC_DISABLE directive only disabled warnings.
Now we really stop the documentation generator from indexing.
This results in additional warnings for xmlThrDef* functions. This should
be fixed by documenting or deprecating them.
These functions shouldn't be part of the public API. Most init
functions are only thread-safe when called from xmlInitParser. Global
variables should only be cleaned up by calling xmlCleanupParser.
This code has been broken and deprecated since version 2.6.0, released
in 2003. Because of a bug in commit 961b535c, DOCBparser.c was never
compiled since 2012. I couldn't find a Debian package using any of its
symbols, so it seems safe to remove this module.
Before, we tried to reset the last error in xmlCleanupParser. But if
xmlCleanupParser wasn't called from the main thread, this would reset
the thread-local error object. xmlCleanupGlobals has access to the
error object of the main thread and can reset it reliably.
Introduce xmlPosixStrdup, an internal strdup implementation matching the
POSIX strdup type signature, and update xmlMemStrdup to use it.
Thanks to Vlad Tsyrklevich for the initial patch.