Don't include windows.h and wsockcompat.h from config.h but only when
needed.
Don't define _WINSOCKAPI_ manually. This was apparently done to stop
windows.h from including winsock.h which is a problem if winsock2.h
wasn't included first. But on MinGW, this causes compiler warnings.
Define WIN32_LEAN_AND_MEAN instead which has the same effect.
Always use the compiler-defined _WIN32 macro instead of WIN32.
test/HTML/758518-entity.html exposed a bug in pushParseTest() in
runtest.c which assumed that an input file was at least 4 bytes long.
That test case is only 3 bytes, so we now take the minimum of 4 bytes
or the length of the test input. We also now use 'chunkSize' in place
of the hard-coded value '1024' later in the function.
There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.
Percent sign in DTD Names
=========================
The NEXTL macro used to call xmlParserHandlePEReference. When parsing
"complex" names inside the DTD, this could result in entity expansion
which created a new input buffer. The fix is to simply remove the call
to xmlParserHandlePEReference from the NEXTL macro. This is safe because
no users of the macro require expansion of parameter entities.
- xmlParseNameComplex
- xmlParseNCNameComplex
- xmlParseNmtoken
The percent sign is not allowed in names, which are grammatical tokens.
- xmlParseEntityValue
Parameter-entity references in entity values are expanded but this
happens in a separate step in this function.
- xmlParseSystemLiteral
Parameter-entity references are ignored in the system literal.
- xmlParseAttValueComplex
- xmlParseCharDataComplex
- xmlParseCommentComplex
- xmlParsePI
- xmlParseCDSect
Parameter-entity references are ignored outside the DTD.
- xmlLoadEntityContent
This function is only called from xmlStringLenDecodeEntities and
entities are replaced in a separate step immediately after the function
call.
This bug could also be triggered with an internal subset and double
entity expansion.
This fixes bug 766956 initially reported by Wei Lei and independently by
Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
involved.
xmlParseNameComplex with XML_PARSE_OLD10
========================================
When parsing Names inside an expanded parameter entity with the
XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
GROW macro if the input buffer was exhausted. At the end of the
parameter entity's replacement text, this function would then call
xmlPopInput which invalidated the input buffer.
There should be no need to invoke GROW in this situation because the
buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
at least for UTF-8, in xmlCurrentChar. This also matches the code path
executed when XML_PARSE_OLD10 is not set.
This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
Thanks to Marcel Böhme and Thuan Pham for the report.
Additional hardening
====================
A separate check was added in xmlParseNameComplex to validate the
buffer size.
Reviewed by David Kilzer.
* HTMLparser.c:
(htmlParseName): Add bounds check.
(htmlParseNameComplex): Ditto.
* result/HTML/758605.html: Added.
* result/HTML/758605.html.err: Added.
* result/HTML/758605.html.sax: Added.
* runtest.c:
(pushParseTest): The input for the new test case was so small
(4 bytes) that htmlParseChunk() was never called after
htmlCreatePushParserCtxt(), thereby creating a false positive
test failure. Fixed by using a do-while loop so we always call
htmlParseChunk() at least once.
* test/HTML/758605.html: Added.
For https://bugzilla.gnome.org/show_bug.cgi?id=611807
Using "make tests" to add new tests is error prone.
This patch implements a "runtest -u" mode that makes it much
easier to create baselines for new tests.
The runtests program currently fails with
Specific platform thread support not detected
on HP-UX, AIX and other Unix systems which do not match the conditional
#if defined(linux) || defined(__sun) || defined(__APPLE_CC__)
It is silly to try to enumerate all systems which use pthreads in a conditional
like this. I am attaching a patch (against git master) that rewrites the cpp
conditional structure so that pthreads is used if HAVE_PTHREAD_H is defined,
and moves that section of code down below the Win32 and BeOS cases so that
native thread libraries are used preferentially in those two cases.
* SAX2.c dict.c error.c hash.c nanohttp.c parser.c python/libxml.c
relaxng.c runtest.c tree.c valid.c xinclude.c xmlregexp.c xmlsave.c
xmlschemas.c xpath.c xpointer.c: mostly removing unneded affectations,
but this led to a few real bugs and some part not yet understood
(relaxng/interleave)
* HTMLparser.c c14n.c debugXML.c entities.c nanohttp.c parser.c
testC14N.c uri.c xmlcatalog.c xmllint.c xmlregexp.c xpath.c:
fix unused variables, or unneeded increments as well as a couple
of space issues
* runtest.c: check for NULL before calling unlink()
* relaxng.c: tiny fix and provide more context on some errors
* result/relaxng/558452_0* test/relaxng/558452*: add some regression
tests for the bugs
* Makefile.am runtest.c: fight with the fact streaming error messages
can differ due to missing node context
* c14n.c include/libxml/c14n.h: adds support for C14N 1.1,
new flags at the API level
* runtest.c Makefile.am testC14N.c xmllint.c: add support in CLI
tools and test binaries
* result/c14n/1-1-without-comments/* test/c14n/1-1-without-comments/*:
add a new batch of tests
* xmlreader.c: applied patch from Aswin to fix tree skipping
* include/libxml/entities.h entities.c: fixed a comment and
added a new xmlNewEntity() entry point
* runtest.c: be less verbose
* tree.c: space and tabs cleanups
daniel
svn path=/trunk/; revision=3774
Thu Aug 7 15:51:31 CEST 2008 Sven Herzberg <sven@imendio.com>
Bug 546629 – runtests doesn't pass on my mac
Reviewed by William M. Brack.
* runtest.c: use libpthread on Mac OS X as well
svn path=/trunk/; revision=3766
* xmlschemas.c runtest.c testapi.c include/libxml/xmlreader.h
python/types.c python/libxml_wrap.h python/libxml.c: fx compilation
when configured without the reader should fix#513110
* doc/*: regenerated
Daniel
svn path=/trunk/; revision=3743
* runtest.c schematron.c testAutomata.c tree.c valid.c xinclude.c
xmlcatalog.c xmlreader.c xmlregexp.c xpath.c: end of first
pass on coverity reports.
Daniel
* HTMLparser.c configure.in parserInternals.c runsuite.c runtest.c
testapi.c xmlschemas.c xmlschemastypes.c xmlstring.c: fixed a number
of warnings shown by HP-UX compiler and reported by Rick Jones
Daniel
* runtest.c: removed the error message
* relaxng.c xmlschemas.c: removed 2 instability warnings from function
documentation
* include/libxml/schemasInternals.h: changed warning about API stability
* xmlregexp.c: trying to improve runtime execution of non-deterministic
regexps and automata. Not fully finished but should be way better.
Daniel
* HTMLparser.c parser.c SAX2.c debugXML.c tree.c valid.c xmlreader.c
xmllint.c include/libxml/HTMLparser.h include/libxml/parser.h:
added a parser XML_PARSE_COMPACT option to allocate small
text nodes (less than 8 bytes on 32bits, less than 16bytes on 64bits)
directly within the node, various changes to cope with this.
* result/XPath/tests/* result/XPath/xptr/* result/xmlid/*: this
slightly change the output
Daniel
* relaxng.c: fixed bug #307377 about validation of choices in
list values.
* test/relaxng/307377* result/relaxng/307377* Makefile.am runtest.c:
added examples to the regression tests, problem is that streaming
version gives slightly more informations.
Daniel
* test/relaxng/docbook_0.xml: get rid of the dependancy on a locally
installed DTD
* uri.c include/libxml/uri.h xmlIO.c nanoftp.c nanohttp.c: try to
cleanup the Path/URI conversion mess, needed fixing in various
layers and a new API to the uri module which also fixes#306861
* runtest.c: integrated a regression test specific to check the
URI conversions done before calling the I/O handlers.
Daniel
* runtest.c: allows an extra argument to subset the tests
* xmlregexp.c: big speedup for validation, basically avoided
transition creation explosion when removing epsilon transition
Daniel
* HTMLparser.c SAX2.c encoding.c globals.c parser.c relaxng.c
runsuite.c runtest.c schematron.c testHTML.c testReader.c
testRegexp.c testSAX.c testThreads.c valid.c xinclude.c xmlIO.c
xmllint.c xmlmodule.c xmlschemas.c xpath.c xpointer.c: a lot of
small cleanups based on Linus' sparse check output.
Daniel
* error.c globals.c parser.c runtest.c testHTML.c testSAX.c
threads.c valid.c xmllint.c xmlreader.c xmlschemas.c xmlstring.c
xmlwriter.c include/libxml/parser.h include/libxml/relaxng.h
include/libxml/valid.h include/libxml/xmlIO.h
include/libxml/xmlerror.h include/libxml/xmlexports.h
include/libxml/xmlschemas.h: applied a patch from Marcus Boerger
to fix problems with calling conventions on Windows this should
fix#309757
Daniel