1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-26 00:37:43 +03:00
Commit Graph

724 Commits

Author SHA1 Message Date
Daniel Veillard
28f5e1a2d6 Fix potential crash on entities errors
Related to https://bugs.launchpad.net/lxml/+bug/502959

Basically the core of the issue is that if an entity references another
entity, then in case we are replacing entities content, we should always
do so by copying the referenced content as long as the reference is
done within the entity. Otherwise, if for some reason there is a later
parsing error that entity content may be freed.

Complex scenario exposed by command:
thinkpad:~/XML/diveintopython-5.4/xml -> valgrind --db-attach=yes
../../xmllint --loaddtd --noout --noent diveintopython.xml

  Document references &a;
  a references &b;
  we references b content directly in by linking in the a content
  a has an error further down
  we free a, freeing the chunk from b
  Document references &b; after &a;
  we try to copy b content, but it was freed already => segfault

* parser.c: never reference directly entity content without copying if
  we aren't in the document main entity
2012-09-04 11:18:39 +08:00
Daniel Veillard
1f972e9f28 Cleanup some of the parser code
Prefetching assumptions about the amount of data read in GROW
should be backed up with test for 0 termination when at the
end of the buffer.
2012-08-15 10:16:37 +08:00
Daniel Veillard
968a03a2e5 Add support for big line numbers in error reporting
Fix the lack of line number as reported by Johan Corveleyn <jcorvel@gmail.com>

* parser.c include/libxml/parser.h: add an XML_PARSE_BIG_LINES parser
  option not switch on by default, it's an opt-in
* SAX2.c: if XML_PARSE_BIG_LINES is set store the long line numbers
  in the psvi field of text nodes
* tree.c: expand xmlGetLineNo to extract those informations, also
  make sure we can't fail on recursive behaviour
* error.c: in __xmlRaiseError, if a node is provided, call
  xmlGetLineNo() if we can't get a valid line number.
* xmllint.c: switch on XML_PARSE_BIG_LINES in xmllint
2012-08-13 12:41:33 +08:00
Daniel Veillard
5353bbf7dd More fixups on the push parser behaviour 2012-08-03 12:03:31 +08:00
Daniel Veillard
2b52aa0050 Strengthen behaviour of the push parser in problematic situations
Implement the maximum lookahead stategy, and fix some handling
of DTD to speed up processing.
2012-07-31 10:53:47 +08:00
Daniel Veillard
e7bf892d8c Improve error reporting on parser errors
The extra string was being dismissed when provided.
* parser.c: handle bot case properly
* result/: this changes a few error reports
2012-07-30 20:09:25 +08:00
Daniel Veillard
48b4cdde34 Enforce XML_PARSER_EOF state handling through the parser
That condition is one raised when the parser should positively stop
processing further even to report errors. Best is to test is after
most GROW call especially within loops
2012-07-30 16:16:04 +08:00
Daniel Veillard
0df83cae70 Fixup limits parser 2012-07-30 15:41:10 +08:00
Daniel Veillard
52d8ade7a7 Introduce some default parser limits
Those can be overrided by the XML_PARSE_HUGE option, they
are just default limits for Name lenght, dictionary size limits
and maximum amount of parser lookup.
* include/libxml/parserInternals.h: define the limits
* include/libxml/xmlerror.h: add a new error
* parser.c parserInternals.c: implements the new limits
2012-07-30 10:08:45 +08:00
Daniel Veillard
f572a78d58 More avoid quadratic behaviour 2012-07-23 14:24:28 +08:00
Daniel Veillard
5130481646 Impose a reasonable limit on PI size
Unless the XML_PARSE_HUGE option is given to the parser,
the value is XML_MAX_TEXT_LENGTH, i.e. the same than for a
text node within content.
Also cleanup some unsigned int used for memory size.
2012-07-23 14:24:28 +08:00
Daniel Veillard
6568645164 Avoid quadratic behaviour in some push parsing cases
avoid rescanning over and over a very long input, just check
the incoming chunks
2012-07-23 14:24:28 +08:00
Daniel Veillard
58f73aca1a Impose a reasonable limit on comment size
Unless the XML_PARSE_HUGE option is given to the parser,
the value is XML_MAX_TEXT_LENGTH, i.e. the same than for a
text node within content.
Also cleanup some unsigned int used for memory size.
2012-07-23 14:24:28 +08:00
Daniel Veillard
e17db9946c Impose a reasonable limit on attribute size
Unless the XML_PARSE_HUGE option is given to the parser,
the value is XML_MAX_TEXT_LENGTH, i.e. the same than for a
text node within content.
2012-07-23 14:24:27 +08:00
Daniel Veillard
00ac0d3b96 More cleanups for input/buffers code
When calling xmlParserInputBufferPush, the buffer may be reallocated
and at the input level the pointers for base, cur and end need to
be reevaluated.
* buf.c buf.h: add two new functions, one to get the base from the
  input of the buffer, and another one to reset the pointers based
  on the cur and base inded
* HTMLparser.c parser.c: cleanup to use the new helper functions
  as well as making sure size_t is used for the indexes computations
2012-07-23 14:24:27 +08:00
Daniel Veillard
61551a1eb7 Cleanup function xmlBufResetInput() to set input from Buffer
This was scattered in a number of modules, xmlParserInputPtr
have usually their base, cur and end pointer set from an
xmlBuf used as input.
* buf.c buf.h: add a new function implementing this setup
* parser.c HTMLparser.c catalog.c parserInternals.c xmlreader.c
  use the new function instead of digging into the buffer in
  all those modules
2012-07-23 14:24:27 +08:00
Daniel Veillard
768eb3b82d Convert XML parser to the new input buffers
The main changes are when the internal of the buffers structure
were adressed directly, we now use routines coming from buf.h
The routine xmlParserInputRead() which wasn't used anywhere is
deprecated too.
2012-07-23 14:24:26 +08:00
Daniel Veillard
4629ee02ac Do not fetch external parsed entities
Unless explicietely asked for when validating or replacing entities
with their value. Problem pointed out by Tom Lane <tgl@redhat.com>

* parser.c: do not load external parsed entities unless needed
* test/errors/extparsedent.xml result/errors/extparsedent.xml*:
  add a regression test to avoid change of the behaviour in the future
2012-07-23 14:15:40 +08:00
Daniel Veillard
459eeb9dc7 Fix parser local buffers size problems 2012-07-18 17:54:04 +08:00
Daniel Veillard
379ebc1d77 Cleanup on randomization
tsan reported that rand() is not thread safe, so create
a thread safe wrapper, use rand_r() if available.
Consolidate the function, initialization and cleanup in
dict.c and make sure it is initialized in xmlInitParser()
2012-05-18 15:41:31 +08:00
Daniel Veillard
ed35d3d7c3 Fix an uninitialized variable use
When compiled without SAX1 support
2012-05-11 10:52:27 +08:00
Lin Yi-Li
24464be639 Avoid memory leak if xmlParserInputBufferCreateIO fails
For https://bugzilla.gnome.org/show_bug.cgi?id=643949

In case of error on an IO creation input the given context
is terminated with the given close function, except if the
error happened in xmlParserInputBufferCreateIO. This can
lead to a resource leak which is fixed by this patch.
2012-05-10 16:14:55 +08:00
Bryan Henderson
8658d27d4f wrong message for double hyphen in comment XML error
The error message when you have a double hyphen in a comment is "comment
not terminated" and should be "double hyphen in comment".
2012-05-08 16:39:05 +08:00
Daniel Veillard
288bb6274f Fix an error in comment
nsWarn handler is not about parser fatal errors
2012-05-07 15:01:29 +08:00
Daniel Veillard
4aa68abb1c Try to fix a problem with entities in SAX mode
this is a problem which hit the raptor code and that small
patch should be a reliable workaround
2012-04-02 17:50:54 +08:00
Anders F Bjorklund
eae5261779 add lzma compression support 2012-01-27 22:19:52 +08:00
Daniel Veillard
5bd3c06182 Fix an allocation error when copying entities 2011-12-16 18:53:35 +08:00
Chris Evans
77404b8b69 Make sure the parser returns when getting a Stop order
patch backported from chromiun bug fixes, assuming author is Chris
2011-12-14 16:18:25 +08:00
Xia Xinfeng
5825ebb26a Fix some potential problems on reallocation failures(parser.c)
This problem is the same as d7958b21e7.
The operation "ctxt->nameMax * = 2;" should be placed after the function
call of xmlRealloc().
2011-11-11 13:43:27 +08:00
Daniel Veillard
4c4653e587 Add exception for new W3C PI xml-model 2011-06-05 11:29:29 +08:00
Daniel Veillard
c62efc847c Add options to ignore the internal encoding
For both XML and HTML, the document can provide an encoding
either in XMLDecl in XML, or as a meta element in HTML head.
This adds options to ignore those encodings if the encoding
is known in advace for example if the content had been converted
before being passed to the parser.

* parser.c include/libxml/parser.h: add XML_PARSE_IGNORE_ENC option
  for XML parsing
* include/libxml/HTMLparser.h HTMLparser.c: adds the
  HTML_PARSE_IGNORE_ENC for HTML parsing
* HTMLtree.c: fix the handling of saving when an unknown encoding is
  defined in meta document header
* xmllint.c: add a --noenc option to activate the new parser options
2011-05-26 11:47:37 +08:00
Rob Richards
c794eb5bb0 Fix memory corruption
when xmlParseBalancedChunkMemoryInternal is called from xmlParseBalancedChunk
2011-02-18 12:17:17 -05:00
Giuseppe Iuculano
48f7dcb724 480323 add code to plug in ICU converters by default
This is not configured in by default but after some serious massaging
incorporate that patch from Chromium/Chrome.
2010-11-04 17:42:42 +01:00
Daniel Veillard
60587d6ebd 606592 update language ID parser to RFC 5646
Mostly except we keep support for some older constructs and
don't implement extension or privateuse. It's messy because
it's used mostly by XSD datatype which itself reference RFC 3066
and suggests a lexical space completely different from what
5646 defines.
2010-11-04 15:16:27 +01:00
Nikolay Sivov
e6ad10a5b9 Cleanup encoding pointer comparison
* parser.c: Compare encoding pointer with a NULL instead of
  xmlCharEncoding enum value 0 then casted to char * !
2010-11-01 11:35:14 +01:00
Mike Hommey
e6f05099e8 Fix a potential segfault due to weak symbols on pthreads
In xmlInitParser, both __xmlGlobalInitMutexLock and xmlInitGlobals are
called before xmlInitThreads, and both use pthread symbols.
__xmlGlobalInitMutexLock does so directly, without checking if the symbol
exists, and xmlInitGlobals calls xmlNewMutex, which correctly depends on
libxml_is_threaded... except libxml_is_threaded is still -1 by then...
And again, when releasing the global mutex in __xmlGlobalInitMutexUnlock,
the pthread function is called directly.

The patch changes the initialization order and make sure the functions
are available before calling them
2010-10-15 19:50:03 +02:00
Raul Hudea
ba9716a197 ChunkParser: Incorrect decoding of small xml files
if encoding was autodetected, in xmlParseChunk, if initial size is 86 (a
chunk in UTF-16 encoding), the code that tries to read only the first line
will set the size to 90, which eventually leads to a memmove of 90 bytes
(in xmlBufferAdd) which will copy extra random memory bytes, which will
make the parser to fail because of these extra bytes.
2010-03-15 10:13:29 +01:00
Daniel Veillard
47cd14e850 Fix encoding selection for xmlParseInNodeContext
* parser.c: use the encoding from the document to parse the chunk
2010-02-04 18:49:01 +01:00
Daniel Veillard
59df7834a2 608773 add a missing check in xmlGROW
* parser.c: check that the input buffer is non null before dereferencing it
2010-02-02 10:24:01 +01:00
Daniel Veillard
e20fb5a72c Fix xmlParseInNodeContext for HTML content
xmlParseInNodeContext notices that the enclosing document is
an HTML document, so invoke the HTML parser for that fragment, and
the HTML parser finding a "<p>hello world!</p>" document automatically
augment it with defaulted <html> and <body>. This defaulting should
be turned off in the HTML parser for this to work, but there is no
such HTML parser option. There is an htmlOmittedDefaultValue global
variable that you could use, but really we should not rely on global
variable for processing options anymore, best is to add an
HTML_PARSE_NOIMPLIED.
* include/libxml/HTMLparser.h: add the HTML_PARSE_NOIMPLIED parser flag
* HTMLparser.c: do add implied element if HTML_PARSE_NOIMPLIED is set
* parser.c: add HTML_PARSE_NOIMPLIED to options for xmlParseInNodeContext
  on HTML documents
2010-01-29 20:47:08 +01:00
Nikolay Sivov
7304683335 Correct variable type to unsigned
* parser.c: fix len sign in xmlParseChunk()
2010-01-19 15:38:05 +01:00
Daniel Veillard
9d3d141c41 Fix a parsing problem with little data at startup
* parser.c: inkscape extension loader (and possibly others) feed
  data to the parser very slowly, 0 at start, 4 bytes on first GROW
  and this broke after the fix for
  https://bugzilla.gnome.org/show_bug.cgi?id=566012
  http://git.gnome.org/cgit/libxml2/commit/?id=7e385bd4e28a0cc12b6b26ed178c620e3c3ab8d8
  leading to another bug
  https://bugzilla.redhat.com/show_bug.cgi?id=523002
  this detects the situation and GROW when needed for proper processing.
2009-09-15 18:41:30 +02:00
Daniel Veillard
594e5dfb48 Chasing dead assignments reported by clang-scan
* SAX2.c dict.c error.c hash.c nanohttp.c parser.c python/libxml.c
  relaxng.c runtest.c tree.c valid.c xinclude.c xmlregexp.c xmlsave.c
  xmlschemas.c xpath.c xpointer.c: mostly removing unneded affectations,
  but this led to a few real bugs and some part not yet understood
  (relaxng/interleave)
2009-09-07 14:58:47 +02:00
Daniel Veillard
d44b936499 A few more safety cleanup raised by scan
* SAX2.c encoding.c parser.c xmlschemas.c: a few more safety checks
* relaxng.c: remove an unused intitialization
2009-09-07 12:15:08 +02:00
Daniel Veillard
76d364583e Fixing assorted potential problems raised by scan
* encoding.c parser.c relaxng.c runsuite.c tree.c xmlreader.c
  xmlschemas.c: nothing really serious but better safe than sorry
2009-09-07 11:19:33 +02:00
Daniel Veillard
154956103d Potential uninitialized arguments raised by scan
* parser.c: ctxt->sax2 is not supposed to change suring parsing
  but better safe than sorry and initialize prefix and URI used in
  SAX2 callbacks.
2009-09-05 15:04:41 +02:00
Daniel Veillard
13cee4e37b Fix a bunch of scan 'dead increments' and cleanup
* HTMLparser.c c14n.c debugXML.c entities.c nanohttp.c parser.c
  testC14N.c uri.c xmlcatalog.c xmllint.c xmlregexp.c xpath.c:
  fix unused variables, or unneeded increments as well as a couple
  of space issues
* runtest.c: check for NULL before calling unlink()
2009-09-05 14:52:55 +02:00
Daniel Veillard
74eaec1496 502960 provide namespace stack when parsing entity
* parser.c: copy the entity stack
* SAX2.c: fix the warning message for default entities
2009-08-26 15:57:20 +02:00
Daniel Veillard
a6c76a26ca 566012 part 2 fix regresion tests and push mode
* test/utf16bebom.xml: regression test showed that this test case was
  broken but previous behaviour would not detect it !
* parser.c: fix 566012 for the push mode of the parser, tricky !
* test/ebcdic_566012.xml result//ebcdic_566012.xml*: add the test to the
  regression suite
2009-08-26 14:37:00 +02:00
Daniel Veillard
7e385bd4e2 566012 autodetected encoding and encoding conflict
* encoding.c parser.c parserInternals.c: when we autodetect an encoding
  but it's actually not completely compatible with the one declared
  great care must be taken to not convert more than just the first line.
  Led to some refactoring, more private functions and a bit of cleanup.
2009-08-26 11:38:49 +02:00