Relying on a plain integer flag, with no synchronization primitives does
not give thread-safe initialization. All reads & writes of the
xmlSchemaTypesInitialized flag need to be protected by a mutex to ensure
suitable memory barriers & thus correct ordering wrt any speculative
execution.
A separate internal initializer tied to xmlParserInit is used to create
the mutex used for synchronization, similarly to how catalog.c works.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Relying on a plain integer flag, with no synchronization primitives does
not give thread-safe initialization. All reads & writes of the
xmlSchemaTypesInitialized flag need to be protected by a mutex to ensure
suitable memory barriers & thus correct ordering wrt any speculative
execution.
A separate internal initializer tied to xmlParserInit is used to create
the mutex used for synchronization, similarly to how catalog.c works.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The following strings are never allocated from a dict:
- xmlParserCtxt.version
- xmlParserCtxt.encoding
- xmlParserCtxt.extSubURI
- xmlParserCtxt.extSubSystem
- xmlDoc.version
- xmlDoc.encoding
- xmlDoc.URL
- xmlDTD.ExternalID
- xmlDTD.SystemID
- xmlID.value
Also make the struct members point to non-const chars to avoid casts
when freeing.
At some point, the `loadsubset` member was augmented to also control
handling of ID attributes in addition to loading of external DTDs. These
two features are unrelated and shouldn't have been mixed. This mistake
was probably inspired by the misnamed XML_DETECT_IDS flag. As a side
effect, setting XML_SKIP_IDS always enabled loading of external DTDs and
parameter entities.
This change makes it possible to ignore IDs without loading external
content. This is a deliberate API change that improves security and is
unlikely to affect users.
This also makes sure that the new XML_PARSE_SKIP_IDS option doesn't
enable unsafe behavior.
Also clean up catalog resolution and add error handling using the
global error.
Don't try to look up the resolved URI a second time.
Add some comments. Fix documentation.
We currently only handle "Validity constraint: Proper Declaration/PE
Nesting", but we must detect "Well-formedness constraint: PE Between
Declarations" separately:
> The replacement text of a parameter entity reference in a DeclSep must
> match the production extSubsetDecl.
PEs in DeclSeps are PEs that start with a full markup declaration (or
another PE). These are handled in xmParse{Internal|External}Subset. We
set a flag on these PEs and don't close them implicitly in
xmlSkipBlankCharsPE. This will make unterminated declarations in such
PEs cause a parser error. The PEs are closed explicitly in
xmParse{Internal|External}Subset, the only location where they are
allowed to end.
