Also set ctxt->base when updating ctxt->cur. Always restore ctxt->cur
on error. Avoids integer truncation and wrong column numbers in
xmlXPathErr.
Stop hiding modification of ctxt members behind a macro.
Found with UBSan.
First set of patches for zOS
- entities.c parser.c tree.c xmlschemas.c xmlschemastypes.c xpath.c xpointer.c:
ask conversion of code to ISO Latin 1 to avoid having the compiler assume
EBCDIC codepoint for characters.
- xmlmodule.c: make sure we have support for modules
- xmlIO.c: zOS path names are special avoid dsome of the expectstions from
Unix/Windows
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.
Found with afl-fuzz.
Fixes CVE-2016-4658.
The old code would invoke the broken xmlXPtrRangeToFunction. range-to
isn't really a function but a special kind of location step. Remove
this function and always handle range-to in the XPath code.
The old xmlXPtrRangeToFunction could also be abused to trigger a
use-after-free error with the potential for remote code execution.
Found with afl-fuzz.
Fixes CVE-2016-5131.
* SAX2.c dict.c error.c hash.c nanohttp.c parser.c python/libxml.c
relaxng.c runtest.c tree.c valid.c xinclude.c xmlregexp.c xmlsave.c
xmlschemas.c xpath.c xpointer.c: mostly removing unneded affectations,
but this led to a few real bugs and some part not yet understood
(relaxng/interleave)
* libxml2.syms: the symbols with history, going back to 2.4.30
* Makefile.am configure.in: linking flags detection and use
* parser.c tree.c valid.c xpointer.c: various cleanup of functions
which could be made static or simply discarded, not that many
* HTMLparser.c SAX2.c encoding.c globals.c parser.c relaxng.c
runsuite.c runtest.c schematron.c testHTML.c testReader.c
testRegexp.c testSAX.c testThreads.c valid.c xinclude.c xmlIO.c
xmllint.c xmlmodule.c xmlschemas.c xpath.c xpointer.c: a lot of
small cleanups based on Linus' sparse check output.
Daniel
* doc/apibuild.py doc/elfgcchack.xsl: revamped the elfgcchack.h
format to cope with gcc4 change of aliasing allowed scopes, had
to add extra informations to doc/libxml2-api.xml to separate
the header from the c module source.
* *.c: updated all c library files to add a #define bottom_xxx
and reimport elfgcchack.h thereafter, and a bit of cleanups.
* doc//* testapi.c: regenerated when rebuilding the API
Daniel
* gentest.py testapi.c: autogenerate a minimal NULL value sequence
for unknown pointer types
* HTMLparser.c SAX2.c chvalid.c encoding.c entities.c parser.c
parserInternals.c relaxng.c valid.c xmlIO.c xmlreader.c
xmlsave.c xmlschemas.c xmlschemastypes.c xmlstring.c xpath.c
xpointer.c: This uncovered an impressive amount of entry points
not checking for NULL pointers when they ought to, closing all
the open gaps.
Daniel
* xinclude.c: enhanced to assure that if xpointer is called
for a document, the XML_PARSE_NOENT flag is set before parsing
the included document so that entities will automatically get
taken care of.
* xpointer.c: corrected code so that, if an XML_ENTITY_REF node
is encountered, it will log it and not crash (bug 135713)
* python/generator.py, python/libxml2class.txt: fixed problem
pointed out by Stphane Bidoul on the list.
* xinclude.c, xpointer.c, xpath.c, include/libxml/xpointer.h:
completed modifications required to fix Bug 129967 (at last!).
Now wait to see how long before further trouble...
* parser.c, xmlmemory.c, include/libxml/xmlmemory.h: Fixed
memory leak reported by Dave Beckett
* xmlschemas.c: Removed spurious comment reported on the mailing
list
* xinclude.c, xpath.c, xpointer.c, libxml/include/xpointer.h:
Further work on Bug 129967 concerning xpointer range handling
and range-to function; much better, but still not complete
* xmlschemas.c: edited a couple of comments in accordance with
posting on the mailing list (no logic change)
* xpointer.c: working on Bug 129967, added check for NULL
nodeset to prevent crash. Further work required.
* xpath.c: working on Bug 129967, added code to handle
XPATH_LOCATIONSET in RANGETO code, also added code to
handle it in xmlXPathEvaluatePredicateResult. Further
work required.
* catalog.c,relaxng.c,testAutomata.c,xpointer.c,genChRanges.py,
chvalid.c,include/libxml/chvalid.h,doc/examples/test1.c:
minor error cleanup for gcc-3.3.[12] compilation warnings.
* HTMLparser.c c14n.c catalog.c error.c globals.c parser.c
parserInternals.c relaxng.c valid.c xinclude.c xmlIO.c xmlregexp.c
xmlschemas.c xpath.c xpointer.c include/libxml/globals.h
include/libxml/parser.h include/libxml/valid.h
include/libxml/xmlerror.h: Setting up the framework for structured
error reporting, touches a lot of modules, but little code now
the error handling trail has been cleaned up.
Daniel
* DOCBparser.c HTMLparser.c c14n.c catalog.c encoding.c globals.c
nanohttp.c parser.c parserInternals.c relaxng.c tree.c uri.c
xmlmemory.c xmlreader.c xmlregexp.c xpath.c xpointer.c
include/libxml/globals.h include/libxml/xmlmemory.h: added
xmlMallocAtomic() to be used when allocating blocks which
do not contains pointers, add xmlGcMemSetup() and xmlGcMemGet()
to allow registering the full set of functions needed by
a garbage collecting allocator like libgc, ref #109944
Daniel
* check-xinclude-test-suite.py: improved the script accordingly
to the XInclude regression tests updates
* xpointer.c: Implemented XPointer element() Scheme W3C PR of 13
November 2002
* result/XPath/xptr/chapterschildseq result/XPath/xptr/vidchildseq
test/XPath/xptr/chapterschildseq test/XPath/xptr/vidchildseq:
augmented the Xpointer testsuite for the element() scheme
Daniel
* configure.in: preparing 2.4.18
* doc/*: updated and rebuilt the web site
* *.c libxml.h: implement the new IN_LIBXML scheme discussed with
the Windows and Cygwin maintainers.
* parser.c: humm, changed the way the SAX parser work when
xmlSubstituteEntitiesDefault(1) is set, it will then
do the entity registration and loading by itself in case the
user provided SAX getEntity() returns NULL.
* testSAX.c: added --noent to test the behaviour.
Daniel
* c14n.c: Fixing #74186, made sure all boolean expressions
get fully parenthesized, ran indent on the output
* configure.in HTMLtree.c SAX.c c14n.c debugXML.c tree.c xpointer.c
include/libxml/tree.h: also #74186 related, removed the
--with-buffers option, and all the preprocessor conditional
sections that were resulting from it.
Daniel
* HTMLtree.c catalog.c debugXML.c entities.c nanoftp.c
parser.c valid.c xmlmemory.c xpath.c xpointer.c: started
integrating the non-controversial parts of Gary Pennington
multithread patches
* catalog.c: corrected a small bug introduced
Daniel
