The latest spec for what it essentially an XPath extension seems to be
this working draft from 2002:
https://www.w3.org/TR/xptr-xpointer/
The xpointer() scheme is listed as "being reviewed" in the XPointer
registry since at least 2006. libxml2 seems to be the only modern
software that tries to implement this spec, but the code has many bugs
and quality issues.
If you configure --with-legacy, old symbols are retained for ABI
compatibility.
The old code would invoke the broken xmlXPtrRangeToFunction. range-to
isn't really a function but a special kind of location step. Remove
this function and always handle range-to in the XPath code.
The old xmlXPtrRangeToFunction could also be abused to trigger a
use-after-free error with the potential for remote code execution.
Found with afl-fuzz.
Fixes CVE-2016-5131.
* check-xinclude-test-suite.py: improved the script accordingly
to the XInclude regression tests updates
* xpointer.c: Implemented XPointer element() Scheme W3C PR of 13
November 2002
* result/XPath/xptr/chapterschildseq result/XPath/xptr/vidchildseq
test/XPath/xptr/chapterschildseq test/XPath/xptr/vidchildseq:
augmented the Xpointer testsuite for the element() scheme
Daniel
- HTMLparser.c: some fixes on auto-open of html/head/body
- encoding.c: fixed a compilation error on some gcc env
- xpath.c xpointer.[ch] xpathInternals.h: improved the
XPointer implementation
- test/XPath/xptr/strpoint test/XPath/xptr/strrange3: added
related XPointer tests and associated results
Daniel
- xpointer.c: added support for the 2 extra parameters of
string-range, fixed a stoopid error when '0' was present
in XPointer expressions
- test/XPath/xptr/strrange2 result/XPath/xptr/strrange2: added
testsuite for the above
Daniel
- xpath.c xpointer.c: XPointer reorder of ranges start/end and
string-range for empty strings
- test/XPath/docs/str test/XPath/xptr/chaptersrange
test/XPath/xptr/strrange: augmented the XPointer testsuite
Daniel
- testXPath.c xpath.[ch]: moved some debug functions to xpath core
- xpointer.c: implemented string-range() at least a good first version
- test/XPath/docs/str test/XPath/xptr/strrange
result/XPath/xptr/strrange: the string-range() tests
Daniel
Added XPointer:
- configure.in Makefile.am include/makefile.am: adding XPointer
and XPtrtests target
- xpointer.[ch] : new files for XPointer support
- test/XPath/xptr result/XPath/xptr: added XPointer testsuite and
more XPath tests
Daniel
