- Apr 23, 2024
-
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
The reader API is fuzzed separately now.
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
This should only be done in xmlParseReference. The handling of undeclared entities is still somewhat inconsistent. In element content we create references even if entity substitution is enabled. In attribute values undeclared entities are always ignored.
-
Nick Wellnhofer authored
Always use XML_WAR_UNDECLARED_ENTITY with warning error level in documents with external subset or parameter entities. Use XML_ERR_UNDECLARED_ENTITY otherwise.
-
Nick Wellnhofer authored
Always use spaces and indent_size=4 except for Makefiles.
-
- Apr 22, 2024
-
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
Also report malloc failures. Fixes #607.
-
Nick Wellnhofer authored
Use an xmlOutputBuffer. Report malloc failures.
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
Don't use 'curnode' which might be an attribute or namespace node which doesn't have an 'extra' member.
-
Nick Wellnhofer authored
-
- Apr 19, 2024
-
-
The condition size > UINT_MAX - 10 is already checked earlier, so the check is always false.
-
Nick Wellnhofer authored
The node type was already checked earlier.
-
This variable is already NULL checked in the previous if condition.
-
This case is already checked at the start of the function. There it returns NULL, which seems more correct.
-
cur = node, and node cannot be NULL as it is checked at the start of the function.
-
- Apr 18, 2024
-
-
Nick Wellnhofer authored
Match the behavior of xmlSplitQName and xmlSplitQName4.
-
- Apr 15, 2024
-
-
Nick Wellnhofer authored
Also decode entities in namespace URIs if entity substitution wasn't requested. This should fix some corner cases when comparing namespace URIs. The Namespaces in XML 1.0 spec says: > In a namespace declaration, the URI reference is the normalized value > of the attribute, so replacement of XML character and entity > references has already been done before any comparison. Make the serialization code escape special characters in namespace URIs like in attribute values. This fixes serialization if entities were substituted when parsing. Fixes libxslt#106
-
- Apr 14, 2024
-
-
Nick Wellnhofer authored
Avoid false positives in real OOM situations.
-
- Apr 09, 2024
-
-
Nick Wellnhofer authored
Avoid fuzzer timeouts caused by this known issue.
-
Nick Wellnhofer authored
Revert part of commit c5a8aef2 to make it safe to call the default SAX error handlers directly. This has been deprecated for a long time but even xmllint still uses these handlers. Should fix #713.
-
Nick Wellnhofer authored
Flush buffer before checking for errors.
-
Nick Wellnhofer authored
-
- Apr 05, 2024
-
-
Don't create cycles in tree structure. This will lead to an infinite loop or call stack overflow later. Closes: #711
-
Nick Wellnhofer authored
This would result in a spurious error.
-
Nick Wellnhofer authored
We don't want to exceed the size limit of 1 MB in uri.c. Such errors can't be distinguished from malloc failures.
-
- Apr 04, 2024
-
-
- Apr 02, 2024
-
-
Nick Wellnhofer authored
Most string functions can assume valid UTF-8. In order to detect malloc failures reliably, xmlUTF8Strsub should only return NULL if the start index is out of bounds or a memory allocation failed.
-
Nick Wellnhofer authored
See #255 and commit 85b1792e.
-
Nick Wellnhofer authored
libxml2 has limited support for reading and writing compressed data with the help of zlib and liblzma which used to be enabled by default. This only works for files read from the file system and never worked with memory buffers. My guess is that this feature is virtually unused. In light of the recently discovered xz backdoor, it's a good time to disable these features by default to reduce attack surface and prepare for eventual removal. If --with-legacy is passed to the Autotools build, compression will be enabled by default as before.
-
- Mar 30, 2024
-
-
Nick Wellnhofer authored
This function can malloc and doesn't report failures. Another design mistake is that xmlUnsetNsProp requires an xmlNs struct.
-
- Mar 29, 2024
-
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
This reverts commit 4b698dba. lxml assumes that xmlDocSetRootElement works with non-elements.
-
Nick Wellnhofer authored
Some users set href to NULL to unset a namespace without deleting it. Also change the duplicate check in xmlNewNs which must agree with xmlSearchNs. Short-lived regression from f960c60d.
-
Nick Wellnhofer authored
Commit 9e1c72da from 2001 introduced a bug where xmlAddPrevSibling and xmlAddNextSibling would only try to merge text nodes with one of its new siblings. Commit 4ccd3eb8 fixed this bug but unfortunately, lxml and possibly other downstream code depend on text nodes not being merged. To avoid breaking downstream code while still having somewhat consistent API behavior, it's probably best to make these functions never coalesce text nodes.
-
Nick Wellnhofer authored
Short-lived regression.
-
Nick Wellnhofer authored
xmlSAX2AppendChild can make several assumptions which make appending nodes more efficient. Also handle line numbers in xmlSAX2AppendChild.
-
Nick Wellnhofer authored
-