libxml2 correctly rejects any4_0.xsd as invalid schema. I can't figure
out what the intent behind this test case was. Simply adjust the
expected output to match the current behavior.
Closes#92.
When doc is NULL, namespace created in xmlTreeEnsureXMLDecl
is bind to newDoc->oldNs, in this case, set newDoc->oldNs to
NULL and free newDoc will cause a memory leak.
Found with libFuzzer.
Closes#82.
Previously, test/relaxng/ambig_name-class2.xml would fail to validate
against test/relaxng/ambig_name-class2.rng:
> test/relaxng/ambig_name-class2.rng:4:
> element attribute: Relax-NG parser error :
> Found anyName attribute without oneOrMore ancestor
> Relax-NG schema test/relaxng/ambig_name-class2.rng failed to compile
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
Previously, test/relaxng/ambig_name-class.xml would fail to validate
for a simple reason -- interleave within "open-name-class" context
is supposed to be fine with whatever else is pending the consumption,
since effectively, it's unrelated from a higher parsing perspective.
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
At least when merely public API is to be leveraged, one cannot use
xmlBufCreate function that would otherwise be a clear fit, and relying
on some invariants wrt. how some other struct fields will get
initialized along the construction/filling such parent struct and
(ab)using that instead does not appear clever, either.
Hence, instruct people what's the Right Thing for the moment, that is,
make them use xmlNodeDumpOutput instead (together with likewise public
xmlAllocOutputBuffer).
Going forward, it's questionable what do with xmlBuf* family of
functions that are once public, since they, for any practical purpose,
cannot be used by the library clients (that's how I've run into this).
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
`xml2-config --libs` prints static library linking information by default.
This is un-necessary for most programs, so introduce a new option, --dynamic,
which, when combined with --libs, only prints shared library linking information.
Using unsigned long instead of ptrdiff_t results in non-zero
pointer deltas being stored as zero delta, giving incorrect offsets
into arrays and hence out of bounds reads.
This patch fixes the issue in all places in parser.c and adds a macro
to reduce the chances of cut-and-paste errors.
Only affects platforms where 'sizeof(long) < sizeof(size_t)' like
64-bit Windows.
See https://bugs.chromium.org/p/chromium/issues/detail?id=894933Closes#44.
This is a partial revert of commit c71f9305. I'm not sure what issue
this commit was trying to solve but it seems to be related to a
circular dependency. It might be related to tree.h being included
from dict.h which is unnecessary.
Resolves!22.
If there's an error growing the input buffer when recovering from
invalid QNames, make sure to return NULL. Otherwise, callers could be
confused. In xmlParseStartTag2, for example, `tlen` could become
negative.
Found by OSS-Fuzz.
The patch fixes the parser not halting immediately when the error
handler attempts to stop the parser.
Rather it was running on and continuing to reference the freed buffer
in the while loop termination test.
This is only a problem if xmlStopParser is called from an error
handler. Probably caused by commit 123234f2. Fixes#58.
Since xmlFreePattern tried to free the next pattern recursively, its
behavior is identical to xmlFreePatternList. Make it call
xmlFreePatternList to avoid call stack overflows.
Found by OSS-Fuzz.
Consolidate code paths evaluating XPath predicates and filters.
Don't push context node on stack when evaluating predicates. I have no
idea why this was done. It seems completely useless and trying to pop
the context node from a corrupted stack has already caused security
issues.
Filter nodesets in-place and don't create node sets with NULL gaps which
allows to simplify merging a great deal. Simply move matched nodes
backward and create a compact node set.
Merge xmlXPathCompOpEvalPositionalPredicate into
xmlXPathCompOpEvalPredicate.
