Projects
openEuler:Mainline
libxml2
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:libxml2.spec
Changed
@@ -1,15 +1,29 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.9.14 -Release: 1 +Release: 9 License: MIT Group: Development/Libraries Source: https://download.gnome.org/sources/%{name}/2.9/%{name}-%{version}.tar.xz Patch0: libxml2-multilib.patch -Patch1: Fix-memleaks-in-xmlXIncludeProcessFlags.patch -Patch2: Fix-memory-leaks-for-xmlACatalogAdd.patch -Patch3: Fix-memory-leaks-in-xmlACatalogAdd-when-xmlHashAddEntry-failed.patch +Patch1: backport-Rework-validation-context-flags.patch +Patch2: backport-Remove-unneeded-code-in-xmlreader.c.patch +Patch3: backport-Don-t-add-IDs-containing-unexpanded-entity-reference.patch +Patch4: backport-Only-warn-on-invalid-redeclarations-of-predefined-en.patch +Patch5: backport-Add-XML_DEPRECATED-macro.patch +Patch6: Fix-memleaks-in-xmlXIncludeProcessFlags.patch +Patch7: Fix-memory-leaks-for-xmlACatalogAdd.patch +Patch8: Fix-memory-leaks-in-xmlACatalogAdd-when-xmlHashAddEntry-failed.patch +Patch9: backport-CVE-2022-40303-Fix-integer-overflows-with-XML_PARSE_.patch +Patch10: backport-CVE-2022-40304-Fix-dict-corruption-caused-by-entity-.patch +Patch11: backport-schemas-Fix-null-pointer-deref-in-xmlSchemaCheckCOSS.patch +Patch12: backport-parser-Fix-potential-memory-leak-in-xmlParseAttValue.patch +Patch13: backport-Fix-unused-variable-warnings-with-disabled-features.patch +Patch14: backport-Update-xmlStrlen-to-use-POSIX-ISO-C-strlen.patch +Patch15: backport-schemas-Fix-infinite-loop-in-xmlSchemaCheckElemSubst.patch +Patch16: backport-CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch +Patch17: backport-CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python3-devel @@ -37,7 +51,7 @@ Requires: zlib-devel Requires: xz-devel Requires: pkgconfig -Obsoletes: %{name}-static +Obsoletes: %{name}-static < %{version}-%{release} Provides: %{name}-static %description devel @@ -165,6 +179,48 @@ %changelog +* Thu Apr 20 2023 BruceGW <gyl93216@163.com> - 2.9.14-9 +- Type:CVE +- CVE:CVE-2023-28484 CVE-2023-29469 +- SUG:NA +- DESC:fix CVE-2023-28484CVE-2023-29469 + +* Mon Feb 27 2023 Zhipeng Xie <xiezhipeng1@huawei.com> - 2.9.14-8 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport upstream patches + +* Tue Nov 29 2022 Zhipeng Xie <xiezhipeng1@huawei.com> - 2.9.14-7 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport upstream patches + +* Tue Nov 29 2022 Zhipeng Xie <xiezhipeng1@huawei.com> - 2.9.14-6 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:modify patch names + +* Tue Nov 29 2022 Wentao Fan <fanwentao@huawei.com> - 2.9.14-5 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport upstream patches + +* Mon Nov 21 2022 fuanan <fuanan3@h-partners.com> - 2.9.14-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport upstream patches + +* Tue Nov 08 2022 fuanan <fuanan3@h-partners.com> - 2.9.14-3 +- fix CVE-2022-40303 CVE-2022-40304 + +* Tue Sep 13 2022 fuanan <fuanan3@h-partners.com> - 2.9.14-2 +- Fix Obsoletes in spec + * Wed Jul 13 2022 fuanan <fuanan3@h-partners.com> - 2.9.14-1 - Type:enhancement - ID:NA
View file
_service:tar_scm:backport-Add-XML_DEPRECATED-macro.patch
Added
@@ -0,0 +1,65 @@ +From a2fe74c08a9bd03cf5515b9e44d2005538b9f619 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sun, 20 Feb 2022 18:19:27 +0100 +Subject: PATCH 3/3 Add XML_DEPRECATED macro + +__attribute__((deprecated)) is available since at least GCC 3.1, so an +exact version check is probably unnecessary. +--- + include/libxml/xmlversion.h.in | 18 ++++++++++++++++++ + testapi.c | 3 +++ + 2 files changed, 21 insertions(+) + +diff --git a/include/libxml/xmlversion.h.in b/include/libxml/xmlversion.h.in +index f9f79a2f..b1d2a208 100644 +--- a/include/libxml/xmlversion.h.in ++++ b/include/libxml/xmlversion.h.in +@@ -456,6 +456,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); + # define LIBXML_ATTR_FORMAT(fmt,args) + #endif + ++#ifndef XML_DEPRECATED ++# ifdef IN_LIBXML ++# define XML_DEPRECATED ++# else ++/* Available since at least GCC 3.1 */ ++# define XML_DEPRECATED __attribute__((deprecated)) ++# endif ++#endif ++ + #else /* ! __GNUC__ */ + /** + * ATTRIBUTE_UNUSED: +@@ -475,6 +484,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); + * Macro used to indicate to GCC the parameter are printf like + */ + #define LIBXML_ATTR_FORMAT(fmt,args) ++/** ++ * XML_DEPRECATED: ++ * ++ * Macro used to indicate that a function, variable, type or struct member ++ * is deprecated. ++ */ ++#ifndef XML_DEPRECATED ++#define XML_DEPRECATED ++#endif + #endif /* __GNUC__ */ + + #ifdef __cplusplus +diff --git a/testapi.c b/testapi.c +index 4b091f0c..3a4dc2fe 100644 +--- a/testapi.c ++++ b/testapi.c +@@ -8,6 +8,9 @@ + * daniel@veillard.com + */ + ++/* Disable deprecation warnings */ ++#define XML_DEPRECATED ++ + #include "libxml.h" + #include <stdio.h> + +-- +2.27.0 +
View file
_service:tar_scm:backport-CVE-2022-40303-Fix-integer-overflows-with-XML_PARSE_.patch
Added
@@ -0,0 +1,618 @@ +From c846986356fc149915a74972bf198abc266bc2c0 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 25 Aug 2022 17:43:08 +0200 +Subject: PATCH CVE-2022-40303 Fix integer overflows with XML_PARSE_HUGE + +Also impose size limits when XML_PARSE_HUGE is set. Limit size of names +to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to +XML_MAX_HUGE_LENGTH (1 billion bytes). + +Move some the length checks to the end of the respective loop to make +them strict. + +xmlParseEntityValue didn't have a length limitation at all. But without +XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW. + +Thanks to Maddie Stone working with Google Project Zero for the report! +--- + parser.c | 233 +++++++++++++++++++++++++++++-------------------------- + 1 file changed, 121 insertions(+), 112 deletions(-) + +diff --git a/parser.c b/parser.c +index 93f031be..79479979 100644 +--- a/parser.c ++++ b/parser.c +@@ -102,6 +102,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt); + * * + ************************************************************************/ + ++#define XML_MAX_HUGE_LENGTH 1000000000 ++ + #define XML_PARSER_BIG_ENTITY 1000 + #define XML_PARSER_LOT_ENTITY 5000 + +@@ -552,7 +554,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info) + errmsg = "Malformed declaration expecting version"; + break; + case XML_ERR_NAME_TOO_LONG: +- errmsg = "Name too long use XML_PARSE_HUGE option"; ++ errmsg = "Name too long"; + break; + #if 0 + case: +@@ -3202,6 +3204,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNameComplex++; +@@ -3267,7 +3272,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } +@@ -3293,13 +3299,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3338,7 +3344,10 @@ const xmlChar * + xmlParseName(xmlParserCtxtPtr ctxt) { + const xmlChar *in; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + GROW; + +@@ -3362,8 +3371,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) { + in++; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3384,6 +3392,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + size_t startPosition = 0; + + #ifdef DEBUG +@@ -3404,17 +3415,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */ + (xmlIsNameChar(ctxt, c) && (c != ':'))) { + if (count++ > XML_PARSER_CHUNK_SIZE) { +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- return(NULL); +- } + count = 0; + GROW; + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + if (c == 0) { +@@ -3432,8 +3439,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3459,7 +3465,10 @@ static const xmlChar * + xmlParseNCName(xmlParserCtxtPtr ctxt) { + const xmlChar *in, *e; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNCName++; +@@ -3484,8 +3493,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) { + goto complex; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3567,6 +3575,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + const xmlChar *cur = *str; + int len = 0, l; + int c; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseStringName++; +@@ -3602,12 +3613,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + if (len + 10 > max) { + xmlChar *tmp; + +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- xmlFree(buffer); +- return(NULL); +- } + max *= 2; + tmp = (xmlChar *) xmlRealloc(buffer, + max * sizeof(xmlChar)); +@@ -3621,14 +3626,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + COPY_BUF(l,buffer,len,c); + cur += l; + c = CUR_SCHAR(cur, l); ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); ++ xmlFree(buffer); ++ return(NULL); ++ } + } + bufferlen = 0; + *str = cur; + return(buffer);
View file
_service:tar_scm:backport-CVE-2022-40304-Fix-dict-corruption-caused-by-entity-.patch
Added
@@ -0,0 +1,101 @@ +From 1b41ec4e9433b05bb0376be4725804c54ef1d80b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Wed, 31 Aug 2022 22:11:25 +0200 +Subject: PATCH CVE-2022-40304 Fix dict corruption caused by entity + reference cycles + +When an entity reference cycle is detected, the entity content is +cleared by setting its first byte to zero. But the entity content might +be allocated from a dict. In this case, the dict entry becomes corrupted +leading to all kinds of logic errors, including memory errors like +double-frees. + +Stop storing entity content, orig, ExternalID and SystemID in a dict. +These values are unlikely to occur multiple times in a document, so they +shouldn't have been stored in a dict in the first place. + +Thanks to Ned Williamson and Nathan Wachholz working with Google Project +Zero for the report! +--- + entities.c | 55 ++++++++++++++++-------------------------------------- + 1 file changed, 16 insertions(+), 39 deletions(-) + +diff --git a/entities.c b/entities.c +index 84435515..d4e5412e 100644 +--- a/entities.c ++++ b/entities.c +@@ -128,36 +128,19 @@ xmlFreeEntity(xmlEntityPtr entity) + if ((entity->children) && (entity->owner == 1) && + (entity == (xmlEntityPtr) entity->children->parent)) + xmlFreeNodeList(entity->children); +- if (dict != NULL) { +- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name))) +- xmlFree((char *) entity->name); +- if ((entity->ExternalID != NULL) && +- (!xmlDictOwns(dict, entity->ExternalID))) +- xmlFree((char *) entity->ExternalID); +- if ((entity->SystemID != NULL) && +- (!xmlDictOwns(dict, entity->SystemID))) +- xmlFree((char *) entity->SystemID); +- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI))) +- xmlFree((char *) entity->URI); +- if ((entity->content != NULL) +- && (!xmlDictOwns(dict, entity->content))) +- xmlFree((char *) entity->content); +- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig))) +- xmlFree((char *) entity->orig); +- } else { +- if (entity->name != NULL) +- xmlFree((char *) entity->name); +- if (entity->ExternalID != NULL) +- xmlFree((char *) entity->ExternalID); +- if (entity->SystemID != NULL) +- xmlFree((char *) entity->SystemID); +- if (entity->URI != NULL) +- xmlFree((char *) entity->URI); +- if (entity->content != NULL) +- xmlFree((char *) entity->content); +- if (entity->orig != NULL) +- xmlFree((char *) entity->orig); +- } ++ if ((entity->name != NULL) && ++ ((dict == NULL) || (!xmlDictOwns(dict, entity->name)))) ++ xmlFree((char *) entity->name); ++ if (entity->ExternalID != NULL) ++ xmlFree((char *) entity->ExternalID); ++ if (entity->SystemID != NULL) ++ xmlFree((char *) entity->SystemID); ++ if (entity->URI != NULL) ++ xmlFree((char *) entity->URI); ++ if (entity->content != NULL) ++ xmlFree((char *) entity->content); ++ if (entity->orig != NULL) ++ xmlFree((char *) entity->orig); + xmlFree(entity); + } + +@@ -193,18 +176,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type, + ret->SystemID = xmlStrdup(SystemID); + } else { + ret->name = xmlDictLookup(dict, name, -1); +- if (ExternalID != NULL) +- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1); +- if (SystemID != NULL) +- ret->SystemID = xmlDictLookup(dict, SystemID, -1); ++ ret->ExternalID = xmlStrdup(ExternalID); ++ ret->SystemID = xmlStrdup(SystemID); + } + if (content != NULL) { + ret->length = xmlStrlen(content); +- if ((dict != NULL) && (ret->length < 5)) +- ret->content = (xmlChar *) +- xmlDictLookup(dict, content, ret->length); +- else +- ret->content = xmlStrndup(content, ret->length); ++ ret->content = xmlStrndup(content, ret->length); + } else { + ret->length = 0; + ret->content = NULL; +-- +2.27.0 +
View file
_service:tar_scm:backport-CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch
Added
@@ -0,0 +1,74 @@ +From 647e072ea0a2f12687fa05c172f4c4713fdb0c4f Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Fri, 7 Apr 2023 11:46:35 +0200 +Subject: PATCH CVE-2023-28484 Fix null deref in xmlSchemaFixupComplexType + +Fix a null pointer dereference when parsing (invalid) XML schemas. + +Thanks to Robby Simpson for the report! + +Fixes #491. +--- + result/schemas/issue491_0_0.err | 1 + + test/schemas/issue491_0.xml | 1 + + test/schemas/issue491_0.xsd | 18 ++++++++++++++++++ + xmlschemas.c | 2 +- + 4 files changed, 21 insertions(+), 1 deletion(-) + create mode 100644 result/schemas/issue491_0_0.err + create mode 100644 test/schemas/issue491_0.xml + create mode 100644 test/schemas/issue491_0.xsd + +diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err +new file mode 100644 +index 00000000..9b2bb969 +--- /dev/null ++++ b/result/schemas/issue491_0_0.err +@@ -0,0 +1 @@ ++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'. +diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml +new file mode 100644 +index 00000000..e2b2fc2e +--- /dev/null ++++ b/test/schemas/issue491_0.xml +@@ -0,0 +1 @@ ++<Child xmlns="http://www.test.com">5</Child> +diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd +new file mode 100644 +index 00000000..81702649 +--- /dev/null ++++ b/test/schemas/issue491_0.xsd +@@ -0,0 +1,18 @@ ++<?xml version='1.0' encoding='UTF-8'?> ++<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.test.com" targetNamespace="http://www.test.com" elementFormDefault="qualified" attributeFormDefault="unqualified"> ++ <xs:complexType name="BaseType"> ++ <xs:simpleContent> ++ <xs:extension base="xs:int" /> ++ </xs:simpleContent> ++ </xs:complexType> ++ <xs:complexType name="ChildType"> ++ <xs:complexContent> ++ <xs:extension base="BaseType"> ++ <xs:sequence> ++ <xs:element name="bad" type="xs:int" minOccurs="0" maxOccurs="1"/> ++ </xs:sequence> ++ </xs:extension> ++ </xs:complexContent> ++ </xs:complexType> ++ <xs:element name="Child" type="ChildType" /> ++</xs:schema> +diff --git a/xmlschemas.c b/xmlschemas.c +index 17aa6dfa..36cd6730 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -18563,7 +18563,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt, + "allowed to appear inside other model groups", + NULL, NULL); + +- } else if (! dummySequence) { ++ } else if ((!dummySequence) && (baseType->subtypes != NULL)) { + xmlSchemaTreeItemPtr effectiveContent = + (xmlSchemaTreeItemPtr) type->subtypes; + /* +-- +2.27.0 +
View file
_service:tar_scm:backport-CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch
Added
@@ -0,0 +1,37 @@ +From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Fri, 7 Apr 2023 11:49:27 +0200 +Subject: PATCH CVE-2023-29469 Hashing of empty dict strings isn't + deterministic + +When hashing empty strings which aren't null-terminated, +xmlDictComputeFastKey could produce inconsistent results. This could +lead to various logic or memory errors, including double frees. + +For consistency the seed is also taken into account, but this shouldn't +have an impact on security. + +Found by OSS-Fuzz. + +Fixes #510. +--- + dict.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dict.c b/dict.c +index 26ce516d..57b76fae 100644 +--- a/dict.c ++++ b/dict.c +@@ -451,7 +451,8 @@ static unsigned long + xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) { + unsigned long value = seed; + +- if (name == NULL) return(0); ++ if ((name == NULL) || (namelen <= 0)) ++ return(value); + value += *name; + value <<= 5; + if (namelen > 10) { +-- +2.27.0 +
View file
_service:tar_scm:backport-Don-t-add-IDs-containing-unexpanded-entity-reference.patch
Added
@@ -0,0 +1,104 @@ +From e03590c9adfed2856866b5b1edaaf339b4523913 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 8 Feb 2022 02:42:30 +0100 +Subject: PATCH 3/3 Don't add IDs containing unexpanded entity references + +When parsing without entity substitution, IDs or IDREFs containing +unexpanded entity reference like "abc&x;def" could be created. We could +try to expand these entities like in validation mode, but it seems +safer to honor the request not to expand entities. We silently ignore +such IDs for now. +--- + SAX2.c | 41 ++++++++++++++++++++++------------------- + 1 file changed, 22 insertions(+), 19 deletions(-) + +diff --git a/SAX2.c b/SAX2.c +index edfb06f3..ae6181c4 100644 +--- a/SAX2.c ++++ b/SAX2.c +@@ -1368,7 +1368,12 @@ xmlSAX2AttributeInternal(void *ctx, const xmlChar *fullname, + #endif /* LIBXML_VALID_ENABLED */ + if (((ctxt->loadsubset & XML_SKIP_IDS) == 0) && + (((ctxt->replaceEntities == 0) && (ctxt->external != 2)) || +- ((ctxt->replaceEntities != 0) && (ctxt->inSubset == 0)))) { ++ ((ctxt->replaceEntities != 0) && (ctxt->inSubset == 0))) && ++ /* Don't create IDs containing entity references */ ++ (ret->children != NULL) && ++ (ret->children->type == XML_TEXT_NODE) && ++ (ret->children->next == NULL)) { ++ xmlChar *content = ret->children->content; + /* + * when validating, the ID registration is done at the attribute + * validation level. Otherwise we have to do specific handling here. +@@ -1379,16 +1384,16 @@ xmlSAX2AttributeInternal(void *ctx, const xmlChar *fullname, + * + * Open issue: normalization of the value. + */ +- if (xmlValidateNCName(value, 1) != 0) { ++ if (xmlValidateNCName(content, 1) != 0) { + xmlErrValid(ctxt, XML_DTD_XMLID_VALUE, + "xml:id : attribute value %s is not an NCName\n", +- (const char *) value, NULL); ++ (const char *) content, NULL); + } +- xmlAddID(&ctxt->vctxt, ctxt->myDoc, value, ret); ++ xmlAddID(&ctxt->vctxt, ctxt->myDoc, content, ret); + } else if (xmlIsID(ctxt->myDoc, ctxt->node, ret)) +- xmlAddID(&ctxt->vctxt, ctxt->myDoc, value, ret); ++ xmlAddID(&ctxt->vctxt, ctxt->myDoc, content, ret); + else if (xmlIsRef(ctxt->myDoc, ctxt->node, ret)) +- xmlAddRef(&ctxt->vctxt, ctxt->myDoc, value, ret); ++ xmlAddRef(&ctxt->vctxt, ctxt->myDoc, content, ret); + } + + error: +@@ -2121,7 +2126,12 @@ xmlSAX2AttributeNs(xmlParserCtxtPtr ctxt, + #endif /* LIBXML_VALID_ENABLED */ + if (((ctxt->loadsubset & XML_SKIP_IDS) == 0) && + (((ctxt->replaceEntities == 0) && (ctxt->external != 2)) || +- ((ctxt->replaceEntities != 0) && (ctxt->inSubset == 0)))) { ++ ((ctxt->replaceEntities != 0) && (ctxt->inSubset == 0))) && ++ /* Don't create IDs containing entity references */ ++ (ret->children != NULL) && ++ (ret->children->type == XML_TEXT_NODE) && ++ (ret->children->next == NULL)) { ++ xmlChar *content = ret->children->content; + /* + * when validating, the ID registration is done at the attribute + * validation level. Otherwise we have to do specific handling here. +@@ -2134,27 +2144,20 @@ xmlSAX2AttributeNs(xmlParserCtxtPtr ctxt, + * + * Open issue: normalization of the value. + */ +- if (dup == NULL) +- dup = xmlStrndup(value, valueend - value); + #if defined(LIBXML_SAX1_ENABLED) || defined(LIBXML_HTML_ENABLED) || defined(LIBXML_WRITER_ENABLED) || defined(LIBXML_DOCB_ENABLED) || defined(LIBXML_LEGACY_ENABLED) + #ifdef LIBXML_VALID_ENABLED +- if (xmlValidateNCName(dup, 1) != 0) { ++ if (xmlValidateNCName(content, 1) != 0) { + xmlErrValid(ctxt, XML_DTD_XMLID_VALUE, + "xml:id : attribute value %s is not an NCName\n", +- (const char *) dup, NULL); ++ (const char *) content, NULL); + } + #endif + #endif +- xmlAddID(&ctxt->vctxt, ctxt->myDoc, dup, ret); ++ xmlAddID(&ctxt->vctxt, ctxt->myDoc, content, ret); + } else if (xmlIsID(ctxt->myDoc, ctxt->node, ret)) { +- /* might be worth duplicate entry points and not copy */ +- if (dup == NULL) +- dup = xmlStrndup(value, valueend - value); +- xmlAddID(&ctxt->vctxt, ctxt->myDoc, dup, ret); ++ xmlAddID(&ctxt->vctxt, ctxt->myDoc, content, ret); + } else if (xmlIsRef(ctxt->myDoc, ctxt->node, ret)) { +- if (dup == NULL) +- dup = xmlStrndup(value, valueend - value); +- xmlAddRef(&ctxt->vctxt, ctxt->myDoc, dup, ret); ++ xmlAddRef(&ctxt->vctxt, ctxt->myDoc, content, ret); + } + } + if (dup != NULL) +-- +2.27.0 +
View file
_service:tar_scm:backport-Fix-unused-variable-warnings-with-disabled-features.patch
Added
@@ -0,0 +1,233 @@ +From 1452dc5373e66a0752364d17ff9416b23e4e2268 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 22 Feb 2022 19:57:12 +0100 +Subject: PATCH 1/3 Fix unused variable warnings with disabled features + +--- + SAX2.c | 65 +++++++++++++++++++++++++++++++++--------------------- + encoding.c | 3 +++ + parser.c | 4 ++++ + tree.c | 3 +++ + xmlIO.c | 3 +++ + xmllint.c | 3 +++ + xzlib.c | 8 +++++++ + 7 files changed, 64 insertions(+), 25 deletions(-) + +diff --git a/SAX2.c b/SAX2.c +index ae6181c..8f27113 100644 +--- a/SAX2.c ++++ b/SAX2.c +@@ -180,31 +180,6 @@ xmlWarnMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error, + NULL, 0, 0, msg, str1); + } + +-/** +- * xmlNsErrMsg: +- * @ctxt: an XML parser context +- * @error: the error number +- * @msg: the error message +- * @str1: an error string +- * @str2: an error string +- * +- * Handle a namespace error +- */ +-static void LIBXML_ATTR_FORMAT(3,0) +-xmlNsErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error, +- const char *msg, const xmlChar *str1, const xmlChar *str2) +-{ +- if ((ctxt != NULL) && (ctxt->disableSAX != 0) && +- (ctxt->instate == XML_PARSER_EOF)) +- return; +- if (ctxt != NULL) +- ctxt->errNo = error; +- __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_NAMESPACE, error, +- XML_ERR_ERROR, NULL, 0, +- (const char *) str1, (const char *) str2, +- NULL, 0, 0, msg, str1, str2); +-} +- + /** + * xmlNsWarnMsg: + * @ctxt: an XML parser context +@@ -709,6 +684,9 @@ xmlSAX2AttributeDecl(void *ctx, const xmlChar *elem, const xmlChar *fullname, + xmlAttributePtr attr; + xmlChar *name = NULL, *prefix = NULL; + ++ /* Avoid unused variable warning if features are disabled. */ ++ (void) attr; ++ + if ((ctxt == NULL) || (ctxt->myDoc == NULL)) + return; + +@@ -776,6 +754,9 @@ xmlSAX2ElementDecl(void *ctx, const xmlChar * name, int type, + xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx; + xmlElementPtr elem = NULL; + ++ /* Avoid unused variable warning if features are disabled. */ ++ (void) elem; ++ + if ((ctxt == NULL) || (ctxt->myDoc == NULL)) + return; + +@@ -822,6 +803,9 @@ xmlSAX2NotationDecl(void *ctx, const xmlChar *name, + xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx; + xmlNotationPtr nota = NULL; + ++ /* Avoid unused variable warning if features are disabled. */ ++ (void) nota; ++ + if ((ctxt == NULL) || (ctxt->myDoc == NULL)) + return; + +@@ -1051,6 +1035,31 @@ xmlSAX2EndDocument(void *ctx) + } + + #if defined(LIBXML_SAX1_ENABLED) || defined(LIBXML_HTML_ENABLED) || defined(LIBXML_WRITER_ENABLED) || defined(LIBXML_DOCB_ENABLED) || defined(LIBXML_LEGACY_ENABLED) ++/** ++ * xmlNsErrMsg: ++ * @ctxt: an XML parser context ++ * @error: the error number ++ * @msg: the error message ++ * @str1: an error string ++ * @str2: an error string ++ * ++ * Handle a namespace error ++ */ ++static void LIBXML_ATTR_FORMAT(3,0) ++xmlNsErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error, ++ const char *msg, const xmlChar *str1, const xmlChar *str2) ++{ ++ if ((ctxt != NULL) && (ctxt->disableSAX != 0) && ++ (ctxt->instate == XML_PARSER_EOF)) ++ return; ++ if (ctxt != NULL) ++ ctxt->errNo = error; ++ __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_NAMESPACE, error, ++ XML_ERR_ERROR, NULL, 0, ++ (const char *) str1, (const char *) str2, ++ NULL, 0, 0, msg, str1, str2); ++} ++ + /** + * xmlSAX2AttributeInternal: + * @ctx: the user data (XML parser context) +@@ -1144,6 +1153,9 @@ xmlSAX2AttributeInternal(void *ctx, const xmlChar *fullname, + xmlNsPtr nsret; + xmlChar *val; + ++ /* Avoid unused variable warning if features are disabled. */ ++ (void) nsret; ++ + if (!ctxt->replaceEntities) { + ctxt->depth++; + val = xmlStringDecodeEntities(ctxt, value, XML_SUBSTITUTE_REF, +@@ -1206,6 +1218,9 @@ xmlSAX2AttributeInternal(void *ctx, const xmlChar *fullname, + xmlNsPtr nsret; + xmlChar *val; + ++ /* Avoid unused variable warning if features are disabled. */ ++ (void) nsret; ++ + if (!ctxt->replaceEntities) { + ctxt->depth++; + val = xmlStringDecodeEntities(ctxt, value, XML_SUBSTITUTE_REF, +diff --git a/encoding.c b/encoding.c +index c14c9ff..ba03772 100644 +--- a/encoding.c ++++ b/encoding.c +@@ -2784,6 +2784,9 @@ xmlCharEncCloseFunc(xmlCharEncodingHandler *handler) { + int tofree = 0; + int i, handler_in_list = 0; + ++ /* Avoid unused variable warning if features are disabled. */ ++ (void) handler_in_list; ++ + if (handler == NULL) return(-1); + if (handler->name == NULL) return(-1); + if (handlers != NULL) { +diff --git a/parser.c b/parser.c +index 0d5bcc1..0bdc252 100644 +--- a/parser.c ++++ b/parser.c +@@ -1106,6 +1106,10 @@ xmlHasFeature(xmlFeature feature) + static void + xmlDetectSAX2(xmlParserCtxtPtr ctxt) { + xmlSAXHandlerPtr sax; ++ ++ /* Avoid unused variable warning if features are disabled. */ ++ (void) sax; ++ + if (ctxt == NULL) return; + sax = ctxt->sax; + #ifdef LIBXML_SAX1_ENABLED +diff --git a/tree.c b/tree.c +index 0cf2483..4345eea 100644 +--- a/tree.c ++++ b/tree.c +@@ -6542,6 +6542,9 @@ xmlGetPropNodeInternal(const xmlNode *node, const xmlChar *name, + { + xmlAttrPtr prop; + ++ /* Avoid unused variable warning if features are disabled. */ ++ (void) useDTD; ++ + if ((node == NULL) || (node->type != XML_ELEMENT_NODE) || (name == NULL)) + return(NULL); + +diff --git a/xmlIO.c b/xmlIO.c +index 007144c..b716ed3 100644 +--- a/xmlIO.c ++++ b/xmlIO.c +@@ -3821,6 +3821,9 @@ xmlParserGetDirectory(const char *filename) { + */ + xmlParserInputPtr + xmlCheckHTTPInput(xmlParserCtxtPtr ctxt, xmlParserInputPtr ret) { ++ /* Avoid unused variable warning if features are disabled. */ ++ (void) ctxt; ++ + #ifdef LIBXML_HTTP_ENABLED + if ((ret != NULL) && (ret->buf != NULL) && + (ret->buf->readcallback == xmlIOHTTPRead) && +diff --git a/xmllint.c b/xmllint.c +index ee6bfdc..b314189 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -3853,6 +3853,9 @@ main(int argc, char **argv) { + xmlFreePattern(patternc); + #endif + ++ /* Avoid unused label warning if features are disabled. */
View file
_service:tar_scm:backport-Only-warn-on-invalid-redeclarations-of-predefined-en.patch
Added
@@ -0,0 +1,112 @@ +From ce0871e15cdb68e505ccd9d9c96ff8455ed936ab Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sun, 20 Feb 2022 16:44:41 +0100 +Subject: PATCH 1/3 Only warn on invalid redeclarations of predefined + entities + +Downgrade the error message to a warning since the error was ignored, +anyway. Also print the name of redeclared entity. For a proper fix that +also shows filename and line number of the invalid redeclaration, we'd +have to + +- pass the parser context to the entity functions somehow, or +- make these functions return distinct error codes. + +Partial fix for #308. +--- + entities.c | 21 +++++++++++++++++++-- + result/errors/ent_redecl.xml | 3 +++ + result/errors/ent_redecl.xml.ent | 1 + + result/errors/ent_redecl.xml.err | 1 + + result/errors/ent_redecl.xml.str | 1 + + test/errors/ent_redecl.xml | 4 ++++ + 6 files changed, 29 insertions(+), 2 deletions(-) + create mode 100644 result/errors/ent_redecl.xml + create mode 100644 result/errors/ent_redecl.xml.ent + create mode 100644 result/errors/ent_redecl.xml.err + create mode 100644 result/errors/ent_redecl.xml.str + create mode 100644 test/errors/ent_redecl.xml + +diff --git a/entities.c b/entities.c +index 1a8f86f0..a27209d1 100644 +--- a/entities.c ++++ b/entities.c +@@ -94,6 +94,23 @@ xmlEntitiesErr(xmlParserErrors code, const char *msg) + __xmlSimpleError(XML_FROM_TREE, code, NULL, msg, NULL); + } + ++/** ++ * xmlEntitiesWarn: ++ * @code: the error code ++ * @msg: the message ++ * ++ * Handle an out of memory condition ++ */ ++static void LIBXML_ATTR_FORMAT(2,0) ++xmlEntitiesWarn(xmlParserErrors code, const char *msg, const xmlChar *str1) ++{ ++ __xmlRaiseError(NULL, NULL, NULL, ++ NULL, NULL, XML_FROM_TREE, code, ++ XML_ERR_WARNING, NULL, 0, ++ (const char *)str1, NULL, NULL, 0, 0, ++ msg, (const char *)str1, NULL); ++} ++ + /* + * xmlFreeEntity : clean-up an entity record. + */ +@@ -255,9 +272,9 @@ xmlAddEntity(xmlDtdPtr dtd, const xmlChar *name, int type, + } + } + if (!valid) { +- xmlEntitiesErr(XML_ERR_ENTITY_PROCESSING, ++ xmlEntitiesWarn(XML_ERR_ENTITY_PROCESSING, + "xmlAddEntity: invalid redeclaration of predefined" +- " entity"); ++ " entity '%s'", name); + return(NULL); + } + } +diff --git a/result/errors/ent_redecl.xml b/result/errors/ent_redecl.xml +new file mode 100644 +index 00000000..04216b65 +--- /dev/null ++++ b/result/errors/ent_redecl.xml +@@ -0,0 +1,3 @@ ++<?xml version="1.0"?> ++<!DOCTYPE doc> ++<doc/> +diff --git a/result/errors/ent_redecl.xml.ent b/result/errors/ent_redecl.xml.ent +new file mode 100644 +index 00000000..31908b05 +--- /dev/null ++++ b/result/errors/ent_redecl.xml.ent +@@ -0,0 +1 @@ ++warning : xmlAddEntity: invalid redeclaration of predefined entity 'lt' +diff --git a/result/errors/ent_redecl.xml.err b/result/errors/ent_redecl.xml.err +new file mode 100644 +index 00000000..31908b05 +--- /dev/null ++++ b/result/errors/ent_redecl.xml.err +@@ -0,0 +1 @@ ++warning : xmlAddEntity: invalid redeclaration of predefined entity 'lt' +diff --git a/result/errors/ent_redecl.xml.str b/result/errors/ent_redecl.xml.str +new file mode 100644 +index 00000000..31908b05 +--- /dev/null ++++ b/result/errors/ent_redecl.xml.str +@@ -0,0 +1 @@ ++warning : xmlAddEntity: invalid redeclaration of predefined entity 'lt' +diff --git a/test/errors/ent_redecl.xml b/test/errors/ent_redecl.xml +new file mode 100644 +index 00000000..e446681b +--- /dev/null ++++ b/test/errors/ent_redecl.xml +@@ -0,0 +1,4 @@ ++<!DOCTYPE doc ++ <!ENTITY lt '<'> ++> ++<doc/> +-- +2.27.0 +
View file
_service:tar_scm:backport-Remove-unneeded-code-in-xmlreader.c.patch
Added
@@ -0,0 +1,186 @@ +From 274a1b5bec980ababa23e267a8fdcd8b71a5b2b7 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sun, 20 Feb 2022 16:05:53 +0100 +Subject: PATCH 2/3 Remove unneeded code in xmlreader.c + +Now that no references to ID and IDREF attributes are stored in +streaming validation mode, there's no need to try and remove them. + +Also remove xmlTextReaderFreeIDTable which was identical to +xmlFreeIDTable. +--- + xmlreader.c | 137 +--------------------------------------------------- + 1 file changed, 1 insertion(+), 136 deletions(-) + +diff --git a/xmlreader.c b/xmlreader.c +index 72e40b03..b20c70ad 100644 +--- a/xmlreader.c ++++ b/xmlreader.c +@@ -228,116 +228,6 @@ static int xmlTextReaderNextTree(xmlTextReaderPtr reader); + static void xmlTextReaderFreeNode(xmlTextReaderPtr reader, xmlNodePtr cur); + static void xmlTextReaderFreeNodeList(xmlTextReaderPtr reader, xmlNodePtr cur); + +-/** +- * xmlFreeID: +- * @not: A id +- * +- * Deallocate the memory used by an id definition +- */ +-static void +-xmlFreeID(xmlIDPtr id) { +- xmlDictPtr dict = NULL; +- +- if (id == NULL) return; +- +- if (id->doc != NULL) +- dict = id->doc->dict; +- +- if (id->value != NULL) +- DICT_FREE(id->value) +- if (id->name != NULL) +- DICT_FREE(id->name) +- xmlFree(id); +-} +- +-/** +- * xmlTextReaderRemoveID: +- * @doc: the document +- * @attr: the attribute +- * +- * Remove the given attribute from the ID table maintained internally. +- * +- * Returns -1 if the lookup failed and 0 otherwise +- */ +-static int +-xmlTextReaderRemoveID(xmlDocPtr doc, xmlAttrPtr attr) { +- xmlIDTablePtr table; +- xmlIDPtr id; +- xmlChar *ID; +- +- if (doc == NULL) return(-1); +- if (attr == NULL) return(-1); +- table = (xmlIDTablePtr) doc->ids; +- if (table == NULL) +- return(-1); +- +- ID = xmlNodeListGetString(doc, attr->children, 1); +- if (ID == NULL) +- return(-1); +- id = xmlHashLookup(table, ID); +- xmlFree(ID); +- if (id == NULL || id->attr != attr) { +- return(-1); +- } +- id->name = attr->name; +- attr->name = NULL; +- id->attr = NULL; +- return(0); +-} +- +-/** +- * xmlTextReaderWalkRemoveRef: +- * @data: Contents of current link +- * @user: Value supplied by the user +- * +- * Returns 0 to abort the walk or 1 to continue +- */ +-static int +-xmlTextReaderWalkRemoveRef(const void *data, void *user) +-{ +- xmlRefPtr ref = (xmlRefPtr)data; +- xmlAttrPtr attr = (xmlAttrPtr)user; +- +- if (ref->attr == attr) { /* Matched: remove and terminate walk */ +- ref->name = xmlStrdup(attr->name); +- ref->attr = NULL; +- return 0; +- } +- return 1; +-} +- +-/** +- * xmlTextReaderRemoveRef: +- * @doc: the document +- * @attr: the attribute +- * +- * Remove the given attribute from the Ref table maintained internally. +- * +- * Returns -1 if the lookup failed and 0 otherwise +- */ +-static int +-xmlTextReaderRemoveRef(xmlDocPtr doc, xmlAttrPtr attr) { +- xmlListPtr ref_list; +- xmlRefTablePtr table; +- xmlChar *ID; +- +- if (doc == NULL) return(-1); +- if (attr == NULL) return(-1); +- table = (xmlRefTablePtr) doc->refs; +- if (table == NULL) +- return(-1); +- +- ID = xmlNodeListGetString(doc, attr->children, 1); +- if (ID == NULL) +- return(-1); +- ref_list = xmlHashLookup(table, ID); +- xmlFree(ID); +- if(ref_list == NULL) +- return (-1); +- xmlListWalk(ref_list, xmlTextReaderWalkRemoveRef, attr); +- return(0); +-} +- + /** + * xmlTextReaderFreeProp: + * @reader: the xmlTextReaderPtr used +@@ -358,15 +248,6 @@ xmlTextReaderFreeProp(xmlTextReaderPtr reader, xmlAttrPtr cur) { + if ((__xmlRegisterCallbacks) && (xmlDeregisterNodeDefaultValue)) + xmlDeregisterNodeDefaultValue((xmlNodePtr) cur); + +- /* Check for ID removal -> leading to invalid references ! */ +- if ((cur->parent != NULL) && (cur->parent->doc != NULL)) { +- if (xmlIsID(cur->parent->doc, cur->parent, cur)) +- xmlTextReaderRemoveID(cur->parent->doc, cur); +- if (((cur->parent->doc->intSubset != NULL) || +- (cur->parent->doc->extSubset != NULL)) && +- (xmlIsRef(cur->parent->doc, cur->parent, cur))) +- xmlTextReaderRemoveRef(cur->parent->doc, cur); +- } + if (cur->children != NULL) + xmlTextReaderFreeNodeList(reader, cur->children); + +@@ -570,22 +451,6 @@ xmlTextReaderFreeNode(xmlTextReaderPtr reader, xmlNodePtr cur) { + } + } + +-static void +-xmlTextReaderFreeIDTableEntry(void *id, const xmlChar *name ATTRIBUTE_UNUSED) { +- xmlFreeID((xmlIDPtr) id); +-} +- +-/** +- * xmlTextReaderFreeIDTable: +- * @table: An id table +- * +- * Deallocate the memory used by an ID hash table. +- */ +-static void +-xmlTextReaderFreeIDTable(xmlIDTablePtr table) { +- xmlHashFree(table, xmlTextReaderFreeIDTableEntry); +-} +- + /** + * xmlTextReaderFreeDoc: + * @reader: the xmlTextReaderPtr used +@@ -605,7 +470,7 @@ xmlTextReaderFreeDoc(xmlTextReaderPtr reader, xmlDocPtr cur) { + /* + * Do this before freeing the children list to avoid ID lookups + */ +- if (cur->ids != NULL) xmlTextReaderFreeIDTable((xmlIDTablePtr) cur->ids); ++ if (cur->ids != NULL) xmlFreeIDTable((xmlIDTablePtr) cur->ids); + cur->ids = NULL; + if (cur->refs != NULL) xmlFreeRefTable((xmlRefTablePtr) cur->refs); + cur->refs = NULL; +-- +2.27.0 +
View file
_service:tar_scm:backport-Rework-validation-context-flags.patch
Added
@@ -0,0 +1,246 @@ +From d7cb33cf44aa688f24215c9cd398c1a26f0d25ff Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 13 Jan 2022 17:06:14 +0100 +Subject: PATCH 1/3 Rework validation context flags + +Use a bitmask instead of magic values to + +- keep track whether the validation context is part of a parser context +- keep track whether xmlValidateDtdFinal was called + +This allows to add addtional flags later. + +Note that this deliberately changes the name of a public struct member, +assuming that this was always private data never to be used by client +code. +--- + HTMLparser.c | 2 +- + SAX2.c | 10 ++++++---- + include/libxml/valid.h | 14 +++++++------- + parserInternals.c | 2 +- + valid.c | 43 +++++++++++++++--------------------------- + 5 files changed, 30 insertions(+), 41 deletions(-) + +diff --git a/HTMLparser.c b/HTMLparser.c +index 3e8a1657..eb3a820a 100644 +--- a/HTMLparser.c ++++ b/HTMLparser.c +@@ -5118,7 +5118,7 @@ htmlInitParserCtxt(htmlParserCtxtPtr ctxt) + ctxt->linenumbers = xmlLineNumbersDefaultValue; + ctxt->keepBlanks = xmlKeepBlanksDefaultValue; + ctxt->html = 1; +- ctxt->vctxt.finishDtd = XML_CTXT_FINISH_DTD_0; ++ ctxt->vctxt.flags = XML_VCTXT_USE_PCTXT; + ctxt->vctxt.userData = ctxt; + ctxt->vctxt.error = xmlParserValidityError; + ctxt->vctxt.warning = xmlParserValidityWarning; +diff --git a/SAX2.c b/SAX2.c +index 03192465..edfb06f3 100644 +--- a/SAX2.c ++++ b/SAX2.c +@@ -1747,7 +1747,8 @@ xmlSAX2StartElement(void *ctx, const xmlChar *fullname, const xmlChar **atts) + * If it's the Document root, finish the DTD validation and + * check the document root element for validity + */ +- if ((ctxt->validate) && (ctxt->vctxt.finishDtd == XML_CTXT_FINISH_DTD_0)) { ++ if ((ctxt->validate) && ++ ((ctxt->vctxt.flags & XML_VCTXT_DTD_VALIDATED) == 0)) { + int chk; + + chk = xmlValidateDtdFinal(&ctxt->vctxt, ctxt->myDoc); +@@ -1756,7 +1757,7 @@ xmlSAX2StartElement(void *ctx, const xmlChar *fullname, const xmlChar **atts) + if (chk < 0) + ctxt->wellFormed = 0; + ctxt->valid &= xmlValidateRoot(&ctxt->vctxt, ctxt->myDoc); +- ctxt->vctxt.finishDtd = XML_CTXT_FINISH_DTD_1; ++ ctxt->vctxt.flags |= XML_VCTXT_DTD_VALIDATED; + } + #endif /* LIBXML_VALID_ENABLED */ + +@@ -2405,7 +2406,8 @@ xmlSAX2StartElementNs(void *ctx, + * If it's the Document root, finish the DTD validation and + * check the document root element for validity + */ +- if ((ctxt->validate) && (ctxt->vctxt.finishDtd == XML_CTXT_FINISH_DTD_0)) { ++ if ((ctxt->validate) && ++ ((ctxt->vctxt.flags & XML_VCTXT_DTD_VALIDATED) == 0)) { + int chk; + + chk = xmlValidateDtdFinal(&ctxt->vctxt, ctxt->myDoc); +@@ -2414,7 +2416,7 @@ xmlSAX2StartElementNs(void *ctx, + if (chk < 0) + ctxt->wellFormed = 0; + ctxt->valid &= xmlValidateRoot(&ctxt->vctxt, ctxt->myDoc); +- ctxt->vctxt.finishDtd = XML_CTXT_FINISH_DTD_1; ++ ctxt->vctxt.flags |= XML_VCTXT_DTD_VALIDATED; + } + #endif /* LIBXML_VALID_ENABLED */ + } +diff --git a/include/libxml/valid.h b/include/libxml/valid.h +index 2bc7b380..15c9772c 100644 +--- a/include/libxml/valid.h ++++ b/include/libxml/valid.h +@@ -60,17 +60,17 @@ typedef void (XMLCDECL *xmlValidityWarningFunc) (void *ctx, + + #ifdef IN_LIBXML + /** +- * XML_CTXT_FINISH_DTD_0: ++ * XML_VCTXT_DTD_VALIDATED: + * +- * Special value for finishDtd field when embedded in an xmlParserCtxt ++ * Set after xmlValidateDtdFinal was called. + */ +-#define XML_CTXT_FINISH_DTD_0 0xabcd1234 ++#define XML_VCTXT_DTD_VALIDATED (1u << 0) + /** +- * XML_CTXT_FINISH_DTD_1: ++ * XML_VCTXT_USE_PCTXT: + * +- * Special value for finishDtd field when embedded in an xmlParserCtxt ++ * Set if the validation context is part of a parser context. + */ +-#define XML_CTXT_FINISH_DTD_1 0xabcd1235 ++#define XML_VCTXT_USE_PCTXT (1u << 1) + #endif + + /* +@@ -90,7 +90,7 @@ struct _xmlValidCtxt { + int nodeMax; /* Max depth of the parsing stack */ + xmlNodePtr *nodeTab; /* array of nodes */ + +- unsigned int finishDtd; /* finished validating the Dtd ? */ ++ unsigned int flags; /* internal flags */ + xmlDocPtr doc; /* the document */ + int valid; /* temporary validity check result */ + +diff --git a/parserInternals.c b/parserInternals.c +index c5c0b16d..cf5ad369 100644 +--- a/parserInternals.c ++++ b/parserInternals.c +@@ -1733,7 +1733,7 @@ xmlInitParserCtxt(xmlParserCtxtPtr ctxt) + ctxt->options |= XML_PARSE_NOBLANKS; + } + +- ctxt->vctxt.finishDtd = XML_CTXT_FINISH_DTD_0; ++ ctxt->vctxt.flags = XML_VCTXT_USE_PCTXT; + ctxt->vctxt.userData = ctxt; + ctxt->vctxt.error = xmlParserValidityError; + ctxt->vctxt.warning = xmlParserValidityWarning; +diff --git a/valid.c b/valid.c +index 8e596f1d..5cd1e676 100644 +--- a/valid.c ++++ b/valid.c +@@ -64,10 +64,9 @@ xmlVErrMemory(xmlValidCtxtPtr ctxt, const char *extra) + if (ctxt != NULL) { + channel = ctxt->error; + data = ctxt->userData; +- /* Use the special values to detect if it is part of a parsing ++ /* Look up flag to detect if it is part of a parsing + context */ +- if ((ctxt->finishDtd == XML_CTXT_FINISH_DTD_0) || +- (ctxt->finishDtd == XML_CTXT_FINISH_DTD_1)) { ++ if (ctxt->flags & XML_VCTXT_USE_PCTXT) { + long delta = (char *) ctxt - (char *) ctxt->userData; + if ((delta > 0) && (delta < 250)) + pctxt = ctxt->userData; +@@ -104,10 +103,9 @@ xmlErrValid(xmlValidCtxtPtr ctxt, xmlParserErrors error, + if (ctxt != NULL) { + channel = ctxt->error; + data = ctxt->userData; +- /* Use the special values to detect if it is part of a parsing ++ /* Look up flag to detect if it is part of a parsing + context */ +- if ((ctxt->finishDtd == XML_CTXT_FINISH_DTD_0) || +- (ctxt->finishDtd == XML_CTXT_FINISH_DTD_1)) { ++ if (ctxt->flags & XML_VCTXT_USE_PCTXT) { + long delta = (char *) ctxt - (char *) ctxt->userData; + if ((delta > 0) && (delta < 250)) + pctxt = ctxt->userData; +@@ -151,10 +149,9 @@ xmlErrValidNode(xmlValidCtxtPtr ctxt, + if (ctxt != NULL) { + channel = ctxt->error; + data = ctxt->userData; +- /* Use the special values to detect if it is part of a parsing ++ /* Look up flag to detect if it is part of a parsing + context */ +- if ((ctxt->finishDtd == XML_CTXT_FINISH_DTD_0) || +- (ctxt->finishDtd == XML_CTXT_FINISH_DTD_1)) { ++ if (ctxt->flags & XML_VCTXT_USE_PCTXT) { + long delta = (char *) ctxt - (char *) ctxt->userData; + if ((delta > 0) && (delta < 250)) + pctxt = ctxt->userData; +@@ -194,10 +191,9 @@ xmlErrValidNodeNr(xmlValidCtxtPtr ctxt, + if (ctxt != NULL) { + channel = ctxt->error; + data = ctxt->userData; +- /* Use the special values to detect if it is part of a parsing ++ /* Look up flag to detect if it is part of a parsing + context */ +- if ((ctxt->finishDtd == XML_CTXT_FINISH_DTD_0) || +- (ctxt->finishDtd == XML_CTXT_FINISH_DTD_1)) { ++ if (ctxt->flags & XML_VCTXT_USE_PCTXT) { + long delta = (char *) ctxt - (char *) ctxt->userData; + if ((delta > 0) && (delta < 250)) + pctxt = ctxt->userData; +@@ -235,10 +231,9 @@ xmlErrValidWarning(xmlValidCtxtPtr ctxt, + if (ctxt != NULL) { + channel = ctxt->warning; + data = ctxt->userData; +- /* Use the special values to detect if it is part of a parsing ++ /* Look up flag to detect if it is part of a parsing + context */ +- if ((ctxt->finishDtd == XML_CTXT_FINISH_DTD_0) || +- (ctxt->finishDtd == XML_CTXT_FINISH_DTD_1)) { ++ if (ctxt->flags & XML_VCTXT_USE_PCTXT) { + long delta = (char *) ctxt - (char *) ctxt->userData; + if ((delta > 0) && (delta < 250)) + pctxt = ctxt->userData; +@@ -1642,9 +1637,7 @@ xmlAddElementDecl(xmlValidCtxtPtr ctxt, + * and flag it by setting a special parent value
View file
_service:tar_scm:backport-Update-xmlStrlen-to-use-POSIX-ISO-C-strlen.patch
Added
@@ -0,0 +1,34 @@ +From 43c97c9c203d9920b21db8b1d5a999eac2fa8d69 Mon Sep 17 00:00:00 2001 +From: Mike Dalessio <mike.dalessio@gmail.com> +Date: Mon, 21 Feb 2022 09:35:59 -0500 +Subject: PATCH 2/3 Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + +This should be faster on a wide range of platforms. + +Closes #212 +--- + xmlstring.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/xmlstring.c b/xmlstring.c +index 5a6875f..281b8a7 100644 +--- a/xmlstring.c ++++ b/xmlstring.c +@@ -424,13 +424,7 @@ xmlStrsub(const xmlChar *str, int start, int len) { + + int + xmlStrlen(const xmlChar *str) { +- size_t len = 0; +- +- if (str == NULL) return(0); +- while (*str != 0) { /* non input consuming */ +- str++; +- len++; +- } ++ size_t len = str ? strlen((const char *)str) : 0; + return(len > INT_MAX ? 0 : len); + } + +-- +2.27.0 +
View file
_service:tar_scm:backport-parser-Fix-potential-memory-leak-in-xmlParseAttValue.patch
Added
@@ -0,0 +1,42 @@ +From 1a2d8ddc066143d256fdb8cc554707fe141dd2f6 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 11 Oct 2022 13:02:47 +0200 +Subject: PATCH parser: Fix potential memory leak in xmlParseAttValueInternal + +Fix memory leak in case xmlParseAttValueInternal is called with a NULL +`len` a non-NULL `alloc` argument. This static function is never called +with such arguments internally, but the misleading code should be fixed +nevertheless. + +Fixes #422. + +Reference:https://github.com/GNOME/libxml2/commit/1a2d8ddc066143d256fdb8cc554707fe141dd2f6 +Conflict:NA + +--- + parser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index 7bb47366..337e62f6 100644 +--- a/parser.c ++++ b/parser.c +@@ -9155,6 +9155,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + in++; + col++; + if (len != NULL) { ++ if (alloc) *alloc = 0; + *len = last - start; + ret = (xmlChar *) start; + } else { +@@ -9164,7 +9165,6 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + CUR_PTR = in; + ctxt->input->line = line; + ctxt->input->col = col; +- if (alloc) *alloc = 0; + return ret; + need_complex: + if (alloc) *alloc = 1; +-- +2.27.0 +
View file
_service:tar_scm:backport-schemas-Fix-infinite-loop-in-xmlSchemaCheckElemSubst.patch
Added
@@ -0,0 +1,31 @@ +From 4a568a14077bd4cf03878ee9e2d8fb7e79ff7641 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Wed, 2 Nov 2022 10:53:24 +0100 +Subject: PATCH 3/3 schemas: Fix infinite loop in + xmlSchemaCheckElemSubstGroup + +Types like xmlSchemaTypeAnyTypeDef have a base type pointing to itself, +resulting in an infinite loop. + +Fixes #430. +--- + xmlschemas.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/xmlschemas.c b/xmlschemas.c +index 2da962b..a62db2d 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -19957,7 +19957,8 @@ xmlSchemaCheckElemSubstGroup(xmlSchemaParserCtxtPtr ctxt, + /* + * The set of all {derivation method}s involved in the derivation + */ +- while ((type != NULL) && (type != headType)) { ++ while ((type != NULL) && (type != headType) && ++ (type != type->baseType)) { + if ((WXS_IS_EXTENSION(type)) && + ((methSet & XML_SCHEMAS_TYPE_BLOCK_RESTRICTION) == 0)) + methSet |= XML_SCHEMAS_TYPE_BLOCK_EXTENSION; +-- +2.27.0 +
View file
_service:tar_scm:backport-schemas-Fix-null-pointer-deref-in-xmlSchemaCheckCOSS.patch
Added
@@ -0,0 +1,75 @@ +From 1d4f5d24ac3976012ab1f5b811385e7b00caaecf Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 13 Sep 2022 16:40:31 +0200 +Subject: PATCH schemas: Fix null-pointer-deref in + xmlSchemaCheckCOSSTDerivedOK + +Found by OSS-Fuzz. + +Reference:https://github.com/GNOME/libxml2/commit/1d4f5d24ac3976012ab1f5b811385e7b00caaecf +Conflict:NA + +--- + result/schemas/oss-fuzz-51295_0_0.err | 2 ++ + test/schemas/oss-fuzz-51295_0.xml | 1 + + test/schemas/oss-fuzz-51295_0.xsd | 4 ++++ + xmlschemas.c | 15 +++++++++++++-- + 4 files changed, 20 insertions(+), 2 deletions(-) + create mode 100644 result/schemas/oss-fuzz-51295_0_0.err + create mode 100644 test/schemas/oss-fuzz-51295_0.xml + create mode 100644 test/schemas/oss-fuzz-51295_0.xsd + +diff --git a/result/schemas/oss-fuzz-51295_0_0.err b/result/schemas/oss-fuzz-51295_0_0.err +new file mode 100644 +index 00000000..1e89524f +--- /dev/null ++++ b/result/schemas/oss-fuzz-51295_0_0.err +@@ -0,0 +1,2 @@ ++./test/schemas/oss-fuzz-51295_0.xsd:2: element element: Schemas parser error : element decl. 'e': The element declaration 'e' defines a circular substitution group to element declaration 'e'. ++./test/schemas/oss-fuzz-51295_0.xsd:2: element element: Schemas parser error : element decl. 'e': The element declaration 'e' defines a circular substitution group to element declaration 'e'. +diff --git a/test/schemas/oss-fuzz-51295_0.xml b/test/schemas/oss-fuzz-51295_0.xml +new file mode 100644 +index 00000000..10a7e703 +--- /dev/null ++++ b/test/schemas/oss-fuzz-51295_0.xml +@@ -0,0 +1 @@ ++<e/> +diff --git a/test/schemas/oss-fuzz-51295_0.xsd b/test/schemas/oss-fuzz-51295_0.xsd +new file mode 100644 +index 00000000..fde96af5 +--- /dev/null ++++ b/test/schemas/oss-fuzz-51295_0.xsd +@@ -0,0 +1,4 @@ ++<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> ++ <xs:element name="e" substitutionGroup="e"/> ++ <xs:element name="t" substitutionGroup="e" type='xs:decimal'/> ++</xs:schema> +diff --git a/xmlschemas.c b/xmlschemas.c +index ade10f78..de6ea2b0 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -13348,8 +13348,19 @@ xmlSchemaResolveElementReferences(xmlSchemaElementPtr elemDecl, + * declaration `resolved` to by the `actual value` + * of the substitutionGroup attribute, if present" + */ +- if (elemDecl->subtypes == NULL) +- elemDecl->subtypes = substHead->subtypes; ++ if (elemDecl->subtypes == NULL) { ++ if (substHead->subtypes == NULL) { ++ /* ++ * This can happen with self-referencing substitution ++ * groups. The cycle will be detected later, but we have ++ * to set subtypes to avoid null-pointer dereferences. ++ */ ++ elemDecl->subtypes = xmlSchemaGetBuiltInType( ++ XML_SCHEMAS_ANYTYPE); ++ } else { ++ elemDecl->subtypes = substHead->subtypes; ++ } ++ } + } + } + /* +-- +2.27.0 +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/libxml2.git</param> - <param name="revision">1929754748f3d92facd7fd9c778ca6aac643abcf</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2