DO NOT MERGE
resolve merge conflicts of 1d43fb67 to mnc-dev
am: 1d462cdbb0
Change-Id: I1e527667db9aa5740d135f966e27f52394710eed
(cherry picked from commit e3bbe40b5c344e2964787c687f1bce27c5b2cc63)
diff --git a/HTMLparser.c b/HTMLparser.c
index d329d3b..d1395fa 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -105,7 +105,7 @@
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
htmlParseErr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -132,7 +132,7 @@
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
htmlParseErrInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, int val)
{
@@ -303,6 +303,7 @@
#define UPP(val) (toupper(ctxt->input->cur[(val)]))
#define CUR_PTR ctxt->input->cur
+#define BASE_PTR ctxt->input->base
#define SHRINK if ((ctxt->input->cur - ctxt->input->base > 2 * INPUT_CHUNK) && \
(ctxt->input->end - ctxt->input->cur < 2 * INPUT_CHUNK)) \
@@ -2471,6 +2472,10 @@
(*in == '_') || (*in == '-') ||
(*in == ':') || (*in == '.'))
in++;
+
+ if (in == ctxt->input->end)
+ return(NULL);
+
if ((*in > 0) && (*in < 0x80)) {
count = in - ctxt->input->cur;
ret = xmlDictLookup(ctxt->dict, ctxt->input->cur, count);
@@ -2488,6 +2493,7 @@
int len = 0, l;
int c;
int count = 0;
+ const xmlChar *base = ctxt->input->base;
/*
* Handler for more complex cases
@@ -2513,7 +2519,18 @@
len += l;
NEXTL(l);
c = CUR_CHAR(l);
+ if (ctxt->input->base != base) {
+ /*
+ * We changed encoding from an unknown encoding
+ * Input buffer changed location, so we better start again
+ */
+ return(htmlParseNameComplex(ctxt));
+ }
}
+
+ if (ctxt->input->base > ctxt->input->cur - len)
+ return(NULL);
+
return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
}
@@ -2765,31 +2782,43 @@
static xmlChar *
htmlParseSystemLiteral(htmlParserCtxtPtr ctxt) {
- const xmlChar *q;
+ size_t len = 0, startPosition = 0;
xmlChar *ret = NULL;
if (CUR == '"') {
NEXT;
- q = CUR_PTR;
- while ((IS_CHAR_CH(CUR)) && (CUR != '"'))
+
+ if (CUR_PTR < BASE_PTR)
+ return(ret);
+ startPosition = CUR_PTR - BASE_PTR;
+
+ while ((IS_CHAR_CH(CUR)) && (CUR != '"')) {
NEXT;
+ len++;
+ }
if (!IS_CHAR_CH(CUR)) {
htmlParseErr(ctxt, XML_ERR_LITERAL_NOT_FINISHED,
"Unfinished SystemLiteral\n", NULL, NULL);
} else {
- ret = xmlStrndup(q, CUR_PTR - q);
+ ret = xmlStrndup((BASE_PTR+startPosition), len);
NEXT;
}
} else if (CUR == '\'') {
NEXT;
- q = CUR_PTR;
- while ((IS_CHAR_CH(CUR)) && (CUR != '\''))
+
+ if (CUR_PTR < BASE_PTR)
+ return(ret);
+ startPosition = CUR_PTR - BASE_PTR;
+
+ while ((IS_CHAR_CH(CUR)) && (CUR != '\'')) {
NEXT;
+ len++;
+ }
if (!IS_CHAR_CH(CUR)) {
htmlParseErr(ctxt, XML_ERR_LITERAL_NOT_FINISHED,
"Unfinished SystemLiteral\n", NULL, NULL);
} else {
- ret = xmlStrndup(q, CUR_PTR - q);
+ ret = xmlStrndup((BASE_PTR+startPosition), len);
NEXT;
}
} else {
@@ -2813,32 +2842,47 @@
static xmlChar *
htmlParsePubidLiteral(htmlParserCtxtPtr ctxt) {
- const xmlChar *q;
+ size_t len = 0, startPosition = 0;
xmlChar *ret = NULL;
/*
* Name ::= (Letter | '_') (NameChar)*
*/
if (CUR == '"') {
NEXT;
- q = CUR_PTR;
- while (IS_PUBIDCHAR_CH(CUR)) NEXT;
+
+ if (CUR_PTR < BASE_PTR)
+ return(ret);
+ startPosition = CUR_PTR - BASE_PTR;
+
+ while (IS_PUBIDCHAR_CH(CUR)) {
+ len++;
+ NEXT;
+ }
+
if (CUR != '"') {
htmlParseErr(ctxt, XML_ERR_LITERAL_NOT_FINISHED,
"Unfinished PubidLiteral\n", NULL, NULL);
} else {
- ret = xmlStrndup(q, CUR_PTR - q);
+ ret = xmlStrndup((BASE_PTR + startPosition), len);
NEXT;
}
} else if (CUR == '\'') {
NEXT;
- q = CUR_PTR;
- while ((IS_PUBIDCHAR_CH(CUR)) && (CUR != '\''))
- NEXT;
+
+ if (CUR_PTR < BASE_PTR)
+ return(ret);
+ startPosition = CUR_PTR - BASE_PTR;
+
+ while ((IS_PUBIDCHAR_CH(CUR)) && (CUR != '\'')){
+ len++;
+ NEXT;
+ }
+
if (CUR != '\'') {
htmlParseErr(ctxt, XML_ERR_LITERAL_NOT_FINISHED,
"Unfinished PubidLiteral\n", NULL, NULL);
} else {
- ret = xmlStrndup(q, CUR_PTR - q);
+ ret = xmlStrndup((BASE_PTR + startPosition), len);
NEXT;
}
} else {
@@ -2948,8 +2992,9 @@
/**
- * htmlParseCharData:
+ * htmlParseCharDataInternal:
* @ctxt: an HTML parser context
+ * @readahead: optional read ahead character in ascii range
*
* parse a CharData section.
* if we are within a CDATA section ']]>' marks an end of section.
@@ -2958,12 +3003,15 @@
*/
static void
-htmlParseCharData(htmlParserCtxtPtr ctxt) {
- xmlChar buf[HTML_PARSER_BIG_BUFFER_SIZE + 5];
+htmlParseCharDataInternal(htmlParserCtxtPtr ctxt, int readahead) {
+ xmlChar buf[HTML_PARSER_BIG_BUFFER_SIZE + 6];
int nbchar = 0;
int cur, l;
int chunk = 0;
+ if (readahead)
+ buf[nbchar++] = readahead;
+
SHRINK;
cur = CUR_CHAR(l);
while (((cur != '<') || (ctxt->token == '<')) &&
@@ -3043,6 +3091,21 @@
}
/**
+ * htmlParseCharData:
+ * @ctxt: an HTML parser context
+ *
+ * parse a CharData section.
+ * if we are within a CDATA section ']]>' marks an end of section.
+ *
+ * [14] CharData ::= [^<&]* - ([^<&]* ']]>' [^<&]*)
+ */
+
+static void
+htmlParseCharData(htmlParserCtxtPtr ctxt) {
+ htmlParseCharDataInternal(ctxt, 0);
+}
+
+/**
* htmlParseExternalID:
* @ctxt: an HTML parser context
* @publicID: a xmlChar** receiving PubidLiteral
@@ -3245,12 +3308,17 @@
ctxt->instate = state;
return;
}
+ len = 0;
+ buf[len] = 0;
q = CUR_CHAR(ql);
+ if (!IS_CHAR(q))
+ goto unfinished;
NEXTL(ql);
r = CUR_CHAR(rl);
+ if (!IS_CHAR(r))
+ goto unfinished;
NEXTL(rl);
cur = CUR_CHAR(l);
- len = 0;
while (IS_CHAR(cur) &&
((cur != '>') ||
(r != '-') || (q != '-'))) {
@@ -3281,18 +3349,20 @@
}
}
buf[len] = 0;
- if (!IS_CHAR(cur)) {
- htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
- "Comment not terminated \n<!--%.50s\n", buf, NULL);
- xmlFree(buf);
- } else {
+ if (IS_CHAR(cur)) {
NEXT;
if ((ctxt->sax != NULL) && (ctxt->sax->comment != NULL) &&
(!ctxt->disableSAX))
ctxt->sax->comment(ctxt->userData, buf);
xmlFree(buf);
+ ctxt->instate = state;
+ return;
}
- ctxt->instate = state;
+
+unfinished:
+ htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+ "Comment not terminated \n<!--%.50s\n", buf, NULL);
+ xmlFree(buf);
}
/**
@@ -3690,6 +3760,14 @@
htmlParseErr(ctxt, XML_ERR_NAME_REQUIRED,
"htmlParseStartTag: invalid element name\n",
NULL, NULL);
+ /* if recover preserve text on classic misconstructs */
+ if ((ctxt->recovery) && ((IS_BLANK_CH(CUR)) || (CUR == '<') ||
+ (CUR == '=') || (CUR == '>') || (((CUR >= '0') && (CUR <= '9'))))) {
+ htmlParseCharDataInternal(ctxt, '<');
+ return(-1);
+ }
+
+
/* Dump the bogus tag like browsers do */
while ((IS_CHAR_CH(CUR)) && (CUR != '>') &&
(ctxt->instate != XML_PARSER_EOF))
@@ -5701,17 +5779,17 @@
if (ctxt->keepBlanks) {
if (ctxt->sax->characters != NULL)
ctxt->sax->characters(
- ctxt->userData, &cur, 1);
+ ctxt->userData, &in->cur[0], 1);
} else {
if (ctxt->sax->ignorableWhitespace != NULL)
ctxt->sax->ignorableWhitespace(
- ctxt->userData, &cur, 1);
+ ctxt->userData, &in->cur[0], 1);
}
} else {
htmlCheckParagraph(ctxt);
if (ctxt->sax->characters != NULL)
ctxt->sax->characters(
- ctxt->userData, &cur, 1);
+ ctxt->userData, &in->cur[0], 1);
}
}
ctxt->token = 0;
@@ -6503,7 +6581,7 @@
* DICT_FREE:
* @str: a string
*
- * Free a string if it is not owned by the "dict" dictionnary in the
+ * Free a string if it is not owned by the "dict" dictionary in the
* current scope
*/
#define DICT_FREE(str) \
diff --git a/HTMLtree.c b/HTMLtree.c
index 5c57fc5..2fd0c9c 100644
--- a/HTMLtree.c
+++ b/HTMLtree.c
@@ -668,7 +668,8 @@
xmlOutputBufferWriteString(buf, " ");
xmlBufWriteQuotedString(buf->buffer, cur->SystemID);
}
- } else if (cur->SystemID != NULL) {
+ } else if (cur->SystemID != NULL &&
+ xmlStrcmp(cur->SystemID, BAD_CAST "about:legacy-compat")) {
xmlOutputBufferWriteString(buf, " SYSTEM ");
xmlBufWriteQuotedString(buf->buffer, cur->SystemID);
}
diff --git a/SAX2.c b/SAX2.c
index ffef3e1..5cbb700 100644
--- a/SAX2.c
+++ b/SAX2.c
@@ -55,7 +55,7 @@
* @ctxt: an XML validation parser context
* @msg: a string to accompany the error message
*/
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlSAX2ErrMemory(xmlParserCtxtPtr ctxt, const char *msg) {
xmlStructuredErrorFunc schannel = NULL;
const char *str1 = "out of memory\n";
@@ -93,7 +93,7 @@
*
* Handle a validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlErrValid(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const char *str1, const char *str2)
{
@@ -133,7 +133,7 @@
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -164,7 +164,7 @@
*
* Handle a parser warning
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlWarnMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1)
{
@@ -189,7 +189,7 @@
*
* Handle a namespace error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlNsErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -213,7 +213,7 @@
*
* Handle a namespace warning
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlNsWarnMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
diff --git a/buf.c b/buf.c
index 6efc7b6..07922ff 100644
--- a/buf.c
+++ b/buf.c
@@ -27,6 +27,7 @@
#include <libxml/tree.h>
#include <libxml/globals.h>
#include <libxml/tree.h>
+#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
#include "buf.h"
#define WITH_BUFFER_COMPAT
@@ -299,7 +300,8 @@
if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
(scheme == XML_BUFFER_ALLOC_EXACT) ||
(scheme == XML_BUFFER_ALLOC_HYBRID) ||
- (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
+ (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
+ (scheme == XML_BUFFER_ALLOC_BOUNDED)) {
buf->alloc = scheme;
if (buf->buffer)
buf->buffer->alloc = scheme;
@@ -458,6 +460,18 @@
size = buf->use + len + 100;
#endif
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
+ /*
+ * Used to provide parsing limits
+ */
+ if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
+ (buf->size >= XML_MAX_TEXT_LENGTH)) {
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
+ return(0);
+ }
+ if (size >= XML_MAX_TEXT_LENGTH)
+ size = XML_MAX_TEXT_LENGTH;
+ }
if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
size_t start_buf = buf->content - buf->contentIO;
@@ -739,6 +753,15 @@
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
+ /*
+ * Used to provide parsing limits
+ */
+ if (size >= XML_MAX_TEXT_LENGTH) {
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
+ return(0);
+ }
+ }
/* Don't resize if we don't have to */
if (size < buf->size)
@@ -867,6 +890,15 @@
needSize = buf->use + len + 2;
if (needSize > buf->size){
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
+ /*
+ * Used to provide parsing limits
+ */
+ if (needSize >= XML_MAX_TEXT_LENGTH) {
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
+ return(-1);
+ }
+ }
if (!xmlBufResize(buf, needSize)){
xmlBufMemoryError(buf, "growing buffer");
return XML_ERR_NO_MEMORY;
@@ -938,6 +970,15 @@
}
needSize = buf->use + len + 2;
if (needSize > buf->size){
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
+ /*
+ * Used to provide parsing limits
+ */
+ if (needSize >= XML_MAX_TEXT_LENGTH) {
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
+ return(-1);
+ }
+ }
if (!xmlBufResize(buf, needSize)){
xmlBufMemoryError(buf, "growing buffer");
return XML_ERR_NO_MEMORY;
diff --git a/catalog.c b/catalog.c
index 5773db3..6dfdfbb 100644
--- a/catalog.c
+++ b/catalog.c
@@ -47,9 +47,9 @@
#define MAX_CATAL_DEPTH 50
#ifdef _WIN32
-# define PATH_SEAPARATOR ';'
+# define PATH_SEPARATOR ';'
#else
-# define PATH_SEAPARATOR ':'
+# define PATH_SEPARATOR ':'
#endif
/**
@@ -238,7 +238,7 @@
*
* Handle a catalog error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlCatalogErr(xmlCatalogEntryPtr catal, xmlNodePtr node, int error,
const char *msg, const xmlChar *str1, const xmlChar *str2,
const xmlChar *str3)
@@ -3247,7 +3247,7 @@
while (xmlIsBlank_ch(*cur)) cur++;
if (*cur != 0) {
paths = cur;
- while ((*cur != 0) && (*cur != PATH_SEAPARATOR) && (!xmlIsBlank_ch(*cur)))
+ while ((*cur != 0) && (*cur != PATH_SEPARATOR) && (!xmlIsBlank_ch(*cur)))
cur++;
path = xmlStrndup((const xmlChar *)paths, cur - paths);
#ifdef _WIN32
@@ -3263,7 +3263,7 @@
xmlFree(path);
}
}
- while (*cur == PATH_SEAPARATOR)
+ while (*cur == PATH_SEPARATOR)
cur++;
}
}
diff --git a/debugXML.c b/debugXML.c
index b05fdff..a1b550a 100644
--- a/debugXML.c
+++ b/debugXML.c
@@ -44,10 +44,10 @@
int depth; /* current depth */
xmlDocPtr doc; /* current document */
xmlNodePtr node; /* current node */
- xmlDictPtr dict; /* the doc dictionnary */
+ xmlDictPtr dict; /* the doc dictionary */
int check; /* do just checkings */
int errors; /* number of errors found */
- int nodict; /* if the document has no dictionnary */
+ int nodict; /* if the document has no dictionary */
int options; /* options */
};
@@ -164,7 +164,7 @@
NULL, NULL, NULL, 0, 0,
"%s", msg);
}
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlDebugErr2(xmlDebugCtxtPtr ctxt, int error, const char *msg, int extra)
{
ctxt->errors++;
@@ -174,7 +174,7 @@
NULL, NULL, NULL, 0, 0,
msg, extra);
}
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlDebugErr3(xmlDebugCtxtPtr ctxt, int error, const char *msg, const char *extra)
{
ctxt->errors++;
@@ -243,7 +243,7 @@
* @ctxt: the debug context
* @name: the name
*
- * Do debugging on the name, for example the dictionnary status and
+ * Do debugging on the name, for example the dictionary status and
* conformance to the Name production.
*/
static void
@@ -265,7 +265,7 @@
((ctxt->doc == NULL) ||
((ctxt->doc->parseFlags & (XML_PARSE_SAX1 | XML_PARSE_NODICT)) == 0))) {
xmlDebugErr3(ctxt, XML_CHECK_OUTSIDE_DICT,
- "Name is not from the document dictionnary '%s'",
+ "Name is not from the document dictionary '%s'",
(const char *) name);
}
}
@@ -292,7 +292,7 @@
/* desactivated right now as it raises too many errors */
if (doc->type == XML_DOCUMENT_NODE)
xmlDebugErr(ctxt, XML_CHECK_NO_DICT,
- "Document has no dictionnary\n");
+ "Document has no dictionary\n");
#endif
ctxt->nodict = 1;
}
diff --git a/dict.c b/dict.c
index 5f71d55..c0585fe 100644
--- a/dict.c
+++ b/dict.c
@@ -87,7 +87,7 @@
#endif /* WITH_BIG_KEY */
/*
- * An entry in the dictionnary
+ * An entry in the dictionary
*/
typedef struct _xmlDictEntry xmlDictEntry;
typedef xmlDictEntry *xmlDictEntryPtr;
@@ -110,7 +110,7 @@
xmlChar array[1];
};
/*
- * The entire dictionnary
+ * The entire dictionary
*/
struct _xmlDict {
int ref_counter;
@@ -229,7 +229,7 @@
/*
* xmlDictAddString:
- * @dict: the dictionnary
+ * @dict: the dictionary
* @name: the name of the userdata
* @len: the length of the name
*
@@ -291,7 +291,7 @@
/*
* xmlDictAddQString:
- * @dict: the dictionnary
+ * @dict: the dictionary
* @prefix: the prefix of the userdata
* @plen: the prefix length
* @name: the name of the userdata
@@ -486,7 +486,10 @@
value += 30 * (*prefix);
if (len > 10) {
- value += name[len - (plen + 1 + 1)];
+ int offset = len - (plen + 1 + 1);
+ if (offset < 0)
+ offset = len - (10 + 1);
+ value += name[offset];
len = 10;
if (plen > 10)
plen = 10;
@@ -530,7 +533,7 @@
*
* Create a new dictionary
*
- * Returns the newly created dictionnary, or NULL if an error occured.
+ * Returns the newly created dictionary, or NULL if an error occured.
*/
xmlDictPtr
xmlDictCreate(void) {
@@ -570,14 +573,14 @@
/**
* xmlDictCreateSub:
- * @sub: an existing dictionnary
+ * @sub: an existing dictionary
*
* Create a new dictionary, inheriting strings from the read-only
- * dictionnary @sub. On lookup, strings are first searched in the
- * new dictionnary, then in @sub, and if not found are created in the
- * new dictionnary.
+ * dictionary @sub. On lookup, strings are first searched in the
+ * new dictionary, then in @sub, and if not found are created in the
+ * new dictionary.
*
- * Returns the newly created dictionnary, or NULL if an error occured.
+ * Returns the newly created dictionary, or NULL if an error occured.
*/
xmlDictPtr
xmlDictCreateSub(xmlDictPtr sub) {
@@ -596,7 +599,7 @@
/**
* xmlDictReference:
- * @dict: the dictionnary
+ * @dict: the dictionary
*
* Increment the reference counter of a dictionary
*
@@ -617,10 +620,10 @@
/**
* xmlDictGrow:
- * @dict: the dictionnary
- * @size: the new size of the dictionnary
+ * @dict: the dictionary
+ * @size: the new size of the dictionary
*
- * resize the dictionnary
+ * resize the dictionary
*
* Returns 0 in case of success, -1 in case of failure
*/
@@ -752,7 +755,7 @@
/**
* xmlDictFree:
- * @dict: the dictionnary
+ * @dict: the dictionary
*
* Free the hash @dict and its contents. The userdata is
* deallocated with @f if provided.
@@ -814,11 +817,11 @@
/**
* xmlDictLookup:
- * @dict: the dictionnary
+ * @dict: the dictionary
* @name: the name of the userdata
* @len: the length of the name, if -1 it is recomputed
*
- * Add the @name to the dictionnary @dict if not present.
+ * Add the @name to the dictionary @dict if not present.
*
* Returns the internal copy of the name or NULL in case of internal error
*/
@@ -954,11 +957,11 @@
/**
* xmlDictExists:
- * @dict: the dictionnary
+ * @dict: the dictionary
* @name: the name of the userdata
* @len: the length of the name, if -1 it is recomputed
*
- * Check if the @name exists in the dictionnary @dict.
+ * Check if the @name exists in the dictionary @dict.
*
* Returns the internal copy of the name or NULL if not found.
*/
@@ -1062,7 +1065,7 @@
/**
* xmlDictQLookup:
- * @dict: the dictionnary
+ * @dict: the dictionary
* @prefix: the prefix
* @name: the name
*
@@ -1167,7 +1170,7 @@
/**
* xmlDictOwns:
- * @dict: the dictionnary
+ * @dict: the dictionary
* @str: the string
*
* check if a string is owned by the disctionary
@@ -1194,11 +1197,11 @@
/**
* xmlDictSize:
- * @dict: the dictionnary
+ * @dict: the dictionary
*
* Query the number of elements installed in the hash @dict.
*
- * Returns the number of elements in the dictionnary or
+ * Returns the number of elements in the dictionary or
* -1 in case of error
*/
int
@@ -1212,7 +1215,7 @@
/**
* xmlDictSetLimit:
- * @dict: the dictionnary
+ * @dict: the dictionary
* @limit: the limit in bytes
*
* Set a size limit for the dictionary
@@ -1233,7 +1236,7 @@
/**
* xmlDictGetUsage:
- * @dict: the dictionnary
+ * @dict: the dictionary
*
* Get how much memory is used by a dictionary for strings
* Added in 2.9.0
diff --git a/encoding.c b/encoding.c
index 574e1ae..e49c7f8 100644
--- a/encoding.c
+++ b/encoding.c
@@ -93,7 +93,7 @@
*
* n encoding error
*/
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlEncodingErr(xmlParserErrors error, const char *msg, const char *val)
{
__xmlRaiseError(NULL, NULL, NULL, NULL, NULL,
diff --git a/entities.c b/entities.c
index a72afb3..64808ff 100644
--- a/entities.c
+++ b/entities.c
@@ -83,7 +83,7 @@
*
* Handle an out of memory condition
*/
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlEntitiesErr(xmlParserErrors code, const char *msg)
{
__xmlSimpleError(XML_FROM_TREE, code, NULL, msg, NULL);
diff --git a/error.c b/error.c
index cbcf5c9..9606f13 100644
--- a/error.c
+++ b/error.c
@@ -18,7 +18,7 @@
void XMLCDECL xmlGenericErrorDefaultFunc (void *ctx ATTRIBUTE_UNUSED,
const char *msg,
- ...);
+ ...) LIBXML_ATTR_FORMAT(2,3);
#define XML_GET_VAR_STR(msg, str) { \
int size, prev_size = -1; \
@@ -177,7 +177,9 @@
xmlChar content[81]; /* space for 80 chars + line terminator */
xmlChar *ctnt;
- if (input == NULL) return;
+ if ((input == NULL) || (input->cur == NULL))
+ return;
+
cur = input->cur;
base = input->base;
/* skip backwards over any end-of-lines */
diff --git a/include/libxml/dict.h b/include/libxml/dict.h
index 7022ec8..b83db59 100644
--- a/include/libxml/dict.h
+++ b/include/libxml/dict.h
@@ -1,5 +1,5 @@
/*
- * Summary: string dictionnary
+ * Summary: string dictionary
* Description: dictionary of reusable strings, just used to avoid allocation
* and freeing operations.
*
@@ -11,6 +11,18 @@
#ifndef __XML_DICT_H__
#define __XML_DICT_H__
+#ifdef __cplusplus
+#define __XML_EXTERNC extern "C"
+#else
+#define __XML_EXTERNC
+#endif
+
+/*
+ * The dictionary.
+ */
+__XML_EXTERNC typedef struct _xmlDict xmlDict;
+__XML_EXTERNC typedef xmlDict *xmlDictPtr;
+
#include <limits.h>
#include <libxml/xmlversion.h>
#include <libxml/tree.h>
@@ -20,12 +32,6 @@
#endif
/*
- * The dictionnary.
- */
-typedef struct _xmlDict xmlDict;
-typedef xmlDict *xmlDictPtr;
-
-/*
* Initializer
*/
XMLPUBFUN int XMLCALL xmlInitializeDict(void);
@@ -48,7 +54,7 @@
xmlDictFree (xmlDictPtr dict);
/*
- * Lookup of entry in the dictionnary.
+ * Lookup of entry in the dictionary.
*/
XMLPUBFUN const xmlChar * XMLCALL
xmlDictLookup (xmlDictPtr dict,
diff --git a/include/libxml/parser.h b/include/libxml/parser.h
index 3f5730d..47fbec0 100644
--- a/include/libxml/parser.h
+++ b/include/libxml/parser.h
@@ -260,7 +260,7 @@
void *catalogs; /* document's own catalog */
int recovery; /* run in recovery mode */
int progressive; /* is this a progressive parsing */
- xmlDictPtr dict; /* dictionnary for the parser */
+ xmlDictPtr dict; /* dictionary for the parser */
const xmlChar * *atts; /* array for the attributes callbacks */
int maxatts; /* the size of the array */
int docdict; /* use strings from dict to build tree */
@@ -1099,7 +1099,7 @@
XML_PARSE_SAX1 = 1<<9, /* use the SAX1 interface internally */
XML_PARSE_XINCLUDE = 1<<10,/* Implement XInclude substitition */
XML_PARSE_NONET = 1<<11,/* Forbid network access */
- XML_PARSE_NODICT = 1<<12,/* Do not reuse the context dictionnary */
+ XML_PARSE_NODICT = 1<<12,/* Do not reuse the context dictionary */
XML_PARSE_NSCLEAN = 1<<13,/* remove redundant namespaces declarations */
XML_PARSE_NOCDATA = 1<<14,/* merge CDATA as text nodes */
XML_PARSE_NOXINCNODE= 1<<15,/* do not generate XINCLUDE START/END nodes */
diff --git a/include/libxml/parserInternals.h b/include/libxml/parserInternals.h
index 6065320..f30fc68 100644
--- a/include/libxml/parserInternals.h
+++ b/include/libxml/parserInternals.h
@@ -351,7 +351,7 @@
xmlParserErrors xmlerr,
const char *msg,
const xmlChar * str1,
- const xmlChar * str2);
+ const xmlChar * str2) LIBXML_ATTR_FORMAT(3,0);
#endif
/**
diff --git a/include/libxml/schemasInternals.h b/include/libxml/schemasInternals.h
index 4f0ca9a..c7cf552 100644
--- a/include/libxml/schemasInternals.h
+++ b/include/libxml/schemasInternals.h
@@ -28,52 +28,52 @@
typedef enum {
XML_SCHEMAS_UNKNOWN = 0,
- XML_SCHEMAS_STRING,
- XML_SCHEMAS_NORMSTRING,
- XML_SCHEMAS_DECIMAL,
- XML_SCHEMAS_TIME,
- XML_SCHEMAS_GDAY,
- XML_SCHEMAS_GMONTH,
- XML_SCHEMAS_GMONTHDAY,
- XML_SCHEMAS_GYEAR,
- XML_SCHEMAS_GYEARMONTH,
- XML_SCHEMAS_DATE,
- XML_SCHEMAS_DATETIME,
- XML_SCHEMAS_DURATION,
- XML_SCHEMAS_FLOAT,
- XML_SCHEMAS_DOUBLE,
- XML_SCHEMAS_BOOLEAN,
- XML_SCHEMAS_TOKEN,
- XML_SCHEMAS_LANGUAGE,
- XML_SCHEMAS_NMTOKEN,
- XML_SCHEMAS_NMTOKENS,
- XML_SCHEMAS_NAME,
- XML_SCHEMAS_QNAME,
- XML_SCHEMAS_NCNAME,
- XML_SCHEMAS_ID,
- XML_SCHEMAS_IDREF,
- XML_SCHEMAS_IDREFS,
- XML_SCHEMAS_ENTITY,
- XML_SCHEMAS_ENTITIES,
- XML_SCHEMAS_NOTATION,
- XML_SCHEMAS_ANYURI,
- XML_SCHEMAS_INTEGER,
- XML_SCHEMAS_NPINTEGER,
- XML_SCHEMAS_NINTEGER,
- XML_SCHEMAS_NNINTEGER,
- XML_SCHEMAS_PINTEGER,
- XML_SCHEMAS_INT,
- XML_SCHEMAS_UINT,
- XML_SCHEMAS_LONG,
- XML_SCHEMAS_ULONG,
- XML_SCHEMAS_SHORT,
- XML_SCHEMAS_USHORT,
- XML_SCHEMAS_BYTE,
- XML_SCHEMAS_UBYTE,
- XML_SCHEMAS_HEXBINARY,
- XML_SCHEMAS_BASE64BINARY,
- XML_SCHEMAS_ANYTYPE,
- XML_SCHEMAS_ANYSIMPLETYPE
+ XML_SCHEMAS_STRING = 1,
+ XML_SCHEMAS_NORMSTRING = 2,
+ XML_SCHEMAS_DECIMAL = 3,
+ XML_SCHEMAS_TIME = 4,
+ XML_SCHEMAS_GDAY = 5,
+ XML_SCHEMAS_GMONTH = 6,
+ XML_SCHEMAS_GMONTHDAY = 7,
+ XML_SCHEMAS_GYEAR = 8,
+ XML_SCHEMAS_GYEARMONTH = 9,
+ XML_SCHEMAS_DATE = 10,
+ XML_SCHEMAS_DATETIME = 11,
+ XML_SCHEMAS_DURATION = 12,
+ XML_SCHEMAS_FLOAT = 13,
+ XML_SCHEMAS_DOUBLE = 14,
+ XML_SCHEMAS_BOOLEAN = 15,
+ XML_SCHEMAS_TOKEN = 16,
+ XML_SCHEMAS_LANGUAGE = 17,
+ XML_SCHEMAS_NMTOKEN = 18,
+ XML_SCHEMAS_NMTOKENS = 19,
+ XML_SCHEMAS_NAME = 20,
+ XML_SCHEMAS_QNAME = 21,
+ XML_SCHEMAS_NCNAME = 22,
+ XML_SCHEMAS_ID = 23,
+ XML_SCHEMAS_IDREF = 24,
+ XML_SCHEMAS_IDREFS = 25,
+ XML_SCHEMAS_ENTITY = 26,
+ XML_SCHEMAS_ENTITIES = 27,
+ XML_SCHEMAS_NOTATION = 28,
+ XML_SCHEMAS_ANYURI = 29,
+ XML_SCHEMAS_INTEGER = 30,
+ XML_SCHEMAS_NPINTEGER = 31,
+ XML_SCHEMAS_NINTEGER = 32,
+ XML_SCHEMAS_NNINTEGER = 33,
+ XML_SCHEMAS_PINTEGER = 34,
+ XML_SCHEMAS_INT = 35,
+ XML_SCHEMAS_UINT = 36,
+ XML_SCHEMAS_LONG = 37,
+ XML_SCHEMAS_ULONG = 38,
+ XML_SCHEMAS_SHORT = 39,
+ XML_SCHEMAS_USHORT = 40,
+ XML_SCHEMAS_BYTE = 41,
+ XML_SCHEMAS_UBYTE = 42,
+ XML_SCHEMAS_HEXBINARY = 43,
+ XML_SCHEMAS_BASE64BINARY = 44,
+ XML_SCHEMAS_ANYTYPE = 45,
+ XML_SCHEMAS_ANYSIMPLETYPE = 46
} xmlSchemaValType;
/*
diff --git a/include/libxml/tree.h b/include/libxml/tree.h
index 2f90717..4a9b3bc 100644
--- a/include/libxml/tree.h
+++ b/include/libxml/tree.h
@@ -76,7 +76,8 @@
XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */
XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */
- XML_BUFFER_ALLOC_HYBRID /* exact up to a threshold, and doubleit thereafter */
+ XML_BUFFER_ALLOC_HYBRID, /* exact up to a threshold, and doubleit thereafter */
+ XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */
} xmlBufferAllocationScheme;
/**
diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
index 43e68ca..037c16d 100644
--- a/include/libxml/xmlerror.h
+++ b/include/libxml/xmlerror.h
@@ -937,7 +937,7 @@
int code,
xmlNodePtr node,
const char *msg,
- const char *extra);
+ const char *extra) LIBXML_ATTR_FORMAT(4,0);
#endif
#ifdef __cplusplus
}
diff --git a/include/libxml/xmlstring.h b/include/libxml/xmlstring.h
index 2036236..2d0b2d1 100644
--- a/include/libxml/xmlstring.h
+++ b/include/libxml/xmlstring.h
@@ -97,13 +97,13 @@
XMLPUBFUN int XMLCALL
xmlStrPrintf (xmlChar *buf,
int len,
- const xmlChar *msg,
- ...);
+ const char *msg,
+ ...) LIBXML_ATTR_FORMAT(3,4);
XMLPUBFUN int XMLCALL
xmlStrVPrintf (xmlChar *buf,
int len,
- const xmlChar *msg,
- va_list ap);
+ const char *msg,
+ va_list ap) LIBXML_ATTR_FORMAT(3,0);
XMLPUBFUN int XMLCALL
xmlGetUTF8Char (const unsigned char *utf,
diff --git a/include/libxml/xmlversion.h b/include/libxml/xmlversion.h
index 4e408a9..62f4408 100644
--- a/include/libxml/xmlversion.h
+++ b/include/libxml/xmlversion.h
@@ -435,7 +435,7 @@
*/
#ifndef LIBXML_ATTR_ALLOC_SIZE
-# if ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 3)))
+# if (!defined(__clang__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 3))))
# define LIBXML_ATTR_ALLOC_SIZE(x) __attribute__((alloc_size(x)))
# else
# define LIBXML_ATTR_ALLOC_SIZE(x)
diff --git a/include/libxml/xpathInternals.h b/include/libxml/xpathInternals.h
index 70c9db9..76a6b48 100644
--- a/include/libxml/xpathInternals.h
+++ b/include/libxml/xpathInternals.h
@@ -229,7 +229,7 @@
* Empties a node-set.
*/
#define xmlXPathEmptyNodeSet(ns) \
- { while ((ns)->nodeNr > 0) (ns)->nodeTab[(ns)->nodeNr--] = NULL; }
+ { while ((ns)->nodeNr > 0) (ns)->nodeTab[--(ns)->nodeNr] = NULL; }
/**
* CHECK_ERROR:
diff --git a/libxml.h b/libxml.h
index 2da9044..88e515f 100644
--- a/libxml.h
+++ b/libxml.h
@@ -9,6 +9,8 @@
#ifndef __XML_LIBXML_H__
#define __XML_LIBXML_H__
+#include <libxml/xmlstring.h>
+
#ifndef NO_LARGEFILE_SOURCE
#ifndef _LARGEFILE_SOURCE
#define _LARGEFILE_SOURCE
@@ -68,7 +70,7 @@
* internal error reporting routines, shared but not partof the API.
*/
void __xmlIOErr(int domain, int code, const char *extra);
-void __xmlLoaderErr(void *ctx, const char *msg, const char *filename);
+void __xmlLoaderErr(void *ctx, const char *msg, const char *filename) LIBXML_ATTR_FORMAT(2,0);
#ifdef LIBXML_HTML_ENABLED
/*
* internal function of HTML parser needed for xmlParseInNodeContext
@@ -93,6 +95,7 @@
int __xmlRandom(void);
#endif
+XMLPUBFUN xmlChar * XMLCALL xmlEscapeFormatString(xmlChar **msg);
int xmlNop(void);
#ifdef IN_LIBXML
diff --git a/parser.c b/parser.c
index a8d1b67..53a6b7f 100644
--- a/parser.c
+++ b/parser.c
@@ -94,6 +94,8 @@
xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
const xmlChar *base, xmlParserCtxtPtr pctx);
+static void xmlHaltParser(xmlParserCtxtPtr ctxt);
+
/************************************************************************
* *
* Arbitrary limits set in the parser. See XML_PARSE_HUGE *
@@ -136,14 +138,20 @@
* entities problems
*/
if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) &&
- (ent->content != NULL) && (ent->checked == 0)) {
+ (ent->content != NULL) && (ent->checked == 0) &&
+ (ctxt->errNo != XML_ERR_ENTITY_LOOP)) {
unsigned long oldnbent = ctxt->nbentities;
xmlChar *rep;
ent->checked = 1;
+ ++ctxt->depth;
rep = xmlStringDecodeEntities(ctxt, ent->content,
XML_SUBSTITUTE_REF, 0, 0, 0);
+ --ctxt->depth;
+ if (ctxt->errNo == XML_ERR_ENTITY_LOOP) {
+ ent->content[0] = 0;
+ }
ent->checked = (ctxt->nbentities - oldnbent + 1) * 2;
if (rep != NULL) {
@@ -342,7 +350,6 @@
xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info)
{
const char *errmsg;
- char errstr[129] = "";
if ((ctxt != NULL) && (ctxt->disableSAX != 0) &&
(ctxt->instate == XML_PARSER_EOF))
@@ -529,15 +536,17 @@
default:
errmsg = "Unregistered error message";
}
- if (info == NULL)
- snprintf(errstr, 128, "%s\n", errmsg);
- else
- snprintf(errstr, 128, "%s: %%s\n", errmsg);
if (ctxt != NULL)
ctxt->errNo = error;
- __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
- XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, &errstr[0],
- info);
+ if (info == NULL) {
+ __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
+ XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, "%s\n",
+ errmsg);
+ } else {
+ __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
+ XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, "%s: %s\n",
+ errmsg, info);
+ }
if (ctxt != NULL) {
ctxt->wellFormed = 0;
if (ctxt->recovery == 0)
@@ -553,7 +562,7 @@
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg)
{
@@ -581,7 +590,7 @@
*
* Handle a warning.
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlWarningMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -619,7 +628,7 @@
*
* Handle a validity error.
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlValidityError(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -659,7 +668,7 @@
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsgInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, int val)
{
@@ -689,7 +698,7 @@
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsgStrIntStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, int val,
const xmlChar *str2)
@@ -719,7 +728,7 @@
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsgStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar * val)
{
@@ -748,7 +757,7 @@
*
* Handle a non fatal parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlErrMsgStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar * val)
{
@@ -773,7 +782,7 @@
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlNsErr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg,
const xmlChar * info1, const xmlChar * info2,
@@ -802,7 +811,7 @@
*
* Handle a namespace warning error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlNsWarn(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg,
const xmlChar * info1, const xmlChar * info2,
@@ -1771,7 +1780,7 @@
xmlFatalErrMsgInt(ctxt, XML_ERR_INTERNAL_ERROR,
"Excessive depth in document: %d use XML_PARSE_HUGE option\n",
xmlParserMaxDepth);
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
return(-1);
}
ctxt->nodeTab[ctxt->nodeNr] = value;
@@ -2006,6 +2015,7 @@
#define CUR (*ctxt->input->cur)
#define NXT(val) ctxt->input->cur[(val)]
#define CUR_PTR ctxt->input->cur
+#define BASE_PTR ctxt->input->base
#define CMP4( s, c1, c2, c3, c4 ) \
( ((unsigned char *) s)[ 0 ] == c1 && ((unsigned char *) s)[ 1 ] == c2 && \
@@ -2073,9 +2083,16 @@
((ctxt->input->buf) && (ctxt->input->buf->readcallback != (xmlInputReadCallback) xmlNop)) &&
((ctxt->options & XML_PARSE_HUGE) == 0)) {
xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, "Huge input lookup");
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
+ return;
}
xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
+ if ((ctxt->input->cur > ctxt->input->end) ||
+ (ctxt->input->cur < ctxt->input->base)) {
+ xmlHaltParser(ctxt);
+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, "cur index out of bound");
+ return;
+ }
if ((ctxt->input->cur != NULL) && (*ctxt->input->cur == 0) &&
(xmlParserInputGrow(ctxt->input, INPUT_CHUNK) <= 0))
xmlPopInput(ctxt);
@@ -2151,7 +2168,8 @@
int cur;
do {
cur = CUR;
- while (IS_BLANK_CH(cur)) { /* CHECKED tstblanks.xml */
+ while ((IS_BLANK_CH(cur) && /* CHECKED tstblanks.xml */
+ (ctxt->instate != XML_PARSER_EOF))) {
NEXT;
cur = CUR;
res++;
@@ -2165,7 +2183,8 @@
* Need to handle support of entities branching here
*/
if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt);
- } while (IS_BLANK(cur)); /* CHECKED tstblanks.xml */
+ } while ((IS_BLANK(cur)) && /* CHECKED tstblanks.xml */
+ (ctxt->instate != XML_PARSER_EOF));
}
return(res);
}
@@ -2806,6 +2825,10 @@
0, 0, 0);
ctxt->depth--;
+ if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) ||
+ (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR))
+ goto int_error;
+
if (rep != NULL) {
current = rep;
while (*current != 0) { /* non input consuming loop */
@@ -2843,7 +2866,21 @@
ctxt->nbentities += ent->checked / 2;
if (ent != NULL) {
if (ent->content == NULL) {
- xmlLoadEntityContent(ctxt, ent);
+ /*
+ * Note: external parsed entities will not be loaded,
+ * it is not required for a non-validating parser to
+ * complete external PEreferences coming from the
+ * internal subset
+ */
+ if (((ctxt->options & XML_PARSE_NOENT) != 0) ||
+ ((ctxt->options & XML_PARSE_DTDVALID) != 0) ||
+ (ctxt->validate != 0)) {
+ xmlLoadEntityContent(ctxt, ent);
+ } else {
+ xmlWarningMsg(ctxt, XML_ERR_ENTITY_PROCESSING,
+ "not validating will not read content for PE entity %s\n",
+ ent->name, NULL);
+ }
}
ctxt->depth++;
rep = xmlStringDecodeEntities(ctxt, ent->content, what,
@@ -3455,7 +3492,7 @@
int len = 0, l;
int c;
int count = 0;
- const xmlChar *end; /* needed because CUR_CHAR() can move cur on \r\n */
+ size_t startPosition = 0;
#ifdef DEBUG
nbParseNCNameComplex++;
@@ -3465,7 +3502,7 @@
* Handler for more complex cases
*/
GROW;
- end = ctxt->input->cur;
+ startPosition = CUR_PTR - BASE_PTR;
c = CUR_CHAR(l);
if ((c == ' ') || (c == '>') || (c == '/') || /* accelerators */
(!xmlIsNameStartChar(ctxt, c) || (c == ':'))) {
@@ -3487,14 +3524,19 @@
}
len += l;
NEXTL(l);
- end = ctxt->input->cur;
c = CUR_CHAR(l);
if (c == 0) {
count = 0;
+ /*
+ * when shrinking to extend the buffer we really need to preserve
+ * the part of the name we already parsed. Hence rolling back
+ * by current lenght.
+ */
+ ctxt->input->cur -= l;
GROW;
+ ctxt->input->cur += l;
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
- end = ctxt->input->cur;
c = CUR_CHAR(l);
}
}
@@ -3503,7 +3545,7 @@
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
return(NULL);
}
- return(xmlDictLookup(ctxt->dict, end - len, len));
+ return(xmlDictLookup(ctxt->dict, (BASE_PTR + startPosition), len));
}
/**
@@ -3523,7 +3565,7 @@
static const xmlChar *
xmlParseNCName(xmlParserCtxtPtr ctxt) {
- const xmlChar *in;
+ const xmlChar *in, *e;
const xmlChar *ret;
int count = 0;
@@ -3535,16 +3577,19 @@
* Accelerator for simple ASCII names
*/
in = ctxt->input->cur;
- if (((*in >= 0x61) && (*in <= 0x7A)) ||
- ((*in >= 0x41) && (*in <= 0x5A)) ||
- (*in == '_')) {
+ e = ctxt->input->end;
+ if ((((*in >= 0x61) && (*in <= 0x7A)) ||
+ ((*in >= 0x41) && (*in <= 0x5A)) ||
+ (*in == '_')) && (in < e)) {
in++;
- while (((*in >= 0x61) && (*in <= 0x7A)) ||
- ((*in >= 0x41) && (*in <= 0x5A)) ||
- ((*in >= 0x30) && (*in <= 0x39)) ||
- (*in == '_') || (*in == '-') ||
- (*in == '.'))
+ while ((((*in >= 0x61) && (*in <= 0x7A)) ||
+ ((*in >= 0x41) && (*in <= 0x5A)) ||
+ ((*in >= 0x30) && (*in <= 0x39)) ||
+ (*in == '_') || (*in == '-') ||
+ (*in == '.')) && (in < e))
in++;
+ if (in >= e)
+ goto complex;
if ((*in > 0) && (*in < 0x80)) {
count = in - ctxt->input->cur;
if ((count > XML_MAX_NAME_LENGTH) &&
@@ -3562,6 +3607,7 @@
return(ret);
}
}
+complex:
return(xmlParseNCNameComplex(ctxt));
}
@@ -3599,7 +3645,7 @@
}
/* failure (or end of input buffer), check with full function */
ret = xmlParseName (ctxt);
- /* strings coming from the dictionnary direct compare possible */
+ /* strings coming from the dictionary direct compare possible */
if (ret == other) {
return (const xmlChar*) 1;
}
@@ -3940,8 +3986,10 @@
* an entity declaration, it is bypassed and left as is.
* so XML_SUBSTITUTE_REF is not set here.
*/
+ ++ctxt->depth;
ret = xmlStringDecodeEntities(ctxt, buf, XML_SUBSTITUTE_PEREF,
0, 0, 0);
+ --ctxt->depth;
if (orig != NULL)
*orig = buf;
else
@@ -4066,9 +4114,11 @@
} else if ((ent != NULL) &&
(ctxt->replaceEntities != 0)) {
if (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) {
+ ++ctxt->depth;
rep = xmlStringDecodeEntities(ctxt, ent->content,
XML_SUBSTITUTE_REF,
0, 0, 0);
+ --ctxt->depth;
if (rep != NULL) {
current = rep;
while (*current != 0) { /* non input consuming */
@@ -4104,8 +4154,10 @@
(ent->content != NULL) && (ent->checked == 0)) {
unsigned long oldnbent = ctxt->nbentities;
+ ++ctxt->depth;
rep = xmlStringDecodeEntities(ctxt, ent->content,
XML_SUBSTITUTE_REF, 0, 0, 0);
+ --ctxt->depth;
ent->checked = (ctxt->nbentities - oldnbent + 1) * 2;
if (rep != NULL) {
@@ -5475,7 +5527,7 @@
skipped = SKIP_BLANKS;
if (skipped == 0) {
xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
- "Space required after '%'\n");
+ "Space required after '%%'\n");
}
isParameter = 1;
}
@@ -5658,6 +5710,7 @@
if (RAW != '>') {
xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
"xmlParseEntityDecl: entity %s not terminated\n", name);
+ xmlHaltParser(ctxt);
} else {
if (input != ctxt->input) {
xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
@@ -6659,6 +6712,7 @@
if (!IS_BLANK_CH(CUR)) {
xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
"Space required after 'ELEMENT'\n");
+ return(-1);
}
SKIP_BLANKS;
name = xmlParseName(ctxt);
@@ -6769,6 +6823,8 @@
SKIP_BLANKS;
if (RAW != '[') {
xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
+ xmlHaltParser(ctxt);
+ return;
} else {
if (ctxt->input->id != id) {
xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
@@ -6808,6 +6864,7 @@
if ((CUR_PTR == check) && (cons == ctxt->input->consumed)) {
xmlFatalErr(ctxt, XML_ERR_EXT_SUBSET_NOT_FINISHED, NULL);
+ xmlHaltParser(ctxt);
break;
}
}
@@ -6829,6 +6886,8 @@
SKIP_BLANKS;
if (RAW != '[') {
xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
+ xmlHaltParser(ctxt);
+ return;
} else {
if (ctxt->input->id != id) {
xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
@@ -6884,6 +6943,8 @@
} else {
xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
+ xmlHaltParser(ctxt);
+ return;
}
if (RAW == 0)
@@ -6897,7 +6958,9 @@
"All markup of the conditional section is not in the same entity\n",
NULL, NULL);
}
- SKIP(3);
+ if ((ctxt-> instate != XML_PARSER_EOF) &&
+ ((ctxt->input->cur + 3) <= ctxt->input->end))
+ SKIP(3);
}
}
@@ -6952,6 +7015,14 @@
xmlParsePI(ctxt);
}
}
+
+ /*
+ * detect requirement to exit there and act accordingly
+ * and avoid having instate overriden later on
+ */
+ if (ctxt->instate == XML_PARSER_EOF)
+ return;
+
/*
* This is only for internal subset. On external entities,
* the replacement is done before parsing stage
@@ -7083,7 +7154,7 @@
/*
* The XML REC instructs us to stop parsing right here
*/
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
return;
}
}
@@ -8070,7 +8141,7 @@
* The XML REC instructs us to stop parsing
* right here
*/
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
return;
}
}
@@ -8425,6 +8496,7 @@
*/
if (RAW != '>') {
xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL);
+ return;
}
NEXT;
}
@@ -8775,7 +8847,7 @@
* @prefix: the prefix to lookup
*
* Lookup the namespace name for the @prefix (which ca be NULL)
- * The prefix must come from the @ctxt->dict dictionnary
+ * The prefix must come from the @ctxt->dict dictionary
*
* Returns the namespace name or NULL if not bound
*/
@@ -9305,7 +9377,7 @@
const xmlChar **atts = ctxt->atts;
int maxatts = ctxt->maxatts;
int nratts, nbatts, nbdef;
- int i, j, nbNs, attval, oldline, oldcol;
+ int i, j, nbNs, attval, oldline, oldcol, inputNr;
const xmlChar *base;
unsigned long cur;
int nsNr = ctxt->nsNr;
@@ -9324,6 +9396,7 @@
SHRINK;
base = ctxt->input->base;
cur = ctxt->input->cur - ctxt->input->base;
+ inputNr = ctxt->inputNr;
oldline = ctxt->input->line;
oldcol = ctxt->input->col;
nbatts = 0;
@@ -9349,7 +9422,8 @@
*/
SKIP_BLANKS;
GROW;
- if (ctxt->input->base != base) goto base_changed;
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+ goto base_changed;
while (((RAW != '>') &&
((RAW != '/') || (NXT(1) != '>')) &&
@@ -9360,7 +9434,7 @@
attname = xmlParseAttribute2(ctxt, prefix, localname,
&aprefix, &attvalue, &len, &alloc);
- if (ctxt->input->base != base) {
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
if ((attvalue != NULL) && (alloc != 0))
xmlFree(attvalue);
attvalue = NULL;
@@ -9420,7 +9494,10 @@
else
if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
skip_default_ns:
- if (alloc != 0) xmlFree(attvalue);
+ if ((attvalue != NULL) && (alloc != 0)) {
+ xmlFree(attvalue);
+ attvalue = NULL;
+ }
if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
break;
if (!IS_BLANK_CH(RAW)) {
@@ -9429,6 +9506,8 @@
break;
}
SKIP_BLANKS;
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+ goto base_changed;
continue;
}
if (aprefix == ctxt->str_xmlns) {
@@ -9500,7 +9579,10 @@
else
if (nsPush(ctxt, attname, URL) > 0) nbNs++;
skip_ns:
- if (alloc != 0) xmlFree(attvalue);
+ if ((attvalue != NULL) && (alloc != 0)) {
+ xmlFree(attvalue);
+ attvalue = NULL;
+ }
if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
break;
if (!IS_BLANK_CH(RAW)) {
@@ -9509,7 +9591,8 @@
break;
}
SKIP_BLANKS;
- if (ctxt->input->base != base) goto base_changed;
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+ goto base_changed;
continue;
}
@@ -9546,7 +9629,8 @@
GROW
if (ctxt->instate == XML_PARSER_EOF)
break;
- if (ctxt->input->base != base) goto base_changed;
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+ goto base_changed;
if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
break;
if (!IS_BLANK_CH(RAW)) {
@@ -9562,7 +9646,8 @@
break;
}
GROW;
- if (ctxt->input->base != base) goto base_changed;
+ if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
+ goto base_changed;
}
/*
@@ -9729,6 +9814,17 @@
if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
xmlFree((xmlChar *) atts[i]);
}
+
+ /*
+ * We can't switch from one entity to another in the middle
+ * of a start tag
+ */
+ if (inputNr != ctxt->inputNr) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
+ "Start tag doesn't start and stop in the same entity\n");
+ return(NULL);
+ }
+
ctxt->input->cur = ctxt->input->base + cur;
ctxt->input->line = oldline;
ctxt->input->col = oldcol;
@@ -9757,6 +9853,7 @@
xmlParseEndTag2(xmlParserCtxtPtr ctxt, const xmlChar *prefix,
const xmlChar *URI, int line, int nsNr, int tlen) {
const xmlChar *name;
+ size_t curLength;
GROW;
if ((RAW != '<') || (NXT(1) != '/')) {
@@ -9765,8 +9862,11 @@
}
SKIP(2);
- if ((tlen > 0) && (xmlStrncmp(ctxt->input->cur, ctxt->name, tlen) == 0)) {
- if (ctxt->input->cur[tlen] == '>') {
+ curLength = ctxt->input->end - ctxt->input->cur;
+ if ((tlen > 0) && (curLength >= (size_t)tlen) &&
+ (xmlStrncmp(ctxt->input->cur, ctxt->name, tlen) == 0)) {
+ if ((curLength >= (size_t)(tlen + 1)) &&
+ (ctxt->input->cur[tlen] == '>')) {
ctxt->input->cur += tlen + 1;
ctxt->input->col += tlen + 1;
goto done;
@@ -10010,7 +10110,7 @@
if ((cons == ctxt->input->consumed) && (test == CUR_PTR)) {
xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
"detected an error in element content\n");
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
break;
}
}
@@ -10045,7 +10145,7 @@
xmlFatalErrMsgInt(ctxt, XML_ERR_INTERNAL_ERROR,
"Excessive depth in document: %d use XML_PARSE_HUGE option\n",
xmlParserMaxDepth);
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
return;
}
@@ -10397,6 +10497,8 @@
encoding = xmlParseEncName(ctxt);
if (RAW != '"') {
xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
+ xmlFree((xmlChar *) encoding);
+ return(NULL);
} else
NEXT;
} else if (RAW == '\''){
@@ -10404,6 +10506,8 @@
encoding = xmlParseEncName(ctxt);
if (RAW != '\'') {
xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
+ xmlFree((xmlChar *) encoding);
+ return(NULL);
} else
NEXT;
} else {
@@ -10460,7 +10564,11 @@
handler = xmlFindCharEncodingHandler((const char *) encoding);
if (handler != NULL) {
- xmlSwitchToEncoding(ctxt, handler);
+ if (xmlSwitchToEncoding(ctxt, handler) < 0) {
+ /* failed to convert */
+ ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING;
+ return(NULL);
+ }
} else {
xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING,
"Unsupported encoding %s\n", encoding);
@@ -10629,7 +10737,8 @@
xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, "Blank needed here\n");
}
xmlParseEncodingDecl(ctxt);
- if (ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) {
+ if ((ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) ||
+ (ctxt->instate == XML_PARSER_EOF)) {
/*
* The XML REC instructs us to stop parsing right here
*/
@@ -10753,6 +10862,7 @@
if (CUR == 0) {
xmlFatalErr(ctxt, XML_ERR_DOCUMENT_EMPTY, NULL);
+ return(-1);
}
/*
@@ -10770,7 +10880,8 @@
* Note that we will switch encoding on the fly.
*/
xmlParseXMLDecl(ctxt);
- if (ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) {
+ if ((ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) ||
+ (ctxt->instate == XML_PARSER_EOF)) {
/*
* The XML REC instructs us to stop parsing right here
*/
@@ -11139,8 +11250,9 @@
}
/**
* xmlCheckCdataPush:
- * @cur: pointer to the bock of characters
+ * @cur: pointer to the block of characters
* @len: length of the block in bytes
+ * @complete: 1 if complete CDATA block is passed in, 0 if partial block
*
* Check that the block of characters is okay as SCdata content [20]
*
@@ -11148,7 +11260,7 @@
* UTF-8 error occured otherwise
*/
static int
-xmlCheckCdataPush(const xmlChar *utf, int len) {
+xmlCheckCdataPush(const xmlChar *utf, int len, int complete) {
int ix;
unsigned char c;
int codepoint;
@@ -11166,7 +11278,7 @@
else
return(-ix);
} else if ((c & 0xe0) == 0xc0) {/* 2-byte code, starts with 110 */
- if (ix + 2 > len) return(ix);
+ if (ix + 2 > len) return(complete ? -ix : ix);
if ((utf[ix+1] & 0xc0 ) != 0x80)
return(-ix);
codepoint = (utf[ix] & 0x1f) << 6;
@@ -11175,7 +11287,7 @@
return(-ix);
ix += 2;
} else if ((c & 0xf0) == 0xe0) {/* 3-byte code, starts with 1110 */
- if (ix + 3 > len) return(ix);
+ if (ix + 3 > len) return(complete ? -ix : ix);
if (((utf[ix+1] & 0xc0) != 0x80) ||
((utf[ix+2] & 0xc0) != 0x80))
return(-ix);
@@ -11186,7 +11298,7 @@
return(-ix);
ix += 3;
} else if ((c & 0xf8) == 0xf0) {/* 4-byte code, starts with 11110 */
- if (ix + 4 > len) return(ix);
+ if (ix + 4 > len) return(complete ? -ix : ix);
if (((utf[ix+1] & 0xc0) != 0x80) ||
((utf[ix+2] & 0xc0) != 0x80) ||
((utf[ix+3] & 0xc0) != 0x80))
@@ -11364,7 +11476,7 @@
ctxt->sax->setDocumentLocator(ctxt->userData,
&xmlDefaultSAXLocator);
xmlFatalErr(ctxt, XML_ERR_DOCUMENT_EMPTY, NULL);
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
#ifdef DEBUG_PUSH
xmlGenericError(xmlGenericErrorContext,
"PP: entering EOF\n");
@@ -11397,7 +11509,7 @@
* The XML REC instructs us to stop parsing right
* here
*/
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
return(0);
}
ctxt->standalone = ctxt->input->standalone;
@@ -11453,7 +11565,7 @@
cur = ctxt->input->cur[0];
if (cur != '<') {
xmlFatalErr(ctxt, XML_ERR_DOCUMENT_EMPTY, NULL);
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
if ((ctxt->sax) && (ctxt->sax->endDocument != NULL))
ctxt->sax->endDocument(ctxt->userData);
goto done;
@@ -11485,7 +11597,7 @@
goto done;
if (name == NULL) {
spacePop(ctxt);
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
if ((ctxt->sax) && (ctxt->sax->endDocument != NULL))
ctxt->sax->endDocument(ctxt->userData);
goto done;
@@ -11652,7 +11764,7 @@
if ((cons == ctxt->input->consumed) && (test == CUR_PTR)) {
xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
"detected an error in element content\n");
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
break;
}
break;
@@ -11701,7 +11813,7 @@
int tmp;
tmp = xmlCheckCdataPush(ctxt->input->cur,
- XML_PARSER_BIG_BUFFER_SIZE);
+ XML_PARSER_BIG_BUFFER_SIZE, 0);
if (tmp < 0) {
tmp = -tmp;
ctxt->input->cur += tmp;
@@ -11724,7 +11836,7 @@
} else {
int tmp;
- tmp = xmlCheckCdataPush(ctxt->input->cur, base);
+ tmp = xmlCheckCdataPush(ctxt->input->cur, base, 1);
if ((tmp < 0) || (tmp != base)) {
tmp = -tmp;
ctxt->input->cur += tmp;
@@ -11973,7 +12085,7 @@
goto done;
} else {
xmlFatalErr(ctxt, XML_ERR_DOCUMENT_END, NULL);
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
#ifdef DEBUG_PUSH
xmlGenericError(xmlGenericErrorContext,
"PP: entering EOF\n");
@@ -12337,7 +12449,7 @@
res = xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
if (res < 0) {
ctxt->errNo = XML_PARSER_EOF;
- ctxt->disableSAX = 1;
+ xmlHaltParser(ctxt);
return (XML_PARSER_EOF);
}
xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input, base, cur);
@@ -12391,7 +12503,7 @@
((ctxt->input->cur - ctxt->input->base) > XML_MAX_LOOKUP_LIMIT)) &&
((ctxt->options & XML_PARSE_HUGE) == 0)) {
xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, "Huge input lookup");
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
}
if ((ctxt->errNo != XML_ERR_OK) && (ctxt->disableSAX == 1))
return(ctxt->errNo);
@@ -12579,6 +12691,33 @@
#endif /* LIBXML_PUSH_ENABLED */
/**
+ * xmlHaltParser:
+ * @ctxt: an XML parser context
+ *
+ * Blocks further parser processing don't override error
+ * for internal use
+ */
+static void
+xmlHaltParser(xmlParserCtxtPtr ctxt) {
+ if (ctxt == NULL)
+ return;
+ ctxt->instate = XML_PARSER_EOF;
+ ctxt->disableSAX = 1;
+ if (ctxt->input != NULL) {
+ /*
+ * in case there was a specific allocation deallocate before
+ * overriding base
+ */
+ if (ctxt->input->free != NULL) {
+ ctxt->input->free((xmlChar *) ctxt->input->base);
+ ctxt->input->free = NULL;
+ }
+ ctxt->input->cur = BAD_CAST"";
+ ctxt->input->base = ctxt->input->cur;
+ }
+}
+
+/**
* xmlStopParser:
* @ctxt: an XML parser context
*
@@ -12588,13 +12727,8 @@
xmlStopParser(xmlParserCtxtPtr ctxt) {
if (ctxt == NULL)
return;
- ctxt->instate = XML_PARSER_EOF;
+ xmlHaltParser(ctxt);
ctxt->errNo = XML_ERR_USER_STOP;
- ctxt->disableSAX = 1;
- if (ctxt->input != NULL) {
- ctxt->input->cur = BAD_CAST"";
- ctxt->input->base = ctxt->input->cur;
- }
}
/**
@@ -13341,7 +13475,7 @@
/*
* Also record the size of the entity parsed
*/
- if (ctxt->input != NULL) {
+ if (ctxt->input != NULL && oldctxt != NULL) {
oldctxt->sizeentities += ctxt->input->consumed;
oldctxt->sizeentities += (ctxt->input->cur - ctxt->input->base);
}
@@ -13353,9 +13487,11 @@
if (sax != NULL)
ctxt->sax = oldsax;
- oldctxt->node_seq.maximum = ctxt->node_seq.maximum;
- oldctxt->node_seq.length = ctxt->node_seq.length;
- oldctxt->node_seq.buffer = ctxt->node_seq.buffer;
+ if (oldctxt != NULL) {
+ oldctxt->node_seq.maximum = ctxt->node_seq.maximum;
+ oldctxt->node_seq.length = ctxt->node_seq.length;
+ oldctxt->node_seq.buffer = ctxt->node_seq.buffer;
+ }
ctxt->node_seq.maximum = 0;
ctxt->node_seq.length = 0;
ctxt->node_seq.buffer = NULL;
@@ -14895,7 +15031,7 @@
* DICT_FREE:
* @str: a string
*
- * Free a string if it is not owned by the "dict" dictionnary in the
+ * Free a string if it is not owned by the "dict" dictionary in the
* current scope
*/
#define DICT_FREE(str) \
diff --git a/parserInternals.c b/parserInternals.c
index df204fd..bfc778a 100644
--- a/parserInternals.c
+++ b/parserInternals.c
@@ -55,6 +55,10 @@
#include <libxml/globals.h>
#include <libxml/chvalid.h>
+#define CUR(ctxt) ctxt->input->cur
+#define END(ctxt) ctxt->input->end
+#define VALID_CTXT(ctxt) (CUR(ctxt) <= END(ctxt))
+
#include "buf.h"
#include "enc.h"
@@ -165,7 +169,7 @@
*
* Handle an internal error
*/
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlErrInternal(xmlParserCtxtPtr ctxt, const char *msg, const xmlChar * str)
{
if ((ctxt != NULL) && (ctxt->disableSAX != 0) &&
@@ -193,7 +197,7 @@
*
* n encoding error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlErrEncodingInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, int val)
{
@@ -294,7 +298,7 @@
*/
int
xmlParserInputGrow(xmlParserInputPtr in, int len) {
- size_t ret;
+ int ret;
size_t indx;
const xmlChar *content;
@@ -422,103 +426,105 @@
(ctxt->input == NULL))
return;
- if (ctxt->charset == XML_CHAR_ENCODING_UTF8) {
- if ((*ctxt->input->cur == 0) &&
- (xmlParserInputGrow(ctxt->input, INPUT_CHUNK) <= 0) &&
- (ctxt->instate != XML_PARSER_COMMENT)) {
- /*
- * If we are at the end of the current entity and
- * the context allows it, we pop consumed entities
- * automatically.
- * the auto closing should be blocked in other cases
- */
+ if (!(VALID_CTXT(ctxt))) {
+ xmlErrInternal(ctxt, "Parser input data memory error\n", NULL);
+ ctxt->errNo = XML_ERR_INTERNAL_ERROR;
+ xmlStopParser(ctxt);
+ return;
+ }
+
+ if ((*ctxt->input->cur == 0) &&
+ (xmlParserInputGrow(ctxt->input, INPUT_CHUNK) <= 0)) {
+ if ((ctxt->instate != XML_PARSER_COMMENT))
xmlPopInput(ctxt);
- } else {
- const unsigned char *cur;
- unsigned char c;
+ return;
+ }
- /*
- * 2.11 End-of-Line Handling
- * the literal two-character sequence "#xD#xA" or a standalone
- * literal #xD, an XML processor must pass to the application
- * the single character #xA.
- */
- if (*(ctxt->input->cur) == '\n') {
- ctxt->input->line++; ctxt->input->col = 1;
- } else
- ctxt->input->col++;
+ if (ctxt->charset == XML_CHAR_ENCODING_UTF8) {
+ const unsigned char *cur;
+ unsigned char c;
- /*
- * We are supposed to handle UTF8, check it's valid
- * From rfc2044: encoding of the Unicode values on UTF-8:
- *
- * UCS-4 range (hex.) UTF-8 octet sequence (binary)
- * 0000 0000-0000 007F 0xxxxxxx
- * 0000 0080-0000 07FF 110xxxxx 10xxxxxx
- * 0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
- *
- * Check for the 0x110000 limit too
- */
- cur = ctxt->input->cur;
+ /*
+ * 2.11 End-of-Line Handling
+ * the literal two-character sequence "#xD#xA" or a standalone
+ * literal #xD, an XML processor must pass to the application
+ * the single character #xA.
+ */
+ if (*(ctxt->input->cur) == '\n') {
+ ctxt->input->line++; ctxt->input->col = 1;
+ } else
+ ctxt->input->col++;
- c = *cur;
- if (c & 0x80) {
- if (c == 0xC0)
- goto encoding_error;
- if (cur[1] == 0) {
+ /*
+ * We are supposed to handle UTF8, check it's valid
+ * From rfc2044: encoding of the Unicode values on UTF-8:
+ *
+ * UCS-4 range (hex.) UTF-8 octet sequence (binary)
+ * 0000 0000-0000 007F 0xxxxxxx
+ * 0000 0080-0000 07FF 110xxxxx 10xxxxxx
+ * 0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
+ *
+ * Check for the 0x110000 limit too
+ */
+ cur = ctxt->input->cur;
+
+ c = *cur;
+ if (c & 0x80) {
+ if (c == 0xC0)
+ goto encoding_error;
+ if (cur[1] == 0) {
+ xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
+ cur = ctxt->input->cur;
+ }
+ if ((cur[1] & 0xc0) != 0x80)
+ goto encoding_error;
+ if ((c & 0xe0) == 0xe0) {
+ unsigned int val;
+
+ if (cur[2] == 0) {
xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
cur = ctxt->input->cur;
}
- if ((cur[1] & 0xc0) != 0x80)
+ if ((cur[2] & 0xc0) != 0x80)
goto encoding_error;
- if ((c & 0xe0) == 0xe0) {
- unsigned int val;
-
- if (cur[2] == 0) {
+ if ((c & 0xf0) == 0xf0) {
+ if (cur[3] == 0) {
xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
cur = ctxt->input->cur;
}
- if ((cur[2] & 0xc0) != 0x80)
+ if (((c & 0xf8) != 0xf0) ||
+ ((cur[3] & 0xc0) != 0x80))
goto encoding_error;
- if ((c & 0xf0) == 0xf0) {
- if (cur[3] == 0) {
- xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
- cur = ctxt->input->cur;
- }
- if (((c & 0xf8) != 0xf0) ||
- ((cur[3] & 0xc0) != 0x80))
- goto encoding_error;
- /* 4-byte code */
- ctxt->input->cur += 4;
- val = (cur[0] & 0x7) << 18;
- val |= (cur[1] & 0x3f) << 12;
- val |= (cur[2] & 0x3f) << 6;
- val |= cur[3] & 0x3f;
- } else {
- /* 3-byte code */
- ctxt->input->cur += 3;
- val = (cur[0] & 0xf) << 12;
- val |= (cur[1] & 0x3f) << 6;
- val |= cur[2] & 0x3f;
- }
- if (((val > 0xd7ff) && (val < 0xe000)) ||
- ((val > 0xfffd) && (val < 0x10000)) ||
- (val >= 0x110000)) {
- xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
- "Char 0x%X out of allowed range\n",
- val);
- }
- } else
- /* 2-byte code */
- ctxt->input->cur += 2;
+ /* 4-byte code */
+ ctxt->input->cur += 4;
+ val = (cur[0] & 0x7) << 18;
+ val |= (cur[1] & 0x3f) << 12;
+ val |= (cur[2] & 0x3f) << 6;
+ val |= cur[3] & 0x3f;
+ } else {
+ /* 3-byte code */
+ ctxt->input->cur += 3;
+ val = (cur[0] & 0xf) << 12;
+ val |= (cur[1] & 0x3f) << 6;
+ val |= cur[2] & 0x3f;
+ }
+ if (((val > 0xd7ff) && (val < 0xe000)) ||
+ ((val > 0xfffd) && (val < 0x10000)) ||
+ (val >= 0x110000)) {
+ xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
+ "Char 0x%X out of allowed range\n",
+ val);
+ }
} else
- /* 1-byte code */
- ctxt->input->cur++;
+ /* 2-byte code */
+ ctxt->input->cur += 2;
+ } else
+ /* 1-byte code */
+ ctxt->input->cur++;
- ctxt->nbChars++;
- if (*ctxt->input->cur == 0)
- xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
- }
+ ctxt->nbChars++;
+ if (*ctxt->input->cur == 0)
+ xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
} else {
/*
* Assume it's a fixed length encoding (1) with
@@ -937,6 +943,7 @@
{
xmlCharEncodingHandlerPtr handler;
int len = -1;
+ int ret;
if (ctxt == NULL) return(-1);
switch (enc) {
@@ -1097,7 +1104,15 @@
if (handler == NULL)
return(-1);
ctxt->charset = XML_CHAR_ENCODING_UTF8;
- return(xmlSwitchToEncodingInt(ctxt, handler, len));
+ ret = xmlSwitchToEncodingInt(ctxt, handler, len);
+ if ((ret < 0) || (ctxt->errNo == XML_I18N_CONV_FAILED)) {
+ /*
+ * on encoding conversion errors, stop the parser
+ */
+ xmlStopParser(ctxt);
+ ctxt->errNo = XML_I18N_CONV_FAILED;
+ }
+ return(ret);
}
/**
@@ -1450,6 +1465,8 @@
if (entity->URI != NULL)
input->filename = (char *) xmlStrdup((xmlChar *) entity->URI);
input->base = entity->content;
+ if (entity->length == 0)
+ entity->length = xmlStrlen(entity->content);
input->cur = entity->content;
input->length = entity->length;
input->end = &entity->content[input->length];
diff --git a/relaxng.c b/relaxng.c
index 5357b56..3d3e69c 100644
--- a/relaxng.c
+++ b/relaxng.c
@@ -507,7 +507,7 @@
*
* Handle a Relax NG Parsing error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlRngPErr(xmlRelaxNGParserCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
{
@@ -541,7 +541,7 @@
*
* Handle a Relax NG Validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlRngVErr(xmlRelaxNGValidCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
{
@@ -2088,6 +2088,7 @@
const xmlChar * arg2)
{
char msg[1000];
+ xmlChar *result;
if (arg1 == NULL)
arg1 = BAD_CAST "";
@@ -2215,7 +2216,8 @@
snprintf(msg, 1000, "Unknown error code %d\n", err);
}
msg[1000 - 1] = 0;
- return (xmlStrdup((xmlChar *) msg));
+ result = xmlCharStrdup(msg);
+ return (xmlEscapeFormatString(&result));
}
/**
@@ -3819,7 +3821,11 @@
return (0);
return (1);
} else if (def1->type == XML_RELAXNG_EXCEPT) {
- TODO ret = 0;
+ ret = xmlRelaxNGCompareNameClasses(def1->content, def2);
+ if (ret == 0)
+ ret = 1;
+ else if (ret == 1)
+ ret = 0;
} else {
TODO ret = 0;
}
diff --git a/schematron.c b/schematron.c
index eb4befe..6200f2d 100644
--- a/schematron.c
+++ b/schematron.c
@@ -133,7 +133,7 @@
int flags; /* specific to this schematron */
void *_private; /* unused by the library */
- xmlDictPtr dict; /* the dictionnary used internally */
+ xmlDictPtr dict; /* the dictionary used internally */
const xmlChar *title; /* the title if any */
@@ -186,7 +186,7 @@
const char *buffer;
int size;
- xmlDictPtr dict; /* dictionnary for interned string names */
+ xmlDictPtr dict; /* dictionary for interned string names */
int nberrors;
int err;
@@ -245,7 +245,7 @@
*
* Handle a parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchematronPErr(xmlSchematronParserCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
{
diff --git a/threads.c b/threads.c
index 8921204..b9d6cae 100644
--- a/threads.c
+++ b/threads.c
@@ -47,7 +47,7 @@
#ifdef HAVE_PTHREAD_H
static int libxml_is_threaded = -1;
-#ifdef __GNUC__
+#if defined(__GNUC__) && defined(__GLIBC__)
#ifdef linux
#if (__GNUC__ == 3 && __GNUC_MINOR__ >= 3) || (__GNUC__ > 3)
extern int pthread_once (pthread_once_t *__once_control,
@@ -89,7 +89,7 @@
__attribute((weak));
#endif
#endif /* linux */
-#endif /* __GNUC__ */
+#endif /* defined(__GNUC__) && defined(__GLIBC__) */
#endif /* HAVE_PTHREAD_H */
/*
@@ -415,8 +415,8 @@
pthread_mutex_unlock(&tok->lock);
#elif defined HAVE_WIN32_THREADS
if (tok->count > 0) {
- LeaveCriticalSection(&tok->cs);
tok->count--;
+ LeaveCriticalSection(&tok->cs);
}
#elif defined HAVE_BEOS_THREADS
if (tok->lock->tid == find_thread(NULL)) {
diff --git a/timsort.h b/timsort.h
index efa3aab..795f272 100644
--- a/timsort.h
+++ b/timsort.h
@@ -392,62 +392,66 @@
static int TIM_SORT_COLLAPSE(SORT_TYPE *dst, TIM_SORT_RUN_T *stack, int stack_curr, TEMP_STORAGE_T *store, const size_t size)
{
- while (1)
- {
- int64_t A, B, C;
+ while (1) {
+ int64_t A, B, C, D;
+ int ABC, BCD, BD, CD;
+
/* if the stack only has one thing on it, we are done with the collapse */
- if (stack_curr <= 1) break;
+ if (stack_curr <= 1) {
+ break;
+ }
+
/* if this is the last merge, just do it */
- if ((stack_curr == 2) &&
- (stack[0].length + stack[1].length == (int64_t) size))
- {
+ if ((stack_curr == 2) && (stack[0].length + stack[1].length == size)) {
TIM_SORT_MERGE(dst, stack, stack_curr, store);
stack[0].length += stack[1].length;
stack_curr--;
break;
}
/* check if the invariant is off for a stack of 2 elements */
- else if ((stack_curr == 2) && (stack[0].length <= stack[1].length))
- {
+ else if ((stack_curr == 2) && (stack[0].length <= stack[1].length)) {
TIM_SORT_MERGE(dst, stack, stack_curr, store);
stack[0].length += stack[1].length;
stack_curr--;
break;
- }
- else if (stack_curr == 2)
+ } else if (stack_curr == 2) {
break;
-
- A = stack[stack_curr - 3].length;
- B = stack[stack_curr - 2].length;
- C = stack[stack_curr - 1].length;
-
- /* check first invariant */
- if (A <= B + C)
- {
- if (A < C)
- {
- TIM_SORT_MERGE(dst, stack, stack_curr - 1, store);
- stack[stack_curr - 3].length += stack[stack_curr - 2].length;
- stack[stack_curr - 2] = stack[stack_curr - 1];
- stack_curr--;
- }
- else
- {
- TIM_SORT_MERGE(dst, stack, stack_curr, store);
- stack[stack_curr - 2].length += stack[stack_curr - 1].length;
- stack_curr--;
- }
}
- /* check second invariant */
- else if (B <= C)
- {
+
+ B = stack[stack_curr - 3].length;
+ C = stack[stack_curr - 2].length;
+ D = stack[stack_curr - 1].length;
+
+ if (stack_curr >= 4) {
+ A = stack[stack_curr - 4].length;
+ ABC = (A <= B + C);
+ } else {
+ ABC = 0;
+ }
+
+ BCD = (B <= C + D) || ABC;
+ CD = (C <= D);
+ BD = (B < D);
+
+ /* Both invariants are good */
+ if (!BCD && !CD) {
+ break;
+ }
+
+ /* left merge */
+ if (BCD && !CD) {
+ TIM_SORT_MERGE(dst, stack, stack_curr - 1, store);
+ stack[stack_curr - 3].length += stack[stack_curr - 2].length;
+ stack[stack_curr - 2] = stack[stack_curr - 1];
+ stack_curr--;
+ } else {
+ /* right merge */
TIM_SORT_MERGE(dst, stack, stack_curr, store);
stack[stack_curr - 2].length += stack[stack_curr - 1].length;
stack_curr--;
}
- else
- break;
}
+
return stack_curr;
}
diff --git a/tree.c b/tree.c
index 6ec9223..9d330b8 100644
--- a/tree.c
+++ b/tree.c
@@ -1044,7 +1044,7 @@
* DICT_FREE:
* @str: a string
*
- * Free a string if it is not owned by the "dict" dictionnary in the
+ * Free a string if it is not owned by the "dict" dictionary in the
* current scope
*/
#define DICT_FREE(str) \
@@ -1057,7 +1057,7 @@
* DICT_COPY:
* @str: a string
*
- * Copy a string using a "dict" dictionnary in the current scope,
+ * Copy a string using a "dict" dictionary in the current scope,
* if availabe.
*/
#define DICT_COPY(str, cpy) \
@@ -1074,7 +1074,7 @@
* DICT_CONST_COPY:
* @str: a string
*
- * Copy a string using a "dict" dictionnary in the current scope,
+ * Copy a string using a "dict" dictionary in the current scope,
* if availabe.
*/
#define DICT_CONST_COPY(str, cpy) \
@@ -1593,6 +1593,7 @@
else if ((ent != NULL) && (ent->children == NULL)) {
xmlNodePtr temp;
+ ent->children = (xmlNodePtr) -1;
ent->children = xmlStringGetNodeList(doc,
(const xmlChar*)node->content);
ent->owner = 1;
@@ -2270,7 +2271,7 @@
cur = (xmlNodePtr) xmlMalloc(sizeof(xmlNode));
if (cur == NULL) {
xmlTreeErrMemory("building node");
- /* we can't check here that name comes from the doc dictionnary */
+ /* we can't check here that name comes from the doc dictionary */
return(NULL);
}
memset(cur, 0, sizeof(xmlNode));
@@ -2350,7 +2351,7 @@
UPDATE_LAST_CHILD_AND_PARENT(cur)
}
} else {
- /* if name don't come from the doc dictionnary free it here */
+ /* if name don't come from the doc dictionary free it here */
if ((name != NULL) && (doc != NULL) &&
(!(xmlDictOwns(doc->dict, name))))
xmlFree(name);
@@ -2799,8 +2800,27 @@
if(tree->type == XML_ELEMENT_NODE) {
prop = tree->properties;
while (prop != NULL) {
+ if (prop->atype == XML_ATTRIBUTE_ID) {
+ xmlRemoveID(tree->doc, prop);
+ }
+
prop->doc = doc;
xmlSetListDoc(prop->children, doc);
+
+ /*
+ * TODO: ID attributes should be also added to the new
+ * document, but this breaks things like xmlReplaceNode.
+ * The underlying problem is that xmlRemoveID is only called
+ * if a node is destroyed, not if it's unlinked.
+ */
+#if 0
+ if (xmlIsID(doc, tree, prop)) {
+ xmlChar *idVal = xmlNodeListGetString(doc, prop->children,
+ 1);
+ xmlAddID(NULL, doc, idVal, prop);
+ }
+#endif
+
prop = prop->next;
}
}
@@ -3682,7 +3702,7 @@
* When a node is a text node or a comment, it uses a global static
* variable for the name of the node.
* Otherwise the node name might come from the document's
- * dictionnary
+ * dictionary
*/
if ((cur->name != NULL) &&
(cur->type != XML_TEXT_NODE) &&
@@ -3751,7 +3771,7 @@
/*
* When a node is a text node or a comment, it uses a global static
* variable for the name of the node.
- * Otherwise the node name might come from the document's dictionnary
+ * Otherwise the node name might come from the document's dictionary
*/
if ((cur->name != NULL) &&
(cur->type != XML_TEXT_NODE) &&
diff --git a/uri.c b/uri.c
index ff47abb..d7f32fc 100644
--- a/uri.c
+++ b/uri.c
@@ -314,7 +314,7 @@
* @uri: pointer to an URI structure
* @str: the string to analyze
*
- * Parse a port part and fills in the appropriate fields
+ * Parse a port part and fills in the appropriate fields
* of the @uri structure
*
* port = *DIGIT
@@ -325,15 +325,16 @@
xmlParse3986Port(xmlURIPtr uri, const char **str)
{
const char *cur = *str;
+ unsigned port = 0; /* unsigned for defined overflow behavior */
if (ISA_DIGIT(cur)) {
- if (uri != NULL)
- uri->port = 0;
while (ISA_DIGIT(cur)) {
- if (uri != NULL)
- uri->port = uri->port * 10 + (*cur - '0');
+ port = port * 10 + (*cur - '0');
+
cur++;
}
+ if (uri != NULL)
+ uri->port = port & INT_MAX; /* port value modulo INT_MAX+1 */
*str = cur;
return(0);
}
@@ -1531,11 +1532,10 @@
break;
}
/* Valgrind complained, strcpy(cur, segp + 3); */
- /* string will overlap, do not use strcpy */
- tmp = cur;
- segp += 3;
- while ((*tmp++ = *segp++) != 0)
- ;
+ /* string will overlap, do not use strcpy */
+ tmp = cur;
+ segp += 3;
+ while ((*tmp++ = *segp++) != 0);
/* If there are no previous segments, then keep going from here. */
segp = cur;
diff --git a/valid.c b/valid.c
index 409aa81..19f84b8 100644
--- a/valid.c
+++ b/valid.c
@@ -93,7 +93,7 @@
*
* Handle a validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlErrValid(xmlValidCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const char *extra)
{
@@ -137,7 +137,7 @@
*
* Handle a validation error, provide contextual informations
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlErrValidNode(xmlValidCtxtPtr ctxt,
xmlNodePtr node, xmlParserErrors error,
const char *msg, const xmlChar * str1,
@@ -180,7 +180,7 @@
*
* Handle a validation error, provide contextual informations
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlErrValidNodeNr(xmlValidCtxtPtr ctxt,
xmlNodePtr node, xmlParserErrors error,
const char *msg, const xmlChar * str1,
@@ -221,7 +221,7 @@
*
* Handle a validation error, provide contextual information
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlErrValidWarning(xmlValidCtxtPtr ctxt,
xmlNodePtr node, xmlParserErrors error,
const char *msg, const xmlChar * str1,
@@ -2532,7 +2532,7 @@
* DICT_FREE:
* @str: a string
*
- * Free a string if it is not owned by the "dict" dictionnary in the
+ * Free a string if it is not owned by the "dict" dictionary in the
* current scope
*/
#define DICT_FREE(str) \
@@ -2634,8 +2634,10 @@
/*
* The id is already defined in this DTD.
*/
- xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED,
- "ID %s already defined\n", value, NULL, NULL);
+ if (ctxt != NULL) {
+ xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED,
+ "ID %s already defined\n", value, NULL, NULL);
+ }
#endif /* LIBXML_VALID_ENABLED */
xmlFreeID(ret);
return(NULL);
diff --git a/xinclude.c b/xinclude.c
index ff3dafb..e3bb43e 100644
--- a/xinclude.c
+++ b/xinclude.c
@@ -125,7 +125,7 @@
*
* Handle an XInclude error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlXIncludeErr(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar *extra)
{
@@ -147,7 +147,7 @@
*
* Emit an XInclude warning.
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlXIncludeWarn(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar *extra)
{
diff --git a/xmlIO.c b/xmlIO.c
index e628ab0..1a79c09 100644
--- a/xmlIO.c
+++ b/xmlIO.c
@@ -1334,7 +1334,7 @@
}
#endif /* HAVE_ZLIB_H */
-#ifdef HAVE_LZMA_H
+#ifdef LIBXML_LZMA_ENABLED
/************************************************************************
* *
* I/O for compressed file accesses *
@@ -1451,7 +1451,7 @@
if (ret < 0) xmlIOErr(0, "xzclose()");
return(ret);
}
-#endif /* HAVE_LZMA_H */
+#endif /* LIBXML_LZMA_ENABLED */
#ifdef LIBXML_HTTP_ENABLED
/************************************************************************
@@ -1604,7 +1604,7 @@
xmlFreeZMemBuff( buff );
buff = NULL;
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlCreateZMemBuff: %s %d\n",
+ "xmlCreateZMemBuff: %s %d\n",
"Error initializing compression context. ZLIB error:",
z_err );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
@@ -1672,7 +1672,7 @@
else {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlZMemBuffExtend: %s %lu bytes.\n",
+ "xmlZMemBuffExtend: %s %lu bytes.\n",
"Allocation failure extending output buffer to",
new_size );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
@@ -1718,7 +1718,7 @@
if ( z_err != Z_OK ) {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlZMemBuffAppend: %s %d %s - %d",
+ "xmlZMemBuffAppend: %s %d %s - %d",
"Compression error while appending",
len, "bytes to buffer. ZLIB error", z_err );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
@@ -1791,7 +1791,7 @@
else {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlZMemBuffGetContent: %s - %d\n",
+ "xmlZMemBuffGetContent: %s - %d\n",
"Error flushing zlib buffers. Error code", z_err );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
}
@@ -1996,7 +1996,7 @@
if ( len < 0 ) {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlIOHTTPWrite: %s\n%s '%s'.\n",
+ "xmlIOHTTPWrite: %s\n%s '%s'.\n",
"Error appending to internal buffer.",
"Error sending document to URI",
ctxt->uri );
@@ -2068,7 +2068,7 @@
if ( http_content == NULL ) {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlIOHTTPCloseWrite: %s '%s' %s '%s'.\n",
+ "xmlIOHTTPCloseWrite: %s '%s' %s '%s'.\n",
"Error retrieving content.\nUnable to",
http_mthd, "data to URI", ctxt->uri );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
@@ -2140,7 +2140,7 @@
else {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlIOHTTPCloseWrite: HTTP '%s' of %d %s\n'%s' %s %d\n",
+ "xmlIOHTTPCloseWrite: HTTP '%s' of %d %s\n'%s' %s %d\n",
http_mthd, content_lgth,
"bytes to URI", ctxt->uri,
"failed. HTTP return code:", http_rtn );
@@ -2328,10 +2328,10 @@
xmlRegisterInputCallbacks(xmlGzfileMatch, xmlGzfileOpen,
xmlGzfileRead, xmlGzfileClose);
#endif /* HAVE_ZLIB_H */
-#ifdef HAVE_LZMA_H
+#ifdef LIBXML_LZMA_ENABLED
xmlRegisterInputCallbacks(xmlXzfileMatch, xmlXzfileOpen,
xmlXzfileRead, xmlXzfileClose);
-#endif /* HAVE_ZLIB_H */
+#endif /* LIBXML_LZMA_ENABLED */
#ifdef LIBXML_HTTP_ENABLED
xmlRegisterInputCallbacks(xmlIOHTTPMatch, xmlIOHTTPOpen,
@@ -2683,7 +2683,7 @@
#endif
}
#endif
-#ifdef HAVE_LZMA_H
+#ifdef LIBXML_LZMA_ENABLED
if ((xmlInputCallbackTable[i].opencallback == xmlXzfileOpen) &&
(strcmp(URI, "-") != 0)) {
ret->compressed = __libxml2_xzcompressed(context);
@@ -3350,7 +3350,7 @@
* try to establish compressed status of input if not done already
*/
if (in->compressed == -1) {
-#ifdef HAVE_LZMA_H
+#ifdef LIBXML_LZMA_ENABLED
if (in->readcallback == xmlXzfileRead)
in->compressed = __libxml2_xzcompressed(in->context);
#endif
diff --git a/xmlcatalog.c b/xmlcatalog.c
index b9ed6a4..006f0cc 100644
--- a/xmlcatalog.c
+++ b/xmlcatalog.c
@@ -80,6 +80,7 @@
if (prompt != NULL)
fprintf(stdout, "%s", prompt);
+ fflush(stdout);
if (!fgets(line_read, 500, stdin))
return(NULL);
line_read[500] = 0;
diff --git a/xmllint.c b/xmllint.c
index b297ded..67f7adb 100644
--- a/xmllint.c
+++ b/xmllint.c
@@ -449,7 +449,7 @@
* message about the timing performed; format is a printf
* type argument
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
endTimer(const char *fmt, ...)
{
long msec;
@@ -485,7 +485,7 @@
{
begin = clock();
}
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
endTimer(const char *fmt, ...)
{
long msec;
@@ -514,7 +514,7 @@
* Do nothing
*/
}
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
endTimer(char *format, ...)
{
/*
@@ -634,7 +634,7 @@
* Display and format an error messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlHTMLError(void *ctx, const char *msg, ...)
{
xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
@@ -671,7 +671,7 @@
* Display and format a warning messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlHTMLWarning(void *ctx, const char *msg, ...)
{
xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
@@ -709,7 +709,7 @@
* Display and format an validity error messages, gives file,
* line, position and extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlHTMLValidityError(void *ctx, const char *msg, ...)
{
xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
@@ -746,7 +746,7 @@
* Display and format a validity warning messages, gives file, line,
* position and extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlHTMLValidityWarning(void *ctx, const char *msg, ...)
{
xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
@@ -809,6 +809,7 @@
if (prompt != NULL)
fprintf(stdout, "%s", prompt);
+ fflush(stdout);
if (!fgets(line_read, 500, stdin))
return(NULL);
line_read[500] = 0;
@@ -1410,7 +1411,7 @@
* Display and format a warning messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
warningDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
{
va_list args;
@@ -1433,7 +1434,7 @@
* Display and format a error messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
errorDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
{
va_list args;
@@ -1456,7 +1457,7 @@
* Display and format a fatalError messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
fatalErrorDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
{
va_list args;
@@ -2001,6 +2002,12 @@
xmlNsPtr ns;
root = xmlDocGetRootElement(doc);
+ if (root == NULL ) {
+ xmlGenericError(xmlGenericErrorContext,
+ "Document does not have a root element");
+ progresult = XMLLINT_ERR_UNCLASS;
+ return;
+ }
for (ns = root->nsDef, i = 0;ns != NULL && i < 20;ns=ns->next) {
namespaces[i++] = ns->href;
namespaces[i++] = ns->prefix;
@@ -2967,6 +2974,7 @@
if (xmlHasFeature(XML_WITH_XPTR)) fprintf(stderr, "XPointer ");
if (xmlHasFeature(XML_WITH_XINCLUDE)) fprintf(stderr, "XInclude ");
if (xmlHasFeature(XML_WITH_ICONV)) fprintf(stderr, "Iconv ");
+ if (xmlHasFeature(XML_WITH_ICU)) fprintf(stderr, "ICU ");
if (xmlHasFeature(XML_WITH_ISO8859X)) fprintf(stderr, "ISO8859X ");
if (xmlHasFeature(XML_WITH_UNICODE)) fprintf(stderr, "Unicode ");
if (xmlHasFeature(XML_WITH_REGEXP)) fprintf(stderr, "Regexps ");
@@ -3046,7 +3054,7 @@
printf("\t--noblanks : drop (ignorable?) blanks spaces\n");
printf("\t--nocdata : replace cdata section with text nodes\n");
#ifdef LIBXML_OUTPUT_ENABLED
- printf("\t--format : reformat/reindent the input\n");
+ printf("\t--format : reformat/reindent the output\n");
printf("\t--encode encoding : output in the given encoding\n");
printf("\t--dropdtd : remove the DOCTYPE of the input docs\n");
printf("\t--pretty STYLE : pretty-print in a particular style\n");
diff --git a/xmlmemory.c b/xmlmemory.c
index a3dc737..f08c8c3 100644
--- a/xmlmemory.c
+++ b/xmlmemory.c
@@ -109,6 +109,7 @@
#define RESERVE_SIZE (((HDR_SIZE + (ALIGN_SIZE-1)) \
/ ALIGN_SIZE ) * ALIGN_SIZE)
+#define MAX_SIZE_T ((size_t)-1)
#define CLIENT_2_HDR(a) ((MEMHDR *) (((char *) (a)) - RESERVE_SIZE))
#define HDR_2_CLIENT(a) ((void *) (((char *) (a)) + RESERVE_SIZE))
@@ -217,7 +218,7 @@
/**
* xmlMallocAtomicLoc:
- * @size: an int specifying the size in byte to allocate.
+ * @size: an unsigned int specifying the size in byte to allocate.
* @file: the file name or NULL
* @line: the line number
*
@@ -240,11 +241,18 @@
TEST_POINT
+ if (size > (MAX_SIZE_T - RESERVE_SIZE)) {
+ xmlGenericError(xmlGenericErrorContext,
+ "xmlMallocAtomicLoc : Unsigned overflow prevented\n");
+ xmlMemoryDump();
+ return(NULL);
+ }
+
p = (MEMHDR *) malloc(RESERVE_SIZE+size);
if (!p) {
xmlGenericError(xmlGenericErrorContext,
- "xmlMallocLoc : Out of free space\n");
+ "xmlMallocAtomicLoc : Out of free space\n");
xmlMemoryDump();
return(NULL);
}
@@ -554,7 +562,12 @@
int
xmlMemUsed(void) {
- return(debugMemSize);
+ int res;
+
+ xmlMutexLock(xmlMemMutex);
+ res = debugMemSize;
+ xmlMutexUnlock(xmlMemMutex);
+ return(res);
}
/**
@@ -567,7 +580,12 @@
int
xmlMemBlocks(void) {
- return(debugMemBlocks);
+ int res;
+
+ xmlMutexLock(xmlMemMutex);
+ res = debugMemBlocks;
+ xmlMutexUnlock(xmlMemMutex);
+ return(res);
}
#ifdef MEM_LIST
diff --git a/xmlreader.c b/xmlreader.c
index f19e123..f285790 100644
--- a/xmlreader.c
+++ b/xmlreader.c
@@ -142,7 +142,7 @@
xmlNodePtr faketext;/* fake xmlNs chld */
int preserve;/* preserve the resulting document */
xmlBufPtr buffer; /* used to return const xmlChar * */
- xmlDictPtr dict; /* the context dictionnary */
+ xmlDictPtr dict; /* the context dictionary */
/* entity stack when traversing entities content */
xmlNodePtr ent; /* Current Entity Ref Node */
@@ -210,7 +210,7 @@
* DICT_FREE:
* @str: a string
*
- * Free a string if it is not owned by the "dict" dictionnary in the
+ * Free a string if it is not owned by the "dict" dictionary in the
* current scope
*/
#define DICT_FREE(str) \
@@ -2091,6 +2091,9 @@
"xmlNewTextReader : malloc failed\n");
return(NULL);
}
+ /* no operation on a reader should require a huge buffer */
+ xmlBufSetAllocationScheme(ret->buffer,
+ XML_BUFFER_ALLOC_BOUNDED);
ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
if (ret->sax == NULL) {
xmlBufFree(ret->buffer);
@@ -2155,7 +2158,7 @@
ret->ctxt->dictNames = 1;
ret->allocs = XML_TEXTREADER_CTXT;
/*
- * use the parser dictionnary to allocate all elements and attributes names
+ * use the parser dictionary to allocate all elements and attributes names
*/
ret->ctxt->docdict = 1;
ret->dict = ret->ctxt->dict;
@@ -3616,6 +3619,7 @@
return(((xmlNsPtr) node)->href);
case XML_ATTRIBUTE_NODE:{
xmlAttrPtr attr = (xmlAttrPtr) node;
+ const xmlChar *ret;
if ((attr->children != NULL) &&
(attr->children->type == XML_TEXT_NODE) &&
@@ -3629,10 +3633,21 @@
"xmlTextReaderSetup : malloc failed\n");
return (NULL);
}
+ xmlBufSetAllocationScheme(reader->buffer,
+ XML_BUFFER_ALLOC_BOUNDED);
} else
xmlBufEmpty(reader->buffer);
xmlBufGetNodeContent(reader->buffer, node);
- return(xmlBufContent(reader->buffer));
+ ret = xmlBufContent(reader->buffer);
+ if (ret == NULL) {
+ /* error on the buffer best to reallocate */
+ xmlBufFree(reader->buffer);
+ reader->buffer = xmlBufCreateSize(100);
+ xmlBufSetAllocationScheme(reader->buffer,
+ XML_BUFFER_ALLOC_BOUNDED);
+ ret = BAD_CAST "";
+ }
+ return(ret);
}
break;
}
@@ -4035,13 +4050,19 @@
}
#ifdef LIBXML_SCHEMAS_ENABLED
-static char *xmlTextReaderBuildMessage(const char *msg, va_list ap);
+static char *xmlTextReaderBuildMessage(const char *msg, va_list ap) LIBXML_ATTR_FORMAT(1,0);
static void XMLCDECL
-xmlTextReaderValidityError(void *ctxt, const char *msg, ...);
+xmlTextReaderValidityError(void *ctxt, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
static void XMLCDECL
-xmlTextReaderValidityWarning(void *ctxt, const char *msg, ...);
+xmlTextReaderValidityWarning(void *ctxt, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
+
+static void XMLCDECL
+xmlTextReaderValidityErrorRelay(void *ctx, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
+
+static void XMLCDECL
+xmlTextReaderValidityWarningRelay(void *ctx, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
static void XMLCDECL
xmlTextReaderValidityErrorRelay(void *ctx, const char *msg, ...)
@@ -4835,7 +4856,7 @@
}
}
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlTextReaderError(void *ctxt, const char *msg, ...)
{
va_list ap;
@@ -4848,7 +4869,7 @@
}
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlTextReaderWarning(void *ctxt, const char *msg, ...)
{
va_list ap;
@@ -5131,6 +5152,9 @@
"xmlTextReaderSetup : malloc failed\n");
return (-1);
}
+ /* no operation on a reader should require a huge buffer */
+ xmlBufSetAllocationScheme(reader->buffer,
+ XML_BUFFER_ALLOC_BOUNDED);
if (reader->sax == NULL)
reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
if (reader->sax == NULL) {
@@ -5231,7 +5255,7 @@
reader->ctxt->linenumbers = 1;
reader->ctxt->dictNames = 1;
/*
- * use the parser dictionnary to allocate all elements and attributes names
+ * use the parser dictionary to allocate all elements and attributes names
*/
reader->ctxt->docdict = 1;
reader->ctxt->parseMode = XML_PARSE_READER;
diff --git a/xmlregexp.c b/xmlregexp.c
index 3e912ab..ca3b4f4 100644
--- a/xmlregexp.c
+++ b/xmlregexp.c
@@ -1544,6 +1544,7 @@
xmlFAGenerateTransitions(xmlRegParserCtxtPtr ctxt, xmlRegStatePtr from,
xmlRegStatePtr to, xmlRegAtomPtr atom) {
xmlRegStatePtr end;
+ int nullable = 0;
if (atom == NULL) {
ERROR("genrate transition: atom == NULL");
@@ -1730,6 +1731,13 @@
if (xmlRegAtomPush(ctxt, atom) < 0) {
return(-1);
}
+ if ((atom->quant == XML_REGEXP_QUANT_RANGE) &&
+ (atom->min == 0) && (atom->max > 0)) {
+ nullable = 1;
+ atom->min = 1;
+ if (atom->max == 1)
+ atom->quant = XML_REGEXP_QUANT_OPT;
+ }
xmlRegStateAddTrans(ctxt, from, atom, to, -1, -1);
ctxt->state = end;
switch (atom->quant) {
@@ -1747,11 +1755,8 @@
xmlRegStateAddTrans(ctxt, to, atom, to, -1, -1);
break;
case XML_REGEXP_QUANT_RANGE:
-#if DV_test
- if (atom->min == 0) {
+ if (nullable)
xmlFAGenerateEpsilonTransition(ctxt, from, to);
- }
-#endif
break;
default:
break;
@@ -5052,11 +5057,12 @@
ERROR("Expecting the end of a char range");
return;
}
- NEXTL(len);
+
/* TODO check that the values are acceptable character ranges for XML */
if (end < start) {
ERROR("End of range is before start of range");
} else {
+ NEXTL(len);
xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg,
XML_REGEXP_CHARVAL, start, end, NULL);
}
@@ -6345,7 +6351,7 @@
/**
* xmlExpNewCtxt:
* @maxNodes: the maximum number of nodes
- * @dict: optional dictionnary to use internally
+ * @dict: optional dictionary to use internally
*
* Creates a new context for manipulating expressions
*
@@ -7204,7 +7210,7 @@
return(NULL);
}
/*
- * check the string is in the dictionnary, if yes use an interned
+ * check the string is in the dictionary, if yes use an interned
* copy, otherwise we know it's not an acceptable input
*/
input = xmlDictExists(ctxt->dict, str, len);
diff --git a/xmlsave.c b/xmlsave.c
index 774404b..4a8e3f3 100644
--- a/xmlsave.c
+++ b/xmlsave.c
@@ -2097,8 +2097,8 @@
xmlBufAdd(buf, BAD_CAST "&", 5);
cur++;
base = cur;
- } else if ((*cur >= 0x80) && ((doc == NULL) ||
- (doc->encoding == NULL))) {
+ } else if ((*cur >= 0x80) && (cur[1] != 0) &&
+ ((doc == NULL) || (doc->encoding == NULL))) {
/*
* We assume we have UTF-8 content.
*/
@@ -2121,14 +2121,14 @@
val <<= 6;
val |= (cur[1]) & 0x3F;
l = 2;
- } else if (*cur < 0xF0) {
+ } else if ((*cur < 0xF0) && (cur [2] != 0)) {
val = (cur[0]) & 0x0F;
val <<= 6;
val |= (cur[1]) & 0x3F;
val <<= 6;
val |= (cur[2]) & 0x3F;
l = 3;
- } else if (*cur < 0xF8) {
+ } else if ((*cur < 0xF8) && (cur [2] != 0) && (cur[3] != 0)) {
val = (cur[0]) & 0x07;
val <<= 6;
val |= (cur[1]) & 0x3F;
diff --git a/xmlschemas.c b/xmlschemas.c
index 0657b66..7afe2eb 100644
--- a/xmlschemas.c
+++ b/xmlschemas.c
@@ -617,7 +617,7 @@
xmlAutomataStatePtr end;
xmlAutomataStatePtr state;
- xmlDictPtr dict; /* dictionnary for interned string names */
+ xmlDictPtr dict; /* dictionary for interned string names */
xmlSchemaTypePtr ctxtType; /* The current context simple/complex type */
int options;
xmlSchemaValidCtxtPtr vctxt;
@@ -1085,7 +1085,7 @@
static void
xmlSchemaInternalErr(xmlSchemaAbstractCtxtPtr actxt,
const char *funcName,
- const char *message);
+ const char *message) LIBXML_ATTR_FORMAT(3,0);
static int
xmlSchemaCheckCOSSTDerivedOK(xmlSchemaAbstractCtxtPtr ctxt,
xmlSchemaTypePtr type,
@@ -1769,7 +1769,7 @@
}
FREE_AND_NULL(str)
- return (*buf);
+ return (xmlEscapeFormatString(buf));
}
/**
@@ -1889,7 +1889,7 @@
*
* Handle a parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchemaPErr(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
{
@@ -1922,7 +1922,7 @@
*
* Handle a parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaPErr2(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node,
xmlNodePtr child, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
@@ -1951,7 +1951,7 @@
*
* Handle a parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(7,0)
xmlSchemaPErrExt(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node, int error,
const xmlChar * strData1, const xmlChar * strData2,
const xmlChar * strData3, const char *msg, const xmlChar * str1,
@@ -2002,7 +2002,7 @@
extra);
}
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlSchemaPSimpleInternalErr(xmlNodePtr node,
const char *msg, const xmlChar *str)
{
@@ -2013,18 +2013,21 @@
#define WXS_ERROR_TYPE_ERROR 1
#define WXS_ERROR_TYPE_WARNING 2
/**
- * xmlSchemaErr3:
+ * xmlSchemaErr4Line:
* @ctxt: the validation context
- * @node: the context node
+ * @errorLevel: the error level
* @error: the error code
+ * @node: the context node
+ * @line: the line number
* @msg: the error message
* @str1: extra data
* @str2: extra data
* @str3: extra data
+ * @str4: extra data
*
* Handle a validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(6,0)
xmlSchemaErr4Line(xmlSchemaAbstractCtxtPtr ctxt,
xmlErrorLevel errorLevel,
int error, xmlNodePtr node, int line, const char *msg,
@@ -2139,7 +2142,7 @@
*
* Handle a validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchemaErr3(xmlSchemaAbstractCtxtPtr actxt,
int error, xmlNodePtr node, const char *msg,
const xmlChar *str1, const xmlChar *str2, const xmlChar *str3)
@@ -2148,7 +2151,7 @@
msg, str1, str2, str3, NULL);
}
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchemaErr4(xmlSchemaAbstractCtxtPtr actxt,
int error, xmlNodePtr node, const char *msg,
const xmlChar *str1, const xmlChar *str2,
@@ -2158,7 +2161,7 @@
msg, str1, str2, str3, str4);
}
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchemaErr(xmlSchemaAbstractCtxtPtr actxt,
int error, xmlNodePtr node, const char *msg,
const xmlChar *str1, const xmlChar *str2)
@@ -2181,7 +2184,7 @@
/*
* Don't try to format other nodes than element and
* attribute nodes.
- * Play save and return an empty string.
+ * Play safe and return an empty string.
*/
*msg = xmlStrdup(BAD_CAST "");
return(*msg);
@@ -2246,6 +2249,13 @@
TODO
return (NULL);
}
+
+ /*
+ * xmlSchemaFormatItemForReport() also returns an escaped format
+ * string, so do this before calling it below (in the future).
+ */
+ xmlEscapeFormatString(msg);
+
/*
* VAL TODO: The output of the given schema component is currently
* disabled.
@@ -2262,7 +2272,7 @@
return (*msg);
}
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlSchemaInternalErr2(xmlSchemaAbstractCtxtPtr actxt,
const char *funcName,
const char *message,
@@ -2273,24 +2283,21 @@
if (actxt == NULL)
return;
- msg = xmlStrdup(BAD_CAST "Internal error: ");
- msg = xmlStrcat(msg, BAD_CAST funcName);
- msg = xmlStrcat(msg, BAD_CAST ", ");
+ msg = xmlStrdup(BAD_CAST "Internal error: %s, ");
msg = xmlStrcat(msg, BAD_CAST message);
msg = xmlStrcat(msg, BAD_CAST ".\n");
if (actxt->type == XML_SCHEMA_CTXT_VALIDATOR)
- xmlSchemaErr(actxt, XML_SCHEMAV_INTERNAL, NULL,
- (const char *) msg, str1, str2);
-
+ xmlSchemaErr3(actxt, XML_SCHEMAV_INTERNAL, NULL,
+ (const char *) msg, (const xmlChar *) funcName, str1, str2);
else if (actxt->type == XML_SCHEMA_CTXT_PARSER)
- xmlSchemaErr(actxt, XML_SCHEMAP_INTERNAL, NULL,
- (const char *) msg, str1, str2);
+ xmlSchemaErr3(actxt, XML_SCHEMAP_INTERNAL, NULL,
+ (const char *) msg, (const xmlChar *) funcName, str1, str2);
FREE_AND_NULL(msg)
}
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlSchemaInternalErr(xmlSchemaAbstractCtxtPtr actxt,
const char *funcName,
const char *message)
@@ -2299,7 +2306,7 @@
}
#if 0
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlSchemaPInternalErr(xmlSchemaParserCtxtPtr pctxt,
const char *funcName,
const char *message,
@@ -2311,7 +2318,7 @@
}
#endif
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaCustomErr4(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2336,7 +2343,7 @@
FREE_AND_NULL(msg)
}
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaCustomErr(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2351,7 +2358,7 @@
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaCustomWarning(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2376,7 +2383,7 @@
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaKeyrefErr(xmlSchemaValidCtxtPtr vctxt,
xmlParserErrors error,
xmlSchemaPSVIIDCNodePtr idcNode,
@@ -2476,11 +2483,13 @@
msg = xmlStrcat(msg, BAD_CAST " '");
if (type->builtInType != 0) {
msg = xmlStrcat(msg, BAD_CAST "xs:");
- msg = xmlStrcat(msg, type->name);
- } else
- msg = xmlStrcat(msg,
- xmlSchemaFormatQName(&str,
- type->targetNamespace, type->name));
+ str = xmlStrdup(type->name);
+ } else {
+ const xmlChar *qName = xmlSchemaFormatQName(&str, type->targetNamespace, type->name);
+ if (!str)
+ str = xmlStrdup(qName);
+ }
+ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
msg = xmlStrcat(msg, BAD_CAST "'");
FREE_AND_NULL(str);
}
@@ -2525,7 +2534,7 @@
FREE_AND_NULL(msg)
}
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaComplexTypeErr(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2617,7 +2626,7 @@
str = xmlStrcat(str, BAD_CAST ", ");
}
str = xmlStrcat(str, BAD_CAST " ).\n");
- msg = xmlStrcat(msg, BAD_CAST str);
+ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
FREE_AND_NULL(str)
} else
msg = xmlStrcat(msg, BAD_CAST "\n");
@@ -2625,7 +2634,7 @@
xmlFree(msg);
}
-static void
+static void LIBXML_ATTR_FORMAT(8,0)
xmlSchemaFacetErr(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2916,7 +2925,7 @@
*
* Reports an error during parsing.
*/
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaPCustomErrExt(xmlSchemaParserCtxtPtr ctxt,
xmlParserErrors error,
xmlSchemaBasicItemPtr item,
@@ -2952,7 +2961,7 @@
*
* Reports an error during parsing.
*/
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaPCustomErr(xmlSchemaParserCtxtPtr ctxt,
xmlParserErrors error,
xmlSchemaBasicItemPtr item,
@@ -2977,7 +2986,7 @@
*
* Reports an attribute use error during parsing.
*/
-static void
+static void LIBXML_ATTR_FORMAT(6,0)
xmlSchemaPAttrUseErr4(xmlSchemaParserCtxtPtr ctxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -3099,7 +3108,7 @@
* Reports a simple type validation error.
* TODO: Should this report the value of an element as well?
*/
-static void
+static void LIBXML_ATTR_FORMAT(8,0)
xmlSchemaPSimpleTypeErr(xmlSchemaParserCtxtPtr ctxt,
xmlParserErrors error,
xmlSchemaBasicItemPtr ownerItem ATTRIBUTE_UNUSED,
@@ -3141,11 +3150,13 @@
msg = xmlStrcat(msg, BAD_CAST " '");
if (type->builtInType != 0) {
msg = xmlStrcat(msg, BAD_CAST "xs:");
- msg = xmlStrcat(msg, type->name);
- } else
- msg = xmlStrcat(msg,
- xmlSchemaFormatQName(&str,
- type->targetNamespace, type->name));
+ str = xmlStrdup(type->name);
+ } else {
+ const xmlChar *qName = xmlSchemaFormatQName(&str, type->targetNamespace, type->name);
+ if (!str)
+ str = xmlStrdup(qName);
+ }
+ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
msg = xmlStrcat(msg, BAD_CAST "'.");
FREE_AND_NULL(str);
}
@@ -3157,8 +3168,10 @@
"valid.");
}
if (expected) {
+ xmlChar *expectedEscaped = xmlCharStrdup(expected);
msg = xmlStrcat(msg, BAD_CAST " Expected is '");
- msg = xmlStrcat(msg, BAD_CAST expected);
+ msg = xmlStrcat(msg, xmlEscapeFormatString(&expectedEscaped));
+ FREE_AND_NULL(expectedEscaped);
msg = xmlStrcat(msg, BAD_CAST "'.\n");
} else
msg = xmlStrcat(msg, BAD_CAST "\n");
@@ -24186,6 +24199,7 @@
else
goto pattern_and_enum;
}
+
/*
* Whitespace handling is only of importance for string-based
* types.
@@ -24196,14 +24210,13 @@
ws = xmlSchemaGetWhiteSpaceFacetValue(type);
} else
ws = XML_SCHEMA_WHITESPACE_COLLAPSE;
+
/*
* If the value was not computed (for string or
* anySimpleType based types), then use the provided
* type.
*/
- if (val == NULL)
- valType = valType;
- else
+ if (val != NULL)
valType = xmlSchemaGetValType(val);
ret = 0;
@@ -25546,7 +25559,7 @@
if (xmlNewProp(defAttrOwnerElem,
iattr->localName, value) == NULL) {
VERROR_INT("xmlSchemaVAttributesComplex",
- "callling xmlNewProp()");
+ "calling xmlNewProp()");
if (normValue != NULL)
xmlFree(normValue);
goto internal_error;
@@ -27382,10 +27395,17 @@
for (j = 0, i = 0; i < nb_attributes; i++, j += 5) {
/*
- * Duplicate the value.
+ * Duplicate the value, changing any & to a literal ampersand.
+ *
+ * libxml2 differs from normal SAX here in that it escapes all ampersands
+ * as & instead of delivering the raw converted string. Changing the
+ * behavior at this point would break applications that use this API, so
+ * we are forced to work around it. There is no danger of accidentally
+ * decoding some entity other than & in this step because without
+ * unescaped ampersands there can be no other entities in the string.
*/
- value = xmlStrndup(attributes[j+3],
- attributes[j+4] - attributes[j+3]);
+ value = xmlStringLenDecodeEntities(vctxt->parserCtxt, attributes[j+3],
+ attributes[j+4] - attributes[j+3], XML_SUBSTITUTE_REF, 0, 0, 0);
/*
* TODO: Set the node line.
*/
diff --git a/xmlschemastypes.c b/xmlschemastypes.c
index ff64f50..5f38599 100644
--- a/xmlschemastypes.c
+++ b/xmlschemastypes.c
@@ -62,7 +62,7 @@
long year;
unsigned int mon :4; /* 1 <= mon <= 12 */
unsigned int day :5; /* 1 <= day <= 31 */
- unsigned int hour :5; /* 0 <= hour <= 23 */
+ unsigned int hour :5; /* 0 <= hour <= 24 */
unsigned int min :6; /* 0 <= min <= 59 */
double sec;
unsigned int tz_flag :1; /* is tzo explicitely set? */
@@ -1139,9 +1139,13 @@
#define VALID_DATE(dt) \
(VALID_YEAR(dt->year) && VALID_MONTH(dt->mon) && VALID_MDAY(dt))
+#define VALID_END_OF_DAY(dt) \
+ ((dt)->hour == 24 && (dt)->min == 0 && (dt)->sec == 0)
+
#define VALID_TIME(dt) \
- (VALID_HOUR(dt->hour) && VALID_MIN(dt->min) && \
- VALID_SEC(dt->sec) && VALID_TZO(dt->tzo))
+ (((VALID_HOUR(dt->hour) && VALID_MIN(dt->min) && \
+ VALID_SEC(dt->sec)) || VALID_END_OF_DAY(dt)) && \
+ VALID_TZO(dt->tzo))
#define VALID_DATETIME(dt) \
(VALID_DATE(dt) && VALID_TIME(dt))
@@ -1355,7 +1359,7 @@
return ret;
if (*cur != ':')
return 1;
- if (!VALID_HOUR(value))
+ if (!VALID_HOUR(value) && value != 24 /* Allow end-of-day hour */)
return 2;
cur++;
@@ -1377,7 +1381,7 @@
if (ret != 0)
return ret;
- if ((!VALID_SEC(dt->sec)) || (!VALID_TZO(dt->tzo)))
+ if (!VALID_TIME(dt))
return 2;
*str = cur;
@@ -5303,6 +5307,7 @@
xmlSchemaWhitespaceValueType ws)
{
int ret;
+ int stringType;
if (facet == NULL)
return(-1);
@@ -5315,7 +5320,15 @@
*/
if (value == NULL)
return(-1);
- ret = xmlRegexpExec(facet->regexp, value);
+ /*
+ * If string-derived type, regexp must be tested on the value space of
+ * the datatype.
+ * See https://www.w3.org/TR/xmlschema-2/#rf-pattern
+ */
+ stringType = val && ((val->type >= XML_SCHEMAS_STRING && val->type <= XML_SCHEMAS_NORMSTRING)
+ || (val->type >= XML_SCHEMAS_TOKEN && val->type <= XML_SCHEMAS_NCNAME));
+ ret = xmlRegexpExec(facet->regexp,
+ (stringType && val->value.str) ? val->value.str : value);
if (ret == 1)
return(0);
if (ret == 0)
diff --git a/xmlstring.c b/xmlstring.c
index a37220d..cc85777 100644
--- a/xmlstring.c
+++ b/xmlstring.c
@@ -457,6 +457,8 @@
return(xmlStrndup(add, len));
size = xmlStrlen(cur);
+ if (size < 0)
+ return(NULL);
ret = (xmlChar *) xmlRealloc(cur, (size + len + 1) * sizeof(xmlChar));
if (ret == NULL) {
xmlErrMemory(NULL, NULL);
@@ -484,14 +486,19 @@
int size;
xmlChar *ret;
- if (len < 0)
+ if (len < 0) {
len = xmlStrlen(str2);
+ if (len < 0)
+ return(NULL);
+ }
if ((str2 == NULL) || (len == 0))
return(xmlStrdup(str1));
if (str1 == NULL)
return(xmlStrndup(str2, len));
size = xmlStrlen(str1);
+ if (size < 0)
+ return(NULL);
ret = (xmlChar *) xmlMalloc((size + len + 1) * sizeof(xmlChar));
if (ret == NULL) {
xmlErrMemory(NULL, NULL);
@@ -538,7 +545,7 @@
* Returns the number of characters written to @buf or -1 if an error occurs.
*/
int XMLCDECL
-xmlStrPrintf(xmlChar *buf, int len, const xmlChar *msg, ...) {
+xmlStrPrintf(xmlChar *buf, int len, const char *msg, ...) {
va_list args;
int ret;
@@ -566,7 +573,7 @@
* Returns the number of characters written to @buf or -1 if an error occurs.
*/
int
-xmlStrVPrintf(xmlChar *buf, int len, const xmlChar *msg, va_list ap) {
+xmlStrVPrintf(xmlChar *buf, int len, const char *msg, va_list ap) {
int ret;
if((buf == NULL) || (msg == NULL)) {
@@ -837,8 +844,8 @@
break;
if ( (ch = *ptr++) & 0x80)
while ((ch<<=1) & 0x80 ) {
- ptr++;
if (*ptr == 0) break;
+ ptr++;
}
}
return (ptr - utf);
@@ -980,5 +987,60 @@
return(xmlUTF8Strndup(utf, len));
}
+/**
+ * xmlEscapeFormatString:
+ * @msg: a pointer to the string in which to escape '%' characters.
+ * Must be a heap-allocated buffer created by libxml2 that may be
+ * returned, or that may be freed and replaced.
+ *
+ * Replaces the string pointed to by 'msg' with an escaped string.
+ * Returns the same string with all '%' characters escaped.
+ */
+xmlChar *
+xmlEscapeFormatString(xmlChar **msg)
+{
+ xmlChar *msgPtr = NULL;
+ xmlChar *result = NULL;
+ xmlChar *resultPtr = NULL;
+ size_t count = 0;
+ size_t msgLen = 0;
+ size_t resultLen = 0;
+
+ if (!msg || !*msg)
+ return(NULL);
+
+ for (msgPtr = *msg; *msgPtr != '\0'; ++msgPtr) {
+ ++msgLen;
+ if (*msgPtr == '%')
+ ++count;
+ }
+
+ if (count == 0)
+ return(*msg);
+
+ resultLen = msgLen + count + 1;
+ result = (xmlChar *) xmlMallocAtomic(resultLen * sizeof(xmlChar));
+ if (result == NULL) {
+ /* Clear *msg to prevent format string vulnerabilities in
+ out-of-memory situations. */
+ xmlFree(*msg);
+ *msg = NULL;
+ xmlErrMemory(NULL, NULL);
+ return(NULL);
+ }
+
+ for (msgPtr = *msg, resultPtr = result; *msgPtr != '\0'; ++msgPtr, ++resultPtr) {
+ *resultPtr = *msgPtr;
+ if (*msgPtr == '%')
+ *(++resultPtr) = '%';
+ }
+ result[resultLen - 1] = '\0';
+
+ xmlFree(*msg);
+ *msg = result;
+
+ return *msg;
+}
+
#define bottom_xmlstring
#include "elfgcchack.h"
diff --git a/xmlwriter.c b/xmlwriter.c
index fac20ac..69541b8 100644
--- a/xmlwriter.c
+++ b/xmlwriter.c
@@ -113,7 +113,7 @@
const xmlChar * str, int len);
static int xmlTextWriterCloseDocCallback(void *context);
-static xmlChar *xmlTextWriterVSprintf(const char *format, va_list argptr);
+static xmlChar *xmlTextWriterVSprintf(const char *format, va_list argptr) LIBXML_ATTR_FORMAT(1,0);
static int xmlOutputBufferWriteBase64(xmlOutputBufferPtr out, int len,
const unsigned char *data);
static void xmlTextWriterStartDocumentCallback(void *ctx);
@@ -153,7 +153,7 @@
*
* Handle a writer error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlWriterErrMsgInt(xmlTextWriterPtr ctxt, xmlParserErrors error,
const char *msg, int val)
{
diff --git a/xpath.c b/xpath.c
index dc41ce6..751665b 100644
--- a/xpath.c
+++ b/xpath.c
@@ -361,14 +361,14 @@
/*
* compute depth to root
*/
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
- if (cur == node1)
+ for (depth2 = 0, cur = node2; cur->parent != NULL; cur = cur->parent) {
+ if (cur->parent == node1)
return(1);
depth2++;
}
root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
- if (cur == node2)
+ for (depth1 = 0, cur = node1; cur->parent != NULL; cur = cur->parent) {
+ if (cur->parent == node2)
return(-1);
depth1++;
}
@@ -639,7 +639,7 @@
xmlChar buf[200];
xmlStrPrintf(buf, 200,
- BAD_CAST "Memory allocation failed : %s\n",
+ "Memory allocation failed : %s\n",
extra);
ctxt->lastError.message = (char *) xmlStrdup(buf);
} else {
@@ -945,7 +945,7 @@
xmlXPathStepOp *steps; /* ops for computation of this expression */
int last; /* index of last step in expression */
xmlChar *expr; /* the expression being computed */
- xmlDictPtr dict; /* the dictionnary to use if any */
+ xmlDictPtr dict; /* the dictionary to use if any */
#ifdef DEBUG_EVAL_COUNTS
int nb;
xmlChar *string;
@@ -3706,7 +3706,7 @@
/* @@ with_ns to check whether namespace nodes should be looked at @@ */
/*
- * prevent duplcates
+ * prevent duplicates
*/
for (i = 0;i < cur->nodeNr;i++)
if (cur->nodeTab[i] == val) return(0);
@@ -7933,14 +7933,14 @@
xmlNodePtr
xmlXPathNextDescendantOrSelf(xmlXPathParserContextPtr ctxt, xmlNodePtr cur) {
if ((ctxt == NULL) || (ctxt->context == NULL)) return(NULL);
- if (cur == NULL) {
- if (ctxt->context->node == NULL)
- return(NULL);
- if ((ctxt->context->node->type == XML_ATTRIBUTE_NODE) ||
- (ctxt->context->node->type == XML_NAMESPACE_DECL))
- return(NULL);
+ if (cur == NULL)
return(ctxt->context->node);
- }
+
+ if (ctxt->context->node == NULL)
+ return(NULL);
+ if ((ctxt->context->node->type == XML_ATTRIBUTE_NODE) ||
+ (ctxt->context->node->type == XML_NAMESPACE_DECL))
+ return(NULL);
return(xmlXPathNextDescendant(ctxt, cur));
}
@@ -8390,7 +8390,7 @@
xmlXPathNextNamespace(xmlXPathParserContextPtr ctxt, xmlNodePtr cur) {
if ((ctxt == NULL) || (ctxt->context == NULL)) return(NULL);
if (ctxt->context->node->type != XML_ELEMENT_NODE) return(NULL);
- if (ctxt->context->tmpNsList == NULL && cur != (xmlNodePtr) xmlXPathXMLNamespace) {
+ if (cur == NULL) {
if (ctxt->context->tmpNsList != NULL)
xmlFree(ctxt->context->tmpNsList);
ctxt->context->tmpNsList =
@@ -9996,7 +9996,7 @@
(c == '[') || (c == ']') || (c == '@') || /* accelerators */
(c == '*') || /* accelerators */
(!IS_LETTER(c) && (c != '_') &&
- ((qualified) && (c != ':')))) {
+ ((!qualified) || (c != ':')))) {
return(NULL);
}
@@ -12379,11 +12379,6 @@
STRANGE
goto error;
case NODE_TEST_TYPE:
- /*
- * TODO: Don't we need to use
- * xmlXPathNodeSetAddNs() for namespace nodes here?
- * Surprisingly, some c14n tests fail, if we do this.
- */
if (type == NODE_TYPE_NODE) {
switch (cur->type) {
case XML_DOCUMENT_NODE:
@@ -12397,9 +12392,17 @@
case XML_COMMENT_NODE:
case XML_CDATA_SECTION_NODE:
case XML_TEXT_NODE:
- case XML_NAMESPACE_DECL:
XP_TEST_HIT
break;
+ case XML_NAMESPACE_DECL: {
+ if (axis == AXIS_NAMESPACE) {
+ XP_TEST_HIT_NS
+ } else {
+ hasNsNodes = 1;
+ XP_TEST_HIT
+ }
+ break;
+ }
default:
break;
}
@@ -12691,6 +12694,14 @@
* Reset the context node.
*/
xpctxt->node = oldContextNode;
+ /*
+ * When traversing the namespace axis in "toBool" mode, it's
+ * possible that tmpNsList wasn't freed.
+ */
+ if (xpctxt->tmpNsList != NULL) {
+ xmlFree(xpctxt->tmpNsList);
+ xpctxt->tmpNsList = NULL;
+ }
#ifdef DEBUG_STEP
xmlGenericError(xmlGenericErrorContext,
@@ -13994,9 +14005,14 @@
xmlNodeSetPtr oldset;
int i, j;
- if (op->ch1 != -1)
+ if (op->ch1 != -1) {
total +=
xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
+ CHECK_ERROR0;
+ }
+ if (ctxt->value == NULL) {
+ XP_ERROR0(XPATH_INVALID_OPERAND);
+ }
if (op->ch2 == -1)
return (total);
@@ -14784,6 +14800,10 @@
}
}
+ /* OP_VALUE has invalid ch1. */
+ if (op->op == XPATH_OP_VALUE)
+ return;
+
/* Recurse */
if (op->ch1 != -1)
xmlXPathOptimizeExpression(comp, &comp->steps[op->ch1]);
diff --git a/xpointer.c b/xpointer.c
index 4b4ac2e..676c510 100644
--- a/xpointer.c
+++ b/xpointer.c
@@ -85,7 +85,7 @@
*
* Handle a redefinition of attribute error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlXPtrErr(xmlXPathParserContextPtr ctxt, int error,
const char * msg, const xmlChar *extra)
{