| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
|
| |
The `token` type wasn't wide enough to hold a Unicode code point.
|
|
|
|
| |
Found by OSS-Fuzz.
|
|
|
|
| |
Useful to avoid timeouts when fuzzing.
|
|
|
|
| |
Found by OSS-Fuzz.
|
| |
|
|
|
|
|
|
|
| |
Also introduce xsltParseStylesheetUser to parse a stylesheet using
a custom xsltStylesheet struct.
Set XPath resource limits when fuzzing stylesheets.
|
| |
|
|
|
|
|
| |
Compile XPath expression using the current context to propagate
information like maxParserDepth and in-scope namespaces.
|
|
|
|
|
| |
Compile XPath expression using the current context to propagate
information like maxParserDepth and in-scope namespaces.
|
|
|
|
|
| |
- Suppress false positives under UBSan.
- Fix memory leak in error case.
|
| |
|
|
|
|
|
|
|
| |
xsltTestCompMatch returns -1 in case of errors which wasn't checked in
most places.
Found when investigating a libFuzzer timeout.
|
|
|
|
|
|
|
| |
This seems to be an undocumented, internal GCC header added a long time
ago.
Resolves !2.
|
|
|
|
|
|
| |
XPath error messages changed after a recent libxml2 commit. The root
cause is that func:function doesn't signal errors to the XPath engine
which should be fixed.
|
|
|
|
|
|
|
|
|
|
|
|
| |
xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
don't check for this condition and allow access. With a specially
crafted URL, xsltCheckRead could be tricked into returning an error
because of a supposedly invalid URL that would still be loaded
succesfully later on.
Fixes #12.
Thanks to Felix Wilhelm for the report.
|
|
|
|
|
|
|
| |
xmlTextChild supports entities but dyn:map should create an element
containing a literal string.
Found with libFuzzer and UBSan.
|
|
|
|
|
|
|
| |
Add range check before converting double to long to avoid undefined
behavior.
Found with libFuzzer and UBSan.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The xmlXPathNext* iterators rely on the XPath context node being set to
the start node of the iteration. Some parts of the code base like the
xsl:key functions also leave the context node in an unspecified state.
Make sure that the context node is reset before invoking the XPath
iterators. Also backup and restore the context node in
xsltNumberFormatGetMultipleLevel for good measure.
This bug could also lead to type confusion and invalid reads in
connection with namespace nodes.
Fixes #13. Also see the Chromium bug report:
https://bugs.chromium.org/p/chromium/issues/detail?id=930663
Thanks to Nicolas Grégoire for the report.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 05f70130 broke the precedence of attributes on literal result
elements and attributes from xsl:use-attribute-sets.
Process xsl:use-attribute-sets first. Then if any attributes were added
to the target node, use xmlSetNsProp to copy the remaining attributes,
replacing the previous values.
Thanks to Alexey Neyman for the report.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exsltFuncFunctionFunction handles XPath extension functions and is called
from the XPath engine. Since evaluation of function templates can change
the XPath context node, it must be backed up to avoid corruption.
Without proper backup, evaluating certain content in function templates
could also result in use-after-free errors.
It seems that libxml2 commit 029d0e96 helped to expose the error.
Fixes #11.
|
|
|
|
|
|
|
| |
Otherwise, an xsl:element in an EXSLT function could lead to a null
pointer dereference. Also initialize some other variables earlier.
Fixes #10.
|
| |
|
| |
|
| |
|
|
|
|
| |
Simply use LDFLAGS and LIBS instead.
|
|
|
|
|
| |
- Fix vsnprintf on older MSVC versions
- Stop using _vsnprintf on MinGW
|
|
|
|
|
|
| |
Fixes bug #481434:
https://bugzilla.gnome.org/show_bug.cgi?id=481434
|
|
|
|
|
| |
Seems to fix compilation on MinGW-w64. A similar change was made to
libxml2 in 2012.
|
| |
|
|
|
|
| |
* configure.ac doc/xslt.html libxslt/xsltwin32config.h: updated for the release
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The slow pattern matching path in xsltTestCompMatchDirect caches the
result of evaluating the pattern. But this can't be done if the pattern
contains variables which could evaluate to different values.
Only enable the cache for patterns like template matches that don't
allow variable references. Don't use the cache for "count" and "from"
patterns in xsl:number.
A more fine-grained approach would be nice, but most effort should be
spent on eliminating the slow path completely.
Thanks to Martin Honnen for the report.
Fixes #6.
|
|
|
|
|
|
|
|
|
|
| |
If a variable with a "select" expression calls an EXSLT func:function,
the context variable must be restored before evaluating the function
result. This makes sure that the RVTs in the result will be moved to
the context variable's fragment list when they're released in
xsltReleaseLocalRVTs or xsltReleaseLocalRVTs.
Thanks to Nikolai Weibull for the report.
|
| |
|
|
|
|
|
|
| |
Cygwin does not define _WIN32, but still requires dllexport/dllimport
tags for when applications use the --disable-auto-import linker flag,
probably set by the gl_WOE32_DLL autoconf macro in woe32-dll.m4 file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RVTs referenced from function results must not be blindly registered
as local, as they might be part of variables from an outer scope. Remove
LOCAL/VARIABLE distinction for RVTs. Don't register as local RVT
unconditionally when reflagging as LOCAL. Instead, register function
result RVTs from inner variables as local RVTs when they're released in
xsltFreeStackElem. Keep local function result RVTs xsltReleaseLocalRVTs
instead of reregistering.
Closes: https://gitlab.gnome.org/GNOME/libxslt/issues/2
Thanks to Daniel Mendler and Martin Gieseking for the reports.
|
|
|
|
| |
See https://github.com/travis-ci/travis-ci/issues/9033
|
| |
|
|
|
|
|
|
|
|
|
| |
Set the context variable to NULL when evaluating EXSLT functions.
Fixes potential use-after-free errors or memory leaks.
Fixes bug 792580. Thanks to Clemens Gutweiler for the report.
https://bugzilla.gnome.org/show_bug.cgi?id=792580
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This file seems to be unused since 2003 when the API doc generator was
reworked in commit 0d9855d9.
|
|
|
|
| |
Fixes bug 788668.
|
|
|
|
| |
Forgot it <grin/>
|
|
|
|
|
| |
* configure.ac: update for release
* doc/* : regenerated
|