| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This is an internal GCC header that serves no purpose being checked for.
The same header has already been removed from libxml2: https://gitlab.gnome.org/GNOME/libxml2/commit/ff628d46a1301d76e0217c23c7ef53c5f1faed45.
|
|
|
|
|
|
|
|
|
|
|
|
| |
xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
don't check for this condition and allow access. With a specially
crafted URL, xsltCheckRead could be tricked into returning an error
because of a supposedly invalid URL that would still be loaded
succesfully later on.
Fixes #12.
Thanks to Felix Wilhelm for the report.
|
|
|
|
|
|
|
| |
xmlTextChild supports entities but dyn:map should create an element
containing a literal string.
Found with libFuzzer and UBSan.
|
|
|
|
|
|
|
| |
Add range check before converting double to long to avoid undefined
behavior.
Found with libFuzzer and UBSan.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The xmlXPathNext* iterators rely on the XPath context node being set to
the start node of the iteration. Some parts of the code base like the
xsl:key functions also leave the context node in an unspecified state.
Make sure that the context node is reset before invoking the XPath
iterators. Also backup and restore the context node in
xsltNumberFormatGetMultipleLevel for good measure.
This bug could also lead to type confusion and invalid reads in
connection with namespace nodes.
Fixes #13. Also see the Chromium bug report:
https://bugs.chromium.org/p/chromium/issues/detail?id=930663
Thanks to Nicolas Grégoire for the report.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 05f70130 broke the precedence of attributes on literal result
elements and attributes from xsl:use-attribute-sets.
Process xsl:use-attribute-sets first. Then if any attributes were added
to the target node, use xmlSetNsProp to copy the remaining attributes,
replacing the previous values.
Thanks to Alexey Neyman for the report.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exsltFuncFunctionFunction handles XPath extension functions and is called
from the XPath engine. Since evaluation of function templates can change
the XPath context node, it must be backed up to avoid corruption.
Without proper backup, evaluating certain content in function templates
could also result in use-after-free errors.
It seems that libxml2 commit 029d0e96 helped to expose the error.
Fixes #11.
|
|
|
|
|
|
|
| |
Otherwise, an xsl:element in an EXSLT function could lead to a null
pointer dereference. Also initialize some other variables earlier.
Fixes #10.
|
| |
|
| |
|
| |
|
|
|
|
| |
Simply use LDFLAGS and LIBS instead.
|
|
|
|
|
| |
- Fix vsnprintf on older MSVC versions
- Stop using _vsnprintf on MinGW
|
|
|
|
|
|
| |
Fixes bug #481434:
https://bugzilla.gnome.org/show_bug.cgi?id=481434
|
|
|
|
|
| |
Seems to fix compilation on MinGW-w64. A similar change was made to
libxml2 in 2012.
|
| |
|
|
|
|
| |
* configure.ac doc/xslt.html libxslt/xsltwin32config.h: updated for the release
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The slow pattern matching path in xsltTestCompMatchDirect caches the
result of evaluating the pattern. But this can't be done if the pattern
contains variables which could evaluate to different values.
Only enable the cache for patterns like template matches that don't
allow variable references. Don't use the cache for "count" and "from"
patterns in xsl:number.
A more fine-grained approach would be nice, but most effort should be
spent on eliminating the slow path completely.
Thanks to Martin Honnen for the report.
Fixes #6.
|
|
|
|
|
|
|
|
|
|
| |
If a variable with a "select" expression calls an EXSLT func:function,
the context variable must be restored before evaluating the function
result. This makes sure that the RVTs in the result will be moved to
the context variable's fragment list when they're released in
xsltReleaseLocalRVTs or xsltReleaseLocalRVTs.
Thanks to Nikolai Weibull for the report.
|
| |
|
|
|
|
|
|
| |
Cygwin does not define _WIN32, but still requires dllexport/dllimport
tags for when applications use the --disable-auto-import linker flag,
probably set by the gl_WOE32_DLL autoconf macro in woe32-dll.m4 file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RVTs referenced from function results must not be blindly registered
as local, as they might be part of variables from an outer scope. Remove
LOCAL/VARIABLE distinction for RVTs. Don't register as local RVT
unconditionally when reflagging as LOCAL. Instead, register function
result RVTs from inner variables as local RVTs when they're released in
xsltFreeStackElem. Keep local function result RVTs xsltReleaseLocalRVTs
instead of reregistering.
Closes: https://gitlab.gnome.org/GNOME/libxslt/issues/2
Thanks to Daniel Mendler and Martin Gieseking for the reports.
|
|
|
|
| |
See https://github.com/travis-ci/travis-ci/issues/9033
|
| |
|
|
|
|
|
|
|
|
|
| |
Set the context variable to NULL when evaluating EXSLT functions.
Fixes potential use-after-free errors or memory leaks.
Fixes bug 792580. Thanks to Clemens Gutweiler for the report.
https://bugzilla.gnome.org/show_bug.cgi?id=792580
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This file seems to be unused since 2003 when the API doc generator was
reworked in commit 0d9855d9.
|
|
|
|
| |
Fixes bug 788668.
|
|
|
|
| |
Forgot it <grin/>
|
|
|
|
|
| |
* configure.ac: update for release
* doc/* : regenerated
|
|
|
|
| |
Fixes bug 789829.
|
|
|
|
| |
Fixes segfault in recursion tests.
|
|
|
|
|
| |
Disable "possible loss of data" warnings when casting 64-bit to smaller
types.
|
| |
|
|
|
|
|
| |
Otherwise, the stack could overflow on platforms with a small default
stack size like Windows or with sanitizers that increase stack usage.
|
|
|
|
| |
_WIN32 is defined automatically by the compiler.
|
|
|
|
| |
Set stdout and stderr to binary.
|
|
|
|
| |
Fixes bug 788317. Thanks to J. Peter Mugaas for the initial patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support glibc 2.26 which removes xlocale.h. Fixes bug 788264. Thanks to
Quentin Minster for the report.
Drop support for ancient glibc 2.2.x. This allows to replace the test
program in configure.ac with a simple check for strxfrm_l.
Always use WinAPI locales on Windows.
Define macros in xsltlocale.h and rename XSLT_LOCALE_XLOCALE to
XSLT_LOCALE_POSIX.
|
| |
|
| |
|
|
|
|
| |
* configure.ac doc/news.html doc/xslt.html: updated for the release
|
|
|
|
| |
Adjust for recent config changes.
|
| |
|