From a0d2427bb86668215d7c9e1be07cb9a2d86f6755 Mon Sep 17 00:00:00 2001 From: Andrej Valek Date: Wed, 6 Sep 2017 08:04:59 +0200 Subject: libxml2: 2.9.4 -> 2.9.5 Signed-off-by: Andrej Valek Signed-off-by: Ross Burton --- .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 ---------- .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 ------- .../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 -- .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 --- .../libxml/libxml2/libxml2-CVE-2017-8872.patch | 37 -- .../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103 ---- .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ---------- .../libxml2/libxml2-fix_NULL_pointer_derefs.patch | 45 -- ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 --------------------- .../libxml2/libxml2-fix_node_comparison.patch | 67 --- meta/recipes-core/libxml/libxml2/runtest.patch | 34 +- 12 files changed, 9 insertions(+), 1711 deletions(-) delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch (limited to 'meta/recipes-core/libxml/libxml2') diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch index 3277165618..d9ed1516fe 100644 --- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch +++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch @@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644 - echo "*** If you have an old version installed, it is best to remove it, although" - echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ], - [ echo "*** The test program failed to compile or link. See the file config.log for the" -- echo "*** exact error that occured. This usually means LIBXML was incorrectly installed" +- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed" - echo "*** or that you have moved LIBXML since it was installed. In the latter case, you" - echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ]) - CPPFLAGS="$ac_save_CPPFLAGS" diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch deleted file mode 100644 index bb55eed171..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch +++ /dev/null @@ -1,269 +0,0 @@ -libxml2-2.9.4: Fix CVE-2016-4658 - -[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658 - -xpointer: Disallow namespace nodes in XPointer points and ranges - -Namespace nodes must be copied to avoid use-after-free errors. -But they don't necessarily have a physical representation in a -document, so simply disallow them in XPointer ranges. - -Upstream-Status: Backport - - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b] - - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65] -CVE: CVE-2016-4658 -Signed-off-by: Andrej Valek -Signed-off-by: Pascal Bach - -diff --git a/xpointer.c b/xpointer.c -index 676c510..911680d 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { - } - - /** -+ * xmlXPtrNewRangeInternal: -+ * @start: the starting node -+ * @startindex: the start index -+ * @end: the ending point -+ * @endindex: the ending index -+ * -+ * Internal function to create a new xmlXPathObjectPtr of type range -+ * -+ * Returns the newly created object. -+ */ -+static xmlXPathObjectPtr -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, -+ xmlNodePtr end, int endindex) { -+ xmlXPathObjectPtr ret; -+ -+ /* -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). -+ * Disallow them for now. -+ */ -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -+ if (ret == NULL) { -+ xmlXPtrErrMemory("allocating range"); -+ return(NULL); -+ } -+ memset(ret, 0, sizeof(xmlXPathObject)); -+ ret->type = XPATH_RANGE; -+ ret->user = start; -+ ret->index = startindex; -+ ret->user2 = end; -+ ret->index2 = endindex; -+ return(ret); -+} -+ -+/** - * xmlXPtrNewRange: - * @start: the starting node - * @startindex: the start index -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, - if (endindex < 0) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = startindex; -- ret->user2 = end; -- ret->index2 = endindex; -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, -+ end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { - if (start->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { - if (end == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - if (start == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = NULL; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); - return(ret); - } - -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - */ - xmlXPathObjectPtr - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { -+ xmlNodePtr endNode; -+ int endIndex; - xmlXPathObjectPtr ret; - - if (start == NULL) -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - return(NULL); - switch (end->type) { - case XPATH_POINT: -+ endNode = end->user; -+ endIndex = end->index; -+ break; - case XPATH_RANGE: -+ endNode = end->user2; -+ endIndex = end->index2; - break; - case XPATH_NODESET: - /* -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - */ - if (end->nodesetval->nodeNr <= 0) - return(NULL); -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -+ endIndex = -1; - break; - default: - /* TODO */ - return(NULL); - } - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- switch (end->type) { -- case XPATH_POINT: -- ret->user2 = end->user; -- ret->index2 = end->index; -- break; -- case XPATH_RANGE: -- ret->user2 = end->user2; -- ret->index2 = end->index2; -- break; -- case XPATH_NODESET: { -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -- ret->index2 = -1; -- break; -- } -- default: -- STRANGE -- return(NULL); -- } -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) { - case XPATH_RANGE: { - xmlNodePtr node = tmp->user; - if (node != NULL) { -- if (node->type == XML_ATTRIBUTE_NODE) { -- /* TODO: Namespace Nodes ??? */ -+ if ((node->type == XML_ATTRIBUTE_NODE) || -+ (node->type == XML_NAMESPACE_DECL)) { - xmlXPathFreeObject(obj); - xmlXPtrFreeLocationSet(newset); - XP_ERROR(XPTR_SYNTAX_ERROR); -@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) { - case XPATH_RANGE: { - xmlNodePtr node = tmp->user2; - if (node != NULL) { -- if (node->type == XML_ATTRIBUTE_NODE) { -- /* TODO: Namespace Nodes ??? */ -+ if ((node->type == XML_ATTRIBUTE_NODE) || -+ (node->type == XML_NAMESPACE_DECL)) { - xmlXPathFreeObject(obj); - xmlXPtrFreeLocationSet(newset); - XP_ERROR(XPTR_SYNTAX_ERROR); diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch deleted file mode 100644 index 9d47d023a9..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Tue, 28 Jun 2016 14:22:23 +0200 -Subject: [PATCH] Fix XPointer paths beginning with range-to - -The old code would invoke the broken xmlXPtrRangeToFunction. range-to -isn't really a function but a special kind of location step. Remove -this function and always handle range-to in the XPath code. - -The old xmlXPtrRangeToFunction could also be abused to trigger a -use-after-free error with the potential for remote code execution. - -Found with afl-fuzz. - -Fixes CVE-2016-5131. - -CVE: CVE-2016-5131 -Upstream-Status: Backport -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - -Signed-off-by: Yi Zhao ---- - result/XPath/xptr/vidbase | 13 ++++++++ - test/XPath/xptr/vidbase | 1 + - xpath.c | 7 ++++- - xpointer.c | 76 ++++------------------------------------------- - 4 files changed, 26 insertions(+), 71 deletions(-) - -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase -index 8b9e92d..f19193e 100644 ---- a/result/XPath/xptr/vidbase -+++ b/result/XPath/xptr/vidbase -@@ -17,3 +17,16 @@ Object is a Location Set: - To node - ELEMENT p - -+ -+======================== -+Expression: xpointer(range-to(id('chapter2'))) -+Object is a Location Set: -+1 : Object is a range : -+ From node -+ / -+ To node -+ ELEMENT chapter -+ ATTRIBUTE id -+ TEXT -+ content=chapter2 -+ -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase -index b146383..884b106 100644 ---- a/test/XPath/xptr/vidbase -+++ b/test/XPath/xptr/vidbase -@@ -1,2 +1,3 @@ - xpointer(id('chapter1')/p) - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) -+xpointer(range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index d992841..5a01b1b 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { - lc = 1; - break; - } else if ((NXT(len) == '(')) { -- /* Note Type or Function */ -+ /* Node Type or Function */ - if (xmlXPathIsNodeType(name)) { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, - "PathExpr: Type search\n"); - #endif - lc = 1; -+#ifdef LIBXML_XPTR_ENABLED -+ } else if (ctxt->xptr && -+ xmlStrEqual(name, BAD_CAST "range-to")) { -+ lc = 1; -+#endif - } else { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, -diff --git a/xpointer.c b/xpointer.c -index 676c510..d74174a 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { - ret->here = here; - ret->origin = origin; - -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", -- xmlXPtrRangeToFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range", - xmlXPtrRangeFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { - * @nargs: the number of args - * - * Implement the range-to() XPointer function -+ * -+ * Obsolete. range-to is not a real function but a special type of location -+ * step which is handled in xpath.c. - */ - void --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { -- xmlXPathObjectPtr range; -- const xmlChar *cur; -- xmlXPathObjectPtr res, obj; -- xmlXPathObjectPtr tmp; -- xmlLocationSetPtr newset = NULL; -- xmlNodeSetPtr oldset; -- int i; -- -- if (ctxt == NULL) return; -- CHECK_ARITY(1); -- /* -- * Save the expression pointer since we will have to evaluate -- * it multiple times. Initialize the new set. -- */ -- CHECK_TYPE(XPATH_NODESET); -- obj = valuePop(ctxt); -- oldset = obj->nodesetval; -- ctxt->context->node = NULL; -- -- cur = ctxt->cur; -- newset = xmlXPtrLocationSetCreate(NULL); -- -- for (i = 0; i < oldset->nodeNr; i++) { -- ctxt->cur = cur; -- -- /* -- * Run the evaluation with a node list made of a single item -- * in the nodeset. -- */ -- ctxt->context->node = oldset->nodeTab[i]; -- tmp = xmlXPathNewNodeSet(ctxt->context->node); -- valuePush(ctxt, tmp); -- -- xmlXPathEvalExpr(ctxt); -- CHECK_ERROR; -- -- /* -- * The result of the evaluation need to be tested to -- * decided whether the filter succeeded or not -- */ -- res = valuePop(ctxt); -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); -- if (range != NULL) { -- xmlXPtrLocationSetAdd(newset, range); -- } -- -- /* -- * Cleanup -- */ -- if (res != NULL) -- xmlXPathFreeObject(res); -- if (ctxt->value == tmp) { -- res = valuePop(ctxt); -- xmlXPathFreeObject(res); -- } -- -- ctxt->context->node = NULL; -- } -- -- /* -- * The result is used as the new evaluation set. -- */ -- xmlXPathFreeObject(obj); -- ctxt->context->node = NULL; -- ctxt->context->contextSize = -1; -- ctxt->context->proximityPosition = -1; -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, -+ int nargs ATTRIBUTE_UNUSED) { -+ XP_ERROR(XPATH_EXPR_ERROR); - } - - /** --- -2.7.4 - diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch deleted file mode 100644 index 0108265855..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch +++ /dev/null @@ -1,40 +0,0 @@ -libxml2: Fix CVE-2017-0663 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228 - -valid: Fix type confusion in xmlValidateOneNamespace - -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types -on namespace declarations make no practical sense anyway. - -Fixes bug 780228 - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66] -CVE: CVE-2017-0663 -Signed-off-by: Andrej Valek - -diff --git a/valid.c b/valid.c -index 19f84b8..e03d35e 100644 ---- a/valid.c -+++ b/valid.c -@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - } - } - -+ /* -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes -+ * no practical sense to use ID types anyway. -+ */ -+#if 0 - /* Validity Constraint: ID uniqueness */ - if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) -@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) - ret = 0; - } -+#endif - - /* Validity Constraint: Notation Attributes */ - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch deleted file mode 100644 index 571b05c087..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch +++ /dev/null @@ -1,62 +0,0 @@ -libxml2-2.9.4: Fix CVE-2017-5969 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422 - -valid: Fix NULL pointer deref in xmlDumpElementContent - -Can only be triggered in recovery mode. - -Fixes bug 758422 - -Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882] -CVE: CVE-2017-5969 -Signed-off-by: Andrej Valek - -diff --git a/valid.c b/valid.c -index 19f84b8..0a8e58a 100644 ---- a/valid.c -+++ b/valid.c -@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) - xmlBufferWriteCHAR(buf, content->name); - break; - case XML_ELEMENT_CONTENT_SEQ: -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -+ if ((content->c1 != NULL) && -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) - xmlDumpElementContent(buf, content->c1, 1); - else - xmlDumpElementContent(buf, content->c1, 0); - xmlBufferWriteChar(buf, " , "); -- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || -- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) -+ if ((content->c2 != NULL) && -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) || -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) - xmlDumpElementContent(buf, content->c2, 1); - else - xmlDumpElementContent(buf, content->c2, 0); - break; - case XML_ELEMENT_CONTENT_OR: -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -+ if ((content->c1 != NULL) && -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) - xmlDumpElementContent(buf, content->c1, 1); - else - xmlDumpElementContent(buf, content->c1, 0); - xmlBufferWriteChar(buf, " | "); -- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || -- ((content->c2->type == XML_ELEMENT_CONTENT_OR) && -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) -+ if ((content->c2 != NULL) && -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) && -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) - xmlDumpElementContent(buf, content->c2, 1); - else - xmlDumpElementContent(buf, content->c2, 0); diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch deleted file mode 100644 index 26779aa572..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia -Date: Wed, 23 Aug 2017 16:04:49 +0800 -Subject: [PATCH] fix CVE-2017-8872 - -this makes xmlHaltParser "empty" the buffer, as it resets cur and ava -il too here. - -this seems to cure this specific issue, and also passes the testsuite - -Signed-off-by: Marcus Meissner - -https://bugzilla.gnome.org/show_bug.cgi?id=775200 -Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff] -Signed-off-by: Hongxu Jia ---- - parser.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/parser.c b/parser.c -index 9506ead..6c07ffd 100644 ---- a/parser.c -+++ b/parser.c -@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) { - } - ctxt->input->cur = BAD_CAST""; - ctxt->input->base = ctxt->input->cur; -+ if (ctxt->input->buf) { -+ xmlBufEmpty (ctxt->input->buf->buffer); -+ } else -+ ctxt->input->length = 0; - } - } - --- -2.7.4 - diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch deleted file mode 100644 index 8b034560fa..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch +++ /dev/null @@ -1,103 +0,0 @@ -libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333 - -- https://bugzilla.gnome.org/show_bug.cgi?id=781701 - -valid: Fix buffer size checks in xmlSnprintfElementContent - -xmlSnprintfElementContent failed to correctly check the available -buffer space in two locations. - -Fixes bug 781333 and bug 781701 - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74] -CVE: CVE-2017-9047 CVE-2017-9048 -Signed-off-by: Andrej Valek - -diff --git a/result/valid/781333.xml b/result/valid/781333.xml -new file mode 100644 -index 0000000..01baf11 ---- /dev/null -+++ b/result/valid/781333.xml -@@ -0,0 +1,5 @@ -+ -+ -+]> -+ -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err -new file mode 100644 -index 0000000..2176200 ---- /dev/null -+++ b/result/valid/781333.xml.err -@@ -0,0 +1,3 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+ -+ ^ -diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr -new file mode 100644 -index 0000000..1195a04 ---- /dev/null -+++ b/result/valid/781333.xml.err.rdr -@@ -0,0 +1,6 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+ -+ ^ -+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child -+ -+^ -diff --git a/test/valid/781333.xml b/test/valid/781333.xml -new file mode 100644 -index 0000000..bceac9c ---- /dev/null -+++ b/test/valid/781333.xml -@@ -0,0 +1,4 @@ -+ -+]> -+ -diff --git a/valid.c b/valid.c -index 19f84b8..aaa30f6 100644 ---- a/valid.c -+++ b/valid.c -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - case XML_ELEMENT_CONTENT_PCDATA: - strcat(buf, "#PCDATA"); - break; -- case XML_ELEMENT_CONTENT_ELEMENT: -+ case XML_ELEMENT_CONTENT_ELEMENT: { -+ int qnameLen = xmlStrlen(content->name); -+ -+ if (content->prefix != NULL) -+ qnameLen += xmlStrlen(content->prefix) + 1; -+ if (size - len < qnameLen + 10) { -+ strcat(buf, " ..."); -+ return; -+ } - if (content->prefix != NULL) { -- if (size - len < xmlStrlen(content->prefix) + 10) { -- strcat(buf, " ..."); -- return; -- } - strcat(buf, (char *) content->prefix); - strcat(buf, ":"); - } -- if (size - len < xmlStrlen(content->name) + 10) { -- strcat(buf, " ..."); -- return; -- } - if (content->name != NULL) - strcat(buf, (char *) content->name); - break; -+ } - case XML_ELEMENT_CONTENT_SEQ: - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - xmlSnprintfElementContent(buf, size, content->c2, 0); - break; - } -+ if (size - strlen(buf) <= 2) return; - if (englob) - strcat(buf, ")"); - switch (content->ocur) { diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch deleted file mode 100644 index 591075de3c..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch +++ /dev/null @@ -1,291 +0,0 @@ -libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050 - -[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205 - -- https://bugzilla.gnome.org/show_bug.cgi?id=781361 - -parser: Fix handling of parameter-entity references - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - -Percent sign in DTD Names -========================= - -The NEXTL macro used to call xmlParserHandlePEReference. When parsing -"complex" names inside the DTD, this could result in entity expansion -which created a new input buffer. The fix is to simply remove the call -to xmlParserHandlePEReference from the NEXTL macro. This is safe because -no users of the macro require expansion of parameter entities. - -- xmlParseNameComplex -- xmlParseNCNameComplex -- xmlParseNmtoken - -The percent sign is not allowed in names, which are grammatical tokens. - -- xmlParseEntityValue - -Parameter-entity references in entity values are expanded but this -happens in a separate step in this function. - -- xmlParseSystemLiteral - -Parameter-entity references are ignored in the system literal. - -- xmlParseAttValueComplex -- xmlParseCharDataComplex -- xmlParseCommentComplex -- xmlParsePI -- xmlParseCDSect - -Parameter-entity references are ignored outside the DTD. - -- xmlLoadEntityContent - -This function is only called from xmlStringLenDecodeEntities and -entities are replaced in a separate step immediately after the function -call. - -This bug could also be triggered with an internal subset and double -entity expansion. - -This fixes bug 766956 initially reported by Wei Lei and independently by -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone -involved. - -xmlParseNameComplex with XML_PARSE_OLD10 -======================================== - -When parsing Names inside an expanded parameter entity with the -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the -GROW macro if the input buffer was exhausted. At the end of the -parameter entity's replacement text, this function would then call -xmlPopInput which invalidated the input buffer. - -There should be no need to invoke GROW in this situation because the -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, -at least for UTF-8, in xmlCurrentChar. This also matches the code path -executed when XML_PARSE_OLD10 is not set. - -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). -Thanks to Marcel Böhme and Thuan Pham for the report. - -Additional hardening -==================== - -A separate check was added in xmlParseNameComplex to validate the -buffer size. - -Fixes bug 781205 and bug 781361 - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74] -CVE: CVE-2017-9049 CVE-2017-9050 -Signed-off-by: Andrej Valek - -diff --git a/Makefile.am b/Makefile.am -index 9f988b0..dab15a4 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT) - if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \ - rm result.$$name error.$$name ; \ - fi ; fi ; done) -+ @echo "## Error cases regression tests (old 1.0)" -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \ -+ name=`basename $$i`; \ -+ if [ ! -d $$i ] ; then \ -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \ -+ echo New test file $$name ; \ -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \ -+ 2> $(srcdir)/result/errors10/$$name.err \ -+ > $(srcdir)/result/errors10/$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ else \ -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \ -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \ -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ -+ rm result.$$name error.$$name ; \ -+ fi ; fi ; done) - @echo "## Error cases stream regression tests" - -@(for i in $(srcdir)/test/errors/*.xml ; do \ - name=`basename $$i`; \ -diff --git a/parser.c b/parser.c -index 609a270..8e11c12 100644 ---- a/parser.c -+++ b/parser.c -@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { - ctxt->input->line++; ctxt->input->col = 1; \ - } else ctxt->input->col++; \ - ctxt->input->cur += l; \ -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ - } while (0) - - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) -@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - len += l; - NEXTL(l); - c = CUR_CHAR(l); -- if (c == 0) { -- count = 0; -- GROW; -- if (ctxt->instate == XML_PARSER_EOF) -- return(NULL); -- c = CUR_CHAR(l); -- } - } - } - if ((len > XML_MAX_NAME_LENGTH) && -@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); - return(NULL); - } -+ if (ctxt->input->cur - ctxt->input->base < len) { -+ /* -+ * There were a couple of bugs where PERefs lead to to a change -+ * of the buffer. Check the buffer size to avoid passing an invalid -+ * pointer to xmlDictLookup. -+ */ -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, -+ "unexpected change of input buffer"); -+ return (NULL); -+ } - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err -new file mode 100644 -index 0000000..da15c3f ---- /dev/null -+++ b/result/errors10/781205.xml.err -@@ -0,0 +1,21 @@ -+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+Entity: line 1: parser error : DOCTYPE improperly terminated -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+namespace error : Failed to parse QName ':0000' -+ %a; -+ ^ -+<:0000 -+ ^ -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 -+ -+^ -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err -new file mode 100644 -index 0000000..655f41a ---- /dev/null -+++ b/result/errors10/781361.xml.err -@@ -0,0 +1,13 @@ -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected -+ -+^ -+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ -+^ -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated -+ -+^ -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found -+ -+^ -diff --git a/result/valid/766956.xml b/result/valid/766956.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err -new file mode 100644 -index 0000000..34b1dae ---- /dev/null -+++ b/result/valid/766956.xml.err -@@ -0,0 +1,9 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr -new file mode 100644 -index 0000000..7760346 ---- /dev/null -+++ b/result/valid/766956.xml.err.rdr -@@ -0,0 +1,10 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -+./test/valid/766956.xml : failed to parse -diff --git a/runtest.c b/runtest.c -index bb74d2a..63e8c20 100644 ---- a/runtest.c -+++ b/runtest.c -@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = { - { "Error cases regression tests", - errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err", - 0 }, -+ { "Error cases regression tests (old 1.0)", -+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err", -+ XML_PARSE_OLD10 }, - #ifdef LIBXML_READER_ENABLED - { "Error cases stream regression tests", - streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str", -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml -new file mode 100644 -index 0000000..d9e9e83 ---- /dev/null -+++ b/test/errors10/781205.xml -@@ -0,0 +1,3 @@ -+ -+ %a; -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml -new file mode 100644 -index 0000000..67476bc ---- /dev/null -+++ b/test/errors10/781361.xml -@@ -0,0 +1,3 @@ -+ -+ %elem; -diff --git a/test/valid/766956.xml b/test/valid/766956.xml -new file mode 100644 -index 0000000..19a95a0 ---- /dev/null -+++ b/test/valid/766956.xml -@@ -0,0 +1,2 @@ -+ -+ -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd -new file mode 100644 -index 0000000..dddde68 ---- /dev/null -+++ b/test/valid/dtds/766956.dtd -@@ -0,0 +1,2 @@ -+ -+%ä%ent; diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch deleted file mode 100644 index c60e32f656..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch +++ /dev/null @@ -1,45 +0,0 @@ -libxml2-2.9.4: Fix more NULL pointer derefs - -xpointer: Fix more NULL pointer derefs - -Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd] -Signed-off-by: Andrej Valek -Signed-off-by: Pascal Bach - -diff --git a/xpointer.c b/xpointer.c -index 676c510..074db24 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - /* - * Empty set ... - */ -- if (end->nodesetval->nodeNr <= 0) -+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0)) - return(NULL); - break; - default: -@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) { - */ - xmlNodeSetPtr set; - set = tmp->nodesetval; -- if ((set->nodeNr != 1) || -+ if ((set == NULL) || (set->nodeNr != 1) || - (set->nodeTab[0] != (xmlNodePtr) ctx->doc)) - stack++; - } else -@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) { - xmlXPathFreeObject(set); - XP_ERROR(XPATH_MEMORY_ERROR); - } -- for (i = 0;i < oldset->locNr;i++) { -- xmlXPtrLocationSetAdd(newset, -- xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); -+ if (oldset != NULL) { -+ for (i = 0;i < oldset->locNr;i++) { -+ xmlXPtrLocationSetAdd(newset, -+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); -+ } - } - - /* diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch deleted file mode 100644 index faa57701f5..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch +++ /dev/null @@ -1,590 +0,0 @@ -libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2 - -[No upstream tracking] - -parser: Avoid reparsing in xmlParseStartTag2 - -The code in xmlParseStartTag2 must handle the case that the input -buffer was grown and reallocated which can invalidate pointers to -attribute values. Before, this was handled by detecting changes of -the input buffer "base" pointer and, in case of a change, jumping -back to the beginning of the function and reparsing the start tag. - -The major problem of this approach is that whether an input buffer is -reallocated is nondeterministic, resulting in seemingly random test -failures. See the mailing list thread "runtest mystery bug: name2.xml -error case regression test" from 2012, for example. - -If a reallocation was detected, the code also made no attempts to -continue parsing in case of errors which makes a difference in -the lax "recover" mode. - -Now we store the current input buffer "base" pointer for each (not -separately allocated) attribute in the namespace URI field, which isn't -used until later. After the whole start tag was parsed, the pointers to -the attribute values are reconstructed using the offset between the -new and the old input buffer. This relies on arithmetic on dangling -pointers which is technically undefined behavior. But it seems like -the easiest and most efficient fix and a similar approach is used in -xmlParserInputGrow. - -This changes the error output of several tests, typically making it -more verbose because we try harder to continue parsing in case of errors. - -(Another possible solution is to check not only the "base" pointer -but the size of the input buffer as well. But this would result in -even more reparsing.) - -Remove some goto labels and deduplicate a bit of code after handling -namespaces. - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - - -Upstream-Status: Backport - - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349] - - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0] -Signed-off-by: Andrej Valek - -diff --git a/parser.c b/parser.c -index 609a270..74016e3 100644 ---- a/parser.c -+++ b/parser.c -@@ -43,6 +43,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref, - const xmlChar **atts = ctxt->atts; - int maxatts = ctxt->maxatts; - int nratts, nbatts, nbdef; -- int i, j, nbNs, attval, oldline, oldcol, inputNr; -- const xmlChar *base; -+ int i, j, nbNs, attval; - unsigned long cur; - int nsNr = ctxt->nsNr; - -@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref, - * The Shrinking is only possible once the full set of attribute - * callbacks have been done. - */ --reparse: - SHRINK; -- base = ctxt->input->base; - cur = ctxt->input->cur - ctxt->input->base; -- inputNr = ctxt->inputNr; -- oldline = ctxt->input->line; -- oldcol = ctxt->input->col; - nbatts = 0; - nratts = 0; - nbdef = 0; -@@ -9422,8 +9417,6 @@ reparse: - */ - SKIP_BLANKS; - GROW; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; - - while (((RAW != '>') && - ((RAW != '/') || (NXT(1) != '>')) && -@@ -9434,203 +9427,174 @@ reparse: - - attname = xmlParseAttribute2(ctxt, prefix, localname, - &aprefix, &attvalue, &len, &alloc); -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) { -- if ((attvalue != NULL) && (alloc != 0)) -- xmlFree(attvalue); -- attvalue = NULL; -- goto base_changed; -- } -- if ((attname != NULL) && (attvalue != NULL)) { -- if (len < 0) len = xmlStrlen(attvalue); -- if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) { -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -- xmlURIPtr uri; -- -- if (URL == NULL) { -- xmlErrMemory(ctxt, "dictionary allocation failure"); -- if ((attvalue != NULL) && (alloc != 0)) -- xmlFree(attvalue); -- return(NULL); -- } -- if (*URL != 0) { -- uri = xmlParseURI((const char *) URL); -- if (uri == NULL) { -- xmlNsErr(ctxt, XML_WAR_NS_URI, -- "xmlns: '%s' is not a valid URI\n", -- URL, NULL, NULL); -- } else { -- if (uri->scheme == NULL) { -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -- "xmlns: URI %s is not absolute\n", -- URL, NULL, NULL); -- } -- xmlFreeURI(uri); -- } -- if (URL == ctxt->str_xml_ns) { -- if (attname != ctxt->str_xml) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xml namespace URI cannot be the default namespace\n", -- NULL, NULL, NULL); -- } -- goto skip_default_ns; -- } -- if ((len == 29) && -- (xmlStrEqual(URL, -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "reuse of the xmlns namespace name is forbidden\n", -- NULL, NULL, NULL); -- goto skip_default_ns; -- } -- } -- /* -- * check that it's not a defined namespace -- */ -- for (j = 1;j <= nbNs;j++) -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL) -- break; -- if (j <= nbNs) -- xmlErrAttributeDup(ctxt, NULL, attname); -- else -- if (nsPush(ctxt, NULL, URL) > 0) nbNs++; --skip_default_ns: -- if ((attvalue != NULL) && (alloc != 0)) { -- xmlFree(attvalue); -- attvalue = NULL; -- } -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>')))) -- break; -- if (!IS_BLANK_CH(RAW)) { -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, -- "attributes construct error\n"); -- break; -- } -- SKIP_BLANKS; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; -- continue; -- } -- if (aprefix == ctxt->str_xmlns) { -- const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -- xmlURIPtr uri; -- -- if (attname == ctxt->str_xml) { -- if (URL != ctxt->str_xml_ns) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xml namespace prefix mapped to wrong URI\n", -- NULL, NULL, NULL); -- } -- /* -- * Do not keep a namespace definition node -- */ -- goto skip_ns; -- } -+ if ((attname == NULL) || (attvalue == NULL)) -+ goto next_attr; -+ if (len < 0) len = xmlStrlen(attvalue); -+ -+ if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) { -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -+ xmlURIPtr uri; -+ -+ if (URL == NULL) { -+ xmlErrMemory(ctxt, "dictionary allocation failure"); -+ if ((attvalue != NULL) && (alloc != 0)) -+ xmlFree(attvalue); -+ return(NULL); -+ } -+ if (*URL != 0) { -+ uri = xmlParseURI((const char *) URL); -+ if (uri == NULL) { -+ xmlNsErr(ctxt, XML_WAR_NS_URI, -+ "xmlns: '%s' is not a valid URI\n", -+ URL, NULL, NULL); -+ } else { -+ if (uri->scheme == NULL) { -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -+ "xmlns: URI %s is not absolute\n", -+ URL, NULL, NULL); -+ } -+ xmlFreeURI(uri); -+ } - if (URL == ctxt->str_xml_ns) { -- if (attname != ctxt->str_xml) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xml namespace URI mapped to wrong prefix\n", -- NULL, NULL, NULL); -- } -- goto skip_ns; -- } -- if (attname == ctxt->str_xmlns) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "redefinition of the xmlns prefix is forbidden\n", -- NULL, NULL, NULL); -- goto skip_ns; -- } -- if ((len == 29) && -- (xmlStrEqual(URL, -- BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "reuse of the xmlns namespace name is forbidden\n", -- NULL, NULL, NULL); -- goto skip_ns; -- } -- if ((URL == NULL) || (URL[0] == 0)) { -- xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -- "xmlns:%s: Empty XML namespace is not allowed\n", -- attname, NULL, NULL); -- goto skip_ns; -- } else { -- uri = xmlParseURI((const char *) URL); -- if (uri == NULL) { -- xmlNsErr(ctxt, XML_WAR_NS_URI, -- "xmlns:%s: '%s' is not a valid URI\n", -- attname, URL, NULL); -- } else { -- if ((ctxt->pedantic) && (uri->scheme == NULL)) { -- xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -- "xmlns:%s: URI %s is not absolute\n", -- attname, URL, NULL); -- } -- xmlFreeURI(uri); -- } -- } -- -- /* -- * check that it's not a defined namespace -- */ -- for (j = 1;j <= nbNs;j++) -- if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname) -- break; -- if (j <= nbNs) -- xmlErrAttributeDup(ctxt, aprefix, attname); -- else -- if (nsPush(ctxt, attname, URL) > 0) nbNs++; --skip_ns: -- if ((attvalue != NULL) && (alloc != 0)) { -- xmlFree(attvalue); -- attvalue = NULL; -- } -- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>')))) -- break; -- if (!IS_BLANK_CH(RAW)) { -- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, -- "attributes construct error\n"); -- break; -- } -- SKIP_BLANKS; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; -- continue; -- } -+ if (attname != ctxt->str_xml) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xml namespace URI cannot be the default namespace\n", -+ NULL, NULL, NULL); -+ } -+ goto next_attr; -+ } -+ if ((len == 29) && -+ (xmlStrEqual(URL, -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "reuse of the xmlns namespace name is forbidden\n", -+ NULL, NULL, NULL); -+ goto next_attr; -+ } -+ } -+ /* -+ * check that it's not a defined namespace -+ */ -+ for (j = 1;j <= nbNs;j++) -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL) -+ break; -+ if (j <= nbNs) -+ xmlErrAttributeDup(ctxt, NULL, attname); -+ else -+ if (nsPush(ctxt, NULL, URL) > 0) nbNs++; -+ -+ } else if (aprefix == ctxt->str_xmlns) { -+ const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len); -+ xmlURIPtr uri; -+ -+ if (attname == ctxt->str_xml) { -+ if (URL != ctxt->str_xml_ns) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xml namespace prefix mapped to wrong URI\n", -+ NULL, NULL, NULL); -+ } -+ /* -+ * Do not keep a namespace definition node -+ */ -+ goto next_attr; -+ } -+ if (URL == ctxt->str_xml_ns) { -+ if (attname != ctxt->str_xml) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xml namespace URI mapped to wrong prefix\n", -+ NULL, NULL, NULL); -+ } -+ goto next_attr; -+ } -+ if (attname == ctxt->str_xmlns) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "redefinition of the xmlns prefix is forbidden\n", -+ NULL, NULL, NULL); -+ goto next_attr; -+ } -+ if ((len == 29) && -+ (xmlStrEqual(URL, -+ BAD_CAST "http://www.w3.org/2000/xmlns/"))) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "reuse of the xmlns namespace name is forbidden\n", -+ NULL, NULL, NULL); -+ goto next_attr; -+ } -+ if ((URL == NULL) || (URL[0] == 0)) { -+ xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE, -+ "xmlns:%s: Empty XML namespace is not allowed\n", -+ attname, NULL, NULL); -+ goto next_attr; -+ } else { -+ uri = xmlParseURI((const char *) URL); -+ if (uri == NULL) { -+ xmlNsErr(ctxt, XML_WAR_NS_URI, -+ "xmlns:%s: '%s' is not a valid URI\n", -+ attname, URL, NULL); -+ } else { -+ if ((ctxt->pedantic) && (uri->scheme == NULL)) { -+ xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE, -+ "xmlns:%s: URI %s is not absolute\n", -+ attname, URL, NULL); -+ } -+ xmlFreeURI(uri); -+ } -+ } - -- /* -- * Add the pair to atts -- */ -- if ((atts == NULL) || (nbatts + 5 > maxatts)) { -- if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) { -- if (attvalue[len] == 0) -- xmlFree(attvalue); -- goto failed; -- } -- maxatts = ctxt->maxatts; -- atts = ctxt->atts; -- } -- ctxt->attallocs[nratts++] = alloc; -- atts[nbatts++] = attname; -- atts[nbatts++] = aprefix; -- atts[nbatts++] = NULL; /* the URI will be fetched later */ -- atts[nbatts++] = attvalue; -- attvalue += len; -- atts[nbatts++] = attvalue; -- /* -- * tag if some deallocation is needed -- */ -- if (alloc != 0) attval = 1; -- } else { -- if ((attvalue != NULL) && (attvalue[len] == 0)) -- xmlFree(attvalue); -- } -+ /* -+ * check that it's not a defined namespace -+ */ -+ for (j = 1;j <= nbNs;j++) -+ if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname) -+ break; -+ if (j <= nbNs) -+ xmlErrAttributeDup(ctxt, aprefix, attname); -+ else -+ if (nsPush(ctxt, attname, URL) > 0) nbNs++; -+ -+ } else { -+ /* -+ * Add the pair to atts -+ */ -+ if ((atts == NULL) || (nbatts + 5 > maxatts)) { -+ if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) { -+ goto next_attr; -+ } -+ maxatts = ctxt->maxatts; -+ atts = ctxt->atts; -+ } -+ ctxt->attallocs[nratts++] = alloc; -+ atts[nbatts++] = attname; -+ atts[nbatts++] = aprefix; -+ /* -+ * The namespace URI field is used temporarily to point at the -+ * base of the current input buffer for non-alloced attributes. -+ * When the input buffer is reallocated, all the pointers become -+ * invalid, but they can be reconstructed later. -+ */ -+ if (alloc) -+ atts[nbatts++] = NULL; -+ else -+ atts[nbatts++] = ctxt->input->base; -+ atts[nbatts++] = attvalue; -+ attvalue += len; -+ atts[nbatts++] = attvalue; -+ /* -+ * tag if some deallocation is needed -+ */ -+ if (alloc != 0) attval = 1; -+ attvalue = NULL; /* moved into atts */ -+ } - --failed: -+next_attr: -+ if ((attvalue != NULL) && (alloc != 0)) { -+ xmlFree(attvalue); -+ attvalue = NULL; -+ } - - GROW - if (ctxt->instate == XML_PARSER_EOF) - break; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; - if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>')))) - break; - if (!IS_BLANK_CH(RAW)) { -@@ -9646,8 +9610,20 @@ failed: - break; - } - GROW; -- if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) -- goto base_changed; -+ } -+ -+ /* Reconstruct attribute value pointers. */ -+ for (i = 0, j = 0; j < nratts; i += 5, j++) { -+ if (atts[i+2] != NULL) { -+ /* -+ * Arithmetic on dangling pointers is technically undefined -+ * behavior, but well... -+ */ -+ ptrdiff_t offset = ctxt->input->base - atts[i+2]; -+ atts[i+2] = NULL; /* Reset repurposed namespace URI */ -+ atts[i+3] += offset; /* value */ -+ atts[i+4] += offset; /* valuend */ -+ } - } - - /* -@@ -9804,34 +9780,6 @@ failed: - } - - return(localname); -- --base_changed: -- /* -- * the attribute strings are valid iif the base didn't changed -- */ -- if (attval != 0) { -- for (i = 3,j = 0; j < nratts;i += 5,j++) -- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL)) -- xmlFree((xmlChar *) atts[i]); -- } -- -- /* -- * We can't switch from one entity to another in the middle -- * of a start tag -- */ -- if (inputNr != ctxt->inputNr) { -- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY, -- "Start tag doesn't start and stop in the same entity\n"); -- return(NULL); -- } -- -- ctxt->input->cur = ctxt->input->base + cur; -- ctxt->input->line = oldline; -- ctxt->input->col = oldcol; -- if (ctxt->wellFormed == 1) { -- goto reparse; -- } -- return(NULL); - } - - /** -diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err -index e08d9bf..f6036a3 100644 ---- a/result/errors/759398.xml.err -+++ b/result/errors/759398.xml.err -@@ -1,9 +1,12 @@ - ./test/errors/759398.xml:210: parser error : StartTag: invalid element name - need to worry about parsers whi -+ ^ -+./test/errors/759398.xml:316: parser error : Extra content at the end of the document -+ -+^ -diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err -index 4f08538..c4c4fc8 100644 ---- a/result/errors/attr1.xml.err -+++ b/result/errors/attr1.xml.err -@@ -1,6 +1,9 @@ - ./test/errors/attr1.xml:2: parser error : AttValue: ' expected - - ^ --./test/errors/attr1.xml:1: parser error : Extra content at the end of the document --ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo -- ^ -+./test/errors/attr2.xml:2: parser error : attributes construct error -+ -+^ -+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1 -+ -+^ -diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err -index a6649a1..8a6acee 100644 ---- a/result/errors/name2.xml.err -+++ b/result/errors/name2.xml.err -@@ -1,6 +1,9 @@ - ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo - - ^ --./test/errors/name2.xml:1: parser error : Extra content at the end of the document -- -Signed-off-by: Pascal Bach - -diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror -new file mode 100644 -index 0000000..d589882 ---- /dev/null -+++ b/result/XPath/xptr/viderror -@@ -0,0 +1,4 @@ -+ -+======================== -+Expression: xpointer(non-existing-fn()/range-to(id('chapter2'))) -+Object is empty (NULL) -diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror -new file mode 100644 -index 0000000..da8c53b ---- /dev/null -+++ b/test/XPath/xptr/viderror -@@ -0,0 +1 @@ -+xpointer(non-existing-fn()/range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index 113bce6..d992841 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { - * compute depth to root - */ - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { -- if (cur == node1) -+ if (cur->parent == node1) - return(1); - depth2++; - } - root = cur; - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { -- if (cur == node2) -+ if (cur->parent == node2) - return(-1); - depth1++; - } -@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) - xmlNodeSetPtr oldset; - int i, j; - -- if (op->ch1 != -1) -+ if (op->ch1 != -1) { - total += - xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); -+ CHECK_ERROR0; -+ } -+ if (ctxt->value == NULL) { -+ XP_ERROR0(XPATH_INVALID_OPERAND); -+ } - if (op->ch2 == -1) - return (total); - diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch index 6e56857caf..cb171d5b36 100644 --- a/meta/recipes-core/libxml/libxml2/runtest.patch +++ b/meta/recipes-core/libxml/libxml2/runtest.patch @@ -2,47 +2,29 @@ Add 'install-ptest' rule. Print a standard result line for each test. Signed-off-by: Mihaela Sendrea -Signed-off-by: Andrej Valek +Signed-off-by: Andrej Valek Upstream-Status: Backport diff -uNr a/Makefile.am b/Makefile.am ---- a/Makefile.am 2016-05-22 03:49:02.000000000 +0200 -+++ b/Makefile.am 2017-06-14 10:38:43.381305385 +0200 -@@ -202,10 +202,24 @@ +--- a/Makefile.am 2017-08-28 15:01:14.000000000 +0200 ++++ b/Makefile.am 2017-09-05 08:06:05.752287323 +0200 +@@ -202,6 +202,15 @@ #testOOM_DEPENDENCIES = $(DEPS) #testOOM_LDADD= $(LDADDS) +install-ptest: + @(if [ -d .libs ] ; then cd .libs; fi; \ -+ install $(noinst_PROGRAMS) $(DESTDIR)) ++ install $(check_PROGRAMS) $(DESTDIR)) + cp -r $(srcdir)/test $(DESTDIR) + cp -r $(srcdir)/result $(DESTDIR) + cp -r $(srcdir)/python $(DESTDIR) + cp Makefile $(DESTDIR) + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile + - runtests: + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) [ -d test ] || $(LN_S) $(srcdir)/test . - [ -d result ] || $(LN_S) $(srcdir)/result . -- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT) -+ $(CHECKER) ./runtest$(EXEEXT) && \ -+ $(CHECKER) ./testrecurse$(EXEEXT) && \ -+ ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \ -+ $(CHECKER) ./testchar$(EXEEXT) && \ -+ $(CHECKER) ./testdict$(EXEEXT) && \ -+ $(CHECKER) ./runxmlconf$(EXEEXT) - @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \ - $(MAKE) tests ; fi) - -@@ -229,7 +243,7 @@ - - APItests: testapi$(EXEEXT) - @echo "## Running the API regression tests this may take a little while" -- -@($(CHECKER) $(top_builddir)/testapi -q) -+ -@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q) - - HTMLtests : testHTML$(EXEEXT) - @(echo > .memdump) + diff -uNr a/runsuite.c b/runsuite.c --- a/runsuite.c 2013-04-12 16:17:11.462823238 +0200 +++ b/runsuite.c 2013-04-17 14:07:24.352693211 +0200 -- cgit 1.2.3-korg