]>
granicus.if.org Git - libexpat/log
Sebastian Pipping [Sun, 28 May 2017 22:03:02 +0000 (00:03 +0200)]
Detect XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2 (issue #33)
Sebastian Pipping [Sun, 28 May 2017 19:57:37 +0000 (21:57 +0200)]
Detect overflow from len=INT_MAX call to XML_Parse
Relevant only when XML_CONTEXT_BYTES not defined
Sebastian Pipping [Sun, 28 May 2017 19:35:12 +0000 (21:35 +0200)]
Reject negative length call to XML_Parse
Sebastian Pipping [Sun, 28 May 2017 19:28:59 +0000 (21:28 +0200)]
Set errorCode for XML_Parse on NULL parser
Related to
56c75720c2115deb9358a95670be5f9dd5f6e945
Sebastian Pipping [Sun, 28 May 2017 18:50:43 +0000 (20:50 +0200)]
Address unused variable warning (for XML_CONTEXT_BYTES not defined)
Sebastian Pipping [Sun, 28 May 2017 13:02:19 +0000 (15:02 +0200)]
Address warning "initializer element is not computable at load time"
Sebastian Pipping [Thu, 25 May 2017 13:32:09 +0000 (15:32 +0200)]
Merge branch 'underscore-win32' (remake of pull request #10)
Sebastian Pipping [Thu, 25 May 2017 13:17:39 +0000 (15:17 +0200)]
Changes: Adjust indentation
Sebastian Pipping [Thu, 25 May 2017 13:24:43 +0000 (15:24 +0200)]
Changes: Document move from WIN32 to _WIN32
Sebastian Pipping [Thu, 25 May 2017 13:15:08 +0000 (15:15 +0200)]
Visual Studio 20xx: No longer define WIN32
Sebastian Pipping [Thu, 25 May 2017 13:13:10 +0000 (15:13 +0200)]
CMake: No longer define WIN32
Sebastian Pipping [Thu, 25 May 2017 13:06:28 +0000 (15:06 +0200)]
Replace WIN32 by _WIN32 in code
Rhodri James [Tue, 25 Apr 2017 14:15:56 +0000 (15:15 +0100)]
Prevent use of uninitialised variable
I don't believe the value of 'next' is actually used if it is not
set by the tokenizer, but this is very hard to prove. For safety,
we give it a safe default value.
Sebastian Pipping [Wed, 24 May 2017 19:09:23 +0000 (21:09 +0200)]
Validate parser parameter to XML_UseParserAsHandlerArg
Sebastian Pipping [Wed, 24 May 2017 19:04:08 +0000 (21:04 +0200)]
Merge branch 'null-checks'
Sebastian Pipping [Wed, 24 May 2017 18:52:16 +0000 (20:52 +0200)]
Make XML_GetInputContext parameter validation more flexible
Rhodri James [Tue, 25 Apr 2017 17:48:16 +0000 (18:48 +0100)]
Validate parser parameter to XML_DefaultCurrent
Rhodri James [Tue, 25 Apr 2017 17:46:51 +0000 (18:46 +0100)]
Validate parser parameter to XML_MemFree
Rhodri James [Tue, 25 Apr 2017 17:45:39 +0000 (18:45 +0100)]
Validate parser parameter to XML_MemRealloc
Rhodri James [Tue, 25 Apr 2017 17:44:41 +0000 (18:44 +0100)]
Validate parser parameter to XML_MemMalloc
Rhodri James [Tue, 25 Apr 2017 17:43:18 +0000 (18:43 +0100)]
Validate parser parameter to XML_FreeContentModel
Rhodri James [Tue, 25 Apr 2017 17:37:37 +0000 (18:37 +0100)]
Validate parser parameter to XML_GetCurrentColumnNumber
Rhodri James [Tue, 25 Apr 2017 17:35:11 +0000 (18:35 +0100)]
Validate parser parameter to XML_GetCurrentLineNumber
Rhodri James [Tue, 25 Apr 2017 17:32:34 +0000 (18:32 +0100)]
Validate parameters to XML_GetInputContext
Rhodri James [Tue, 25 Apr 2017 17:30:29 +0000 (18:30 +0100)]
Validate parser parameter to XML_GetCurrentByteCount
Rhodri James [Tue, 25 Apr 2017 17:28:35 +0000 (18:28 +0100)]
Validate the parser parameter to XML_GetCurrentByteIndex
Rhodri James [Tue, 25 Apr 2017 17:24:09 +0000 (18:24 +0100)]
Validate parser parameter to XML_GetErrorCode
Rhodri James [Tue, 25 Apr 2017 17:18:57 +0000 (18:18 +0100)]
Validate parser parameter for XML_GetParsingStatus
Rhodri James [Tue, 25 Apr 2017 17:17:36 +0000 (18:17 +0100)]
Validate parser parameter for XML_ResumeParser
Rhodri James [Tue, 25 Apr 2017 17:16:13 +0000 (18:16 +0100)]
Validate parser parameter for XML_StopParser
Rhodri James [Tue, 25 Apr 2017 17:14:52 +0000 (18:14 +0100)]
Validate parser parameter for XML_GetBuffer
Rhodri James [Tue, 25 Apr 2017 17:13:36 +0000 (18:13 +0100)]
Validate parser parameter for XML_ParseBuffer
Rhodri James [Tue, 25 Apr 2017 17:10:58 +0000 (18:10 +0100)]
Validate "parser" and "s" parameters to XML_Parse
Rhodri James [Tue, 25 Apr 2017 16:57:34 +0000 (17:57 +0100)]
Validate parser parameter to XML_SetHashSalt
Rhodri James [Tue, 25 Apr 2017 16:55:57 +0000 (17:55 +0100)]
Validate parser parameter to XML_SetParamentityParsing
Rhodri James [Tue, 25 Apr 2017 16:52:04 +0000 (17:52 +0100)]
Validate parser parameter to XML_SetXmlDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:50:20 +0000 (17:50 +0100)]
Validate parser parameter to XML_SetEntityDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:49:23 +0000 (17:49 +0100)]
Validate parser parameter to XML_SetAttlistDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:46:06 +0000 (17:46 +0100)]
Validate parser parameter to XML_SetElementDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:45:08 +0000 (17:45 +0100)]
Validate parser parameter to XML_SetUnknownEncodingHandler
Rhodri James [Tue, 25 Apr 2017 16:44:00 +0000 (17:44 +0100)]
Validate parser parameter to XML_SetSkippedEntityHandler
Rhodri James [Tue, 25 Apr 2017 16:42:55 +0000 (17:42 +0100)]
Validate parser parameter to XML_SetExternalEntityRefHandlerArg
Rhodri James [Tue, 25 Apr 2017 16:41:47 +0000 (17:41 +0100)]
Validate parser parameter to XML_SetExternalEntityRefHandler
Rhodri James [Tue, 25 Apr 2017 16:40:49 +0000 (17:40 +0100)]
Validate parser parameter to XML_SetNotStandaloneHandler
Rhodri James [Tue, 25 Apr 2017 16:38:34 +0000 (17:38 +0100)]
Validate parser parameter in XML_SetEndNamespaceDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:36:40 +0000 (17:36 +0100)]
Validate parser parameter to XML_SetStartNamespaceDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:35:10 +0000 (17:35 +0100)]
Validate parser parameter to XML_SetStartNamespaceDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:33:31 +0000 (17:33 +0100)]
Validate parser parameter to XML_SetNotationDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:32:04 +0000 (17:32 +0100)]
Validate parser parameter to XML_SetUnparsedEntityDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:29:43 +0000 (17:29 +0100)]
Validate parser parameter to XML_SetEndDoctypeDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:28:35 +0000 (17:28 +0100)]
Validate parser parameter to XML_SetStartDoctypeDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:27:00 +0000 (17:27 +0100)]
Validate parser parameter to XML_SetDoctypeDeclHandler
Rhodri James [Tue, 25 Apr 2017 16:22:19 +0000 (17:22 +0100)]
Validate parser parameter to XML_SetDefaultHandlerExpand
Rhodri James [Tue, 25 Apr 2017 16:20:31 +0000 (17:20 +0100)]
Validate parser parameter to XML_SetDefaultHandler
Rhodri James [Tue, 25 Apr 2017 16:19:05 +0000 (17:19 +0100)]
Validate parser parameter to XML_SetEndCdataSectionHandler
Rhodri James [Tue, 25 Apr 2017 16:17:26 +0000 (17:17 +0100)]
Validate parser parameter to XML_SetStartCdataSectionHandler
Rhodri James [Tue, 25 Apr 2017 16:15:57 +0000 (17:15 +0100)]
Validate parser parameter to XML_SetCdataSectionHandler
Rhodri James [Tue, 25 Apr 2017 16:13:52 +0000 (17:13 +0100)]
Validate parser parameter to XML_SetCommentHandler
Rhodri James [Tue, 25 Apr 2017 16:12:27 +0000 (17:12 +0100)]
Validate parser parameter to XML_SetProcssingInstructionHandler
Rhodri James [Tue, 25 Apr 2017 16:10:49 +0000 (17:10 +0100)]
Validate parser parameter to XML_SetCharacterDataHandler
Rhodri James [Tue, 25 Apr 2017 16:08:29 +0000 (17:08 +0100)]
Validate parser parameter to XML_SetEndElementHandler
Rhodri James [Tue, 25 Apr 2017 16:06:36 +0000 (17:06 +0100)]
Validate parser parameter to XML_SetStartElementHandler
Rhodri James [Tue, 25 Apr 2017 16:03:25 +0000 (17:03 +0100)]
Validate parser parameter to XML_SetElementHandler
Rhodri James [Tue, 25 Apr 2017 16:02:04 +0000 (17:02 +0100)]
Validate parser parameter to XML_GetAttributeInfo
Rhodri James [Tue, 25 Apr 2017 15:53:33 +0000 (16:53 +0100)]
Validate parser parameter to XML_GetIdAttributeIndex
Rhodri James [Tue, 25 Apr 2017 15:50:15 +0000 (16:50 +0100)]
Validate parser parameter to XML_GetSpecifiedAttributeCount
Rhodri James [Tue, 25 Apr 2017 15:37:34 +0000 (16:37 +0100)]
Validate parser parameter to XML_GetBase
Rhodri James [Tue, 25 Apr 2017 15:32:54 +0000 (16:32 +0100)]
Validate parser parameter to XML_SetBase
Rhodri James [Tue, 25 Apr 2017 15:29:27 +0000 (16:29 +0100)]
Validate parser parameter to XML_SetUserData
Rhodri James [Tue, 25 Apr 2017 15:26:20 +0000 (16:26 +0100)]
Validate parser parameter to XML_SetReturnNSTriplet
Rhodri James [Tue, 25 Apr 2017 15:21:27 +0000 (16:21 +0100)]
Validate parser parameter to XML_UseForeignDTD.
Rhodri James [Tue, 25 Apr 2017 15:16:27 +0000 (16:16 +0100)]
Validate oldParser parameter to XML_ExternalEntityParserCreate
Rhodri James [Tue, 25 Apr 2017 14:49:05 +0000 (15:49 +0100)]
Validate parser parameter to XML_SetEncoding
Rhodri James [Tue, 25 Apr 2017 14:41:01 +0000 (15:41 +0100)]
Validate parser parameter to XML_ParserReset()
Rhodri James [Wed, 24 May 2017 12:23:31 +0000 (13:23 +0100)]
Fix misuse of realloc in tcase_add_test()
Sebastian Pipping [Wed, 24 May 2017 16:52:27 +0000 (18:52 +0200)]
Merge branch 'mmap-int-max' (fixes #28)
Sebastian Pipping [Wed, 24 May 2017 16:48:16 +0000 (18:48 +0200)]
Changes: Document fix for #28
Sebastian Pipping [Mon, 22 May 2017 23:48:52 +0000 (01:48 +0200)]
Disable memory-mapping for files larger than INT_MAX / 2 + 1
Sebastian Pipping [Tue, 23 May 2017 20:18:47 +0000 (22:18 +0200)]
Makefile: Make xmlwf/filemap.o depend on xmlwf/filemap.h
Sebastian Pipping [Mon, 22 May 2017 23:26:17 +0000 (01:26 +0200)]
xmlwf/win32filemap.c: Add two missing calls to CloseHandle
Sebastian Pipping [Tue, 16 May 2017 17:56:57 +0000 (19:56 +0200)]
Merge branch 'cross-coverage' (pull request #27)
Sebastian Pipping [Thu, 11 May 2017 07:02:03 +0000 (09:02 +0200)]
Remove in favor of https://libexpat.github.io/ (issue #1)
As htdocs/index.html included a change log: A (more recent)
plain text version of the change log can be found at expat/Changes.
Sebastian Pipping [Thu, 11 May 2017 06:53:47 +0000 (08:53 +0200)]
Changes: Group security notes for 2.1.0 as done in htdocs/index.html
Sebastian Pipping [Mon, 8 May 2017 18:20:50 +0000 (20:20 +0200)]
coverage.sh: Announce commands
Sebastian Pipping [Mon, 8 May 2017 18:20:28 +0000 (20:20 +0200)]
coverage.sh: Indent output
Sebastian Pipping [Mon, 8 May 2017 18:19:43 +0000 (20:19 +0200)]
coverage.sh: Show output of "make check run-xmltest"
Sebastian Pipping [Sat, 6 May 2017 21:51:42 +0000 (23:51 +0200)]
Add script to collect and combine code coverage across different build configurations
e.g. with XML_CONTEXT_BYTES defined and without
Sebastian Pipping [Fri, 5 May 2017 23:42:29 +0000 (01:42 +0200)]
Merge branch 'pool-grow-overflow'
Sebastian Pipping [Fri, 5 May 2017 20:10:44 +0000 (22:10 +0200)]
Add issue #25 in change log
Sebastian Pipping [Fri, 5 May 2017 20:04:02 +0000 (22:04 +0200)]
Detect integer overflow in poolGrow function (issue #25)
Sebastian Pipping [Fri, 5 May 2017 19:53:12 +0000 (21:53 +0200)]
Extract function poolBytesToAllocateFor to add overflow detection (issue #25)
Sebastian Pipping [Wed, 3 May 2017 16:22:21 +0000 (18:22 +0200)]
Makefile.in: Have "make clean" remove tests/memcheck.o (fixes #22, related #17)
Sebastian Pipping [Mon, 1 May 2017 13:53:47 +0000 (15:53 +0200)]
Changes: Document CVE-2016-9063
Sebastian Pipping [Wed, 12 Apr 2017 21:55:45 +0000 (23:55 +0200)]
Detect integer overflow (CVE-2016-9063)
Needs XML_CONTEXT_BYTES to be _undefined_ to trigger,
default is defined and set to 1024.
Previously patched downstream, e.g.
https://sources.debian.net/src/expat/2.2.0-2/debian/patches/CVE-2016-9063.patch/
https://bug1274777.bmoattachments.org/attachment.cgi?id=
8755538
This version avoids undefined behavior from _signed_ integer overflow.
Signed-off-by: Pascal Cuoq <cuoq@trust-in-soft.com>
Sebastian Pipping [Tue, 2 May 2017 22:37:02 +0000 (00:37 +0200)]
tests: Fix test_byte_info_at_cdata for undefined XML_CONTEXT_BYTES
Sebastian Pipping [Sun, 30 Apr 2017 23:13:40 +0000 (01:13 +0200)]
Drop Open Watcom specific code (issues #14 and #21)
Sebastian Pipping [Wed, 26 Apr 2017 21:38:43 +0000 (23:38 +0200)]
htdocs/index.html: Update Git repo and bug report links (issue #1)
Sebastian Pipping [Wed, 26 Apr 2017 17:05:08 +0000 (19:05 +0200)]
Changes: Document fix to issue #17
Sebastian Pipping [Tue, 25 Apr 2017 22:08:03 +0000 (00:08 +0200)]
MANIFEST: Add memcheck.{c,h} (issue #17)
Rhodri James [Tue, 11 Apr 2017 11:44:25 +0000 (12:44 +0100)]
Tidy up attribute prefix bindings on error (fixes #17)