]>
granicus.if.org Git - libexpat/log
Sebastian Pipping [Fri, 5 May 2017 23:42:29 +0000 (01:42 +0200)]
Merge branch 'pool-grow-overflow'
Sebastian Pipping [Fri, 5 May 2017 20:10:44 +0000 (22:10 +0200)]
Add issue #25 in change log
Sebastian Pipping [Fri, 5 May 2017 20:04:02 +0000 (22:04 +0200)]
Detect integer overflow in poolGrow function (issue #25)
Sebastian Pipping [Fri, 5 May 2017 19:53:12 +0000 (21:53 +0200)]
Extract function poolBytesToAllocateFor to add overflow detection (issue #25)
Sebastian Pipping [Wed, 3 May 2017 16:22:21 +0000 (18:22 +0200)]
Makefile.in: Have "make clean" remove tests/memcheck.o (fixes #22, related #17)
Sebastian Pipping [Mon, 1 May 2017 13:53:47 +0000 (15:53 +0200)]
Changes: Document CVE-2016-9063
Sebastian Pipping [Wed, 12 Apr 2017 21:55:45 +0000 (23:55 +0200)]
Detect integer overflow (CVE-2016-9063)
Needs XML_CONTEXT_BYTES to be _undefined_ to trigger,
default is defined and set to 1024.
Previously patched downstream, e.g.
https://sources.debian.net/src/expat/2.2.0-2/debian/patches/CVE-2016-9063.patch/
https://bug1274777.bmoattachments.org/attachment.cgi?id=
8755538
This version avoids undefined behavior from _signed_ integer overflow.
Signed-off-by: Pascal Cuoq <cuoq@trust-in-soft.com>
Sebastian Pipping [Tue, 2 May 2017 22:37:02 +0000 (00:37 +0200)]
tests: Fix test_byte_info_at_cdata for undefined XML_CONTEXT_BYTES
Sebastian Pipping [Sun, 30 Apr 2017 23:13:40 +0000 (01:13 +0200)]
Drop Open Watcom specific code (issues #14 and #21)
Sebastian Pipping [Wed, 26 Apr 2017 21:38:43 +0000 (23:38 +0200)]
htdocs/index.html: Update Git repo and bug report links (issue #1)
Sebastian Pipping [Wed, 26 Apr 2017 17:05:08 +0000 (19:05 +0200)]
Changes: Document fix to issue #17
Sebastian Pipping [Tue, 25 Apr 2017 22:08:03 +0000 (00:08 +0200)]
MANIFEST: Add memcheck.{c,h} (issue #17)
Rhodri James [Tue, 11 Apr 2017 11:44:25 +0000 (12:44 +0100)]
Tidy up attribute prefix bindings on error (fixes #17)
Rhodri James [Tue, 11 Apr 2017 11:42:12 +0000 (12:42 +0100)]
Pull freeing of attribute bindings into a static function (issue #17)
Rhodri James [Tue, 25 Apr 2017 22:01:56 +0000 (00:01 +0200)]
Test to catch Issue #17
Sebastian Pipping [Tue, 25 Apr 2017 21:47:00 +0000 (23:47 +0200)]
expat.spec: Pull version back in sync
Sebastian Pipping [Tue, 25 Apr 2017 21:36:46 +0000 (23:36 +0200)]
Changes: Document droppings (issue #14)
Sebastian Pipping [Tue, 25 Apr 2017 21:11:48 +0000 (23:11 +0200)]
*.dsp,*.dsw: Drop Visual Studio 6.0 (issue #14)
Sebastian Pipping [Tue, 25 Apr 2017 21:10:21 +0000 (23:10 +0200)]
watcom: Drop Open Watcom build system (issue #14)
Sebastian Pipping [Tue, 25 Apr 2017 21:09:59 +0000 (23:09 +0200)]
vms: Drop OpenVMS build system (issue #14)
Sebastian Pipping [Tue, 25 Apr 2017 21:08:58 +0000 (23:08 +0200)]
bcb5: Drop Borland build system (issue #14)
Sebastian Pipping [Tue, 25 Apr 2017 21:08:30 +0000 (23:08 +0200)]
amiga: Drop AmigaOS 4.x code (issue #14)
Sebastian Pipping [Wed, 12 Apr 2017 21:41:44 +0000 (23:41 +0200)]
configure.ac: Add --(en|dis)able-xml-context
Sebastian Pipping [Wed, 29 Mar 2017 17:11:16 +0000 (19:11 +0200)]
utf8_toUtf8: Cut off partial characters in case of sufficient space, too (closes #16)
Also, report XML_CONVERT_INPUT_INCOMPLETE properly.
Sebastian Pipping [Thu, 16 Mar 2017 14:51:33 +0000 (15:51 +0100)]
Address 64bit MinGW compile warning (fixes #15)
../../../xmlparse.c: In function ‘generate_hash_secret_salt’:
../../../xmlparse.c:725:42: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
gather_time_entropy() ^ getpid() ^ (unsigned long)parser;
^
Thanks to Viktor Szakats.
Sebastian Pipping [Mon, 13 Mar 2017 20:20:56 +0000 (21:20 +0100)]
"make run-xmltest" order instability once more (issue #13)
Sebastian Pipping [Mon, 13 Mar 2017 17:59:01 +0000 (18:59 +0100)]
Makefile: Turn xmlts.zip download to https
Sebastian Pipping [Mon, 13 Mar 2017 17:52:09 +0000 (18:52 +0100)]
Travis: Have xmlts.zip bypass git clean -X
Sebastian Pipping [Mon, 13 Mar 2017 17:43:19 +0000 (18:43 +0100)]
Travis: Inline .travis.sh for better integration
Sebastian Pipping [Mon, 13 Mar 2017 17:27:11 +0000 (18:27 +0100)]
Travis: Pull xmlts.zip download out of script section
.. so that temporary download issues count for setup issues,
not script execution
Sebastian Pipping [Mon, 13 Mar 2017 17:23:54 +0000 (18:23 +0100)]
Travis: Move from sudo to apt addon
Rhodri James [Wed, 8 Feb 2017 15:16:19 +0000 (15:16 +0000)]
Check that version information is consistent
Rhodri James [Wed, 8 Feb 2017 14:40:37 +0000 (14:40 +0000)]
Test XML_ErrorString range checking
Sebastian Pipping [Mon, 13 Mar 2017 17:04:04 +0000 (18:04 +0100)]
Tests: Make dealing with global parser instance more robust
Rhodri James [Wed, 8 Feb 2017 14:27:44 +0000 (14:27 +0000)]
Free the content model when used
Rhodri James [Wed, 8 Feb 2017 14:15:21 +0000 (14:15 +0000)]
Add test coverage of XML_GetInputContext()
Sebastian Pipping [Mon, 13 Mar 2017 16:39:14 +0000 (17:39 +0100)]
Tests: Address wildcard expansion order variance (fixes #13)
Rhodri James [Wed, 8 Feb 2017 14:03:31 +0000 (14:03 +0000)]
Check byte information behaviour in handlers
Rhodri James [Wed, 8 Feb 2017 13:54:59 +0000 (13:54 +0000)]
Extend coverage of byte information function tests
Rhodri James [Wed, 8 Feb 2017 13:31:42 +0000 (13:31 +0000)]
Test byte information functions
Rhodri James [Wed, 8 Feb 2017 13:06:32 +0000 (13:06 +0000)]
Improve test coverage of XML_ResumeParser
Rhodri James [Wed, 8 Feb 2017 12:54:51 +0000 (12:54 +0000)]
Extend test coverage of XML_ResumeParser
Rhodri James [Wed, 8 Feb 2017 12:06:30 +0000 (12:06 +0000)]
Extend test coverage of XML_ResumeParser()
Rhodri James [Wed, 8 Feb 2017 11:59:45 +0000 (11:59 +0000)]
Test XML_StopParser() in external entity parsing
Rhodri James [Tue, 7 Feb 2017 19:43:44 +0000 (19:43 +0000)]
Increase test coverage of XML_StopParser
Sebastian Pipping [Wed, 8 Mar 2017 21:20:42 +0000 (22:20 +0100)]
Fix __func__ for -std=c89 with GCC 5.4.0 (fixes #12)
GCC 5.4.0 does not define __STDC_VERSION__ when -std=c89 is passed.
Sebastian Pipping [Wed, 8 Mar 2017 21:12:26 +0000 (22:12 +0100)]
configure.ac: Fix const correctness in check for __func__
Rhodri James [Tue, 7 Feb 2017 18:27:01 +0000 (18:27 +0000)]
Extend tests of XML_GetBuffer for still more coverage
Rhodri James [Tue, 7 Feb 2017 18:05:55 +0000 (18:05 +0000)]
Extend XML_GetBuffer testing coverage
Rhodri James [Tue, 7 Feb 2017 17:23:11 +0000 (17:23 +0000)]
Further test coverage of XML_GetBuffer
Rhodri James [Tue, 7 Feb 2017 15:12:55 +0000 (15:12 +0000)]
Extend tests to XML_GetBuffer in various circumstances
Rhodri James [Tue, 7 Feb 2017 15:00:25 +0000 (15:00 +0000)]
Test XML_ParseBuffer API in various parse states
Rhodri James [Tue, 7 Feb 2017 12:49:13 +0000 (12:49 +0000)]
Extend empty string parse tests
Rhodri James [Tue, 7 Feb 2017 11:55:51 +0000 (11:55 +0000)]
Test parsing a zero-length string
Rhodri James [Tue, 7 Feb 2017 11:46:55 +0000 (11:46 +0000)]
Check parsing is faulted once parser is FINISHED
Rhodri James [Mon, 6 Feb 2017 18:58:59 +0000 (18:58 +0000)]
Check XML_Parse faults parsing while suspended
Rhodri James [Mon, 6 Feb 2017 18:53:01 +0000 (18:53 +0000)]
Check manual setting of hash salt
Rhodri James [Mon, 6 Feb 2017 18:30:36 +0000 (18:30 +0000)]
Check entity parsing policy can't be changed mid-parse
Rhodri James [Tue, 21 Feb 2017 12:47:28 +0000 (12:47 +0000)]
Test XML declaration handler
Rhodri James [Tue, 21 Feb 2017 12:43:22 +0000 (12:43 +0000)]
Check skipped entity handler
Rhodri James [Tue, 21 Feb 2017 12:37:43 +0000 (12:37 +0000)]
Check clearing of external entity handler parameter
Rhodri James [Mon, 6 Feb 2017 17:11:52 +0000 (17:11 +0000)]
Test NotStandalone handlers
Rhodri James [Mon, 6 Feb 2017 16:55:29 +0000 (16:55 +0000)]
Call namespace declaration start and end handlers
Rhodri James [Mon, 6 Feb 2017 16:35:04 +0000 (16:35 +0000)]
Ensure unparsed entity handler gets set
This adds test coverage for an obsolete handler that is supported
only for backwards compatibility. While it is supported, we should
test it.
Rhodri James [Mon, 6 Feb 2017 16:27:09 +0000 (16:27 +0000)]
Extend coverage to XML_{Start|End}DoctypeDeclHandler
Rhodri James [Mon, 6 Feb 2017 15:49:43 +0000 (15:49 +0000)]
Extend test_return_ns_triplet() to improve code coverage
Rhodri James [Tue, 21 Feb 2017 12:10:20 +0000 (12:10 +0000)]
Test non-NULL external entity ref handler parameter
Rhodri James [Tue, 21 Feb 2017 11:46:52 +0000 (11:46 +0000)]
Extend test of passing parser as userData
Sebastian Pipping [Sun, 19 Feb 2017 20:31:02 +0000 (21:31 +0100)]
Configure Travis CI (issue #2)
Rhodri James [Fri, 3 Feb 2017 18:19:56 +0000 (18:19 +0000)]
Test XML_SetEncoding against memory allocation failures
Rhodri James [Fri, 3 Feb 2017 18:37:42 +0000 (18:37 +0000)]
Test XML_SetBase against failing memory allocations
Rhodri James [Fri, 3 Feb 2017 18:19:56 +0000 (18:19 +0000)]
Test XML_SetEncoding against memory allocation failures
Rhodri James [Fri, 3 Feb 2017 18:13:00 +0000 (18:13 +0000)]
Increase test coverage of XML_SetEncoding()
Rhodri James [Fri, 3 Feb 2017 18:00:20 +0000 (18:00 +0000)]
Test freeing a non-existent parser
Rhodri James [Fri, 3 Feb 2017 17:50:02 +0000 (17:50 +0000)]
Add some coverage of CDATA section handlers
Rhodri James [Fri, 3 Feb 2017 16:43:11 +0000 (16:43 +0000)]
Test XML_ParserReset in external entity parsing is ignored
Rhodri James [Fri, 3 Feb 2017 16:42:14 +0000 (16:42 +0000)]
Test XML_ParserReset in internal entity expansion
Rhodri James [Fri, 3 Feb 2017 14:25:41 +0000 (14:25 +0000)]
Test that XML_ParserReset() does reset the parse state
Rhodri James [Fri, 3 Feb 2017 13:58:11 +0000 (13:58 +0000)]
Test allocation failures when creating parser with encoding
Rhodri James [Fri, 3 Feb 2017 13:41:24 +0000 (13:41 +0000)]
Test ID attribute indexing
Rhodri James [Fri, 3 Feb 2017 12:54:37 +0000 (12:54 +0000)]
Test attribute reporting to start element handler
Rhodri James [Thu, 2 Feb 2017 18:38:33 +0000 (18:38 +0000)]
Test XML_SetBase() and XML_GetBase() return consistent results
Rhodri James [Thu, 2 Feb 2017 18:06:45 +0000 (18:06 +0000)]
Test XML_UseForeignDTD()
Rhodri James [Thu, 2 Feb 2017 16:13:19 +0000 (16:13 +0000)]
Add coverage test for DTD element declarations with contents
Rhodri James [Thu, 2 Feb 2017 14:22:57 +0000 (14:22 +0000)]
Test XML_DefaultCurrent() passes on handling correctly
Rhodri James [Wed, 1 Feb 2017 19:06:19 +0000 (19:06 +0000)]
Test memory allocation functions
Rhodri James [Wed, 1 Feb 2017 18:11:44 +0000 (18:11 +0000)]
Refactor allocation tests to reduce boilerplate
Rhodri James [Wed, 1 Feb 2017 17:49:23 +0000 (17:49 +0000)]
Test allocation failure handling in DTD elements
Rhodri James [Wed, 1 Feb 2017 16:15:39 +0000 (16:15 +0000)]
Extend test coverage of external entity allocation failures
Rhodri James [Wed, 1 Feb 2017 14:51:23 +0000 (14:51 +0000)]
Test that unrecognised encodings are rejected
Rhodri James [Wed, 1 Feb 2017 14:33:07 +0000 (14:33 +0000)]
Add test for allocation failures in internal entity encoding handler
Rhodri James [Wed, 1 Feb 2017 12:27:15 +0000 (12:27 +0000)]
Tweak tests to catch more allocation failure branches
Rhodri James [Tue, 31 Jan 2017 19:36:15 +0000 (19:36 +0000)]
Test namespace parsing with allocation failures
Rhodri James [Tue, 31 Jan 2017 19:06:33 +0000 (19:06 +0000)]
Test allocation failures during external entity parsing
Sebastian Pipping [Tue, 14 Feb 2017 22:56:25 +0000 (23:56 +0100)]
Changes: Add Rhodri James to special thanks
Sebastian Pipping [Tue, 14 Feb 2017 22:53:48 +0000 (23:53 +0100)]
Changes: Document fix to issue #3
Rhodri James [Tue, 31 Jan 2017 18:06:50 +0000 (18:06 +0000)]
Remove unused variable and fix comment. No functional changes.
Rhodri James [Tue, 31 Jan 2017 15:37:36 +0000 (15:37 +0000)]
Don't free a partially allocated element type twice (issue #3)
If memory allocation fails for default attributes of an element type
while copying a DTD, the element type itself was being freed.
Unfortunately it's already stored in the DTD by this point, so is
freed again when the DTD is destroyed.
Rhodri James [Tue, 31 Jan 2017 15:34:30 +0000 (15:34 +0000)]
Add a test for DTD duplication allocation failure
Rhodri James [Mon, 30 Jan 2017 17:51:50 +0000 (17:51 +0000)]
Add a test case for external entity parser allocation failures.