cheng/libexpat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,485 Commits 1 Branch 0 Tags 16 MiB
154e565f6e
Commit Graph

3050 Commits

Author SHA1 Message Date
Sebastian Pipping
f488b072b7 Changes: Document integer overflow CVE-2021-46143 2022-01-10 16:51:50 +01:00
Sebastian Pipping
85ae9a2d7d lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) 2022-01-10 16:51:14 +01:00
Sebastian Pipping
572ef7a2ac run.sh.in: Do not use Wine with Cygwin and MSYS2 2022-01-09 23:04:13 +01:00
Sebastian Pipping
f82a72271c Changes: Document CVE-2021-45960 2022-01-05 18:23:42 +01:00
Sebastian Pipping
0adcb34c49 lib: Detect and prevent troublesome left shifts in function storeAtts (CVE-2021-45960) 2022-01-05 18:23:42 +01:00
Sebastian Pipping
9470015a1f Actions: Check for realistic minimum CMake version requirement 2022-01-01 15:58:47 +01:00
Sebastian Pipping
2ed8e19ada CMake: Make call to file(GENERATE [..]) work for CMake <3.19 
Error from CMake 3.7.2 was:

CMake Error at CMakeLists.txt:482 (file):
  file Incorrect arguments to GENERATE subcommand.
 2021-12-31 20:49:00 +01:00
Sebastian Pipping
f4adc65cc8 coverage.sh: Simplify directory naming scheme 2021-12-28 01:25:16 +01:00
Sebastian Pipping
23e820aa25 coverage.sh: Start coveraging -m32 2021-12-28 01:25:16 +01:00
Sebastian Pipping
befef7e52a CMake: Add unofficial flag for passing 32bit compile flag -m32 2021-12-27 22:14:18 +01:00
Sebastian Pipping
c2b5d52404 xmlwf: Address Clang 13 warning -Wunused-but-set-variable 2021-12-26 19:51:44 +01:00
Sebastian Pipping
5bab452b49 lib: Address GCC 11.2.1 compiler warning 
Symptom was:

In file included from xmltok.c:58:
xmltok_ns.c: In function ‘findEncodingNS’:
xmltok.h:276:10: warning: ‘buf’ may be used uninitialized [-Wmaybe-uninitialized]
  276 |   (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
      |   ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’
   99 |   XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
      |   ^~~~~~~~~~~~~~
xmltok.h:276:10: note: by argument 5 of type ‘const char *’ to ‘enum XML_Convert_Result(const ENCODING *, const char **, const char *, char **, const char *)’ {aka ‘enum XML_Convert_Result(const struct encoding *, const char **, const char *, char **, const char *)’}
  276 |   (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
      |   ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xmltok_ns.c:99:3: note: in expansion of macro ‘XmlUtf8Convert’
   99 |   XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
      |   ^~~~~~~~~~~~~~
In file included from xmltok.c:1666:
xmltok_ns.c:96:8: note: ‘buf’ declared here
   96 |   char buf[ENCODING_MAX];
      |        ^~~
 2021-12-25 18:15:25 +01:00
Sebastian Pipping
9c42ebdd4a .gitignore: Fully cover ./distribute.sh output 2021-12-19 23:48:00 +01:00
Sebastian Pipping
4d9059d3cf Set expected release date for 2.4.2 2021-12-19 19:29:54 +01:00
Sebastian Pipping
f3f6ae617c Bump version to 2.4.2 2021-12-17 18:01:39 +01:00
Sebastian Pipping
716735e56b Bump version info from 9:1:8 to 9:2:8 
See https://verbump.de/ for what these numbers do
 2021-12-17 18:01:32 +01:00
Sebastian Pipping
96ff8de1d6 Changes: Document #502 #503 #507 #519 + fix reference to #498 2021-12-17 17:50:32 +01:00
Sebastian Pipping
8589e9598a CMake: Ensure libexpat*.lib filenames with MSVC 
This fixes a post-2.4.1 regression from
commit 3486fd6e3d
introduced by pull request #495.
 2021-12-15 16:40:15 +01:00
Sebastian Pipping
8c2b1853cd doc: Fix return value docs on XML_SetBillionLaughs[..] functions (#522) 2021-12-14 01:33:49 +01:00
Sebastian Pipping
5a4ec4cf7f autotools: Sync expat.cmake to agree with CI 2021-11-26 15:15:07 +01:00
Sebastian Pipping
c3300c9bf2 Get attribution headers back in sync 
Follow-up to pull requests #503 and #510
 2021-10-17 16:35:12 +02:00
Sebastian Pipping
105a5c6ee7 Changes: Document #513 and #514 2021-10-17 16:32:08 +02:00
Sebastian Pipping
c05efa1fbf Apply #514 to attribution headers 2021-10-17 16:28:01 +02:00
Dong-hee Na
59734d6e31 Reorder the location of including expat_config.h 2021-10-17 20:45:24 +09:00
Sebastian Pipping
0b7a88b355 Autotools|CMake: Link against libm for function "isnan" 
$ git --no-pager grep -lw isnan
lib/xmlparse.c
tests/runtests.c
xmlwf/xmlwf.c
 2021-09-20 18:27:52 +02:00
Sebastian Pipping
3914c2cb83 Autotools: Get CMake templates back in sync with ubuntu-20.04 2021-07-23 14:26:57 +02:00
Sebastian Pipping
f9eb8a1286 CMake: Improve summary output for multi-config builds 2021-07-06 16:22:38 +02:00
Sebastian Pipping
40bf9fe84a CMake: Report on effective CMake generator 2021-07-06 16:22:38 +02:00
Sebastian Pipping
19dd50990d Autotools: Simplify expat.pc templating (now that we can) 2021-07-06 16:22:38 +02:00
Sebastian Pipping
1d4bb74c34 CMake: Fix pkg-config section "Libs" for multi-config CMake generators 2021-07-06 16:22:38 +02:00
Kai Pastor
663e529eed Update URL in pc file 2021-07-06 16:22:38 +02:00
Sebastian Pipping
3486fd6e3d CMake: Fix pkg-config section "Libs" for non-release MinGW builds 2021-07-06 16:22:38 +02:00
Sebastian Pipping
7cf97a9bda CMake: Apply -DEXPAT_MSVC_STATIC_CRT=ON to off-grid built types 2021-07-06 16:22:38 +02:00
Sebastian Pipping
b73c80a727 CMake: Avoid empty CMAKE_BUILD_TYPE 2021-07-06 16:22:38 +02:00
Sebastian Pipping
a3bc9162e6 CMake: Move _EXPAT_BUILD_TYPE_UPPER up for upcoming re-use 2021-07-06 16:22:38 +02:00
Nicolas Cavallari
76186fb89e doc/reference.html: Docmument that XML_GetBuffers(parser, 0) may be NULL 
Allocating zero bytes with XML_GetBuffers may return NULL or a non-NULL
pointer depending on the current internal buffer state (#502).

Document this behavior, as it can be surprising.
 2021-07-05 16:14:36 +02:00
Sebastian Pipping
00839393f3 Makefile.am: Include buildconf.sh and fuzz/*.c with release archives 2021-06-05 21:17:25 +02:00
Sebastian Pipping
92c3cad80f Set expected release date for 2.4.1 2021-05-23 17:04:56 +02:00
Sebastian Pipping
13445938e7 Bump version info from 9:0:8 to 9:1:8 
See https://verbump.de/ for what these numbers do.
 2021-05-23 16:57:40 +02:00
Sebastian Pipping
8001550dc4 Bump version to 2.4.1 2021-05-23 16:52:59 +02:00
Sebastian Pipping
779d147681 Keep macro SIZEOF_VOID_P out of expat_config.h(.in) for multilib support 2021-05-23 15:43:56 +02:00
Sebastian Pipping
ecdff1c906 Set expected release date for 2.4.0 2021-05-22 19:42:02 +02:00
Sebastian Pipping
e083f03235 Bump version info from 8:0:7 to 9:0:8 
See https://verbump.de/ for what these numbers do
 2021-05-22 19:07:49 +02:00
Sebastian Pipping
b913a529ae Bump version to 2.4.0 2021-05-22 19:07:49 +02:00
Sebastian Pipping
bc6495dfc0 Changes: Extend section on upcoming release 2.4.0 2021-05-22 19:07:49 +02:00
Sebastian Pipping
731bdee053 Changes: Document new XML_FEATURE_ constants 2021-05-22 19:07:49 +02:00
Sebastian Pipping
c57141d597 Changes: Combine notes on billion laughs attack protection 2021-05-22 19:07:49 +02:00
Sebastian Pipping
fb952cb1d6 README.md: Mention Windos binaries zip download option 2021-05-22 19:07:49 +02:00
Sebastian Pipping
39e081acc0 README.md: Fix a URL for some markdown interpreters 2021-05-22 19:07:49 +02:00
Sebastian Pipping
a7694ee392 README.md: Document where generated CMake files need >=2.4.0 to work 2021-05-22 19:07:49 +02:00
Sebastian Pipping
100bc7072c README.md: Make CMake config mode example more clear 2021-05-22 19:07:49 +02:00
Sebastian Pipping
192af39be0 Changes: Document Autotools CMake file fixes 2021-05-21 13:15:34 +02:00
Sebastian Pipping
43142f0bab cmake/autotools: Fix generated expat-noconfig.cmake for macOS and MinGW 2021-05-21 00:14:36 +02:00
Sebastian Pipping
09ec4ff9c1 cmake/autotools: Use AC_CHECK_SIZEOF to fix 32bit support 2021-05-21 00:14:36 +02:00
Sebastian Pipping
4107aca9cb expat.iss: Use URLs with SSL 2021-05-14 22:14:54 +02:00
Sebastian Pipping
2c9230f611 Increase precision in existing MIT headers based on Git history 2021-05-14 22:14:54 +02:00
Sebastian Pipping
1b782d2fef doc/xmlwf.xml: Drop two XML comments of little value 2021-05-14 22:10:39 +02:00
Sebastian Pipping
99aec2fc77 doc/xmlwf.xml: Add GNU FDL 1.1 copyright header 2021-05-14 22:10:39 +02:00
Sebastian Pipping
b19cc837ef expat.iss: Add MIT header 2021-05-14 22:10:39 +02:00
Sebastian Pipping
ad937138e9 CMake: Streamline existing copyright header 2021-05-14 22:10:39 +02:00
Sebastian Pipping
77cfb8f4cd tests: Cover accounting of CDATA sections inside of general entities 2021-05-14 20:46:09 +02:00
Sebastian Pipping
60959f2b49 lib: Fix accounting of CDATA sections inside of general entities 2021-05-14 20:46:09 +02:00
Sebastian Pipping
31bce2cc81
Merge pull request #481 from libexpat/issue-471-cmake-support-build-shared-libs 
CMake: Support variable BUILD_SHARED_LIBS (fixes #471)
 2021-05-13 18:33:26 +02:00
Sebastian Pipping
4597195fa3 README.md: Add total download count badges 2021-05-13 17:20:07 +02:00
Sebastian Pipping
7e08029271 Changes: Document support for CMake variable BUILD_SHARED_LIBS 2021-05-12 15:05:25 +02:00
Sebastian Pipping
9cc3ca3e36 CMake: Support standard variable BUILD_SHARED_LIBS 
https://cmake.org/cmake/help/latest/variable/BUILD_SHARED_LIBS.html
 2021-05-12 13:59:35 +02:00
Sebastian Pipping
309cd4aa4b
Merge pull request #466 from libexpat/protect-against-billion-laughs-attacks 
[CVE-2013-0340, CWE-776] Protect against billion laughs attacks (fixes #34)
 2021-05-11 14:53:22 +02:00
Sebastian Pipping
99bf4c370f doc/reference.html: Upgrade to OK.css 1.0.3 2021-05-08 22:14:06 +02:00
Sebastian Pipping
3f2f878662 Changes: Document protection against billion laughs attacks 2021-05-07 18:25:08 +02:00
Sebastian Pipping
5dbc857f47 tests: Cover helper unsignedCharToPrintable 2021-05-07 18:25:08 +02:00
Sebastian Pipping
e9d8f11558 tests: Cover billion laughs attack protection API 2021-05-07 18:25:07 +02:00
Sebastian Pipping
899c00e613 doc/reference.html: Document billion laughs attack protection API 2021-05-07 18:25:07 +02:00
Sebastian Pipping
bf87849598 xmlwf.1: Document arguments -a and -b 2021-05-07 18:25:07 +02:00
Sebastian Pipping
c6223b3b0f xmlwf: Add support for custom attack protection parameters 2021-05-07 18:25:07 +02:00
Sebastian Pipping
65cddaa4e9 xmlwf: Include expat_config.h so we can check for macro XML_DTD 2021-05-07 18:25:07 +02:00
Sebastian Pipping
271efb6069 tests: Cover accounting 2021-05-07 18:25:07 +02:00
Sebastian Pipping
29c3748788 lib: Make EXPAT_ENTROPY_DEBUG consistent with other EXPAT_*_DEBUG variables 2021-05-07 18:25:07 +02:00
Sebastian Pipping
857fdc4c3b lib: Add prefix "expat: " to EXPAT_ENTROPY_DEBUG=1 stderr output 2021-05-07 18:25:07 +02:00
Sebastian Pipping
8af7d22ff0 lib: Allow test suite to access raw accounting values 2021-05-07 18:25:07 +02:00
Sebastian Pipping
fcd0e14c3e lib: Address Cppcheck 2.4.1 warning "uninitvar" 2021-05-07 18:25:07 +02:00
Sebastian Pipping
b1d039607d lib: Protect against billion laughs attacks (approach 3.0.21) 2021-05-07 18:25:07 +02:00
Sebastian Pipping
1e053c698b Autotools|CMake: Suppress -Wpedantic-ms-format false positives 
Addresses warning:
ISO C does not support the ‘I64’ ms_printf length modifier.

It seems correct and relevant with __USE_MINGW_ANSI_STDIO, only.
And -Werror doesn't tolerate false positives...
 2021-05-07 18:25:07 +02:00
Sebastian Pipping
55dbc44200 doc/reference.html: Fix XML validity 2021-05-07 17:04:06 +02:00
Sebastian Pipping
283f024a4e xmlwf.1: Fix DocBook validity 2021-05-07 17:04:06 +02:00
Sebastian Pipping
edf095116c xmlwf.1: Add public external DocBook identifier to doctype 
.. so that we can throw validation tools at it.
 2021-05-07 17:04:06 +02:00
Sebastian Pipping
6f47cee760 doc/reference.html: Introduce <h4> headings for API functions 2021-05-04 23:49:05 +02:00
Sebastian Pipping
30c4aa85f5 doc/reference.html: Replace footer, encourage bug reports 2021-05-04 23:49:03 +02:00
Sebastian Pipping
e13d94b426 doc/reference.html: Simplify header 2021-05-04 23:49:03 +02:00
Sebastian Pipping
3596977d9d doc/reference.html: Migrate to OK.css 
Precisely this version:
ab0e43d64b/dist/ok.min.css
 2021-05-04 23:49:00 +02:00
Sebastian Pipping
888566e418 doc/reference.html: Fix latest release version 2021-05-04 21:14:53 +02:00
Sebastian Pipping
f5dd8a9a5a doc/reference.html: Add missing space after "Note:" 2021-05-04 21:14:53 +02:00
Sebastian Pipping
988bff10cd doc/reference.html: Always start uppercase after "Note: " 2021-05-04 21:14:53 +02:00
Sebastian Pipping
df42f935bf Increase precision in existing MIT headers based on Git history 2021-05-02 19:53:29 +02:00
Sebastian Pipping
8c6f0369db Add missing MIT headers 2021-05-02 19:53:29 +02:00
Sebastian Pipping
bb3cf96dbe Pump up oneline MIT headers to full ones 2021-05-02 19:53:29 +02:00
Sebastian Pipping
ec3186f7ac conftools: Delete unused legacy helper PrintPath 2021-05-02 00:50:54 +02:00
Sebastian Pipping
8755b82355 apply-clang-format.sh: Support formatting only selected files 2021-04-30 21:09:05 +02:00
Sebastian Pipping
ab8830f72c apply-clang-format.sh: Extract variable clang_format_args 2021-04-30 21:09:05 +02:00
Sebastian Pipping
ed36812db2 lib: Fix macro IS_INVALID_CHAR (for UTF-16 with macro XML_MIN_SIZE defined) 
What happens is that with macro XML_MIN_SIZE defined,
for UTF-16 macro IS_INVALID_CHAR was being set to ..

> #define IS_INVALID_CHAR(enc, p, n)  (AS_NORMAL_ENCODING(enc)->isInvalid##n(enc, p))

.. which calls NULL pointers in .isInvalid{2,3,4} at runtime.

For UTF-16 we actually need what xmltok_impl.c does for macro
IS_INVALID_CHAR when it has not yet been defined:

> #  ifndef IS_INVALID_CHAR
> #    define IS_INVALID_CHAR(enc, ptr, n) (0)
> #  endif

So the fix is a combination of these two:
- Use .isInvalid{2,3,4} where needed and available and
- return 0/false for UTF-16 where .isInvalid{2,3,4} are NULL.
 2021-04-26 14:18:00 +02:00
Sebastian Pipping
3b1b81f028 lib: Add comments about effect of XML_MIN_SIZE to xmltok_impl.c 2021-04-26 14:18:00 +02:00