cheng/libexpat
1
0
Fork 0
Code Issues Pull Requests Actions 8 Packages Projects Releases Wiki Activity
3,473 Commits 1 Branch 0 Tags 16 MiB
3f0a0cb644
Commit Graph

40 Commits

Author SHA1 Message Date
Sebastian Pipping
3f0a0cb644 lib: Add missing validation of encoding (CVE-2022-25235) 2022-02-18 18:02:19 +01:00
Sebastian Pipping
df42f935bf Increase precision in existing MIT headers based on Git history 2021-05-02 19:53:29 +02:00
Sebastian Pipping
3b1b81f028 lib: Add comments about effect of XML_MIN_SIZE to xmltok_impl.c 2021-04-26 14:18:00 +02:00
Boris Kolpackov
81ae3e7208 Get rid of unsigned integer overflow in column calculation 
While unsigned integer overflow is well-defined, Android sanitizers treat it
as an error. We also have some in the SipHash implementation but those won't
be easy to get rid of.
 2020-08-17 16:08:56 +02:00
David Loffredo
561773607c handle unused parameters with the usual (void)param; statement rather than gcc-specific attribute 
Signed-off-by: David Loffredo <loffredo@steptools.com>
 2019-08-16 09:52:09 -04:00
clang-format
d248bbd940 Mass-apply clang-format 9 using ./apply-clang-format.sh 2019-08-03 21:31:44 +02:00
Sebastian Pipping
61b010bde6 xmltok_impl.c: Re-format use of LEAD_CASE macro 
This will make clang-format 9 produce stable results.
 2019-08-03 21:31:44 +02:00
Anton Maklakov
7981e23331 Fix -Wimplicit-fallthrough related warnings 2018-07-06 10:12:05 +07:00
Benjamin Peterson
cc1c5e2ce3
fix capitalization in comment 2018-06-25 21:14:12 -07:00
luz.paz
5b1584c81d Misc. typos 
Found via `codespell -q 3`
 2018-02-16 09:47:13 -05:00
Rhodri James
bad63895fb Remove unused sameName functions from ENCODING structure 2017-09-02 16:17:18 +02:00
Sebastian Pipping
a704c940a4 Inline copyright headers with C/C++ code where missing (#116) 2017-08-12 21:02:41 +02:00
Rhodri James
3c8d9300f6 Comment change: exclude unreachable line from coverage figures 2017-07-22 22:49:20 +02:00
Rhodri James
7979e831ed Comment change: exclude sameName from coverage 2017-07-22 22:49:20 +02:00
Rhodri James
8be7b89885 Comment change: exclude paranoia check from coverage 2017-07-22 22:49:20 +02:00
Rhodri James
36e47058dc Comment change: exclude paranoia check from coverage 2017-07-22 22:49:20 +02:00
Sebastian Pipping
1d4bc08a37 Fix infinite loop 
Regression from 3014589057

https://marcograss.github.io/security/android/chromium/2016/06/17/expat-xml-heap-overflow.html
 2016-06-18 16:33:43 +02:00
Sebastian Pipping
7101c85433 Extract macros from end-of-input checking 2016-05-25 19:04:36 +02:00
Sebastian Pipping
687edcb52b Take into account that CHAR_MATCHES may read >1 bytes 2016-05-25 19:04:36 +02:00
Sebastian Pipping
3014589057 Take into account that BYTE_TYPE may read >1 bytes 2016-05-25 19:04:36 +02:00
Sebastian Pipping
a12e78cb1b Fix uninitialized read of size 1 in little2_updatePosition 
Reported by Pascal Cuoq

Valgrind's view:
==4416== Conditional jump or move depends on uninitialised value(s)
==4416==    at 0x41F187: little2_updatePosition (xmltok_impl.c:1748)
==4416==    by 0x405F85: XML_GetCurrentColumnNumber (xmlparse.c:1931)
==4416==    by 0x402F7B: reportError (xmlfile.c:67)
==4416==    by 0x403041: processFile (xmlfile.c:84)
==4416==    by 0x403752: filemap (unixfilemap.c:61)
==4416==    by 0x403523: XML_ProcessFile (xmlfile.c:239)
==4416==    by 0x402EBC: main (xmlwf.c:847)
 2016-05-25 18:47:35 +02:00
Sebastian Pipping
be4b1c06da Merge branch 'cve-2016-0718-fix-2-2-1' 
Conflicts:
  expat/lib/xmltok.c
 2016-05-17 21:08:21 +02:00
Sebastian Pipping
69746f5ab2 Address all "unused parameter" warnings 2016-05-07 17:24:35 +02:00
Karl Waclawek
bb1fd81b98 Fix overflow (v2) 
(Some post-processing by Sebastian Pipping)
 2016-05-02 01:00:27 +02:00
Karl Waclawek
f6e294bd2c Applied path #3010222 as fix for issue #3010819. 2012-02-21 02:59:51 +00:00
Karl Waclawek
a247ccd476 Better fix for bug #1990430. 2008-06-13 13:18:44 +00:00
Karl Waclawek
5d3f2b833e Fix for bug #1990430. 2008-06-11 14:43:57 +00:00
Karl Waclawek
3ff6041e90 Change for MS VC++: Added #ifdefs to allow for passing xmltok_impl.c and 
xmltok_ns.c to the compiler (to make them visible in IDE).
 2006-11-26 17:34:46 +00:00
Karl Waclawek
ae5fcf90f8 Fixed incorrect cast which would cause 64-bit integers not to be set to a 64-bit -1 value. 2005-12-25 16:50:52 +00:00
Karl Waclawek
bbe15d6e69 Added int type casts for 64 bit portability, to avoid compiler warnings. 
Works for MS VC++, not tested on other platforms.
 2005-11-28 20:02:36 +00:00
Karl Waclawek
57455c864c Expat would report an incorrect "Unlosed token" error when 
expanding %percent; in the second of these entity declarations:

<!ENTITY % percent "&#37;">
<!ENTITY %percent; y "value">

This patch was submitted by James Clark on the xml-dev mailing list.
 2003-07-03 04:01:14 +00:00
Karl Waclawek
5ca83cc911 Changed calling convention macros to differentiate between 
different types of function calls - see comments in internal.h.
 2002-09-20 03:42:43 +00:00
Karl Waclawek
633caf8040 Fred and I added FASTCALL directives to xmltok.c and related files. 2002-09-05 18:21:01 +00:00
Karl Waclawek
c6160c2aee Added some comments regarding previous fix (bug #602729). 2002-08-31 02:27:20 +00:00
Karl Waclawek
fb523d10cc Fix bug reported by Rolf Ade: 
CR at end of buffer in epilog causes memory access violation.
 2002-08-30 23:22:20 +00:00
Fred L. Drake, Jr.
93deea5e26 Shorten all lines longer than 80 characters to be shorter than 80. 
Required for OS/400 support.
 2002-07-25 14:51:19 +00:00
Fred L. Drake, Jr.
7fea03e40e De-tabify; minor code-style consistency changes. 2002-07-01 16:46:08 +00:00
Clark Cooper
809a5d2916 Revised fix for abort occurring with a percent followed by whitespace or 
another percent in entity values.
 2000-10-20 15:14:36 +00:00
Clark Cooper
c446fb274e Merged in modifications from perl-expat. Also fiddled around with more 
configuration issues.
 2000-09-21 21:20:18 +00:00
Clark Cooper
c135be083d These are the first check-ins for the libexpat task: create configuration 
files and setup for building a shareable libexpat.
 2000-09-18 16:26:23 +00:00