cheng/libexpat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,333 Commits 1 Branch 0 Tags 16 MiB
5c9cc0eed8
Commit Graph

1333 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pascal Cuoq
5c9cc0eed8 Avoid undefined behavior when computing larger blockSize. The compiler might reason that (end - start)*2 is negative only if (end - start) is negative, see https://godbolt.org/g/wVEoTM 2016-05-16 16:10:57 +02:00
Sebastian Pipping
e375ac8478 Complete XmlConvert return value handling 2016-05-02 01:00:39 +02:00
Sebastian Pipping
9ff1d645bf Do not grow pool to out-of-memory for incomplete input 2016-05-02 01:00:32 +02:00
Sebastian Pipping
a9b80b4ae4 Make converters tell state on termination (v3) 2016-05-02 01:00:32 +02:00
Sebastian Pipping
e18829b4ff Prevent out-of-bounds access in text conversion 
* big2_toUtf8
* little2_toUtf8
* utf8_toUtf8
* utf8_toUtf16
 2016-05-02 01:00:32 +02:00
Gustavo Grieco
2cac066cf6 Fix two integer overflows 2016-05-02 01:00:32 +02:00
Karl Waclawek
bb1fd81b98 Fix overflow (v2) 
(Some post-processing by Sebastian Pipping)
 2016-05-02 01:00:27 +02:00
Sebastian Pipping
379213ca19 Have "make run-xmltest" report on expected output 2016-05-01 16:01:51 +02:00
Sebastian Pipping
aed54a0ec9 Fix "make run-xmltest" more 2016-05-01 15:59:23 +02:00
Sebastian Pipping
2b289b1e78 Fix "make run-xmltest" 2016-04-30 21:11:02 +02:00
Sebastian Pipping
023ed44edd Tests: Cover CDATA sections 2016-03-31 23:19:22 +02:00
Sebastian Pipping
d839aecc61 Tests: Parse XML one byte at a time 2016-03-31 18:53:03 +02:00
Sebastian Pipping
56ceae7046 Sync change log 2016-03-28 22:23:43 +02:00
Sebastian Pipping
6d8696fc55 Address warning "missing initializer for field" 2016-03-28 21:35:55 +02:00
Sebastian Pipping
3bd715bf75 Address "comparison between signed and unsigned integer" warnings 2016-03-28 21:24:36 +02:00
Sebastian Pipping
934bcb0ac6 Address warnings on const correctness 2016-03-28 21:18:29 +02:00
Sebastian Pipping
b280bb8026 Merge branch 'resolve-srand' 2016-03-28 20:42:31 +02:00
Sebastian Pipping
2c346ba0bc Windows: Handling missing getpid and headers 2016-03-28 19:21:44 +02:00
Sebastian Pipping
888df4247c Use GetSystemTimeAsFileTime on Non-Cygwin-Windows with no gettimeofday 2016-03-28 18:19:02 +02:00
Sebastian Pipping
37f7efb878 Define COMPILING_FOR_WINDOWS with CMake on Windows 2016-03-28 18:18:09 +02:00
Sebastian Pipping
bdee307f19 Turn COMPILED_FROM_DSP into COMPILING_FOR_WINDOWS 
.. since it is used with that semantic by now
 2016-03-28 18:18:09 +02:00
Sebastian Pipping
f627ff74d6 Use a prime that fits 32bits on 32bit platforms 
Bug reported by Yann Droneaud, thanks!
https://bugzilla.redhat.com/show_bug.cgi?id=1197087#c21
 2016-03-21 20:05:27 +01:00
Sebastian Pipping
ca523deca4 Extract entropy from XML_Parser address 
Idea by Yann Droneaud, thanks!
https://bugzilla.redhat.com/show_bug.cgi?id=1197087#c21
 2016-03-21 19:58:04 +01:00
Sebastian Pipping
a5f2d04060 Extract method gather_time_entropy 2016-03-20 20:26:46 +01:00
Sebastian Pipping
6acb0a4737 Resolve call to srand, use more entropy 
Since commit e3e81a6d9f
(released with Expat 2.1.0) Expat called srand by itself
from inside generate_hash_secret_salt for an instance
of XML_Parser if XML_SetHashSalt was either (a) not called
for that instance or if (b) salt 0 was passed to XML_SetHashSalt
prior to parsing.  That call to srand passed (rather litle)
entropy extracted from the current time as a seed for srand.

That call to srand (1) broke repeatability for code calling
srand with a non-random seed prior to parsing with Expat,
and (2) resulted in a rather small set of hashing salts in
Expat in total.

For a short- to mid-term fix, the new approach avoids calling
srand altogether, extracts more entropy out of the clock and
adds some additional entropy from the process ID, too.

For a long term fix, we may want to read sizeof(long) bytes
from a source like getrandom(..) on Linux, and from similar
sources on other supported architectures.

https://bugzilla.redhat.com/show_bug.cgi?id=1197087
 2016-03-20 20:20:57 +01:00
Sebastian Pipping
75a1473981 Merge branch 'patch-90' 2016-03-14 19:12:52 +01:00
tbeu
247cc3af30 Fix VS2010 compilation 
Avoid C99 style declaration (MSVC)
 2016-03-13 21:17:00 +01:00
Karl Waclawek
a124f43dad Updated copyright year in Win32 setup script. 2016-03-12 16:12:42 -05:00
Sergei Nikulov
5c96e9ce60 Fix for BUILD_shared=OFF case on MSVC 2016-03-12 17:12:31 +01:00
Sebastian Pipping
d9a92249b1 CMakeLists.txt: Move code for upcoming change 2016-03-12 17:09:47 +01:00
Sebastian Pipping
fe432127ab Fix source code permissions 
Files had executable flag turn on, previously.
https://bugzilla.redhat.com/show_bug.cgi?id=1247348
 2016-03-12 05:21:47 +01:00
Sebastian Pipping
ee0adc0d9d Fill release date 2016-03-12 04:21:09 +01:00
Sebastian Pipping
248809b602 make-release.sh: Move from gzip to bzip2 2016-03-12 04:04:24 +01:00
Sebastian Pipping
80b2c0a882 htdocs/index.html: Mention Git before CVS 2016-03-12 03:33:57 +01:00
Sebastian Pipping
2617547534 htdocs/index.html: Fix broken SF.net links 2016-03-12 03:32:01 +01:00
Sebastian Pipping
796085674a examples/elements.c: Address compile warning on sign mismatch 
examples/elements.c: In function ‘main’:
examples/elements.c:54:16: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
     done = len < sizeof(buf);
                ^
 2016-03-12 02:59:53 +01:00
Sebastian Pipping
1f08fdbaaa Mention issue #502 in 2.1.1 change log 2016-03-12 02:57:41 +01:00
Gaurav
b3a467e392 Fix potential null pointer dereference (issue #502) 2016-03-12 02:53:04 +01:00
Sebastian Pipping
2671b8bb91 Replace caddr_t by "void *" for -std=c99 (issue #506) 2016-03-12 02:41:00 +01:00
Gilles Espinasse
b3b07679ee Remove pre-2.0.0 leftovers of using "check" unit testing library 2016-03-12 02:31:29 +01:00
Sebastian Pipping
4cfcbc0b5c Address XML_Parse return type mis-match warning (issue #512) 
(Function XML_Parse returns enum XML_Status, not enum XML_Error.)
 2016-03-12 02:14:14 +01:00
Sebastian Pipping
e6585e0170 lib/libexpat*.def: Fix version in comment 2016-03-12 01:08:32 +01:00
Sebastian Pipping
8c2fd3d097 Bump version to 2.1.1 2016-03-12 00:23:16 +01:00
Sebastian Pipping
e4d859eb2c Write 2.1.1 change log 2016-03-12 00:23:16 +01:00
Sebastian Pipping
3bdfa930a9 doc/xmlwf.1: Generate from sources using docbook2X 
As aside effect the mistaken content

  BUGS
    According to the W3C standard, an XML file without a
    declaration at the beginning is not considered well-formed.
    However, xmlwf allows this to pass.

disappears from the man page.  This is related to bug 470
https://sourceforge.net/p/expat/bugs/470/ or
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412786
in Debian.
 2016-03-12 00:23:16 +01:00
Ardo van Rangelrooij
af3dadd473 doc/xmlwf.sgml: Address GROFF issue 
GROFF expects a macro name after a leading point. So remove
the linebreak and avoid the warning.
 2016-03-12 00:16:49 +01:00
Sebastian Pipping
a472f11d32 doc/xmlwf.sgml: Fix typos 
This is backport of commit 4d84c6e897
from doc/xmlwf.1 to doc/xmwlf.sgml
 2016-03-12 00:16:49 +01:00
Sebastian Pipping
3c2d92ce83 Fix RPM .spec file 2016-03-11 23:22:51 +01:00
Sebastian Pipping
a29cfb19d8 Makefile.in: Call libtool with --verbose for Debian 2016-03-11 23:22:51 +01:00
Raphael Bossek
95d0faf2b4 Install expat_config.h as well 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302191
 2016-03-11 23:22:51 +01:00