nokogiri 1.6.1-java → 1.6.2-java

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

Files changed (137) hide show
  1. checksums.yaml +4 -4
  2. data/.editorconfig +17 -0
  3. data/.travis.yml +6 -6
  4. data/CHANGELOG.ja.rdoc +61 -8
  5. data/CHANGELOG.rdoc +58 -3
  6. data/Gemfile +3 -3
  7. data/Manifest.txt +57 -1
  8. data/README.ja.rdoc +22 -17
  9. data/README.rdoc +23 -18
  10. data/ROADMAP.md +1 -2
  11. data/Rakefile +162 -58
  12. data/build_all +56 -31
  13. data/dependencies.yml +3 -3
  14. data/ext/java/nokogiri/NokogiriService.java +9 -5
  15. data/ext/java/nokogiri/XmlDocument.java +95 -54
  16. data/ext/java/nokogiri/XmlNode.java +93 -42
  17. data/ext/java/nokogiri/XmlReader.java +1 -1
  18. data/ext/java/nokogiri/XmlSaxParserContext.java +33 -0
  19. data/ext/java/nokogiri/XmlSchema.java +4 -2
  20. data/ext/java/nokogiri/XmlXpathContext.java +118 -76
  21. data/ext/java/nokogiri/internals/IgnoreSchemaErrorsErrorHandler.java +20 -0
  22. data/ext/java/nokogiri/internals/NokogiriHandler.java +3 -10
  23. data/ext/java/nokogiri/internals/NokogiriHelpers.java +40 -23
  24. data/ext/java/nokogiri/internals/NokogiriNamespaceCache.java +59 -54
  25. data/ext/java/nokogiri/internals/NokogiriXPathFunctionResolver.java +1 -1
  26. data/ext/java/nokogiri/internals/ParserContext.java +1 -4
  27. data/ext/java/nokogiri/internals/SaveContextVisitor.java +6 -2
  28. data/ext/java/nokogiri/internals/c14n/AttrCompare.java +119 -0
  29. data/ext/java/nokogiri/internals/c14n/C14nHelper.java +159 -0
  30. data/ext/java/nokogiri/internals/c14n/CanonicalFilter.java +37 -0
  31. data/ext/java/nokogiri/internals/c14n/CanonicalizationException.java +93 -0
  32. data/ext/java/nokogiri/internals/c14n/Canonicalizer.java +252 -0
  33. data/ext/java/nokogiri/internals/c14n/Canonicalizer11.java +639 -0
  34. data/ext/java/nokogiri/internals/c14n/Canonicalizer11_OmitComments.java +38 -0
  35. data/ext/java/nokogiri/internals/c14n/Canonicalizer11_WithComments.java +38 -0
  36. data/ext/java/nokogiri/internals/c14n/Canonicalizer20010315.java +368 -0
  37. data/ext/java/nokogiri/internals/c14n/Canonicalizer20010315Excl.java +295 -0
  38. data/ext/java/nokogiri/internals/c14n/Canonicalizer20010315ExclOmitComments.java +40 -0
  39. data/ext/java/nokogiri/internals/c14n/Canonicalizer20010315ExclWithComments.java +44 -0
  40. data/ext/java/nokogiri/internals/c14n/Canonicalizer20010315OmitComments.java +44 -0
  41. data/ext/java/nokogiri/internals/c14n/Canonicalizer20010315WithComments.java +43 -0
  42. data/ext/java/nokogiri/internals/c14n/CanonicalizerBase.java +630 -0
  43. data/ext/java/nokogiri/internals/c14n/CanonicalizerPhysical.java +173 -0
  44. data/ext/java/nokogiri/internals/c14n/CanonicalizerSpi.java +76 -0
  45. data/ext/java/nokogiri/internals/c14n/Constants.java +42 -0
  46. data/ext/java/nokogiri/internals/c14n/ElementProxy.java +293 -0
  47. data/ext/java/nokogiri/internals/c14n/HelperNodeList.java +93 -0
  48. data/ext/java/nokogiri/internals/c14n/IgnoreAllErrorHandler.java +79 -0
  49. data/ext/java/nokogiri/internals/c14n/InclusiveNamespaces.java +165 -0
  50. data/ext/java/nokogiri/internals/c14n/InvalidCanonicalizerException.java +76 -0
  51. data/ext/java/nokogiri/internals/c14n/NameSpaceSymbTable.java +402 -0
  52. data/ext/java/nokogiri/internals/c14n/NodeFilter.java +51 -0
  53. data/ext/java/nokogiri/internals/c14n/UtfHelpper.java +179 -0
  54. data/ext/java/nokogiri/internals/c14n/XMLUtils.java +507 -0
  55. data/ext/nokogiri/extconf.rb +429 -128
  56. data/ext/nokogiri/html_document.c +2 -2
  57. data/ext/nokogiri/nokogiri.c +6 -1
  58. data/ext/nokogiri/xml_document.c +5 -4
  59. data/ext/nokogiri/xml_node.c +76 -7
  60. data/ext/nokogiri/xml_reader.c +1 -1
  61. data/ext/nokogiri/xml_sax_parser_context.c +40 -0
  62. data/ext/nokogiri/xml_syntax_error.c +10 -5
  63. data/ext/nokogiri/xml_syntax_error.h +1 -1
  64. data/ext/nokogiri/xml_xpath_context.c +2 -14
  65. data/ext/nokogiri/xslt_stylesheet.c +1 -1
  66. data/lib/nokogiri.rb +31 -22
  67. data/lib/nokogiri/css/node.rb +0 -50
  68. data/lib/nokogiri/css/parser.rb +213 -218
  69. data/lib/nokogiri/css/parser.y +21 -30
  70. data/lib/nokogiri/css/xpath_visitor.rb +62 -14
  71. data/lib/nokogiri/html/document.rb +97 -18
  72. data/lib/nokogiri/html/sax/parser.rb +2 -2
  73. data/lib/nokogiri/nokogiri.jar +0 -0
  74. data/lib/nokogiri/version.rb +1 -1
  75. data/lib/nokogiri/xml/builder.rb +1 -1
  76. data/lib/nokogiri/xml/document.rb +2 -2
  77. data/lib/nokogiri/xml/dtd.rb +10 -0
  78. data/lib/nokogiri/xml/node.rb +26 -1
  79. data/lib/nokogiri/xml/sax/parser.rb +1 -1
  80. data/ports/patches/libxml2/0001-Fix-parser-local-buffers-size-problems.patch +265 -0
  81. data/ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch +102 -0
  82. data/ports/patches/libxml2/0003-Fix-an-error-in-previous-commit.patch +26 -0
  83. data/ports/patches/libxml2/0004-Fix-potential-out-of-bound-access.patch +26 -0
  84. data/ports/patches/libxml2/0005-Detect-excessive-entities-expansion-upon-replacement.patch +158 -0
  85. data/ports/patches/libxml2/0006-Do-not-fetch-external-parsed-entities.patch +78 -0
  86. data/ports/patches/libxml2/0007-Enforce-XML_PARSER_EOF-state-handling-through-the-pa.patch +480 -0
  87. data/ports/patches/libxml2/0008-Improve-handling-of-xmlStopParser.patch +315 -0
  88. data/ports/patches/libxml2/0009-Fix-a-couple-of-return-without-value.patch +37 -0
  89. data/ports/patches/libxslt/0001-Adding-doc-update-related-to-1.1.28.patch +222 -0
  90. data/ports/patches/libxslt/0002-Fix-a-couple-of-places-where-f-printf-parameters-wer.patch +53 -0
  91. data/ports/patches/libxslt/0003-Initialize-pseudo-random-number-generator-with-curre.patch +60 -0
  92. data/ports/patches/libxslt/0004-EXSLT-function-str-replace-is-broken-as-is.patch +42 -0
  93. data/ports/patches/libxslt/0006-Fix-str-padding-to-work-with-UTF-8-strings.patch +164 -0
  94. data/ports/patches/libxslt/0007-Separate-function-for-predicate-matching-in-patterns.patch +587 -0
  95. data/ports/patches/libxslt/0008-Fix-direct-pattern-matching.patch +80 -0
  96. data/ports/patches/libxslt/0009-Fix-certain-patterns-with-predicates.patch +185 -0
  97. data/ports/patches/libxslt/0010-Fix-handling-of-UTF-8-strings-in-EXSLT-crypto-module.patch +126 -0
  98. data/ports/patches/libxslt/0013-Memory-leak-in-xsltCompileIdKeyPattern-error-path.patch +25 -0
  99. data/ports/patches/libxslt/0014-Fix-for-bug-436589.patch +43 -0
  100. data/ports/patches/libxslt/0015-Fix-mkdir-for-mingw.patch +41 -0
  101. data/suppressions/README.txt +1 -0
  102. data/suppressions/nokogiri_ree-1.8.7.358.supp +61 -0
  103. data/suppressions/nokogiri_ruby-1.8.7.370.supp +0 -0
  104. data/suppressions/nokogiri_ruby-1.9.2.320.supp +28 -0
  105. data/suppressions/nokogiri_ruby-1.9.3.327.supp +28 -0
  106. data/test/css/test_nthiness.rb +65 -2
  107. data/test/css/test_parser.rb +27 -10
  108. data/test/css/test_tokenizer.rb +1 -1
  109. data/test/css/test_xpath_visitor.rb +6 -1
  110. data/test/files/atom.xml +344 -0
  111. data/test/files/shift_jis_no_charset.html +9 -0
  112. data/test/helper.rb +10 -0
  113. data/test/html/test_document.rb +74 -7
  114. data/test/html/test_document_encoding.rb +10 -0
  115. data/test/html/test_document_fragment.rb +9 -3
  116. data/test/namespaces/test_namespaces_aliased_default.rb +24 -0
  117. data/test/namespaces/test_namespaces_in_cloned_doc.rb +31 -0
  118. data/test/namespaces/test_namespaces_preservation.rb +31 -0
  119. data/test/test_nokogiri.rb +6 -0
  120. data/test/test_reader.rb +7 -4
  121. data/test/test_xslt_transforms.rb +25 -0
  122. data/test/xml/sax/test_parser.rb +16 -0
  123. data/test/xml/sax/test_parser_context.rb +9 -0
  124. data/test/xml/test_builder.rb +9 -0
  125. data/test/xml/test_c14n.rb +12 -2
  126. data/test/xml/test_document.rb +66 -0
  127. data/test/xml/test_document_fragment.rb +5 -0
  128. data/test/xml/test_dtd.rb +84 -0
  129. data/test/xml/test_entity_reference.rb +3 -3
  130. data/test/xml/test_node.rb +21 -3
  131. data/test/xml/test_node_attributes.rb +17 -0
  132. data/test/xml/test_schema.rb +26 -0
  133. data/test/xml/test_text.rb +15 -0
  134. data/test/xml/test_xpath.rb +87 -0
  135. data/test_all +3 -3
  136. metadata +119 -68
  137. data/tasks/cross_compile.rb +0 -134
@@ -277,6 +277,23 @@ module Nokogiri
277
277
  node_or_tags
278
278
  end
279
279
 
280
+ ###
281
+ # Add +node_or_tags+ as the first child of this Node.
282
+ # +node_or_tags+ can be a Nokogiri::XML::Node, a ::DocumentFragment, a ::NodeSet, or a string containing markup.
283
+ #
284
+ # Returns the reparented node (if +node_or_tags+ is a Node), or NodeSet (if +node_or_tags+ is a DocumentFragment, NodeSet, or string).
285
+ #
286
+ # Also see related method +add_child+.
287
+ def prepend_child node_or_tags
288
+ if first = children.first
289
+ # Mimic the error add_child would raise.
290
+ raise RuntimeError, "Document already has a root node" if is_a?(XML::Document) && !node_or_tags.is_a?(XML::ProcessingInstruction)
291
+ first.__send__(:add_sibling, :previous, node_or_tags)
292
+ else
293
+ add_child(node_or_tags)
294
+ end
295
+ end
296
+
280
297
  ###
281
298
  # Add +node_or_tags+ as a child of this Node.
282
299
  # +node_or_tags+ can be a Nokogiri::XML::Node, a ::DocumentFragment, a ::NodeSet, or a string containing markup.
@@ -491,6 +508,15 @@ module Nokogiri
491
508
  # *this* node. Returns a XML::NodeSet containing the nodes parsed from
492
509
  # +string_or_io+.
493
510
  def parse string_or_io, options = nil
511
+ ##
512
+ # When the current node is unparented and not an element node, use the
513
+ # document as the parsing context instead. Otherwise, the in-context
514
+ # parser cannot find an element or a document node.
515
+ # Document Fragments are also not usable by the in-context parser.
516
+ if !element? && !xml? && (!parent || parent.fragment?)
517
+ return document.parse(string_or_io, options)
518
+ end
519
+
494
520
  options ||= (document.html? ? ParseOptions::DEFAULT_HTML : ParseOptions::DEFAULT_XML)
495
521
  if Fixnum === options
496
522
  options = Nokogiri::XML::ParseOptions.new(options)
@@ -882,7 +908,6 @@ module Nokogiri
882
908
  # FIXME: this is a hack around broken libxml versions
883
909
  return dump_html if Nokogiri.uses_libxml? && %w[2 6] === LIBXML_VERSION.split('.')[0..1]
884
910
 
885
- options[:save_with] |= save_option if options[:save_with]
886
911
  options[:save_with] = save_option unless options[:save_with]
887
912
  serialize(options)
888
913
  end
@@ -99,7 +99,7 @@ module Nokogiri
99
99
  # Parse a file with +filename+
100
100
  def parse_file filename
101
101
  raise ArgumentError unless filename
102
- raise Errno::ENOENT unless File.exists?(filename)
102
+ raise Errno::ENOENT unless File.exist?(filename)
103
103
  raise Errno::EISDIR if File.directory?(filename)
104
104
  ctx = ParserContext.file filename
105
105
  yield ctx if block_given?
@@ -0,0 +1,265 @@
1
+ From bc168aab5749acbe6630a29be4dcfabf0a81e2da Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Tue, 17 Jul 2012 16:19:17 +0800
4
+ Subject: [PATCH 1/9] Fix parser local buffers size problems
5
+
6
+ [Origin: 459eeb9dc752d5185f57ff6b135027f11981a626]
7
+ ---
8
+ parser.c | 74 +++++++++++++++++++++++++++++++++++++---------------------------
9
+ 1 file changed, 43 insertions(+), 31 deletions(-)
10
+
11
+ diff --git a/parser.c b/parser.c
12
+ index 2c38fae..9863275 100644
13
+ --- a/parser.c
14
+ +++ b/parser.c
15
+ @@ -40,6 +40,7 @@
16
+ #endif
17
+
18
+ #include <stdlib.h>
19
+ +#include <limits.h>
20
+ #include <string.h>
21
+ #include <stdarg.h>
22
+ #include <libxml/xmlmemory.h>
23
+ @@ -117,10 +118,10 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
24
+ * parser option.
25
+ */
26
+ static int
27
+ -xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size,
28
+ +xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
29
+ xmlEntityPtr ent)
30
+ {
31
+ - unsigned long consumed = 0;
32
+ + size_t consumed = 0;
33
+
34
+ if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE))
35
+ return (0);
36
+ @@ -2589,15 +2590,17 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
37
+
38
+ /*
39
+ * Macro used to grow the current buffer.
40
+ + * buffer##_size is expected to be a size_t
41
+ + * mem_error: is expected to handle memory allocation failures
42
+ */
43
+ #define growBuffer(buffer, n) { \
44
+ xmlChar *tmp; \
45
+ - buffer##_size *= 2; \
46
+ - buffer##_size += n; \
47
+ - tmp = (xmlChar *) \
48
+ - xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \
49
+ + size_t new_size = buffer##_size * 2 + n; \
50
+ + if (new_size < buffer##_size) goto mem_error; \
51
+ + tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
52
+ if (tmp == NULL) goto mem_error; \
53
+ buffer = tmp; \
54
+ + buffer##_size = new_size; \
55
+ }
56
+
57
+ /**
58
+ @@ -2623,14 +2626,14 @@ xmlChar *
59
+ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
60
+ int what, xmlChar end, xmlChar end2, xmlChar end3) {
61
+ xmlChar *buffer = NULL;
62
+ - int buffer_size = 0;
63
+ + size_t buffer_size = 0;
64
+ + size_t nbchars = 0;
65
+
66
+ xmlChar *current = NULL;
67
+ xmlChar *rep = NULL;
68
+ const xmlChar *last;
69
+ xmlEntityPtr ent;
70
+ int c,l;
71
+ - int nbchars = 0;
72
+
73
+ if ((ctxt == NULL) || (str == NULL) || (len < 0))
74
+ return(NULL);
75
+ @@ -2647,7 +2650,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
76
+ * allocate a translation buffer.
77
+ */
78
+ buffer_size = XML_PARSER_BIG_BUFFER_SIZE;
79
+ - buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar));
80
+ + buffer = (xmlChar *) xmlMallocAtomic(buffer_size);
81
+ if (buffer == NULL) goto mem_error;
82
+
83
+ /*
84
+ @@ -2667,7 +2670,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
85
+ if (val != 0) {
86
+ COPY_BUF(0,buffer,nbchars,val);
87
+ }
88
+ - if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
89
+ + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
90
+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
91
+ }
92
+ } else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) {
93
+ @@ -2685,7 +2688,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
94
+ (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
95
+ if (ent->content != NULL) {
96
+ COPY_BUF(0,buffer,nbchars,ent->content[0]);
97
+ - if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
98
+ + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
99
+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
100
+ }
101
+ } else {
102
+ @@ -2702,8 +2705,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
103
+ current = rep;
104
+ while (*current != 0) { /* non input consuming loop */
105
+ buffer[nbchars++] = *current++;
106
+ - if (nbchars >
107
+ - buffer_size - XML_PARSER_BUFFER_SIZE) {
108
+ + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
109
+ if (xmlParserEntityCheck(ctxt, nbchars, ent))
110
+ goto int_error;
111
+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
112
+ @@ -2717,7 +2719,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
113
+ const xmlChar *cur = ent->name;
114
+
115
+ buffer[nbchars++] = '&';
116
+ - if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
117
+ + if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) {
118
+ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
119
+ }
120
+ for (;i > 0;i--)
121
+ @@ -2745,8 +2747,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
122
+ current = rep;
123
+ while (*current != 0) { /* non input consuming loop */
124
+ buffer[nbchars++] = *current++;
125
+ - if (nbchars >
126
+ - buffer_size - XML_PARSER_BUFFER_SIZE) {
127
+ + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
128
+ if (xmlParserEntityCheck(ctxt, nbchars, ent))
129
+ goto int_error;
130
+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
131
+ @@ -2759,8 +2760,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
132
+ } else {
133
+ COPY_BUF(l,buffer,nbchars,c);
134
+ str += l;
135
+ - if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
136
+ - growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
137
+ + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
138
+ + growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
139
+ }
140
+ }
141
+ if (str < last)
142
+ @@ -3764,8 +3765,8 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
143
+ xmlChar limit = 0;
144
+ xmlChar *buf = NULL;
145
+ xmlChar *rep = NULL;
146
+ - int len = 0;
147
+ - int buf_size = 0;
148
+ + size_t len = 0;
149
+ + size_t buf_size = 0;
150
+ int c, l, in_space = 0;
151
+ xmlChar *current = NULL;
152
+ xmlEntityPtr ent;
153
+ @@ -3787,7 +3788,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
154
+ * allocate a translation buffer.
155
+ */
156
+ buf_size = XML_PARSER_BUFFER_SIZE;
157
+ - buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar));
158
+ + buf = (xmlChar *) xmlMallocAtomic(buf_size);
159
+ if (buf == NULL) goto mem_error;
160
+
161
+ /*
162
+ @@ -3804,7 +3805,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
163
+
164
+ if (val == '&') {
165
+ if (ctxt->replaceEntities) {
166
+ - if (len > buf_size - 10) {
167
+ + if (len + 10 > buf_size) {
168
+ growBuffer(buf, 10);
169
+ }
170
+ buf[len++] = '&';
171
+ @@ -3813,7 +3814,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
172
+ * The reparsing will be done in xmlStringGetNodeList()
173
+ * called by the attribute() function in SAX.c
174
+ */
175
+ - if (len > buf_size - 10) {
176
+ + if (len + 10 > buf_size) {
177
+ growBuffer(buf, 10);
178
+ }
179
+ buf[len++] = '&';
180
+ @@ -3823,7 +3824,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
181
+ buf[len++] = ';';
182
+ }
183
+ } else if (val != 0) {
184
+ - if (len > buf_size - 10) {
185
+ + if (len + 10 > buf_size) {
186
+ growBuffer(buf, 10);
187
+ }
188
+ len += xmlCopyChar(0, &buf[len], val);
189
+ @@ -3835,7 +3836,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
190
+ ctxt->nbentities += ent->owner;
191
+ if ((ent != NULL) &&
192
+ (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
193
+ - if (len > buf_size - 10) {
194
+ + if (len + 10 > buf_size) {
195
+ growBuffer(buf, 10);
196
+ }
197
+ if ((ctxt->replaceEntities == 0) &&
198
+ @@ -3863,7 +3864,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
199
+ current++;
200
+ } else
201
+ buf[len++] = *current++;
202
+ - if (len > buf_size - 10) {
203
+ + if (len + 10 > buf_size) {
204
+ growBuffer(buf, 10);
205
+ }
206
+ }
207
+ @@ -3871,7 +3872,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
208
+ rep = NULL;
209
+ }
210
+ } else {
211
+ - if (len > buf_size - 10) {
212
+ + if (len + 10 > buf_size) {
213
+ growBuffer(buf, 10);
214
+ }
215
+ if (ent->content != NULL)
216
+ @@ -3899,7 +3900,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
217
+ * Just output the reference
218
+ */
219
+ buf[len++] = '&';
220
+ - while (len > buf_size - i - 10) {
221
+ + while (len + i + 10 > buf_size) {
222
+ growBuffer(buf, i + 10);
223
+ }
224
+ for (;i > 0;i--)
225
+ @@ -3912,7 +3913,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
226
+ if ((len != 0) || (!normalize)) {
227
+ if ((!normalize) || (!in_space)) {
228
+ COPY_BUF(l,buf,len,0x20);
229
+ - while (len > buf_size - 10) {
230
+ + while (len + 10 > buf_size) {
231
+ growBuffer(buf, 10);
232
+ }
233
+ }
234
+ @@ -3921,7 +3922,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
235
+ } else {
236
+ in_space = 0;
237
+ COPY_BUF(l,buf,len,c);
238
+ - if (len > buf_size - 10) {
239
+ + if (len + 10 > buf_size) {
240
+ growBuffer(buf, 10);
241
+ }
242
+ }
243
+ @@ -3946,7 +3947,18 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
244
+ }
245
+ } else
246
+ NEXT;
247
+ - if (attlen != NULL) *attlen = len;
248
+ +
249
+ + /*
250
+ + * There we potentially risk an overflow, don't allow attribute value of
251
+ + * lenght more than INT_MAX it is a very reasonnable assumption !
252
+ + */
253
+ + if (len >= INT_MAX) {
254
+ + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
255
+ + "AttValue lenght too long\n");
256
+ + goto mem_error;
257
+ + }
258
+ +
259
+ + if (attlen != NULL) *attlen = (int) len;
260
+ return(buf);
261
+
262
+ mem_error:
263
+ --
264
+ 1.8.4.1
265
+
@@ -0,0 +1,102 @@
1
+ From 64d7de23165b706510f4ce4f29d96552eeb257d7 Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Wed, 18 Jul 2012 11:38:17 +0800
4
+ Subject: [PATCH 2/9] Fix entities local buffers size problems
5
+
6
+ [Origin: 4f9fdc709c4861c390cd84e2ed1fd878b3442e28]
7
+ ---
8
+ entities.c | 36 +++++++++++++++++++++++-------------
9
+ 1 file changed, 23 insertions(+), 13 deletions(-)
10
+
11
+ diff --git a/entities.c b/entities.c
12
+ index 6aef49f..859ec3b 100644
13
+ --- a/entities.c
14
+ +++ b/entities.c
15
+ @@ -528,13 +528,13 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) {
16
+ * Macro used to grow the current buffer.
17
+ */
18
+ #define growBufferReentrant() { \
19
+ - buffer_size *= 2; \
20
+ - buffer = (xmlChar *) \
21
+ - xmlRealloc(buffer, buffer_size * sizeof(xmlChar)); \
22
+ - if (buffer == NULL) { \
23
+ - xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");\
24
+ - return(NULL); \
25
+ - } \
26
+ + xmlChar *tmp; \
27
+ + size_t new_size = buffer_size *= 2; \
28
+ + if (new_size < buffer_size) goto mem_error; \
29
+ + tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
30
+ + if (tmp == NULL) goto mem_error; \
31
+ + buffer = tmp; \
32
+ + buffer_size = new_size; \
33
+ }
34
+
35
+
36
+ @@ -555,7 +555,7 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
37
+ const xmlChar *cur = input;
38
+ xmlChar *buffer = NULL;
39
+ xmlChar *out = NULL;
40
+ - int buffer_size = 0;
41
+ + size_t buffer_size = 0;
42
+ int html = 0;
43
+
44
+ if (input == NULL) return(NULL);
45
+ @@ -574,8 +574,8 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
46
+ out = buffer;
47
+
48
+ while (*cur != '\0') {
49
+ - if (out - buffer > buffer_size - 100) {
50
+ - int indx = out - buffer;
51
+ + size_t indx = out - buffer;
52
+ + if (indx + 100 > buffer_size) {
53
+
54
+ growBufferReentrant();
55
+ out = &buffer[indx];
56
+ @@ -692,6 +692,11 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
57
+ }
58
+ *out = 0;
59
+ return(buffer);
60
+ +
61
+ +mem_error:
62
+ + xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");
63
+ + xmlFree(buffer);
64
+ + return(NULL);
65
+ }
66
+
67
+ /**
68
+ @@ -709,7 +714,7 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
69
+ const xmlChar *cur = input;
70
+ xmlChar *buffer = NULL;
71
+ xmlChar *out = NULL;
72
+ - int buffer_size = 0;
73
+ + size_t buffer_size = 0;
74
+ if (input == NULL) return(NULL);
75
+
76
+ /*
77
+ @@ -724,8 +729,8 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
78
+ out = buffer;
79
+
80
+ while (*cur != '\0') {
81
+ - if (out - buffer > buffer_size - 10) {
82
+ - int indx = out - buffer;
83
+ + size_t indx = out - buffer;
84
+ + if (indx + 10 > buffer_size) {
85
+
86
+ growBufferReentrant();
87
+ out = &buffer[indx];
88
+ @@ -774,6 +779,11 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
89
+ }
90
+ *out = 0;
91
+ return(buffer);
92
+ +
93
+ +mem_error:
94
+ + xmlEntitiesErrMemory("xmlEncodeSpecialChars: realloc failed");
95
+ + xmlFree(buffer);
96
+ + return(NULL);
97
+ }
98
+
99
+ /**
100
+ --
101
+ 1.8.4.1
102
+
@@ -0,0 +1,26 @@
1
+ From 83bbfdfe1e804f8cdc72b86742364cf045dd8678 Mon Sep 17 00:00:00 2001
2
+ From: Aron Xu <happyaron.xu@gmail.com>
3
+ Date: Fri, 20 Jul 2012 15:41:34 +0800
4
+ Subject: [PATCH 3/9] Fix an error in previous commit
5
+
6
+ [Origin: baaf03f80f817bb34c421421e6cb4d68c353ac9a]
7
+ ---
8
+ entities.c | 2 +-
9
+ 1 file changed, 1 insertion(+), 1 deletion(-)
10
+
11
+ diff --git a/entities.c b/entities.c
12
+ index 859ec3b..7d06820 100644
13
+ --- a/entities.c
14
+ +++ b/entities.c
15
+ @@ -529,7 +529,7 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) {
16
+ */
17
+ #define growBufferReentrant() { \
18
+ xmlChar *tmp; \
19
+ - size_t new_size = buffer_size *= 2; \
20
+ + size_t new_size = buffer_size * 2; \
21
+ if (new_size < buffer_size) goto mem_error; \
22
+ tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
23
+ if (tmp == NULL) goto mem_error; \
24
+ --
25
+ 1.8.4.1
26
+