nokogiri 1.6.3.1-java → 1.6.4-java

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +7 -2
  3. data/CHANGELOG.ja.rdoc +16 -0
  4. data/CHANGELOG.rdoc +16 -0
  5. data/Gemfile +2 -2
  6. data/Manifest.txt +2 -11
  7. data/README.ja.rdoc +2 -2
  8. data/README.rdoc +2 -2
  9. data/Rakefile +1 -1
  10. data/build_all +17 -17
  11. data/dependencies.yml +1 -1
  12. data/ext/nokogiri/extconf.rb +115 -82
  13. data/ext/nokogiri/nokogiri.c +4 -0
  14. data/ext/nokogiri/xml_io.c +10 -6
  15. data/ext/nokogiri/xml_syntax_error.c +2 -1
  16. data/lib/nokogiri/css/parser.rb +175 -165
  17. data/lib/nokogiri/css/parser.y +8 -2
  18. data/lib/nokogiri/css/tokenizer.rb +1 -1
  19. data/lib/nokogiri/css/tokenizer.rex +1 -1
  20. data/lib/nokogiri/nokogiri.jar +0 -0
  21. data/lib/nokogiri/version.rb +3 -1
  22. data/ports/patches/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch +29 -0
  23. data/ports/patches/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch +31 -0
  24. data/test/css/test_parser.rb +5 -0
  25. data/test/css/test_tokenizer.rb +17 -0
  26. data/test/html/test_document.rb +5 -5
  27. data/test/html/test_document_fragment.rb +5 -0
  28. data/test/xml/test_builder.rb +1 -1
  29. data/test/xml/test_document.rb +1 -9
  30. data/test/xml/test_entity_reference.rb +9 -3
  31. data/test/xml/test_node.rb +1 -1
  32. data/test/xml/test_syntax_error.rb +18 -0
  33. data/test/xml/test_xpath.rb +2 -0
  34. data/test_all +2 -2
  35. metadata +9 -18
  36. data/ports/patches/libxml2/0001-Fix-parser-local-buffers-size-problems.patch +0 -265
  37. data/ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch +0 -102
  38. data/ports/patches/libxml2/0003-Fix-an-error-in-previous-commit.patch +0 -26
  39. data/ports/patches/libxml2/0004-Fix-potential-out-of-bound-access.patch +0 -26
  40. data/ports/patches/libxml2/0005-Detect-excessive-entities-expansion-upon-replacement.patch +0 -158
  41. data/ports/patches/libxml2/0006-Do-not-fetch-external-parsed-entities.patch +0 -78
  42. data/ports/patches/libxml2/0007-Enforce-XML_PARSER_EOF-state-handling-through-the-pa.patch +0 -480
  43. data/ports/patches/libxml2/0008-Improve-handling-of-xmlStopParser.patch +0 -315
  44. data/ports/patches/libxml2/0009-Fix-a-couple-of-return-without-value.patch +0 -37
  45. data/ports/patches/libxml2/0010-Keep-non-significant-blanks-node-in-HTML-parser.patch +0 -2006
  46. data/ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch +0 -39
@@ -10,13 +10,12 @@ rule
10
10
  result = [val.first, val.last].flatten
11
11
  }
12
12
  | prefixless_combinator_selector { result = val.flatten }
13
- | simple_selector_1toN { result = val.flatten }
13
+ | optional_S simple_selector_1toN { result = [val.last].flatten }
14
14
  ;
15
15
  combinator
16
16
  : PLUS { result = :DIRECT_ADJACENT_SELECTOR }
17
17
  | GREATER { result = :CHILD_SELECTOR }
18
18
  | TILDE { result = :FOLLOWING_SELECTOR }
19
- | S { result = :DESCENDANT_SELECTOR }
20
19
  | DOUBLESLASH { result = :DESCENDANT_SELECTOR }
21
20
  | SLASH { result = :CHILD_SELECTOR }
22
21
  ;
@@ -50,6 +49,9 @@ rule
50
49
  : simple_selector combinator simple_selector_1toN {
51
50
  result = Node.new(val[1], [val.first, val.last])
52
51
  }
52
+ | simple_selector S simple_selector_1toN {
53
+ result = Node.new(:DESCENDANT_SELECTOR, [val.first, val.last])
54
+ }
53
55
  | simple_selector
54
56
  ;
55
57
  class
@@ -241,6 +243,10 @@ rule
241
243
  | element_name hcap_1toN
242
244
  | hcap_1toN
243
245
  ;
246
+ optional_S
247
+ : S
248
+ |
249
+ ;
244
250
  end
245
251
 
246
252
  ---- header
@@ -94,7 +94,7 @@ class Tokenizer # :nodoc:
94
94
  when (text = @ss.scan(/[\s]*\)/))
95
95
  action { [:RPAREN, text] }
96
96
 
97
- when (text = @ss.scan(/[\s]*\[[\s]*/))
97
+ when (text = @ss.scan(/\[[\s]*/))
98
98
  action { [:LSQUARE, text] }
99
99
 
100
100
  when (text = @ss.scan(/[\s]*\]/))
@@ -34,7 +34,7 @@ rule
34
34
  {w}!={w} { [:NOT_EQUAL, text] }
35
35
  {w}={w} { [:EQUAL, text] }
36
36
  {w}\) { [:RPAREN, text] }
37
- {w}\[{w} { [:LSQUARE, text] }
37
+ \[{w} { [:LSQUARE, text] }
38
38
  {w}\] { [:RSQUARE, text] }
39
39
  {w}\+{w} { [:PLUS, text] }
40
40
  {w}>{w} { [:GREATER, text] }
Binary file
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = '1.6.3.1'
3
+ VERSION = '1.6.4'
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
@@ -61,6 +61,8 @@ module Nokogiri
61
61
  hash_info['libxml']['source'] = "packaged"
62
62
  hash_info['libxml']['libxml2_path'] = NOKOGIRI_LIBXML2_PATH
63
63
  hash_info['libxml']['libxslt_path'] = NOKOGIRI_LIBXSLT_PATH
64
+ hash_info['libxml']['libxml2_patches'] = NOKOGIRI_LIBXML2_PATCHES
65
+ hash_info['libxml']['libxslt_patches'] = NOKOGIRI_LIBXSLT_PATCHES
64
66
  else
65
67
  hash_info['libxml']['source'] = "system"
66
68
  end
@@ -0,0 +1,29 @@
1
+ From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Fri, 17 Oct 2014 17:13:41 +0800
4
+ Subject: [PATCH] Revert "Missing initialization for the catalog module"
5
+
6
+ This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
7
+ As this break xmlcatalog command
8
+ https://bugzilla.redhat.com/show_bug.cgi?id=1153753
9
+ ---
10
+ parser.c | 3 ---
11
+ 1 file changed, 3 deletions(-)
12
+
13
+ diff --git a/parser.c b/parser.c
14
+ index 1d93967..67c9dfd 100644
15
+ --- a/parser.c
16
+ +++ b/parser.c
17
+ @@ -14830,9 +14830,6 @@ xmlInitParser(void) {
18
+ #ifdef LIBXML_XPATH_ENABLED
19
+ xmlXPathInit();
20
+ #endif
21
+ -#ifdef LIBXML_CATALOG_ENABLED
22
+ - xmlInitializeCatalog();
23
+ -#endif
24
+ xmlParserInitialized = 1;
25
+ #ifdef LIBXML_THREAD_ENABLED
26
+ }
27
+ --
28
+ 2.1.2
29
+
@@ -0,0 +1,31 @@
1
+ From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Thu, 23 Oct 2014 11:35:36 +0800
4
+ Subject: [PATCH] Fix missing entities after CVE-2014-3660 fix
5
+
6
+ For https://bugzilla.gnome.org/show_bug.cgi?id=738805
7
+
8
+ The fix for CVE-2014-3660 introduced a regression in some case
9
+ where entity substitution is required and the entity is used
10
+ first in anotther entity referenced from an attribute value
11
+ ---
12
+ parser.c | 3 ++-
13
+ 1 file changed, 2 insertions(+), 1 deletion(-)
14
+
15
+ diff --git a/parser.c b/parser.c
16
+ index 67c9dfd..a8d1b67 100644
17
+ --- a/parser.c
18
+ +++ b/parser.c
19
+ @@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
20
+ * far more secure as the parser will only process data coming from
21
+ * the document entity by default.
22
+ */
23
+ - if ((ent->checked == 0) &&
24
+ + if (((ent->checked == 0) ||
25
+ + ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
26
+ ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
27
+ (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
28
+ unsigned long oldnbent = ctxt->nbentities;
29
+ --
30
+ 2.1.2
31
+
@@ -274,6 +274,11 @@ module Nokogiri
274
274
  @parser.parse('a:active.foo')
275
275
  end
276
276
 
277
+ def test_significant_space
278
+ assert_xpath "//x//*[count(preceding-sibling::*) = 0]//*[@a]//*[@b]", @parser.parse("x :first-child [a] [b]")
279
+ assert_xpath "//*[@a]//*[@b]", @parser.parse(" [a] [b]")
280
+ end
281
+
277
282
  def test_star
278
283
  assert_xpath "//*", @parser.parse('*')
279
284
  assert_xpath "//*[contains(concat(' ', normalize-space(@class), ' '), ' pastoral ')]",
@@ -186,6 +186,23 @@ module Nokogiri
186
186
  ], @scanner)
187
187
  end
188
188
 
189
+ def test_significant_space
190
+ @scanner.scan('x :first-child [a] [b]')
191
+ assert_tokens([ [:IDENT, 'x'],
192
+ [:S, ' '],
193
+ [':', ':'],
194
+ [:IDENT, 'first-child'],
195
+ [:S, ' '],
196
+ [:LSQUARE, '['],
197
+ [:IDENT, 'a'],
198
+ [:RSQUARE, ']'],
199
+ [:S, ' '],
200
+ [:LSQUARE, '['],
201
+ [:IDENT, 'b'],
202
+ [:RSQUARE, ']'],
203
+ ], @scanner)
204
+ end
205
+
189
206
  def assert_tokens(tokens, scanner)
190
207
  toks = []
191
208
  while tok = @scanner.next_token
@@ -221,7 +221,7 @@ eohtml
221
221
  title = doc.at('/html/head/title')
222
222
  assert_not_nil title
223
223
  assert_equal 'new', title.text
224
- assert_equal -1, doc.at('meta[@http-equiv]') <=> title
224
+ assert_equal(-1, doc.at('meta[@http-equiv]') <=> title)
225
225
 
226
226
  doc = Nokogiri::HTML(<<eohtml)
227
227
  <html>
@@ -236,7 +236,7 @@ eohtml
236
236
  title = doc.at('/html//title')
237
237
  assert_not_nil title
238
238
  assert_equal 'new', title.text
239
- assert_equal -1, title <=> doc.at('body')
239
+ assert_equal(-1, title <=> doc.at('body'))
240
240
 
241
241
  doc = Nokogiri::HTML(<<eohtml)
242
242
  <html>
@@ -248,14 +248,14 @@ eohtml
248
248
  eohtml
249
249
  doc.title = 'new'
250
250
  assert_equal 'new', doc.title
251
- assert_equal -1, doc.at('meta[@charset]') <=> doc.at('title')
252
- assert_equal -1, doc.at('title') <=> doc.at('body')
251
+ assert_equal(-1, doc.at('meta[@charset]') <=> doc.at('title'))
252
+ assert_equal(-1, doc.at('title') <=> doc.at('body'))
253
253
 
254
254
  doc = Nokogiri::HTML('<!DOCTYPE html><p>hello')
255
255
  doc.title = 'new'
256
256
  assert_equal 'new', doc.title
257
257
  assert_instance_of Nokogiri::XML::DTD, doc.children.first
258
- assert_equal -1, doc.at('title') <=> doc.at('p')
258
+ assert_equal(-1, doc.at('title') <=> doc.at('p'))
259
259
 
260
260
  doc = Nokogiri::HTML('')
261
261
  doc.title = 'new'
@@ -230,6 +230,11 @@ module Nokogiri
230
230
  fragment.to_s)
231
231
  end
232
232
 
233
+ def test_element_children_counts
234
+ doc = Nokogiri::HTML::DocumentFragment.parse(" <div> </div>\n ")
235
+ assert doc.element_children.count == 1
236
+ end
237
+
233
238
  def test_malformed_fragment_is_corrected
234
239
  fragment = HTML::DocumentFragment.parse("<div </div>")
235
240
  assert_equal "<div></div>", fragment.to_s
@@ -14,7 +14,7 @@ module Nokogiri
14
14
  end
15
15
 
16
16
  def test_builder_multiple_nodes
17
- builder = Nokogiri::XML::Builder.new do |xml|
17
+ Nokogiri::XML::Builder.new do |xml|
18
18
  0.upto(10) do
19
19
  xml.text "test"
20
20
  end
@@ -54,7 +54,7 @@ module Nokogiri
54
54
  root << txt
55
55
  root << ent
56
56
  d << root
57
- assert_match /&#8217;/, d.to_html
57
+ assert_match(/&#8217;/, d.to_html)
58
58
  end
59
59
 
60
60
  def test_document_with_initial_space
@@ -376,14 +376,6 @@ module Nokogiri
376
376
  end
377
377
  end
378
378
 
379
- def test_prepend_child_fragment_with_multiple_nodes
380
- doc = Nokogiri::XML::Document.new
381
- fragment = doc.fragment('<hello /><goodbye />')
382
- assert_raises(RuntimeError) do
383
- doc.prepend_child fragment
384
- end
385
- end
386
-
387
379
  def test_prepend_child_with_multiple_roots
388
380
  assert_raises(RuntimeError) do
389
381
  @xml.prepend_child Node.new('foo', @xml)
@@ -26,7 +26,7 @@ EOF
26
26
  doc = Nokogiri::XML xml
27
27
  lf_node = Nokogiri::XML::EntityReference.new(doc, "#xa")
28
28
  doc.xpath('/item').first.add_child(lf_node)
29
- assert_match /&#xa;/, doc.to_xml
29
+ assert_match(/&#xa;/, doc.to_xml)
30
30
  end
31
31
  end
32
32
 
@@ -236,9 +236,15 @@ EOF
236
236
  reader = Nokogiri::XML::Reader html, path do |cfg|
237
237
  cfg.default_xml
238
238
  end
239
- assert_raises(Nokogiri::XML::SyntaxError) do
240
- reader.each { |n| n }
239
+ if Nokogiri.uses_libxml? && Nokogiri::LIBXML_PARSER_VERSION.to_i >= 20900
240
+ # Unknown entity is not fatal in libxml2 >= 2.9
241
+ assert_equal 8, reader.count
242
+ else
243
+ assert_raises(Nokogiri::XML::SyntaxError) {
244
+ assert_equal 5, reader.count
245
+ }
241
246
  end
247
+ assert_operator reader.errors.size, :>, 0
242
248
  end
243
249
  end
244
250
  end
@@ -858,7 +858,7 @@ b"></div>
858
858
  ne = d1.root.xpath('//a').first.dup(1)
859
859
  ne.content += "& < & > \" &"
860
860
  d2.root << ne
861
- assert_match /<a>&amp;&amp; &lt; &amp; &gt; \" &amp;<\/a>/, d2.to_s
861
+ assert_match(/<a>&amp;&amp; &lt; &amp; &gt; \" &amp;<\/a>/, d2.to_s)
862
862
  end
863
863
 
864
864
  def test_content_after_appending_text
@@ -7,6 +7,24 @@ module Nokogiri
7
7
  error = Nokogiri::XML::SyntaxError.new 'hello'
8
8
  assert_equal 'hello', error.message
9
9
  end
10
+
11
+ def test_pushing_to_array
12
+ reader = Nokogiri::XML::Reader(StringIO.new('&bogus;'))
13
+ assert_raises(SyntaxError) {
14
+ reader.read
15
+ }
16
+ assert_equal [SyntaxError], reader.errors.map(&:class) unless Nokogiri.jruby? # needs investigation
17
+ end
18
+
19
+ def test_pushing_to_non_array
20
+ reader = Nokogiri::XML::Reader(StringIO.new('&bogus;'))
21
+ def reader.errors
22
+ 1
23
+ end
24
+ assert_raises(TypeError) {
25
+ reader.read
26
+ }
27
+ end unless Nokogiri.jruby? # which does not internally call `errors`
10
28
  end
11
29
  end
12
30
  end
@@ -156,6 +156,8 @@ module Nokogiri
156
156
 
157
157
  # issue #741 (xpath() around 10x slower in JRuby)
158
158
  def test_slow_jruby_xpath
159
+ skip("MRI will exceed this timeout when running under valgrind") unless Nokogiri.jruby?
160
+
159
161
  doc = Nokogiri::XML(File.open(XPATH_FILE))
160
162
  start = Time.now
161
163
 
data/test_all CHANGED
@@ -10,7 +10,7 @@
10
10
  # (e.g., 1.9.3's glob_helper). ["rake test:valgrind:suppression"]
11
11
  #
12
12
 
13
- RUBIES="ruby-1.9.3 ruby-1.9.2 ruby-2.0 ruby-2.1 jruby-1.7"
13
+ RUBIES="ruby-2.2.0-preview1 ruby-2.1 ruby-2.0.0-p481 ruby-1.9.3 jruby-1.7.15"
14
14
  TEST_LOG=test.log
15
15
  VALGRIND_LOG=valgrind.log
16
16
 
@@ -29,7 +29,7 @@ set -o errexit
29
29
 
30
30
  function rvm_use {
31
31
  current_ruby=$1
32
- rvm use "${1}@nokogiri" --create || rvm -v
32
+ rvm use "${1}@nokogiri" --create
33
33
  }
34
34
 
35
35
  function generate_parser_and_tokenizer {
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.3.1
4
+ version: 1.6.4
5
5
  platform: java
6
6
  authors:
7
7
  - Aaron Patterson
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2014-07-22 00:00:00.000000000 Z
15
+ date: 2014-11-05 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: rdoc
@@ -160,12 +160,12 @@ dependencies:
160
160
  requirements:
161
161
  - - ~>
162
162
  - !ruby/object:Gem::Version
163
- version: '3.7'
163
+ version: '3.13'
164
164
  requirement: !ruby/object:Gem::Requirement
165
165
  requirements:
166
166
  - - ~>
167
167
  - !ruby/object:Gem::Version
168
- version: '3.7'
168
+ version: '3.13'
169
169
  prerelease: false
170
170
  type: :development
171
171
  description: |-
@@ -429,7 +429,6 @@ files:
429
429
  - lib/nokogiri/html/sax/parser.rb
430
430
  - lib/nokogiri/html/sax/parser_context.rb
431
431
  - lib/nokogiri/html/sax/push_parser.rb
432
- - lib/nokogiri/nokogiri.jar
433
432
  - lib/nokogiri/syntax_error.rb
434
433
  - lib/nokogiri/version.rb
435
434
  - lib/nokogiri/xml.rb
@@ -471,17 +470,8 @@ files:
471
470
  - lib/nokogiri/xslt/stylesheet.rb
472
471
  - lib/xercesImpl.jar
473
472
  - lib/xsd/xmlparser/nokogiri.rb
474
- - ports/patches/libxml2/0001-Fix-parser-local-buffers-size-problems.patch
475
- - ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch
476
- - ports/patches/libxml2/0003-Fix-an-error-in-previous-commit.patch
477
- - ports/patches/libxml2/0004-Fix-potential-out-of-bound-access.patch
478
- - ports/patches/libxml2/0005-Detect-excessive-entities-expansion-upon-replacement.patch
479
- - ports/patches/libxml2/0006-Do-not-fetch-external-parsed-entities.patch
480
- - ports/patches/libxml2/0007-Enforce-XML_PARSER_EOF-state-handling-through-the-pa.patch
481
- - ports/patches/libxml2/0008-Improve-handling-of-xmlStopParser.patch
482
- - ports/patches/libxml2/0009-Fix-a-couple-of-return-without-value.patch
483
- - ports/patches/libxml2/0010-Keep-non-significant-blanks-node-in-HTML-parser.patch
484
- - ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch
473
+ - ports/patches/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch
474
+ - ports/patches/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch
485
475
  - ports/patches/libxslt/0001-Adding-doc-update-related-to-1.1.28.patch
486
476
  - ports/patches/libxslt/0002-Fix-a-couple-of-places-where-f-printf-parameters-wer.patch
487
477
  - ports/patches/libxslt/0003-Initialize-pseudo-random-number-generator-with-curre.patch
@@ -607,6 +597,7 @@ files:
607
597
  - test/xslt/test_custom_functions.rb
608
598
  - test/xslt/test_exception_handling.rb
609
599
  - test_all
600
+ - lib/nokogiri/nokogiri.jar
610
601
  homepage: http://nokogiri.org
611
602
  licenses:
612
603
  - MIT
@@ -628,8 +619,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
628
619
  - !ruby/object:Gem::Version
629
620
  version: '0'
630
621
  requirements: []
631
- rubyforge_project: nokogiri
632
- rubygems_version: 2.2.2
622
+ rubyforge_project:
623
+ rubygems_version: 2.1.9
633
624
  signing_key:
634
625
  specification_version: 4
635
626
  summary: Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser
@@ -1,265 +0,0 @@
1
- From bc168aab5749acbe6630a29be4dcfabf0a81e2da Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Tue, 17 Jul 2012 16:19:17 +0800
4
- Subject: [PATCH 1/9] Fix parser local buffers size problems
5
-
6
- [Origin: 459eeb9dc752d5185f57ff6b135027f11981a626]
7
- ---
8
- parser.c | 74 +++++++++++++++++++++++++++++++++++++---------------------------
9
- 1 file changed, 43 insertions(+), 31 deletions(-)
10
-
11
- diff --git a/parser.c b/parser.c
12
- index 2c38fae..9863275 100644
13
- --- a/parser.c
14
- +++ b/parser.c
15
- @@ -40,6 +40,7 @@
16
- #endif
17
-
18
- #include <stdlib.h>
19
- +#include <limits.h>
20
- #include <string.h>
21
- #include <stdarg.h>
22
- #include <libxml/xmlmemory.h>
23
- @@ -117,10 +118,10 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
24
- * parser option.
25
- */
26
- static int
27
- -xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size,
28
- +xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
29
- xmlEntityPtr ent)
30
- {
31
- - unsigned long consumed = 0;
32
- + size_t consumed = 0;
33
-
34
- if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE))
35
- return (0);
36
- @@ -2589,15 +2590,17 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
37
-
38
- /*
39
- * Macro used to grow the current buffer.
40
- + * buffer##_size is expected to be a size_t
41
- + * mem_error: is expected to handle memory allocation failures
42
- */
43
- #define growBuffer(buffer, n) { \
44
- xmlChar *tmp; \
45
- - buffer##_size *= 2; \
46
- - buffer##_size += n; \
47
- - tmp = (xmlChar *) \
48
- - xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \
49
- + size_t new_size = buffer##_size * 2 + n; \
50
- + if (new_size < buffer##_size) goto mem_error; \
51
- + tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
52
- if (tmp == NULL) goto mem_error; \
53
- buffer = tmp; \
54
- + buffer##_size = new_size; \
55
- }
56
-
57
- /**
58
- @@ -2623,14 +2626,14 @@ xmlChar *
59
- xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
60
- int what, xmlChar end, xmlChar end2, xmlChar end3) {
61
- xmlChar *buffer = NULL;
62
- - int buffer_size = 0;
63
- + size_t buffer_size = 0;
64
- + size_t nbchars = 0;
65
-
66
- xmlChar *current = NULL;
67
- xmlChar *rep = NULL;
68
- const xmlChar *last;
69
- xmlEntityPtr ent;
70
- int c,l;
71
- - int nbchars = 0;
72
-
73
- if ((ctxt == NULL) || (str == NULL) || (len < 0))
74
- return(NULL);
75
- @@ -2647,7 +2650,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
76
- * allocate a translation buffer.
77
- */
78
- buffer_size = XML_PARSER_BIG_BUFFER_SIZE;
79
- - buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar));
80
- + buffer = (xmlChar *) xmlMallocAtomic(buffer_size);
81
- if (buffer == NULL) goto mem_error;
82
-
83
- /*
84
- @@ -2667,7 +2670,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
85
- if (val != 0) {
86
- COPY_BUF(0,buffer,nbchars,val);
87
- }
88
- - if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
89
- + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
90
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
91
- }
92
- } else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) {
93
- @@ -2685,7 +2688,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
94
- (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
95
- if (ent->content != NULL) {
96
- COPY_BUF(0,buffer,nbchars,ent->content[0]);
97
- - if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
98
- + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
99
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
100
- }
101
- } else {
102
- @@ -2702,8 +2705,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
103
- current = rep;
104
- while (*current != 0) { /* non input consuming loop */
105
- buffer[nbchars++] = *current++;
106
- - if (nbchars >
107
- - buffer_size - XML_PARSER_BUFFER_SIZE) {
108
- + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
109
- if (xmlParserEntityCheck(ctxt, nbchars, ent))
110
- goto int_error;
111
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
112
- @@ -2717,7 +2719,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
113
- const xmlChar *cur = ent->name;
114
-
115
- buffer[nbchars++] = '&';
116
- - if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
117
- + if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) {
118
- growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
119
- }
120
- for (;i > 0;i--)
121
- @@ -2745,8 +2747,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
122
- current = rep;
123
- while (*current != 0) { /* non input consuming loop */
124
- buffer[nbchars++] = *current++;
125
- - if (nbchars >
126
- - buffer_size - XML_PARSER_BUFFER_SIZE) {
127
- + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
128
- if (xmlParserEntityCheck(ctxt, nbchars, ent))
129
- goto int_error;
130
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
131
- @@ -2759,8 +2760,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
132
- } else {
133
- COPY_BUF(l,buffer,nbchars,c);
134
- str += l;
135
- - if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
136
- - growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
137
- + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
138
- + growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
139
- }
140
- }
141
- if (str < last)
142
- @@ -3764,8 +3765,8 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
143
- xmlChar limit = 0;
144
- xmlChar *buf = NULL;
145
- xmlChar *rep = NULL;
146
- - int len = 0;
147
- - int buf_size = 0;
148
- + size_t len = 0;
149
- + size_t buf_size = 0;
150
- int c, l, in_space = 0;
151
- xmlChar *current = NULL;
152
- xmlEntityPtr ent;
153
- @@ -3787,7 +3788,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
154
- * allocate a translation buffer.
155
- */
156
- buf_size = XML_PARSER_BUFFER_SIZE;
157
- - buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar));
158
- + buf = (xmlChar *) xmlMallocAtomic(buf_size);
159
- if (buf == NULL) goto mem_error;
160
-
161
- /*
162
- @@ -3804,7 +3805,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
163
-
164
- if (val == '&') {
165
- if (ctxt->replaceEntities) {
166
- - if (len > buf_size - 10) {
167
- + if (len + 10 > buf_size) {
168
- growBuffer(buf, 10);
169
- }
170
- buf[len++] = '&';
171
- @@ -3813,7 +3814,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
172
- * The reparsing will be done in xmlStringGetNodeList()
173
- * called by the attribute() function in SAX.c
174
- */
175
- - if (len > buf_size - 10) {
176
- + if (len + 10 > buf_size) {
177
- growBuffer(buf, 10);
178
- }
179
- buf[len++] = '&';
180
- @@ -3823,7 +3824,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
181
- buf[len++] = ';';
182
- }
183
- } else if (val != 0) {
184
- - if (len > buf_size - 10) {
185
- + if (len + 10 > buf_size) {
186
- growBuffer(buf, 10);
187
- }
188
- len += xmlCopyChar(0, &buf[len], val);
189
- @@ -3835,7 +3836,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
190
- ctxt->nbentities += ent->owner;
191
- if ((ent != NULL) &&
192
- (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
193
- - if (len > buf_size - 10) {
194
- + if (len + 10 > buf_size) {
195
- growBuffer(buf, 10);
196
- }
197
- if ((ctxt->replaceEntities == 0) &&
198
- @@ -3863,7 +3864,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
199
- current++;
200
- } else
201
- buf[len++] = *current++;
202
- - if (len > buf_size - 10) {
203
- + if (len + 10 > buf_size) {
204
- growBuffer(buf, 10);
205
- }
206
- }
207
- @@ -3871,7 +3872,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
208
- rep = NULL;
209
- }
210
- } else {
211
- - if (len > buf_size - 10) {
212
- + if (len + 10 > buf_size) {
213
- growBuffer(buf, 10);
214
- }
215
- if (ent->content != NULL)
216
- @@ -3899,7 +3900,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
217
- * Just output the reference
218
- */
219
- buf[len++] = '&';
220
- - while (len > buf_size - i - 10) {
221
- + while (len + i + 10 > buf_size) {
222
- growBuffer(buf, i + 10);
223
- }
224
- for (;i > 0;i--)
225
- @@ -3912,7 +3913,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
226
- if ((len != 0) || (!normalize)) {
227
- if ((!normalize) || (!in_space)) {
228
- COPY_BUF(l,buf,len,0x20);
229
- - while (len > buf_size - 10) {
230
- + while (len + 10 > buf_size) {
231
- growBuffer(buf, 10);
232
- }
233
- }
234
- @@ -3921,7 +3922,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
235
- } else {
236
- in_space = 0;
237
- COPY_BUF(l,buf,len,c);
238
- - if (len > buf_size - 10) {
239
- + if (len + 10 > buf_size) {
240
- growBuffer(buf, 10);
241
- }
242
- }
243
- @@ -3946,7 +3947,18 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
244
- }
245
- } else
246
- NEXT;
247
- - if (attlen != NULL) *attlen = len;
248
- +
249
- + /*
250
- + * There we potentially risk an overflow, don't allow attribute value of
251
- + * lenght more than INT_MAX it is a very reasonnable assumption !
252
- + */
253
- + if (len >= INT_MAX) {
254
- + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
255
- + "AttValue lenght too long\n");
256
- + goto mem_error;
257
- + }
258
- +
259
- + if (attlen != NULL) *attlen = (int) len;
260
- return(buf);
261
-
262
- mem_error:
263
- --
264
- 1.8.4.1
265
-