nokogiri 1.6.3.1 → 1.6.4

data/ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch

@@ -1,102 +0,0 @@
-From 64d7de23165b706510f4ce4f29d96552eeb257d7 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Wed, 18 Jul 2012 11:38:17 +0800
-Subject: [PATCH 2/9] Fix entities local buffers size problems
-
-[Origin: 4f9fdc709c4861c390cd84e2ed1fd878b3442e28]
----
- entities.c | 36 +++++++++++++++++++++++-------------
- 1 file changed, 23 insertions(+), 13 deletions(-)
-
-diff --git a/entities.c b/entities.c
-index 6aef49f..859ec3b 100644
---- a/entities.c
-+++ b/entities.c
-@@ -528,13 +528,13 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) {
-  * Macro used to grow the current buffer.
-  */
- #define growBufferReentrant() {						\
--    buffer_size *= 2;							\
--    buffer = (xmlChar *)						\
--    		xmlRealloc(buffer, buffer_size * sizeof(xmlChar));	\
--    if (buffer == NULL) {						\
--        xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");\
--	return(NULL);							\
--    }									\
-+    xmlChar *tmp;                                                       \
-+    size_t new_size = buffer_size *= 2;                                 \
-+    if (new_size < buffer_size) goto mem_error;                         \
-+    tmp = (xmlChar *) xmlRealloc(buffer, new_size);	                \
-+    if (tmp == NULL) goto mem_error;                                    \
-+    buffer = tmp;							\
-+    buffer_size = new_size;						\
- }
- 
- 
-@@ -555,7 +555,7 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
-     const xmlChar *cur = input;
-     xmlChar *buffer = NULL;
-     xmlChar *out = NULL;
--    int buffer_size = 0;
-+    size_t buffer_size = 0;
-     int html = 0;
- 
-     if (input == NULL) return(NULL);
-@@ -574,8 +574,8 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
-     out = buffer;
- 
-     while (*cur != '\0') {
--        if (out - buffer > buffer_size - 100) {
--	    int indx = out - buffer;
-+        size_t indx = out - buffer;
-+        if (indx + 100 > buffer_size) {
- 
- 	    growBufferReentrant();
- 	    out = &buffer[indx];
-@@ -692,6 +692,11 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
-     }
-     *out = 0;
-     return(buffer);
-+
-+mem_error:
-+    xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");
-+    xmlFree(buffer);
-+    return(NULL);
- }
- 
- /**
-@@ -709,7 +714,7 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
-     const xmlChar *cur = input;
-     xmlChar *buffer = NULL;
-     xmlChar *out = NULL;
--    int buffer_size = 0;
-+    size_t buffer_size = 0;
-     if (input == NULL) return(NULL);
- 
-     /*
-@@ -724,8 +729,8 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
-     out = buffer;
- 
-     while (*cur != '\0') {
--        if (out - buffer > buffer_size - 10) {
--	    int indx = out - buffer;
-+        size_t indx = out - buffer;
-+        if (indx + 10 > buffer_size) {
- 
- 	    growBufferReentrant();
- 	    out = &buffer[indx];
-@@ -774,6 +779,11 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
-     }
-     *out = 0;
-     return(buffer);
-+
-+mem_error:
-+    xmlEntitiesErrMemory("xmlEncodeSpecialChars: realloc failed");
-+    xmlFree(buffer);
-+    return(NULL);
- }
- 
- /**
--- 
-1.8.4.1
-

data/ports/patches/libxml2/0003-Fix-an-error-in-previous-commit.patch

@@ -1,26 +0,0 @@
-From 83bbfdfe1e804f8cdc72b86742364cf045dd8678 Mon Sep 17 00:00:00 2001
-From: Aron Xu <happyaron.xu@gmail.com>
-Date: Fri, 20 Jul 2012 15:41:34 +0800
-Subject: [PATCH 3/9] Fix an error in previous commit
-
-[Origin: baaf03f80f817bb34c421421e6cb4d68c353ac9a]
----
- entities.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/entities.c b/entities.c
-index 859ec3b..7d06820 100644
---- a/entities.c
-+++ b/entities.c
-@@ -529,7 +529,7 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) {
-  */
- #define growBufferReentrant() {						\
-     xmlChar *tmp;                                                       \
--    size_t new_size = buffer_size *= 2;                                 \
-+    size_t new_size = buffer_size * 2;                                  \
-     if (new_size < buffer_size) goto mem_error;                         \
-     tmp = (xmlChar *) xmlRealloc(buffer, new_size);	                \
-     if (tmp == NULL) goto mem_error;                                    \
--- 
-1.8.4.1
-

data/ports/patches/libxml2/0004-Fix-potential-out-of-bound-access.patch

@@ -1,26 +0,0 @@
-From c8385ccac9e9723a1f87da1c29da56d97df4af85 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 29 Oct 2012 10:39:55 +0800
-Subject: [PATCH 4/9] Fix potential out of bound access
-
-[Origin: 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d]
----
- parser.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index 9863275..e1b0364 100644
---- a/parser.c
-+++ b/parser.c
-@@ -3932,7 +3932,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 	c = CUR_CHAR(l);
-     }
-     if ((in_space) && (normalize)) {
--        while (buf[len - 1] == 0x20) len--;
-+        while ((len > 0) && (buf[len - 1] == 0x20)) len--;
-     }
-     buf[len] = 0;
-     if (RAW == '<') {
--- 
-1.8.4.1
-

data/ports/patches/libxml2/0005-Detect-excessive-entities-expansion-upon-replacement.patch

@@ -1,158 +0,0 @@
-From e8b2f1774cfffce792f38eb1116ea1104758cfc5 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 19 Feb 2013 10:21:49 +0800
-Subject: [PATCH 5/9] Detect excessive entities expansion upon replacement
-
-If entities expansion in the XML parser is asked for,
-it is possble to craft relatively small input document leading
-to excessive on-the-fly content generation.
-This patch accounts for those replacement and stop parsing
-after a given threshold. it can be bypassed as usual with the
-HUGE parser option.
-
-[Origin: 23f05e0c33987d6605387b300c4be5da2120a7ab]
----
- include/libxml/parser.h |  1 +
- parser.c                | 44 ++++++++++++++++++++++++++++++++++++++------
- parserInternals.c       |  2 ++
- 3 files changed, 41 insertions(+), 6 deletions(-)
-
-diff --git a/include/libxml/parser.h b/include/libxml/parser.h
-index 04edb9d..5b36584 100644
---- a/include/libxml/parser.h
-+++ b/include/libxml/parser.h
-@@ -310,6 +310,7 @@ struct _xmlParserCtxt {
-     xmlParserNodeInfo *nodeInfoTab;   /* array of nodeInfos */
- 
-     int                input_id;      /* we need to label inputs */
-+    unsigned long      sizeentcopy;   /* volume of entity copy */
- };
- 
- /**
-diff --git a/parser.c b/parser.c
-index e1b0364..b206f05 100644
---- a/parser.c
-+++ b/parser.c
-@@ -119,7 +119,7 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
-  */
- static int
- xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
--                     xmlEntityPtr ent)
-+                     xmlEntityPtr ent, size_t replacement)
- {
-     size_t consumed = 0;
- 
-@@ -127,7 +127,24 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-         return (0);
-     if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
-         return (1);
--    if (size != 0) {
-+    if (replacement != 0) {
-+	if (replacement < XML_MAX_TEXT_LENGTH)
-+	    return(0);
-+
-+        /*
-+	 * If the volume of entity copy reaches 10 times the
-+	 * amount of parsed data and over the large text threshold
-+	 * then that's very likely to be an abuse.
-+	 */
-+        if (ctxt->input != NULL) {
-+	    consumed = ctxt->input->consumed +
-+	               (ctxt->input->cur - ctxt->input->base);
-+	}
-+        consumed += ctxt->sizeentities;
-+
-+        if (replacement < XML_PARSER_NON_LINEAR * consumed)
-+	    return(0);
-+    } else if (size != 0) {
-         /*
-          * Do the check based on the replacement size of the entity
-          */
-@@ -173,7 +190,6 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-          */
-         return (0);
-     }
--
-     xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
-     return (1);
- }
-@@ -2706,7 +2722,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 		    while (*current != 0) { /* non input consuming loop */
- 			buffer[nbchars++] = *current++;
- 			if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
--			    if (xmlParserEntityCheck(ctxt, nbchars, ent))
-+			    if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
- 				goto int_error;
- 			    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- 			}
-@@ -2748,7 +2764,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 		    while (*current != 0) { /* non input consuming loop */
- 			buffer[nbchars++] = *current++;
- 			if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
--			    if (xmlParserEntityCheck(ctxt, nbchars, ent))
-+			    if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
- 			        goto int_error;
- 			    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- 			}
-@@ -6976,7 +6992,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 	    xmlFreeNodeList(list);
- 	    return;
- 	}
--	if (xmlParserEntityCheck(ctxt, 0, ent)) {
-+	if (xmlParserEntityCheck(ctxt, 0, ent, 0)) {
- 	    xmlFreeNodeList(list);
- 	    return;
- 	}
-@@ -7136,6 +7152,13 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 		xmlNodePtr nw = NULL, cur, firstChild = NULL;
- 
- 		/*
-+		 * We are copying here, make sure there is no abuse
-+		 */
-+		ctxt->sizeentcopy += ent->length;
-+		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
-+		    return;
-+
-+		/*
- 		 * when operating on a reader, the entities definitions
- 		 * are always owning the entities subtree.
- 		if (ctxt->parseMode == XML_PARSE_READER)
-@@ -7175,6 +7198,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 	    } else if (list == NULL) {
- 		xmlNodePtr nw = NULL, cur, next, last,
- 			   firstChild = NULL;
-+
-+		/*
-+		 * We are copying here, make sure there is no abuse
-+		 */
-+		ctxt->sizeentcopy += ent->length;
-+		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
-+		    return;
-+
- 		/*
- 		 * Copy the entity child list and make it the new
- 		 * entity child list. The goal is to make sure any
-@@ -14355,6 +14386,7 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt)
-     ctxt->catalogs = NULL;
-     ctxt->nbentities = 0;
-     ctxt->sizeentities = 0;
-+    ctxt->sizeentcopy = 0;
-     xmlInitNodeInfoSeq(&ctxt->node_seq);
- 
-     if (ctxt->attsDefault != NULL) {
-diff --git a/parserInternals.c b/parserInternals.c
-index 746b7fd..d7e320c 100644
---- a/parserInternals.c
-+++ b/parserInternals.c
-@@ -1761,6 +1761,8 @@ xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
-     ctxt->charset = XML_CHAR_ENCODING_UTF8;
-     ctxt->catalogs = NULL;
-     ctxt->nbentities = 0;
-+    ctxt->sizeentities = 0;
-+    ctxt->sizeentcopy = 0;
-     ctxt->input_id = 1;
-     xmlInitNodeInfoSeq(&ctxt->node_seq);
-     return(0);
--- 
-1.8.4.1
-

data/ports/patches/libxml2/0006-Do-not-fetch-external-parsed-entities.patch

@@ -1,78 +0,0 @@
-From 8c222b89f6f68157283498d1bc6e0cce568c977b Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 23 Jul 2012 14:15:40 +0800
-Subject: [PATCH 6/9] Do not fetch external parsed entities
-
-Unless explicietely asked for when validating or replacing entities
-with their value. Problem pointed out by Tom Lane <tgl@redhat.com>
-
-* parser.c: do not load external parsed entities unless needed
-* test/errors/extparsedent.xml result/errors/extparsedent.xml*:
-  add a regression test to avoid change of the behaviour in the future
-
-[Origin: 4629ee02ac649c27f9c0cf98ba017c6b5526070f]
----
- parser.c                           | 11 +++++++++--
- result/errors/extparsedent.xml     |  5 +++++
- result/errors/extparsedent.xml.err |  0
- result/errors/extparsedent.xml.str |  0
- test/errors/extparsedent.xml       |  5 +++++
- 5 files changed, 19 insertions(+), 2 deletions(-)
- create mode 100644 result/errors/extparsedent.xml
- create mode 100644 result/errors/extparsedent.xml.err
- create mode 100644 result/errors/extparsedent.xml.str
- create mode 100644 test/errors/extparsedent.xml
-
-diff --git a/parser.c b/parser.c
-index b206f05..8fb16af 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6943,8 +6943,15 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
-      * The first reference to the entity trigger a parsing phase
-      * where the ent->children is filled with the result from
-      * the parsing.
--     */
--    if (ent->checked == 0) {
-+     * Note: external parsed entities will not be loaded, it is not
-+     * required for a non-validating parser, unless the parsing option
-+     * of validating, or substituting entities were given. Doing so is
-+     * far more secure as the parser will only process data coming from
-+     * the document entity by default.
-+     */
-+    if ((ent->checked == 0) &&
-+        ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
-+         (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
- 	unsigned long oldnbent = ctxt->nbentities;
- 
- 	/*
-diff --git a/result/errors/extparsedent.xml b/result/errors/extparsedent.xml
-new file mode 100644
-index 0000000..07e4c54
---- /dev/null
-+++ b/result/errors/extparsedent.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE foo [
-+<!ENTITY c PUBLIC "bar" "/etc/doesnotexist">
-+]>
-+<root>&c;</root>
-diff --git a/result/errors/extparsedent.xml.err b/result/errors/extparsedent.xml.err
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors/extparsedent.xml.str b/result/errors/extparsedent.xml.str
-new file mode 100644
-index 0000000..e69de29
-diff --git a/test/errors/extparsedent.xml b/test/errors/extparsedent.xml
-new file mode 100644
-index 0000000..07e4c54
---- /dev/null
-+++ b/test/errors/extparsedent.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE foo [
-+<!ENTITY c PUBLIC "bar" "/etc/doesnotexist">
-+]>
-+<root>&c;</root>
--- 
-1.8.4.1
-

data/ports/patches/libxml2/0007-Enforce-XML_PARSER_EOF-state-handling-through-the-pa.patch

@@ -1,480 +0,0 @@
-From c27670420c22b2d64da7d44e266a73bb4e66c2cc Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 30 Jul 2012 16:16:04 +0800
-Subject: [PATCH 7/9] Enforce XML_PARSER_EOF state handling through the parser
-
-That condition is one raised when the parser should positively stop
-processing further even to report errors. Best is to test is after
-most GROW call especially within loops
-
-[Origin: 48b4cdde3483e054af8ea02e0cd7ee467b0e9a50]
----
- parser.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
- 1 file changed, 110 insertions(+), 21 deletions(-)
-
-diff --git a/parser.c b/parser.c
-index 8fb16af..409cde8 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2161,6 +2161,8 @@ xmlPushInput(xmlParserCtxtPtr ctxt, xmlParserInputPtr input) {
- 		"Pushing input %d : %.30s\n", ctxt->inputNr+1, input->cur);
-     }
-     ret = inputPush(ctxt, input);
-+    if (ctxt->instate == XML_PARSER_EOF)
-+        return(-1);
-     GROW;
-     return(ret);
- }
-@@ -2197,6 +2199,8 @@ xmlParseCharRef(xmlParserCtxtPtr ctxt) {
- 	    if (count++ > 20) {
- 		count = 0;
- 		GROW;
-+                if (ctxt->instate == XML_PARSER_EOF)
-+                    return(0);
- 	    }
- 	    if ((RAW >= '0') && (RAW <= '9')) 
- 	        val = val * 16 + (CUR - '0');
-@@ -2228,6 +2232,8 @@ xmlParseCharRef(xmlParserCtxtPtr ctxt) {
- 	    if (count++ > 20) {
- 		count = 0;
- 		GROW;
-+                if (ctxt->instate == XML_PARSER_EOF)
-+                    return(0);
- 	    }
- 	    if ((RAW >= '0') && (RAW <= '9')) 
- 	        val = val * 10 + (CUR - '0');
-@@ -2576,6 +2582,8 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
- 		     * the amount of data in the buffer.
- 		     */
- 		    GROW
-+                    if (ctxt->instate == XML_PARSER_EOF)
-+                        return;
- 		    if ((ctxt->input->end - ctxt->input->cur)>=4) {
- 			start[0] = RAW;
- 			start[1] = NXT(1);
-@@ -3194,6 +3202,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
-      * Handler for more complex cases
-      */
-     GROW;
-+    if (ctxt->instate == XML_PARSER_EOF)
-+        return(NULL);
-     c = CUR_CHAR(l);
-     if ((ctxt->options & XML_PARSE_OLD10) == 0) {
-         /*
-@@ -3245,6 +3255,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- 	    if (count++ > 100) {
- 		count = 0;
- 		GROW;
-+                if (ctxt->instate == XML_PARSER_EOF)
-+                    return(NULL);
- 	    }
- 	    len += l;
- 	    NEXTL(l);
-@@ -3269,6 +3281,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- 	    if (count++ > 100) {
- 		count = 0;
- 		GROW;
-+                if (ctxt->instate == XML_PARSER_EOF)
-+                    return(NULL);
- 	    }
- 	    len += l;
- 	    NEXTL(l);
-@@ -3362,6 +3376,8 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
- 	if (count++ > 100) {
- 	    count = 0;
- 	    GROW;
-+            if (ctxt->instate == XML_PARSER_EOF)
-+                return(NULL);
- 	}
- 	len += l;
- 	NEXTL(l);
-@@ -3442,6 +3458,8 @@ xmlParseNameAndCompare(xmlParserCtxtPtr ctxt, xmlChar const *other) {
-     const xmlChar *ret;
- 
-     GROW;
-+    if (ctxt->instate == XML_PARSER_EOF)
-+        return(NULL);
- 
-     in = ctxt->input->cur;
-     while (*in != 0 && *in == *cmp) {
-@@ -3569,6 +3587,8 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
- #endif
- 
-     GROW;
-+    if (ctxt->instate == XML_PARSER_EOF)
-+        return(NULL);
-     c = CUR_CHAR(l);
- 
-     while (xmlIsNameChar(ctxt, c)) {
-@@ -3597,6 +3617,10 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
- 		if (count++ > 100) {
- 		    count = 0;
- 		    GROW;
-+                    if (ctxt->instate == XML_PARSER_EOF) {
-+                        xmlFree(buffer);
-+                        return(NULL);
-+                    }
- 		}
- 		if (len + 10 > max) {
- 		    xmlChar *tmp;
-@@ -3667,6 +3691,10 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
-     ctxt->instate = XML_PARSER_ENTITY_VALUE;
-     input = ctxt->input;
-     GROW;
-+    if (ctxt->instate == XML_PARSER_EOF) {
-+        xmlFree(buf);
-+        return(NULL);
-+    }
-     NEXT;
-     c = CUR_CHAR(l);
-     /*
-@@ -3678,8 +3706,8 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
-      * In practice it means we stop the loop only when back at parsing
-      * the initial entity and the quote is found
-      */
--    while ((IS_CHAR(c)) && ((c != stop) || /* checked */
--	   (ctxt->input != input))) {
-+    while (((IS_CHAR(c)) && ((c != stop) || /* checked */
-+	    (ctxt->input != input))) && (ctxt->instate != XML_PARSER_EOF)) {
- 	if (len + 5 >= size) {
- 	    xmlChar *tmp;
- 
-@@ -3708,6 +3736,10 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
- 	}
-     }
-     buf[len] = 0;
-+    if (ctxt->instate == XML_PARSER_EOF) {
-+        xmlFree(buf);
-+        return(NULL);
-+    }
- 
-     /*
-      * Raise problem w.r.t. '&' and '%' being used in non-entities
-@@ -3755,12 +3787,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
- 	 */
- 	ret = xmlStringDecodeEntities(ctxt, buf, XML_SUBSTITUTE_PEREF,
- 				      0, 0, 0);
--	if (orig != NULL) 
-+	if (orig != NULL)
- 	    *orig = buf;
- 	else
- 	    xmlFree(buf);
-     }
--    
-+
-     return(ret);
- }
- 
-@@ -3811,8 +3843,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
-      * OK loop until we reach one of the ending char or a size limit.
-      */
-     c = CUR_CHAR(l);
--    while ((NXT(0) != limit) && /* checked */
--           (IS_CHAR(c)) && (c != '<')) {
-+    while (((NXT(0) != limit) && /* checked */
-+            (IS_CHAR(c)) && (c != '<')) &&
-+            (ctxt->instate != XML_PARSER_EOF)) {
- 	if (c == 0) break;
- 	if (c == '&') {
- 	    in_space = 0;
-@@ -3947,6 +3980,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 	GROW;
- 	c = CUR_CHAR(l);
-     }
-+    if (ctxt->instate == XML_PARSER_EOF)
-+        goto error;
-+
-     if ((in_space) && (normalize)) {
-         while ((len > 0) && (buf[len - 1] == 0x20)) len--;
-     }
-@@ -3979,6 +4015,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 
- mem_error:
-     xmlErrMemory(ctxt, NULL);
-+error:
-     if (buf != NULL)
-         xmlFree(buf);
-     if (rep != NULL)
-@@ -4084,6 +4121,10 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
- 	if (count > 50) {
- 	    GROW;
- 	    count = 0;
-+            if (ctxt->instate == XML_PARSER_EOF) {
-+	        xmlFree(buf);
-+		return(NULL);
-+            }
- 	}
- 	COPY_BUF(l,buf,len,cur);
- 	NEXTL(l);
-@@ -4161,6 +4202,10 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
- 	if (count > 50) {
- 	    GROW;
- 	    count = 0;
-+            if (ctxt->instate == XML_PARSER_EOF) {
-+		xmlFree(buf);
-+		return(NULL);
-+            }
- 	}
- 	NEXT;
- 	cur = CUR;
-@@ -4367,6 +4412,8 @@ get_more:
- 	    }
- 	    SHRINK;
- 	    GROW;
-+            if (ctxt->instate == XML_PARSER_EOF)
-+		return;
- 	    in = ctxt->input->cur;
- 	} while (((*in >= 0x20) && (*in <= 0x7F)) || (*in == 0x09));
- 	nbchar = 0;
-@@ -4435,6 +4482,8 @@ xmlParseCharDataComplex(xmlParserCtxtPtr ctxt, int cdata) {
- 	if (count > 50) {
- 	    GROW;
- 	    count = 0;
-+            if (ctxt->instate == XML_PARSER_EOF)
-+		return;
- 	}
- 	NEXTL(l);
- 	cur = CUR_CHAR(l);
-@@ -4635,6 +4684,10 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, int len, int size) {
- 	if (count > 50) {
- 	    GROW;
- 	    count = 0;
-+            if (ctxt->instate == XML_PARSER_EOF) {
-+		xmlFree(buf);
-+		return;
-+            }
- 	}
- 	NEXTL(l);
- 	cur = CUR_CHAR(l);
-@@ -4785,6 +4838,10 @@ get_more:
- 	}
- 	SHRINK;
- 	GROW;
-+        if (ctxt->instate == XML_PARSER_EOF) {
-+            xmlFree(buf);
-+            return;
-+        }
- 	in = ctxt->input->cur;
- 	if (*in == '-') {
- 	    if (in[1] == '-') {
-@@ -5022,6 +5079,10 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
- 		count++;
- 		if (count > 50) {
- 		    GROW;
-+                    if (ctxt->instate == XML_PARSER_EOF) {
-+                        xmlFree(buf);
-+                        return;
-+                    }
- 		    count = 0;
- 		}
- 		COPY_BUF(l,buf,len,cur);
-@@ -5762,7 +5823,7 @@ xmlParseAttributeListDecl(xmlParserCtxtPtr ctxt) {
- 	}
- 	SKIP_BLANKS;
- 	GROW;
--	while (RAW != '>') {
-+	while ((RAW != '>') && (ctxt->instate != XML_PARSER_EOF)) {
- 	    const xmlChar *check = CUR_PTR;
- 	    int type;
- 	    int def;
-@@ -5911,7 +5972,7 @@ xmlParseElementMixedContentDecl(xmlParserCtxtPtr ctxt, int inputchk) {
- 	    ret = cur = xmlNewDocElementContent(ctxt->myDoc, NULL, XML_ELEMENT_CONTENT_PCDATA);
- 	    if (ret == NULL) return(NULL);
- 	}
--	while (RAW == '|') {
-+	while ((RAW == '|') && (ctxt->instate != XML_PARSER_EOF)) {
- 	    NEXT;
- 	    if (elem == NULL) {
- 	        ret = xmlNewDocElementContent(ctxt->myDoc, NULL, XML_ELEMENT_CONTENT_OR);
-@@ -6055,7 +6116,7 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
-     }
-     SKIP_BLANKS;
-     SHRINK;
--    while (RAW != ')') {
-+    while ((RAW != ')') && (ctxt->instate != XML_PARSER_EOF)) {
-         /*
- 	 * Each loop we parse one separator and one element.
- 	 */
-@@ -6334,6 +6395,8 @@ xmlParseElementContentDecl(xmlParserCtxtPtr ctxt, const xmlChar *name,
-     }
-     NEXT;
-     GROW;
-+    if (ctxt->instate == XML_PARSER_EOF)
-+        return(-1);
-     SKIP_BLANKS;
-     if (CMP7(CUR_PTR, '#', 'P', 'C', 'D', 'A', 'T', 'A')) {
-         tree = xmlParseElementMixedContentDecl(ctxt, inputid);
-@@ -6501,8 +6564,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 		    "Entering INCLUDE Conditional Section\n");
- 	}
- 
--	while ((RAW != 0) && ((RAW != ']') || (NXT(1) != ']') ||
--	       (NXT(2) != '>'))) {
-+	while (((RAW != 0) && ((RAW != ']') || (NXT(1) != ']') ||
-+	        (NXT(2) != '>'))) && (ctxt->instate != XML_PARSER_EOF)) {
- 	    const xmlChar *check = CUR_PTR;
- 	    unsigned int cons = ctxt->input->consumed;
- 
-@@ -6570,7 +6633,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- 	if (ctxt->recovery == 0) ctxt->disableSAX = 1;
- 	ctxt->instate = XML_PARSER_IGNORE;
- 
--	while ((depth >= 0) && (RAW != 0)) {
-+	while (((depth >= 0) && (RAW != 0)) &&
-+               (ctxt->instate != XML_PARSER_EOF)) {
- 	  if ((RAW == '<') && (NXT(1) == '!') && (NXT(2) == '[')) {
- 	    depth++;
- 	    SKIP(3);
-@@ -6841,7 +6905,7 @@ xmlParseExternalSubset(xmlParserCtxtPtr ctxt, const xmlChar *ExternalID,
- 	    break;
- 	}
-     }
--    
-+
-     if (RAW != 0) {
- 	xmlFatalErr(ctxt, XML_ERR_EXT_SUBSET_NOT_FINISHED, NULL);
-     }
-@@ -7310,6 +7374,8 @@ xmlParseEntityRef(xmlParserCtxtPtr ctxt) {
-     xmlEntityPtr ent = NULL;
- 
-     GROW;
-+    if (ctxt->instate == XML_PARSER_EOF)
-+        return(NULL);
- 
-     if (RAW != '&')
-         return(NULL);
-@@ -7840,6 +7906,10 @@ xmlLoadEntityContent(xmlParserCtxtPtr ctxt, xmlEntityPtr entity) {
- 	if (count++ > 100) {
- 	    count = 0;
- 	    GROW;
-+            if (ctxt->instate == XML_PARSER_EOF) {
-+                xmlBufferFree(buf);
-+                return(-1);
-+            }
- 	}
- 	NEXTL(l);
- 	c = CUR_CHAR(l);
-@@ -8073,7 +8143,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) {
- 	 * PEReferences.
- 	 * Subsequence (markupdecl | PEReference | S)*
- 	 */
--	while (RAW != ']') {
-+	while ((RAW != ']') && (ctxt->instate != XML_PARSER_EOF)) {
- 	    const xmlChar *check = CUR_PTR;
- 	    unsigned int cons = ctxt->input->consumed;
- 
-@@ -8259,9 +8329,9 @@ xmlParseStartTag(xmlParserCtxtPtr ctxt) {
-     SKIP_BLANKS;
-     GROW;
- 
--    while ((RAW != '>') && 
-+    while (((RAW != '>') && 
- 	   ((RAW != '/') || (NXT(1) != '>')) &&
--	   (IS_BYTE_CHAR(RAW))) {
-+	   (IS_BYTE_CHAR(RAW))) && (ctxt->instate != XML_PARSER_EOF)) {
- 	const xmlChar *q = CUR_PTR;
- 	unsigned int cons = ctxt->input->consumed;
- 
-@@ -8685,6 +8755,8 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
- 	    if (in >= end) {
- 		const xmlChar *oldbase = ctxt->input->base;
- 		GROW;
-+                if (ctxt->instate == XML_PARSER_EOF)
-+                    return(NULL);
- 		if (oldbase != ctxt->input->base) {
- 		    long delta = ctxt->input->base - oldbase;
- 		    start = start + delta;
-@@ -8699,6 +8771,8 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
- 	    if (in >= end) {
- 		const xmlChar *oldbase = ctxt->input->base;
- 		GROW;
-+                if (ctxt->instate == XML_PARSER_EOF)
-+                    return(NULL);
- 		if (oldbase != ctxt->input->base) {
- 		    long delta = ctxt->input->base - oldbase;
- 		    start = start + delta;
-@@ -8719,6 +8793,8 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
- 	    if (in >= end) {
- 		const xmlChar *oldbase = ctxt->input->base;
- 		GROW;
-+                if (ctxt->instate == XML_PARSER_EOF)
-+                    return(NULL);
- 		if (oldbase != ctxt->input->base) {
- 		    long delta = ctxt->input->base - oldbase;
- 		    start = start + delta;
-@@ -8736,6 +8812,8 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
- 	    if (in >= end) {
- 		const xmlChar *oldbase = ctxt->input->base;
- 		GROW;
-+                if (ctxt->instate == XML_PARSER_EOF)
-+                    return(NULL);
- 		if (oldbase != ctxt->input->base) {
- 		    long delta = ctxt->input->base - oldbase;
- 		    start = start + delta;
-@@ -8967,9 +9045,9 @@ reparse:
-     GROW;
-     if (ctxt->input->base != base) goto base_changed;
- 
--    while ((RAW != '>') && 
-+    while (((RAW != '>') &&
- 	   ((RAW != '/') || (NXT(1) != '>')) &&
--	   (IS_BYTE_CHAR(RAW))) {
-+	   (IS_BYTE_CHAR(RAW))) && (ctxt->instate != XML_PARSER_EOF)) {
- 	const xmlChar *q = CUR_PTR;
- 	unsigned int cons = ctxt->input->consumed;
- 	int len = -1, alloc = 0;
-@@ -9140,6 +9218,8 @@ skip_ns:
- failed:
- 
- 	GROW
-+        if (ctxt->instate == XML_PARSER_EOF)
-+            break;
- 	if (ctxt->input->base != base) goto base_changed;
- 	if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
- 	    break;
-@@ -9377,6 +9457,8 @@ xmlParseEndTag2(xmlParserCtxtPtr ctxt, const xmlChar *prefix,
-      * We should definitely be at the ending "S? '>'" part
-      */
-     GROW;
-+    if (ctxt->instate == XML_PARSER_EOF)
-+        return;
-     SKIP_BLANKS;
-     if ((!IS_BYTE_CHAR(RAW)) || (RAW != '>')) {
- 	xmlFatalErr(ctxt, XML_ERR_GT_REQUIRED, NULL);
-@@ -9485,6 +9567,10 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
- 	count++;
- 	if (count > 50) {
- 	    GROW;
-+            if (ctxt->instate == XML_PARSER_EOF) {
-+		xmlFree(buf);
-+		return;
-+            }
- 	    count = 0;
- 	}
- 	NEXTL(l);
-@@ -10255,9 +10341,10 @@ xmlParseXMLDecl(xmlParserCtxtPtr ctxt) {
- 
- void
- xmlParseMisc(xmlParserCtxtPtr ctxt) {
--    while (((RAW == '<') && (NXT(1) == '?')) ||
--           (CMP4(CUR_PTR, '<', '!', '-', '-')) ||
--           IS_BLANK_CH(CUR)) {
-+    while ((ctxt->instate != XML_PARSER_EOF) &&
-+           (((RAW == '<') && (NXT(1) == '?')) ||
-+            (CMP4(CUR_PTR, '<', '!', '-', '-')) ||
-+            IS_BLANK_CH(CUR))) {
-         if ((RAW == '<') && (NXT(1) == '?')) {
- 	    xmlParsePI(ctxt);
- 	} else if (IS_BLANK_CH(CUR)) {
-@@ -11727,6 +11814,8 @@ xmlParseChunk(xmlParserCtxtPtr ctxt, const char *chunk, int size,
-         return(XML_ERR_INTERNAL_ERROR);
-     if ((ctxt->errNo != XML_ERR_OK) && (ctxt->disableSAX == 1))
-         return(ctxt->errNo);
-+    if (ctxt->instate == XML_PARSER_EOF)
-+        return(-1);
-     if (ctxt->instate == XML_PARSER_START)
-         xmlDetectSAX2(ctxt);
-     if ((size > 0) && (chunk != NULL) && (!terminate) &&
--- 
-1.8.4.1
-