nokogiri 1.6.3.1 → 1.6.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

Files changed (47) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +7 -2
  3. data/CHANGELOG.ja.rdoc +16 -0
  4. data/CHANGELOG.rdoc +16 -0
  5. data/Gemfile +2 -2
  6. data/Manifest.txt +2 -11
  7. data/README.ja.rdoc +2 -2
  8. data/README.rdoc +2 -2
  9. data/Rakefile +1 -1
  10. data/build_all +1 -1
  11. data/dependencies.yml +1 -1
  12. data/ext/nokogiri/extconf.rb +115 -82
  13. data/ext/nokogiri/nokogiri.c +4 -0
  14. data/ext/nokogiri/xml_io.c +10 -6
  15. data/ext/nokogiri/xml_syntax_error.c +2 -1
  16. data/lib/nokogiri/css/parser.rb +175 -165
  17. data/lib/nokogiri/css/parser.y +8 -2
  18. data/lib/nokogiri/css/tokenizer.rb +1 -1
  19. data/lib/nokogiri/css/tokenizer.rex +1 -1
  20. data/lib/nokogiri/version.rb +3 -1
  21. data/ports/archives/libxml2-2.9.2.tar.gz +0 -0
  22. data/ports/patches/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch +29 -0
  23. data/ports/patches/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch +31 -0
  24. data/test/css/test_parser.rb +5 -0
  25. data/test/css/test_tokenizer.rb +17 -0
  26. data/test/html/test_document.rb +5 -5
  27. data/test/html/test_document_fragment.rb +5 -0
  28. data/test/xml/test_builder.rb +1 -1
  29. data/test/xml/test_document.rb +1 -9
  30. data/test/xml/test_entity_reference.rb +9 -3
  31. data/test/xml/test_node.rb +1 -1
  32. data/test/xml/test_syntax_error.rb +18 -0
  33. data/test/xml/test_xpath.rb +2 -0
  34. data/test_all +2 -2
  35. metadata +11 -20
  36. data/ports/archives/libxml2-2.8.0.tar.gz +0 -0
  37. data/ports/patches/libxml2/0001-Fix-parser-local-buffers-size-problems.patch +0 -265
  38. data/ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch +0 -102
  39. data/ports/patches/libxml2/0003-Fix-an-error-in-previous-commit.patch +0 -26
  40. data/ports/patches/libxml2/0004-Fix-potential-out-of-bound-access.patch +0 -26
  41. data/ports/patches/libxml2/0005-Detect-excessive-entities-expansion-upon-replacement.patch +0 -158
  42. data/ports/patches/libxml2/0006-Do-not-fetch-external-parsed-entities.patch +0 -78
  43. data/ports/patches/libxml2/0007-Enforce-XML_PARSER_EOF-state-handling-through-the-pa.patch +0 -480
  44. data/ports/patches/libxml2/0008-Improve-handling-of-xmlStopParser.patch +0 -315
  45. data/ports/patches/libxml2/0009-Fix-a-couple-of-return-without-value.patch +0 -37
  46. data/ports/patches/libxml2/0010-Keep-non-significant-blanks-node-in-HTML-parser.patch +0 -2006
  47. data/ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch +0 -39
@@ -1,102 +0,0 @@
1
- From 64d7de23165b706510f4ce4f29d96552eeb257d7 Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Wed, 18 Jul 2012 11:38:17 +0800
4
- Subject: [PATCH 2/9] Fix entities local buffers size problems
5
-
6
- [Origin: 4f9fdc709c4861c390cd84e2ed1fd878b3442e28]
7
- ---
8
- entities.c | 36 +++++++++++++++++++++++-------------
9
- 1 file changed, 23 insertions(+), 13 deletions(-)
10
-
11
- diff --git a/entities.c b/entities.c
12
- index 6aef49f..859ec3b 100644
13
- --- a/entities.c
14
- +++ b/entities.c
15
- @@ -528,13 +528,13 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) {
16
- * Macro used to grow the current buffer.
17
- */
18
- #define growBufferReentrant() { \
19
- - buffer_size *= 2; \
20
- - buffer = (xmlChar *) \
21
- - xmlRealloc(buffer, buffer_size * sizeof(xmlChar)); \
22
- - if (buffer == NULL) { \
23
- - xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");\
24
- - return(NULL); \
25
- - } \
26
- + xmlChar *tmp; \
27
- + size_t new_size = buffer_size *= 2; \
28
- + if (new_size < buffer_size) goto mem_error; \
29
- + tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
30
- + if (tmp == NULL) goto mem_error; \
31
- + buffer = tmp; \
32
- + buffer_size = new_size; \
33
- }
34
-
35
-
36
- @@ -555,7 +555,7 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
37
- const xmlChar *cur = input;
38
- xmlChar *buffer = NULL;
39
- xmlChar *out = NULL;
40
- - int buffer_size = 0;
41
- + size_t buffer_size = 0;
42
- int html = 0;
43
-
44
- if (input == NULL) return(NULL);
45
- @@ -574,8 +574,8 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
46
- out = buffer;
47
-
48
- while (*cur != '\0') {
49
- - if (out - buffer > buffer_size - 100) {
50
- - int indx = out - buffer;
51
- + size_t indx = out - buffer;
52
- + if (indx + 100 > buffer_size) {
53
-
54
- growBufferReentrant();
55
- out = &buffer[indx];
56
- @@ -692,6 +692,11 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
57
- }
58
- *out = 0;
59
- return(buffer);
60
- +
61
- +mem_error:
62
- + xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");
63
- + xmlFree(buffer);
64
- + return(NULL);
65
- }
66
-
67
- /**
68
- @@ -709,7 +714,7 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
69
- const xmlChar *cur = input;
70
- xmlChar *buffer = NULL;
71
- xmlChar *out = NULL;
72
- - int buffer_size = 0;
73
- + size_t buffer_size = 0;
74
- if (input == NULL) return(NULL);
75
-
76
- /*
77
- @@ -724,8 +729,8 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
78
- out = buffer;
79
-
80
- while (*cur != '\0') {
81
- - if (out - buffer > buffer_size - 10) {
82
- - int indx = out - buffer;
83
- + size_t indx = out - buffer;
84
- + if (indx + 10 > buffer_size) {
85
-
86
- growBufferReentrant();
87
- out = &buffer[indx];
88
- @@ -774,6 +779,11 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
89
- }
90
- *out = 0;
91
- return(buffer);
92
- +
93
- +mem_error:
94
- + xmlEntitiesErrMemory("xmlEncodeSpecialChars: realloc failed");
95
- + xmlFree(buffer);
96
- + return(NULL);
97
- }
98
-
99
- /**
100
- --
101
- 1.8.4.1
102
-
@@ -1,26 +0,0 @@
1
- From 83bbfdfe1e804f8cdc72b86742364cf045dd8678 Mon Sep 17 00:00:00 2001
2
- From: Aron Xu <happyaron.xu@gmail.com>
3
- Date: Fri, 20 Jul 2012 15:41:34 +0800
4
- Subject: [PATCH 3/9] Fix an error in previous commit
5
-
6
- [Origin: baaf03f80f817bb34c421421e6cb4d68c353ac9a]
7
- ---
8
- entities.c | 2 +-
9
- 1 file changed, 1 insertion(+), 1 deletion(-)
10
-
11
- diff --git a/entities.c b/entities.c
12
- index 859ec3b..7d06820 100644
13
- --- a/entities.c
14
- +++ b/entities.c
15
- @@ -529,7 +529,7 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) {
16
- */
17
- #define growBufferReentrant() { \
18
- xmlChar *tmp; \
19
- - size_t new_size = buffer_size *= 2; \
20
- + size_t new_size = buffer_size * 2; \
21
- if (new_size < buffer_size) goto mem_error; \
22
- tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
23
- if (tmp == NULL) goto mem_error; \
24
- --
25
- 1.8.4.1
26
-
@@ -1,26 +0,0 @@
1
- From c8385ccac9e9723a1f87da1c29da56d97df4af85 Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Mon, 29 Oct 2012 10:39:55 +0800
4
- Subject: [PATCH 4/9] Fix potential out of bound access
5
-
6
- [Origin: 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d]
7
- ---
8
- parser.c | 2 +-
9
- 1 file changed, 1 insertion(+), 1 deletion(-)
10
-
11
- diff --git a/parser.c b/parser.c
12
- index 9863275..e1b0364 100644
13
- --- a/parser.c
14
- +++ b/parser.c
15
- @@ -3932,7 +3932,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
16
- c = CUR_CHAR(l);
17
- }
18
- if ((in_space) && (normalize)) {
19
- - while (buf[len - 1] == 0x20) len--;
20
- + while ((len > 0) && (buf[len - 1] == 0x20)) len--;
21
- }
22
- buf[len] = 0;
23
- if (RAW == '<') {
24
- --
25
- 1.8.4.1
26
-
@@ -1,158 +0,0 @@
1
- From e8b2f1774cfffce792f38eb1116ea1104758cfc5 Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Tue, 19 Feb 2013 10:21:49 +0800
4
- Subject: [PATCH 5/9] Detect excessive entities expansion upon replacement
5
-
6
- If entities expansion in the XML parser is asked for,
7
- it is possble to craft relatively small input document leading
8
- to excessive on-the-fly content generation.
9
- This patch accounts for those replacement and stop parsing
10
- after a given threshold. it can be bypassed as usual with the
11
- HUGE parser option.
12
-
13
- [Origin: 23f05e0c33987d6605387b300c4be5da2120a7ab]
14
- ---
15
- include/libxml/parser.h | 1 +
16
- parser.c | 44 ++++++++++++++++++++++++++++++++++++++------
17
- parserInternals.c | 2 ++
18
- 3 files changed, 41 insertions(+), 6 deletions(-)
19
-
20
- diff --git a/include/libxml/parser.h b/include/libxml/parser.h
21
- index 04edb9d..5b36584 100644
22
- --- a/include/libxml/parser.h
23
- +++ b/include/libxml/parser.h
24
- @@ -310,6 +310,7 @@ struct _xmlParserCtxt {
25
- xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */
26
-
27
- int input_id; /* we need to label inputs */
28
- + unsigned long sizeentcopy; /* volume of entity copy */
29
- };
30
-
31
- /**
32
- diff --git a/parser.c b/parser.c
33
- index e1b0364..b206f05 100644
34
- --- a/parser.c
35
- +++ b/parser.c
36
- @@ -119,7 +119,7 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
37
- */
38
- static int
39
- xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
40
- - xmlEntityPtr ent)
41
- + xmlEntityPtr ent, size_t replacement)
42
- {
43
- size_t consumed = 0;
44
-
45
- @@ -127,7 +127,24 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
46
- return (0);
47
- if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
48
- return (1);
49
- - if (size != 0) {
50
- + if (replacement != 0) {
51
- + if (replacement < XML_MAX_TEXT_LENGTH)
52
- + return(0);
53
- +
54
- + /*
55
- + * If the volume of entity copy reaches 10 times the
56
- + * amount of parsed data and over the large text threshold
57
- + * then that's very likely to be an abuse.
58
- + */
59
- + if (ctxt->input != NULL) {
60
- + consumed = ctxt->input->consumed +
61
- + (ctxt->input->cur - ctxt->input->base);
62
- + }
63
- + consumed += ctxt->sizeentities;
64
- +
65
- + if (replacement < XML_PARSER_NON_LINEAR * consumed)
66
- + return(0);
67
- + } else if (size != 0) {
68
- /*
69
- * Do the check based on the replacement size of the entity
70
- */
71
- @@ -173,7 +190,6 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
72
- */
73
- return (0);
74
- }
75
- -
76
- xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
77
- return (1);
78
- }
79
- @@ -2706,7 +2722,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
80
- while (*current != 0) { /* non input consuming loop */
81
- buffer[nbchars++] = *current++;
82
- if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
83
- - if (xmlParserEntityCheck(ctxt, nbchars, ent))
84
- + if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
85
- goto int_error;
86
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
87
- }
88
- @@ -2748,7 +2764,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
89
- while (*current != 0) { /* non input consuming loop */
90
- buffer[nbchars++] = *current++;
91
- if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
92
- - if (xmlParserEntityCheck(ctxt, nbchars, ent))
93
- + if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
94
- goto int_error;
95
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
96
- }
97
- @@ -6976,7 +6992,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
98
- xmlFreeNodeList(list);
99
- return;
100
- }
101
- - if (xmlParserEntityCheck(ctxt, 0, ent)) {
102
- + if (xmlParserEntityCheck(ctxt, 0, ent, 0)) {
103
- xmlFreeNodeList(list);
104
- return;
105
- }
106
- @@ -7136,6 +7152,13 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
107
- xmlNodePtr nw = NULL, cur, firstChild = NULL;
108
-
109
- /*
110
- + * We are copying here, make sure there is no abuse
111
- + */
112
- + ctxt->sizeentcopy += ent->length;
113
- + if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
114
- + return;
115
- +
116
- + /*
117
- * when operating on a reader, the entities definitions
118
- * are always owning the entities subtree.
119
- if (ctxt->parseMode == XML_PARSE_READER)
120
- @@ -7175,6 +7198,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
121
- } else if (list == NULL) {
122
- xmlNodePtr nw = NULL, cur, next, last,
123
- firstChild = NULL;
124
- +
125
- + /*
126
- + * We are copying here, make sure there is no abuse
127
- + */
128
- + ctxt->sizeentcopy += ent->length;
129
- + if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
130
- + return;
131
- +
132
- /*
133
- * Copy the entity child list and make it the new
134
- * entity child list. The goal is to make sure any
135
- @@ -14355,6 +14386,7 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt)
136
- ctxt->catalogs = NULL;
137
- ctxt->nbentities = 0;
138
- ctxt->sizeentities = 0;
139
- + ctxt->sizeentcopy = 0;
140
- xmlInitNodeInfoSeq(&ctxt->node_seq);
141
-
142
- if (ctxt->attsDefault != NULL) {
143
- diff --git a/parserInternals.c b/parserInternals.c
144
- index 746b7fd..d7e320c 100644
145
- --- a/parserInternals.c
146
- +++ b/parserInternals.c
147
- @@ -1761,6 +1761,8 @@ xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
148
- ctxt->charset = XML_CHAR_ENCODING_UTF8;
149
- ctxt->catalogs = NULL;
150
- ctxt->nbentities = 0;
151
- + ctxt->sizeentities = 0;
152
- + ctxt->sizeentcopy = 0;
153
- ctxt->input_id = 1;
154
- xmlInitNodeInfoSeq(&ctxt->node_seq);
155
- return(0);
156
- --
157
- 1.8.4.1
158
-
@@ -1,78 +0,0 @@
1
- From 8c222b89f6f68157283498d1bc6e0cce568c977b Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Mon, 23 Jul 2012 14:15:40 +0800
4
- Subject: [PATCH 6/9] Do not fetch external parsed entities
5
-
6
- Unless explicietely asked for when validating or replacing entities
7
- with their value. Problem pointed out by Tom Lane <tgl@redhat.com>
8
-
9
- * parser.c: do not load external parsed entities unless needed
10
- * test/errors/extparsedent.xml result/errors/extparsedent.xml*:
11
- add a regression test to avoid change of the behaviour in the future
12
-
13
- [Origin: 4629ee02ac649c27f9c0cf98ba017c6b5526070f]
14
- ---
15
- parser.c | 11 +++++++++--
16
- result/errors/extparsedent.xml | 5 +++++
17
- result/errors/extparsedent.xml.err | 0
18
- result/errors/extparsedent.xml.str | 0
19
- test/errors/extparsedent.xml | 5 +++++
20
- 5 files changed, 19 insertions(+), 2 deletions(-)
21
- create mode 100644 result/errors/extparsedent.xml
22
- create mode 100644 result/errors/extparsedent.xml.err
23
- create mode 100644 result/errors/extparsedent.xml.str
24
- create mode 100644 test/errors/extparsedent.xml
25
-
26
- diff --git a/parser.c b/parser.c
27
- index b206f05..8fb16af 100644
28
- --- a/parser.c
29
- +++ b/parser.c
30
- @@ -6943,8 +6943,15 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
31
- * The first reference to the entity trigger a parsing phase
32
- * where the ent->children is filled with the result from
33
- * the parsing.
34
- - */
35
- - if (ent->checked == 0) {
36
- + * Note: external parsed entities will not be loaded, it is not
37
- + * required for a non-validating parser, unless the parsing option
38
- + * of validating, or substituting entities were given. Doing so is
39
- + * far more secure as the parser will only process data coming from
40
- + * the document entity by default.
41
- + */
42
- + if ((ent->checked == 0) &&
43
- + ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
44
- + (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
45
- unsigned long oldnbent = ctxt->nbentities;
46
-
47
- /*
48
- diff --git a/result/errors/extparsedent.xml b/result/errors/extparsedent.xml
49
- new file mode 100644
50
- index 0000000..07e4c54
51
- --- /dev/null
52
- +++ b/result/errors/extparsedent.xml
53
- @@ -0,0 +1,5 @@
54
- +<?xml version="1.0"?>
55
- +<!DOCTYPE foo [
56
- +<!ENTITY c PUBLIC "bar" "/etc/doesnotexist">
57
- +]>
58
- +<root>&c;</root>
59
- diff --git a/result/errors/extparsedent.xml.err b/result/errors/extparsedent.xml.err
60
- new file mode 100644
61
- index 0000000..e69de29
62
- diff --git a/result/errors/extparsedent.xml.str b/result/errors/extparsedent.xml.str
63
- new file mode 100644
64
- index 0000000..e69de29
65
- diff --git a/test/errors/extparsedent.xml b/test/errors/extparsedent.xml
66
- new file mode 100644
67
- index 0000000..07e4c54
68
- --- /dev/null
69
- +++ b/test/errors/extparsedent.xml
70
- @@ -0,0 +1,5 @@
71
- +<?xml version="1.0"?>
72
- +<!DOCTYPE foo [
73
- +<!ENTITY c PUBLIC "bar" "/etc/doesnotexist">
74
- +]>
75
- +<root>&c;</root>
76
- --
77
- 1.8.4.1
78
-
@@ -1,480 +0,0 @@
1
- From c27670420c22b2d64da7d44e266a73bb4e66c2cc Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Mon, 30 Jul 2012 16:16:04 +0800
4
- Subject: [PATCH 7/9] Enforce XML_PARSER_EOF state handling through the parser
5
-
6
- That condition is one raised when the parser should positively stop
7
- processing further even to report errors. Best is to test is after
8
- most GROW call especially within loops
9
-
10
- [Origin: 48b4cdde3483e054af8ea02e0cd7ee467b0e9a50]
11
- ---
12
- parser.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
13
- 1 file changed, 110 insertions(+), 21 deletions(-)
14
-
15
- diff --git a/parser.c b/parser.c
16
- index 8fb16af..409cde8 100644
17
- --- a/parser.c
18
- +++ b/parser.c
19
- @@ -2161,6 +2161,8 @@ xmlPushInput(xmlParserCtxtPtr ctxt, xmlParserInputPtr input) {
20
- "Pushing input %d : %.30s\n", ctxt->inputNr+1, input->cur);
21
- }
22
- ret = inputPush(ctxt, input);
23
- + if (ctxt->instate == XML_PARSER_EOF)
24
- + return(-1);
25
- GROW;
26
- return(ret);
27
- }
28
- @@ -2197,6 +2199,8 @@ xmlParseCharRef(xmlParserCtxtPtr ctxt) {
29
- if (count++ > 20) {
30
- count = 0;
31
- GROW;
32
- + if (ctxt->instate == XML_PARSER_EOF)
33
- + return(0);
34
- }
35
- if ((RAW >= '0') && (RAW <= '9'))
36
- val = val * 16 + (CUR - '0');
37
- @@ -2228,6 +2232,8 @@ xmlParseCharRef(xmlParserCtxtPtr ctxt) {
38
- if (count++ > 20) {
39
- count = 0;
40
- GROW;
41
- + if (ctxt->instate == XML_PARSER_EOF)
42
- + return(0);
43
- }
44
- if ((RAW >= '0') && (RAW <= '9'))
45
- val = val * 10 + (CUR - '0');
46
- @@ -2576,6 +2582,8 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
47
- * the amount of data in the buffer.
48
- */
49
- GROW
50
- + if (ctxt->instate == XML_PARSER_EOF)
51
- + return;
52
- if ((ctxt->input->end - ctxt->input->cur)>=4) {
53
- start[0] = RAW;
54
- start[1] = NXT(1);
55
- @@ -3194,6 +3202,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
56
- * Handler for more complex cases
57
- */
58
- GROW;
59
- + if (ctxt->instate == XML_PARSER_EOF)
60
- + return(NULL);
61
- c = CUR_CHAR(l);
62
- if ((ctxt->options & XML_PARSE_OLD10) == 0) {
63
- /*
64
- @@ -3245,6 +3255,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
65
- if (count++ > 100) {
66
- count = 0;
67
- GROW;
68
- + if (ctxt->instate == XML_PARSER_EOF)
69
- + return(NULL);
70
- }
71
- len += l;
72
- NEXTL(l);
73
- @@ -3269,6 +3281,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
74
- if (count++ > 100) {
75
- count = 0;
76
- GROW;
77
- + if (ctxt->instate == XML_PARSER_EOF)
78
- + return(NULL);
79
- }
80
- len += l;
81
- NEXTL(l);
82
- @@ -3362,6 +3376,8 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
83
- if (count++ > 100) {
84
- count = 0;
85
- GROW;
86
- + if (ctxt->instate == XML_PARSER_EOF)
87
- + return(NULL);
88
- }
89
- len += l;
90
- NEXTL(l);
91
- @@ -3442,6 +3458,8 @@ xmlParseNameAndCompare(xmlParserCtxtPtr ctxt, xmlChar const *other) {
92
- const xmlChar *ret;
93
-
94
- GROW;
95
- + if (ctxt->instate == XML_PARSER_EOF)
96
- + return(NULL);
97
-
98
- in = ctxt->input->cur;
99
- while (*in != 0 && *in == *cmp) {
100
- @@ -3569,6 +3587,8 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
101
- #endif
102
-
103
- GROW;
104
- + if (ctxt->instate == XML_PARSER_EOF)
105
- + return(NULL);
106
- c = CUR_CHAR(l);
107
-
108
- while (xmlIsNameChar(ctxt, c)) {
109
- @@ -3597,6 +3617,10 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
110
- if (count++ > 100) {
111
- count = 0;
112
- GROW;
113
- + if (ctxt->instate == XML_PARSER_EOF) {
114
- + xmlFree(buffer);
115
- + return(NULL);
116
- + }
117
- }
118
- if (len + 10 > max) {
119
- xmlChar *tmp;
120
- @@ -3667,6 +3691,10 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
121
- ctxt->instate = XML_PARSER_ENTITY_VALUE;
122
- input = ctxt->input;
123
- GROW;
124
- + if (ctxt->instate == XML_PARSER_EOF) {
125
- + xmlFree(buf);
126
- + return(NULL);
127
- + }
128
- NEXT;
129
- c = CUR_CHAR(l);
130
- /*
131
- @@ -3678,8 +3706,8 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
132
- * In practice it means we stop the loop only when back at parsing
133
- * the initial entity and the quote is found
134
- */
135
- - while ((IS_CHAR(c)) && ((c != stop) || /* checked */
136
- - (ctxt->input != input))) {
137
- + while (((IS_CHAR(c)) && ((c != stop) || /* checked */
138
- + (ctxt->input != input))) && (ctxt->instate != XML_PARSER_EOF)) {
139
- if (len + 5 >= size) {
140
- xmlChar *tmp;
141
-
142
- @@ -3708,6 +3736,10 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
143
- }
144
- }
145
- buf[len] = 0;
146
- + if (ctxt->instate == XML_PARSER_EOF) {
147
- + xmlFree(buf);
148
- + return(NULL);
149
- + }
150
-
151
- /*
152
- * Raise problem w.r.t. '&' and '%' being used in non-entities
153
- @@ -3755,12 +3787,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
154
- */
155
- ret = xmlStringDecodeEntities(ctxt, buf, XML_SUBSTITUTE_PEREF,
156
- 0, 0, 0);
157
- - if (orig != NULL)
158
- + if (orig != NULL)
159
- *orig = buf;
160
- else
161
- xmlFree(buf);
162
- }
163
- -
164
- +
165
- return(ret);
166
- }
167
-
168
- @@ -3811,8 +3843,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
169
- * OK loop until we reach one of the ending char or a size limit.
170
- */
171
- c = CUR_CHAR(l);
172
- - while ((NXT(0) != limit) && /* checked */
173
- - (IS_CHAR(c)) && (c != '<')) {
174
- + while (((NXT(0) != limit) && /* checked */
175
- + (IS_CHAR(c)) && (c != '<')) &&
176
- + (ctxt->instate != XML_PARSER_EOF)) {
177
- if (c == 0) break;
178
- if (c == '&') {
179
- in_space = 0;
180
- @@ -3947,6 +3980,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
181
- GROW;
182
- c = CUR_CHAR(l);
183
- }
184
- + if (ctxt->instate == XML_PARSER_EOF)
185
- + goto error;
186
- +
187
- if ((in_space) && (normalize)) {
188
- while ((len > 0) && (buf[len - 1] == 0x20)) len--;
189
- }
190
- @@ -3979,6 +4015,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
191
-
192
- mem_error:
193
- xmlErrMemory(ctxt, NULL);
194
- +error:
195
- if (buf != NULL)
196
- xmlFree(buf);
197
- if (rep != NULL)
198
- @@ -4084,6 +4121,10 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
199
- if (count > 50) {
200
- GROW;
201
- count = 0;
202
- + if (ctxt->instate == XML_PARSER_EOF) {
203
- + xmlFree(buf);
204
- + return(NULL);
205
- + }
206
- }
207
- COPY_BUF(l,buf,len,cur);
208
- NEXTL(l);
209
- @@ -4161,6 +4202,10 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
210
- if (count > 50) {
211
- GROW;
212
- count = 0;
213
- + if (ctxt->instate == XML_PARSER_EOF) {
214
- + xmlFree(buf);
215
- + return(NULL);
216
- + }
217
- }
218
- NEXT;
219
- cur = CUR;
220
- @@ -4367,6 +4412,8 @@ get_more:
221
- }
222
- SHRINK;
223
- GROW;
224
- + if (ctxt->instate == XML_PARSER_EOF)
225
- + return;
226
- in = ctxt->input->cur;
227
- } while (((*in >= 0x20) && (*in <= 0x7F)) || (*in == 0x09));
228
- nbchar = 0;
229
- @@ -4435,6 +4482,8 @@ xmlParseCharDataComplex(xmlParserCtxtPtr ctxt, int cdata) {
230
- if (count > 50) {
231
- GROW;
232
- count = 0;
233
- + if (ctxt->instate == XML_PARSER_EOF)
234
- + return;
235
- }
236
- NEXTL(l);
237
- cur = CUR_CHAR(l);
238
- @@ -4635,6 +4684,10 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, int len, int size) {
239
- if (count > 50) {
240
- GROW;
241
- count = 0;
242
- + if (ctxt->instate == XML_PARSER_EOF) {
243
- + xmlFree(buf);
244
- + return;
245
- + }
246
- }
247
- NEXTL(l);
248
- cur = CUR_CHAR(l);
249
- @@ -4785,6 +4838,10 @@ get_more:
250
- }
251
- SHRINK;
252
- GROW;
253
- + if (ctxt->instate == XML_PARSER_EOF) {
254
- + xmlFree(buf);
255
- + return;
256
- + }
257
- in = ctxt->input->cur;
258
- if (*in == '-') {
259
- if (in[1] == '-') {
260
- @@ -5022,6 +5079,10 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
261
- count++;
262
- if (count > 50) {
263
- GROW;
264
- + if (ctxt->instate == XML_PARSER_EOF) {
265
- + xmlFree(buf);
266
- + return;
267
- + }
268
- count = 0;
269
- }
270
- COPY_BUF(l,buf,len,cur);
271
- @@ -5762,7 +5823,7 @@ xmlParseAttributeListDecl(xmlParserCtxtPtr ctxt) {
272
- }
273
- SKIP_BLANKS;
274
- GROW;
275
- - while (RAW != '>') {
276
- + while ((RAW != '>') && (ctxt->instate != XML_PARSER_EOF)) {
277
- const xmlChar *check = CUR_PTR;
278
- int type;
279
- int def;
280
- @@ -5911,7 +5972,7 @@ xmlParseElementMixedContentDecl(xmlParserCtxtPtr ctxt, int inputchk) {
281
- ret = cur = xmlNewDocElementContent(ctxt->myDoc, NULL, XML_ELEMENT_CONTENT_PCDATA);
282
- if (ret == NULL) return(NULL);
283
- }
284
- - while (RAW == '|') {
285
- + while ((RAW == '|') && (ctxt->instate != XML_PARSER_EOF)) {
286
- NEXT;
287
- if (elem == NULL) {
288
- ret = xmlNewDocElementContent(ctxt->myDoc, NULL, XML_ELEMENT_CONTENT_OR);
289
- @@ -6055,7 +6116,7 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
290
- }
291
- SKIP_BLANKS;
292
- SHRINK;
293
- - while (RAW != ')') {
294
- + while ((RAW != ')') && (ctxt->instate != XML_PARSER_EOF)) {
295
- /*
296
- * Each loop we parse one separator and one element.
297
- */
298
- @@ -6334,6 +6395,8 @@ xmlParseElementContentDecl(xmlParserCtxtPtr ctxt, const xmlChar *name,
299
- }
300
- NEXT;
301
- GROW;
302
- + if (ctxt->instate == XML_PARSER_EOF)
303
- + return(-1);
304
- SKIP_BLANKS;
305
- if (CMP7(CUR_PTR, '#', 'P', 'C', 'D', 'A', 'T', 'A')) {
306
- tree = xmlParseElementMixedContentDecl(ctxt, inputid);
307
- @@ -6501,8 +6564,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
308
- "Entering INCLUDE Conditional Section\n");
309
- }
310
-
311
- - while ((RAW != 0) && ((RAW != ']') || (NXT(1) != ']') ||
312
- - (NXT(2) != '>'))) {
313
- + while (((RAW != 0) && ((RAW != ']') || (NXT(1) != ']') ||
314
- + (NXT(2) != '>'))) && (ctxt->instate != XML_PARSER_EOF)) {
315
- const xmlChar *check = CUR_PTR;
316
- unsigned int cons = ctxt->input->consumed;
317
-
318
- @@ -6570,7 +6633,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
319
- if (ctxt->recovery == 0) ctxt->disableSAX = 1;
320
- ctxt->instate = XML_PARSER_IGNORE;
321
-
322
- - while ((depth >= 0) && (RAW != 0)) {
323
- + while (((depth >= 0) && (RAW != 0)) &&
324
- + (ctxt->instate != XML_PARSER_EOF)) {
325
- if ((RAW == '<') && (NXT(1) == '!') && (NXT(2) == '[')) {
326
- depth++;
327
- SKIP(3);
328
- @@ -6841,7 +6905,7 @@ xmlParseExternalSubset(xmlParserCtxtPtr ctxt, const xmlChar *ExternalID,
329
- break;
330
- }
331
- }
332
- -
333
- +
334
- if (RAW != 0) {
335
- xmlFatalErr(ctxt, XML_ERR_EXT_SUBSET_NOT_FINISHED, NULL);
336
- }
337
- @@ -7310,6 +7374,8 @@ xmlParseEntityRef(xmlParserCtxtPtr ctxt) {
338
- xmlEntityPtr ent = NULL;
339
-
340
- GROW;
341
- + if (ctxt->instate == XML_PARSER_EOF)
342
- + return(NULL);
343
-
344
- if (RAW != '&')
345
- return(NULL);
346
- @@ -7840,6 +7906,10 @@ xmlLoadEntityContent(xmlParserCtxtPtr ctxt, xmlEntityPtr entity) {
347
- if (count++ > 100) {
348
- count = 0;
349
- GROW;
350
- + if (ctxt->instate == XML_PARSER_EOF) {
351
- + xmlBufferFree(buf);
352
- + return(-1);
353
- + }
354
- }
355
- NEXTL(l);
356
- c = CUR_CHAR(l);
357
- @@ -8073,7 +8143,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) {
358
- * PEReferences.
359
- * Subsequence (markupdecl | PEReference | S)*
360
- */
361
- - while (RAW != ']') {
362
- + while ((RAW != ']') && (ctxt->instate != XML_PARSER_EOF)) {
363
- const xmlChar *check = CUR_PTR;
364
- unsigned int cons = ctxt->input->consumed;
365
-
366
- @@ -8259,9 +8329,9 @@ xmlParseStartTag(xmlParserCtxtPtr ctxt) {
367
- SKIP_BLANKS;
368
- GROW;
369
-
370
- - while ((RAW != '>') &&
371
- + while (((RAW != '>') &&
372
- ((RAW != '/') || (NXT(1) != '>')) &&
373
- - (IS_BYTE_CHAR(RAW))) {
374
- + (IS_BYTE_CHAR(RAW))) && (ctxt->instate != XML_PARSER_EOF)) {
375
- const xmlChar *q = CUR_PTR;
376
- unsigned int cons = ctxt->input->consumed;
377
-
378
- @@ -8685,6 +8755,8 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
379
- if (in >= end) {
380
- const xmlChar *oldbase = ctxt->input->base;
381
- GROW;
382
- + if (ctxt->instate == XML_PARSER_EOF)
383
- + return(NULL);
384
- if (oldbase != ctxt->input->base) {
385
- long delta = ctxt->input->base - oldbase;
386
- start = start + delta;
387
- @@ -8699,6 +8771,8 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
388
- if (in >= end) {
389
- const xmlChar *oldbase = ctxt->input->base;
390
- GROW;
391
- + if (ctxt->instate == XML_PARSER_EOF)
392
- + return(NULL);
393
- if (oldbase != ctxt->input->base) {
394
- long delta = ctxt->input->base - oldbase;
395
- start = start + delta;
396
- @@ -8719,6 +8793,8 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
397
- if (in >= end) {
398
- const xmlChar *oldbase = ctxt->input->base;
399
- GROW;
400
- + if (ctxt->instate == XML_PARSER_EOF)
401
- + return(NULL);
402
- if (oldbase != ctxt->input->base) {
403
- long delta = ctxt->input->base - oldbase;
404
- start = start + delta;
405
- @@ -8736,6 +8812,8 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
406
- if (in >= end) {
407
- const xmlChar *oldbase = ctxt->input->base;
408
- GROW;
409
- + if (ctxt->instate == XML_PARSER_EOF)
410
- + return(NULL);
411
- if (oldbase != ctxt->input->base) {
412
- long delta = ctxt->input->base - oldbase;
413
- start = start + delta;
414
- @@ -8967,9 +9045,9 @@ reparse:
415
- GROW;
416
- if (ctxt->input->base != base) goto base_changed;
417
-
418
- - while ((RAW != '>') &&
419
- + while (((RAW != '>') &&
420
- ((RAW != '/') || (NXT(1) != '>')) &&
421
- - (IS_BYTE_CHAR(RAW))) {
422
- + (IS_BYTE_CHAR(RAW))) && (ctxt->instate != XML_PARSER_EOF)) {
423
- const xmlChar *q = CUR_PTR;
424
- unsigned int cons = ctxt->input->consumed;
425
- int len = -1, alloc = 0;
426
- @@ -9140,6 +9218,8 @@ skip_ns:
427
- failed:
428
-
429
- GROW
430
- + if (ctxt->instate == XML_PARSER_EOF)
431
- + break;
432
- if (ctxt->input->base != base) goto base_changed;
433
- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
434
- break;
435
- @@ -9377,6 +9457,8 @@ xmlParseEndTag2(xmlParserCtxtPtr ctxt, const xmlChar *prefix,
436
- * We should definitely be at the ending "S? '>'" part
437
- */
438
- GROW;
439
- + if (ctxt->instate == XML_PARSER_EOF)
440
- + return;
441
- SKIP_BLANKS;
442
- if ((!IS_BYTE_CHAR(RAW)) || (RAW != '>')) {
443
- xmlFatalErr(ctxt, XML_ERR_GT_REQUIRED, NULL);
444
- @@ -9485,6 +9567,10 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
445
- count++;
446
- if (count > 50) {
447
- GROW;
448
- + if (ctxt->instate == XML_PARSER_EOF) {
449
- + xmlFree(buf);
450
- + return;
451
- + }
452
- count = 0;
453
- }
454
- NEXTL(l);
455
- @@ -10255,9 +10341,10 @@ xmlParseXMLDecl(xmlParserCtxtPtr ctxt) {
456
-
457
- void
458
- xmlParseMisc(xmlParserCtxtPtr ctxt) {
459
- - while (((RAW == '<') && (NXT(1) == '?')) ||
460
- - (CMP4(CUR_PTR, '<', '!', '-', '-')) ||
461
- - IS_BLANK_CH(CUR)) {
462
- + while ((ctxt->instate != XML_PARSER_EOF) &&
463
- + (((RAW == '<') && (NXT(1) == '?')) ||
464
- + (CMP4(CUR_PTR, '<', '!', '-', '-')) ||
465
- + IS_BLANK_CH(CUR))) {
466
- if ((RAW == '<') && (NXT(1) == '?')) {
467
- xmlParsePI(ctxt);
468
- } else if (IS_BLANK_CH(CUR)) {
469
- @@ -11727,6 +11814,8 @@ xmlParseChunk(xmlParserCtxtPtr ctxt, const char *chunk, int size,
470
- return(XML_ERR_INTERNAL_ERROR);
471
- if ((ctxt->errNo != XML_ERR_OK) && (ctxt->disableSAX == 1))
472
- return(ctxt->errNo);
473
- + if (ctxt->instate == XML_PARSER_EOF)
474
- + return(-1);
475
- if (ctxt->instate == XML_PARSER_START)
476
- xmlDetectSAX2(ctxt);
477
- if ((size > 0) && (chunk != NULL) && (!terminate) &&
478
- --
479
- 1.8.4.1
480
-