nokogiri 1.6.7.2 → 1.6.8.rc1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

Files changed (74) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +12 -9
  3. data/CHANGELOG.ja.rdoc +18 -0
  4. data/CHANGELOG.rdoc +12 -7
  5. data/CONTRIBUTING.md +42 -0
  6. data/Gemfile +1 -1
  7. data/Manifest.txt +6 -0
  8. data/README.md +1 -1
  9. data/Rakefile +1 -1
  10. data/bin/nokogiri +2 -2
  11. data/dependencies.yml +1 -1
  12. data/ext/nokogiri/extconf.rb +3 -3
  13. data/ext/nokogiri/nokogiri.c +0 -7
  14. data/ext/nokogiri/nokogiri.h +1 -34
  15. data/ext/nokogiri/xml_document.c +2 -4
  16. data/ext/nokogiri/xml_namespace.c +56 -17
  17. data/ext/nokogiri/xml_node.c +12 -36
  18. data/ext/nokogiri/xml_node_set.c +169 -143
  19. data/ext/nokogiri/xml_node_set.h +3 -4
  20. data/ext/nokogiri/xml_sax_parser.c +2 -5
  21. data/ext/nokogiri/xml_syntax_error.c +0 -4
  22. data/ext/nokogiri/xml_syntax_error.h +0 -1
  23. data/ext/nokogiri/xml_xpath_context.c +9 -18
  24. data/lib/nokogiri.rb +3 -0
  25. data/lib/nokogiri/css/parser.rb +8 -2
  26. data/lib/nokogiri/css/parser.y +7 -2
  27. data/lib/nokogiri/version.rb +1 -1
  28. data/lib/nokogiri/xml/document.rb +7 -1
  29. data/lib/nokogiri/xml/dtd.rb +4 -4
  30. data/lib/nokogiri/xml/node.rb +2 -2
  31. data/ports/archives/libxml2-2.9.3.tar.gz +0 -0
  32. data/test/css/test_parser.rb +7 -1
  33. data/test/files/GH_1042.html +18 -0
  34. data/test/files/namespace_pressure_test.xml +1684 -0
  35. data/test/files/tlm.html +2 -1
  36. data/test/html/sax/test_parser.rb +2 -2
  37. data/test/html/test_document.rb +18 -8
  38. data/test/html/test_document_encoding.rb +46 -54
  39. data/test/html/test_document_fragment.rb +21 -22
  40. data/test/html/test_node.rb +16 -0
  41. data/test/html/test_node_encoding.rb +12 -14
  42. data/test/namespaces/test_namespaces_in_parsed_doc.rb +14 -0
  43. data/test/test_reader.rb +19 -0
  44. data/test/test_xslt_transforms.rb +5 -3
  45. data/test/xml/sax/test_parser.rb +36 -39
  46. data/test/xml/test_document.rb +7 -2
  47. data/test/xml/test_document_encoding.rb +14 -16
  48. data/test/xml/test_dtd_encoding.rb +0 -2
  49. data/test/xml/test_node_encoding.rb +78 -80
  50. data/test/xml/test_reader_encoding.rb +100 -102
  51. data/test/xslt/test_exception_handling.rb +1 -1
  52. metadata +11 -28
  53. data/patches/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch +0 -29
  54. data/patches/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch +0 -31
  55. data/patches/libxml2/0003-Stop-parsing-on-entities-boundaries-errors.patch +0 -32
  56. data/patches/libxml2/0004-Cleanup-conditional-section-error-handling.patch +0 -49
  57. data/patches/libxml2/0005-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch +0 -177
  58. data/patches/libxml2/0006-Another-variation-of-overflow-in-Conditional-section.patch +0 -32
  59. data/patches/libxml2/0007-Fix-an-error-in-previous-Conditional-section-patch.patch +0 -28
  60. data/patches/libxml2/0008-CVE-2015-8035-Fix-XZ-compression-support-loop.patch +0 -31
  61. data/patches/libxml2/0009-Updated-config.guess.patch +0 -397
  62. data/patches/libxml2/0010-Fix-parsering-short-unclosed-comment-uninitialized-access.patch +0 -64
  63. data/patches/libxml2/0011-Avoid-extra-processing-of-MarkupDecl-when-EOF.patch +0 -35
  64. data/patches/libxml2/0012-Avoid-processing-entities-after-encoding-conversion-.patch +0 -83
  65. data/patches/libxml2/0013-CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch +0 -33
  66. data/patches/libxml2/0014-CVE-2015-5312-Another-entity-expansion-issue.patch +0 -32
  67. data/patches/libxml2/0015-Add-xmlHaltParser-to-stop-the-parser.patch +0 -81
  68. data/patches/libxml2/0016-Detect-incoherency-on-GROW.patch +0 -36
  69. data/patches/libxml2/0017-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch +0 -105
  70. data/patches/libxml2/0018-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch +0 -43
  71. data/patches/libxml2/0019-Do-not-print-error-context-when-there-is-none.patch +0 -28
  72. data/patches/libxml2/0020-xmlStopParser-reset-errNo.patch +0 -41
  73. data/patches/libxml2/0021-Reuse-xmlHaltParser-where-it-makes-sense.patch +0 -175
  74. data/ports/archives/libxml2-2.9.2.tar.gz +0 -0
@@ -1,64 +0,0 @@
1
- From e724879d964d774df9b7969fc846605aa1bac54c Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Fri, 30 Oct 2015 21:14:55 +0800
4
- Subject: Fix parsing short unclosed comment uninitialized access
5
-
6
- For https://bugzilla.gnome.org/show_bug.cgi?id=746048
7
- The HTML parser was too optimistic when processing comments and
8
- didn't check for the end of the stream on the first 2 characters
9
- ---
10
- HTMLparser.c | 21 ++++++++++++++-------
11
- 1 file changed, 14 insertions(+), 7 deletions(-)
12
-
13
- diff --git a/HTMLparser.c b/HTMLparser.c
14
- index 19c10c3..bdf7807 100644
15
- --- a/HTMLparser.c
16
- +++ b/HTMLparser.c
17
- @@ -3264,12 +3264,17 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
18
- ctxt->instate = state;
19
- return;
20
- }
21
- + len = 0;
22
- + buf[len] = 0;
23
- q = CUR_CHAR(ql);
24
- + if (!IS_CHAR(q))
25
- + goto unfinished;
26
- NEXTL(ql);
27
- r = CUR_CHAR(rl);
28
- + if (!IS_CHAR(r))
29
- + goto unfinished;
30
- NEXTL(rl);
31
- cur = CUR_CHAR(l);
32
- - len = 0;
33
- while (IS_CHAR(cur) &&
34
- ((cur != '>') ||
35
- (r != '-') || (q != '-'))) {
36
- @@ -3300,18 +3305,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
37
- }
38
- }
39
- buf[len] = 0;
40
- - if (!IS_CHAR(cur)) {
41
- - htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
42
- - "Comment not terminated \n<!--%.50s\n", buf, NULL);
43
- - xmlFree(buf);
44
- - } else {
45
- + if (IS_CHAR(cur)) {
46
- NEXT;
47
- if ((ctxt->sax != NULL) && (ctxt->sax->comment != NULL) &&
48
- (!ctxt->disableSAX))
49
- ctxt->sax->comment(ctxt->userData, buf);
50
- xmlFree(buf);
51
- + ctxt->instate = state;
52
- + return;
53
- }
54
- - ctxt->instate = state;
55
- +
56
- +unfinished:
57
- + htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
58
- + "Comment not terminated \n<!--%.50s\n", buf, NULL);
59
- + xmlFree(buf);
60
- }
61
-
62
- /**
63
- --
64
- cgit v0.11.2
@@ -1,35 +0,0 @@
1
- From b57e4be41ab56653d45ce212cacf4640b55dd589 Mon Sep 17 00:00:00 2001
2
- From: Hugh Davenport <hugh@allthethings.co.nz>
3
- Date: Tue, 3 Nov 2015 20:40:49 +0800
4
- Subject: [PATCH 11/18] Avoid extra processing of MarkupDecl when EOF
5
-
6
- For https://bugzilla.gnome.org/show_bug.cgi?id=756263
7
-
8
- One place where ctxt->instate == XML_PARSER_EOF whic was set up
9
- by entity detection issues doesn't get noticed, and even overrided
10
- ---
11
- parser.c | 8 ++++++++
12
- 1 file changed, 8 insertions(+)
13
-
14
- diff --git a/parser.c b/parser.c
15
- index d67b300..134afe7 100644
16
- --- a/parser.c
17
- +++ b/parser.c
18
- @@ -6972,6 +6972,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt) {
19
- xmlParsePI(ctxt);
20
- }
21
- }
22
- +
23
- + /*
24
- + * detect requirement to exit there and act accordingly
25
- + * and avoid having instate overriden later on
26
- + */
27
- + if (ctxt->instate == XML_PARSER_EOF)
28
- + return;
29
- +
30
- /*
31
- * This is only for internal subset. On external entities,
32
- * the replacement is done before parsing stage
33
- --
34
- 2.5.0
35
-
@@ -1,83 +0,0 @@
1
- From 17e50819d6c5b2596ec54f2ae910b7403f29e976 Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Mon, 9 Nov 2015 18:07:18 +0800
4
- Subject: [PATCH 12/18] Avoid processing entities after encoding conversion
5
- failures
6
-
7
- For https://bugzilla.gnome.org/show_bug.cgi?id=756527
8
- and was also raised by Chromium team in the past
9
-
10
- When we hit a convwersion failure when switching encoding
11
- it is bestter to stop parsing there, this was treated as a
12
- fatal error but the parser was continuing to process to extract
13
- more errors, unfortunately that makes little sense as the data
14
- is obviously corrupt and can potentially lead to unexpected behaviour.
15
- ---
16
- parser.c | 7 +++++--
17
- parserInternals.c | 11 ++++++++++-
18
- 2 files changed, 15 insertions(+), 3 deletions(-)
19
-
20
- diff --git a/parser.c b/parser.c
21
- index 134afe7..c79b4e8 100644
22
- --- a/parser.c
23
- +++ b/parser.c
24
- @@ -10665,7 +10665,8 @@ xmlParseXMLDecl(xmlParserCtxtPtr ctxt) {
25
- xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, "Blank needed here\n");
26
- }
27
- xmlParseEncodingDecl(ctxt);
28
- - if (ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) {
29
- + if ((ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) ||
30
- + (ctxt->instate == XML_PARSER_EOF)) {
31
- /*
32
- * The XML REC instructs us to stop parsing right here
33
- */
34
- @@ -10789,6 +10790,7 @@ xmlParseDocument(xmlParserCtxtPtr ctxt) {
35
-
36
- if (CUR == 0) {
37
- xmlFatalErr(ctxt, XML_ERR_DOCUMENT_EMPTY, NULL);
38
- + return(-1);
39
- }
40
-
41
- /*
42
- @@ -10806,7 +10808,8 @@ xmlParseDocument(xmlParserCtxtPtr ctxt) {
43
- * Note that we will switch encoding on the fly.
44
- */
45
- xmlParseXMLDecl(ctxt);
46
- - if (ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) {
47
- + if ((ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) ||
48
- + (ctxt->instate == XML_PARSER_EOF)) {
49
- /*
50
- * The XML REC instructs us to stop parsing right here
51
- */
52
- diff --git a/parserInternals.c b/parserInternals.c
53
- index df204fd..c8230c1 100644
54
- --- a/parserInternals.c
55
- +++ b/parserInternals.c
56
- @@ -937,6 +937,7 @@ xmlSwitchEncoding(xmlParserCtxtPtr ctxt, xmlCharEncoding enc)
57
- {
58
- xmlCharEncodingHandlerPtr handler;
59
- int len = -1;
60
- + int ret;
61
-
62
- if (ctxt == NULL) return(-1);
63
- switch (enc) {
64
- @@ -1097,7 +1098,15 @@ xmlSwitchEncoding(xmlParserCtxtPtr ctxt, xmlCharEncoding enc)
65
- if (handler == NULL)
66
- return(-1);
67
- ctxt->charset = XML_CHAR_ENCODING_UTF8;
68
- - return(xmlSwitchToEncodingInt(ctxt, handler, len));
69
- + ret = xmlSwitchToEncodingInt(ctxt, handler, len);
70
- + if ((ret < 0) || (ctxt->errNo == XML_I18N_CONV_FAILED)) {
71
- + /*
72
- + * on encoding conversion errors, stop the parser
73
- + */
74
- + xmlStopParser(ctxt);
75
- + ctxt->errNo = XML_I18N_CONV_FAILED;
76
- + }
77
- + return(ret);
78
- }
79
-
80
- /**
81
- --
82
- 2.5.0
83
-
@@ -1,33 +0,0 @@
1
- From 71ff91d66ecae4145a7c99476d1a0d1fa620b9f7 Mon Sep 17 00:00:00 2001
2
- From: David Drysdale <drysdale@google.com>
3
- Date: Fri, 20 Nov 2015 10:47:12 +0800
4
- Subject: [PATCH 13/18] CVE-2015-7497 Avoid an heap buffer overflow in
5
- xmlDictComputeFastQKey
6
-
7
- For https://bugzilla.gnome.org/show_bug.cgi?id=756528
8
- It was possible to hit a negative offset in the name indexing
9
- used to randomize the dictionary key generation
10
- Reported and fix provided by David Drysdale @ Google
11
- ---
12
- dict.c | 5 ++++-
13
- 1 file changed, 4 insertions(+), 1 deletion(-)
14
-
15
- diff --git a/dict.c b/dict.c
16
- index 5f71d55..8c8f931 100644
17
- --- a/dict.c
18
- +++ b/dict.c
19
- @@ -486,7 +486,10 @@ xmlDictComputeFastQKey(const xmlChar *prefix, int plen,
20
- value += 30 * (*prefix);
21
-
22
- if (len > 10) {
23
- - value += name[len - (plen + 1 + 1)];
24
- + int offset = len - (plen + 1 + 1);
25
- + if (offset < 0)
26
- + offset = len - (10 + 1);
27
- + value += name[offset];
28
- len = 10;
29
- if (plen > 10)
30
- plen = 10;
31
- --
32
- 2.5.0
33
-
@@ -1,32 +0,0 @@
1
- From d50faeefb87856fb19aee2029e952ea095300d90 Mon Sep 17 00:00:00 2001
2
- From: David Drysdale <drysdale@google.com>
3
- Date: Fri, 20 Nov 2015 11:13:45 +0800
4
- Subject: [PATCH 14/18] CVE-2015-5312 Another entity expansion issue
5
-
6
- For https://bugzilla.gnome.org/show_bug.cgi?id=756733
7
- It is one case where the code in place to detect entities expansions
8
- failed to exit when the situation was detected, leading to DoS
9
- Problem reported by Kostya Serebryany @ Google
10
- Patch provided by David Drysdale @ Google
11
- ---
12
- parser.c | 4 ++++
13
- 1 file changed, 4 insertions(+)
14
-
15
- diff --git a/parser.c b/parser.c
16
- index c79b4e8..4054ed1 100644
17
- --- a/parser.c
18
- +++ b/parser.c
19
- @@ -2806,6 +2806,10 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
20
- 0, 0, 0);
21
- ctxt->depth--;
22
-
23
- + if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) ||
24
- + (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR))
25
- + goto int_error;
26
- +
27
- if (rep != NULL) {
28
- current = rep;
29
- while (*current != 0) { /* non input consuming loop */
30
- --
31
- 2.5.0
32
-
@@ -1,81 +0,0 @@
1
- From 88c307f3f7b4767018b57e91cb07b78b43d98230 Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Fri, 20 Nov 2015 14:55:30 +0800
4
- Subject: [PATCH 15/18] Add xmlHaltParser() to stop the parser
5
-
6
- The problem is doing it in a consistent and safe fashion
7
- It's more complex than just setting ctxt->instate = XML_PARSER_EOF
8
- Update the public function to reuse that new internal routine
9
- ---
10
- parser.c | 34 +++++++++++++++++++++++++++++-----
11
- 1 file changed, 29 insertions(+), 5 deletions(-)
12
-
13
- diff --git a/parser.c b/parser.c
14
- index 4054ed1..0b8282b 100644
15
- --- a/parser.c
16
- +++ b/parser.c
17
- @@ -94,6 +94,8 @@ static xmlParserCtxtPtr
18
- xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
19
- const xmlChar *base, xmlParserCtxtPtr pctx);
20
-
21
- +static void xmlHaltParser(xmlParserCtxtPtr ctxt);
22
- +
23
- /************************************************************************
24
- * *
25
- * Arbitrary limits set in the parser. See XML_PARSE_HUGE *
26
- @@ -12622,25 +12624,47 @@ xmlCreatePushParserCtxt(xmlSAXHandlerPtr sax, void *user_data,
27
- #endif /* LIBXML_PUSH_ENABLED */
28
-
29
- /**
30
- - * xmlStopParser:
31
- + * xmlHaltParser:
32
- * @ctxt: an XML parser context
33
- *
34
- - * Blocks further parser processing
35
- + * Blocks further parser processing don't override error
36
- + * for internal use
37
- */
38
- -void
39
- -xmlStopParser(xmlParserCtxtPtr ctxt) {
40
- +static void
41
- +xmlHaltParser(xmlParserCtxtPtr ctxt) {
42
- if (ctxt == NULL)
43
- return;
44
- ctxt->instate = XML_PARSER_EOF;
45
- - ctxt->errNo = XML_ERR_USER_STOP;
46
- ctxt->disableSAX = 1;
47
- if (ctxt->input != NULL) {
48
- + /*
49
- + * in case there was a specific allocation deallocate before
50
- + * overriding base
51
- + */
52
- + if (ctxt->input->free != NULL) {
53
- + ctxt->input->free((xmlChar *) ctxt->input->base);
54
- + ctxt->input->free = NULL;
55
- + }
56
- ctxt->input->cur = BAD_CAST"";
57
- ctxt->input->base = ctxt->input->cur;
58
- }
59
- }
60
-
61
- /**
62
- + * xmlStopParser:
63
- + * @ctxt: an XML parser context
64
- + *
65
- + * Blocks further parser processing
66
- + */
67
- +void
68
- +xmlStopParser(xmlParserCtxtPtr ctxt) {
69
- + if (ctxt == NULL)
70
- + return;
71
- + xmlHaltParser(ctxt);
72
- + ctxt->errNo = XML_ERR_USER_STOP;
73
- +}
74
- +
75
- +/**
76
- * xmlCreateIOParserCtxt:
77
- * @sax: a SAX handler
78
- * @user_data: The user data returned on SAX callbacks
79
- --
80
- 2.5.0
81
-
@@ -1,36 +0,0 @@
1
- From 770bbd3016efa2ed73516136d8fed5faf849cbfc Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Fri, 20 Nov 2015 15:04:09 +0800
4
- Subject: [PATCH 16/18] Detect incoherency on GROW
5
-
6
- the current pointer to the input has to be between the base and end
7
- if not stop everything we have an internal state error.
8
- ---
9
- parser.c | 9 ++++++++-
10
- 1 file changed, 8 insertions(+), 1 deletion(-)
11
-
12
- diff --git a/parser.c b/parser.c
13
- index 0b8282b..aef618f 100644
14
- --- a/parser.c
15
- +++ b/parser.c
16
- @@ -2075,9 +2075,16 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
17
- ((ctxt->input->buf) && (ctxt->input->buf->readcallback != (xmlInputReadCallback) xmlNop)) &&
18
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
19
- xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, "Huge input lookup");
20
- - ctxt->instate = XML_PARSER_EOF;
21
- + xmlHaltParser(ctxt);
22
- + return;
23
- }
24
- xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
25
- + if ((ctxt->input->cur > ctxt->input->end) ||
26
- + (ctxt->input->cur < ctxt->input->base)) {
27
- + xmlHaltParser(ctxt);
28
- + xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, "cur index out of bound");
29
- + return;
30
- + }
31
- if ((ctxt->input->cur != NULL) && (*ctxt->input->cur == 0) &&
32
- (xmlParserInputGrow(ctxt->input, INPUT_CHUNK) <= 0))
33
- xmlPopInput(ctxt);
34
- --
35
- 2.5.0
36
-
@@ -1,105 +0,0 @@
1
- From d6fea24a7fa952a9d9d919431ba355f684d683ba Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Fri, 20 Nov 2015 16:06:59 +0800
4
- Subject: [PATCH 17/18] CVE-2015-7500 Fix memory access error due to incorrect
5
- entities boundaries
6
-
7
- For https://bugzilla.gnome.org/show_bug.cgi?id=756525
8
- handle properly the case where we popped out of the current entity
9
- while processing a start tag
10
- Reported by Kostya Serebryany @ Google
11
-
12
- This slightly modifies the output of 754946 in regression tests
13
- ---
14
- parser.c | 28 ++++++++++++++++++++++------
15
- result/errors/754946.xml.err | 7 +++++--
16
- 2 files changed, 27 insertions(+), 8 deletions(-)
17
-
18
- diff --git a/parser.c b/parser.c
19
- index aef618f..f3c3117 100644
20
- --- a/parser.c
21
- +++ b/parser.c
22
- @@ -9346,7 +9346,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
23
- const xmlChar **atts = ctxt->atts;
24
- int maxatts = ctxt->maxatts;
25
- int nratts, nbatts, nbdef;
26
- - int i, j, nbNs, attval, oldline, oldcol;
27
- + int i, j, nbNs, attval, oldline, oldcol, inputNr;
28
- const xmlChar *base;
29
- unsigned long cur;
30
- int nsNr = ctxt->nsNr;
31
- @@ -9365,6 +9365,7 @@ reparse:
32
- SHRINK;
33
- base = ctxt->input->base;
34
- cur = ctxt->input->cur - ctxt->input->base;
35
- + inputNr = ctxt->inputNr;
36
- oldline = ctxt->input->line;
37
- oldcol = ctxt->input->col;
38
- nbatts = 0;
39
- @@ -9390,7 +9391,8 @@ reparse:
40
- */
41
- SKIP_BLANKS;
42
- GROW;
43
- - if (ctxt->input->base != base) goto base_changed;
44
- + if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
45
- + goto base_changed;
46
-
47
- while (((RAW != '>') &&
48
- ((RAW != '/') || (NXT(1) != '>')) &&
49
- @@ -9401,7 +9403,7 @@ reparse:
50
-
51
- attname = xmlParseAttribute2(ctxt, prefix, localname,
52
- &aprefix, &attvalue, &len, &alloc);
53
- - if (ctxt->input->base != base) {
54
- + if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
55
- if ((attvalue != NULL) && (alloc != 0))
56
- xmlFree(attvalue);
57
- attvalue = NULL;
58
- @@ -9550,7 +9552,8 @@ skip_ns:
59
- break;
60
- }
61
- SKIP_BLANKS;
62
- - if (ctxt->input->base != base) goto base_changed;
63
- + if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
64
- + goto base_changed;
65
- continue;
66
- }
67
-
68
- @@ -9587,7 +9590,8 @@ failed:
69
- GROW
70
- if (ctxt->instate == XML_PARSER_EOF)
71
- break;
72
- - if (ctxt->input->base != base) goto base_changed;
73
- + if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
74
- + goto base_changed;
75
- if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
76
- break;
77
- if (!IS_BLANK_CH(RAW)) {
78
- @@ -9603,7 +9607,8 @@ failed:
79
- break;
80
- }
81
- GROW;
82
- - if (ctxt->input->base != base) goto base_changed;
83
- + if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
84
- + goto base_changed;
85
- }
86
-
87
- /*
88
- @@ -9770,6 +9775,17 @@ base_changed:
89
- if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
90
- xmlFree((xmlChar *) atts[i]);
91
- }
92
- +
93
- + /*
94
- + * We can't switch from one entity to another in the middle
95
- + * of a start tag
96
- + */
97
- + if (inputNr != ctxt->inputNr) {
98
- + xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
99
- + "Start tag doesn't start and stop in the same entity\n");
100
- + return(NULL);
101
- + }
102
- +
103
- ctxt->input->cur = ctxt->input->base + cur;
104
- ctxt->input->line = oldline;
105
- ctxt->input->col = oldcol;