nokogiri 1.6.2.1 → 1.6.3.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.ja.rdoc +8 -0
- data/CHANGELOG.rdoc +8 -0
- data/ext/nokogiri/xml_document.c +27 -4
- data/lib/nokogiri/version.rb +1 -1
- data/test/xml/test_document.rb +6 -0
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f15d5c4aca361550efa06491baf53fd4b484cc5
|
|
4
|
+
data.tar.gz: 634abab8e86ba78a409db511cedc11f93df8e4ed
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e9d3304fba12c81cdc59d2d886e3809eeea99ab7bab3a77ae11e6b829c605193efc2069b43ef14ae996b37251b6793696bfab3fde69a3f225fb4d419da8f5e4d
|
|
7
|
+
data.tar.gz: f899da3226ae33bd00f1a13ad2e7ebda503bfd24384ca110c7e8d796a669428dd4af2e57b7b7980ff41bc910cfa1238576a08ef469920f1c4d4d072a261e46e4
|
data/CHANGELOG.ja.rdoc
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
=== 1.6.3 / unreleased
|
|
2
|
+
|
|
3
|
+
==== Bug fixes
|
|
4
|
+
|
|
5
|
+
* Fix JRuby memory exhaustion vulnerability. #1087 (Thanks, @ocher!)
|
|
6
|
+
* Fix segfault during GC when using `libxml-ruby` and `nokogiri` together in multi-threaded environment. #895 (Thanks, @ender672!)
|
|
7
|
+
|
|
8
|
+
|
|
1
9
|
=== 1.6.2.1 / 2014年5月13日
|
|
2
10
|
|
|
3
11
|
==== バグ修正
|
data/CHANGELOG.rdoc
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
=== 1.6.3 / unreleased
|
|
2
|
+
|
|
3
|
+
==== Bug fixes
|
|
4
|
+
|
|
5
|
+
* Fix JRuby memory exhaustion vulnerability. #1087 (Thanks, @ocher)
|
|
6
|
+
* Fix segfault during GC when using `libxml-ruby` and `nokogiri` together in multi-threaded environment. #895 (Thanks, @ender672!)
|
|
7
|
+
|
|
8
|
+
|
|
1
9
|
=== 1.6.2.1 / 2014-05-13
|
|
2
10
|
|
|
3
11
|
==== Bug fixes
|
data/ext/nokogiri/xml_document.c
CHANGED
|
@@ -17,13 +17,29 @@ static int dealloc_node_i(xmlNodePtr key, xmlNodePtr node, xmlDocPtr doc)
|
|
|
17
17
|
return ST_CONTINUE;
|
|
18
18
|
}
|
|
19
19
|
|
|
20
|
+
static void remove_private(xmlNodePtr node)
|
|
21
|
+
{
|
|
22
|
+
xmlNodePtr child;
|
|
23
|
+
|
|
24
|
+
for (child = node->children; child; child = child->next)
|
|
25
|
+
remove_private(child);
|
|
26
|
+
|
|
27
|
+
if ((node->type == XML_ELEMENT_NODE ||
|
|
28
|
+
node->type == XML_XINCLUDE_START ||
|
|
29
|
+
node->type == XML_XINCLUDE_END) &&
|
|
30
|
+
node->properties) {
|
|
31
|
+
for (child = (xmlNodePtr)node->properties; child; child = child->next)
|
|
32
|
+
remove_private(child);
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
node->_private = NULL;
|
|
36
|
+
}
|
|
37
|
+
|
|
20
38
|
static void dealloc(xmlDocPtr doc)
|
|
21
39
|
{
|
|
22
|
-
xmlDeregisterNodeFunc func;
|
|
23
40
|
st_table *node_hash;
|
|
24
41
|
|
|
25
42
|
NOKOGIRI_DEBUG_START(doc);
|
|
26
|
-
func = xmlDeregisterNodeDefault(NULL);
|
|
27
43
|
|
|
28
44
|
node_hash = DOC_UNLINKED_NODE_HASH(doc);
|
|
29
45
|
|
|
@@ -31,10 +47,17 @@ static void dealloc(xmlDocPtr doc)
|
|
|
31
47
|
st_free_table(node_hash);
|
|
32
48
|
|
|
33
49
|
free(doc->_private);
|
|
34
|
-
|
|
50
|
+
|
|
51
|
+
/* When both Nokogiri and libxml-ruby are loaded, make sure that all nodes
|
|
52
|
+
* have their _private pointers cleared. This is to avoid libxml-ruby's
|
|
53
|
+
* xmlDeregisterNode callback from accessing VALUE pointers from ruby's GC
|
|
54
|
+
* free context, which can result in segfaults.
|
|
55
|
+
*/
|
|
56
|
+
if (xmlDeregisterNodeDefaultValue)
|
|
57
|
+
remove_private((xmlNodePtr)doc);
|
|
58
|
+
|
|
35
59
|
xmlFreeDoc(doc);
|
|
36
60
|
|
|
37
|
-
xmlDeregisterNodeDefault(func);
|
|
38
61
|
NOKOGIRI_DEBUG_END(doc);
|
|
39
62
|
}
|
|
40
63
|
|
data/lib/nokogiri/version.rb
CHANGED
data/test/xml/test_document.rb
CHANGED
|
@@ -625,6 +625,12 @@ module Nokogiri
|
|
|
625
625
|
refute_empty doc.errors
|
|
626
626
|
end
|
|
627
627
|
|
|
628
|
+
def test_memory_explosion_on_wrong_formatted_element_following_the_root_element
|
|
629
|
+
doc = Nokogiri::XML("<a/><\n")
|
|
630
|
+
refute_nil doc
|
|
631
|
+
refute_empty doc.errors
|
|
632
|
+
end
|
|
633
|
+
|
|
628
634
|
def test_document_has_errors
|
|
629
635
|
doc = Nokogiri::XML(<<-eoxml)
|
|
630
636
|
<foo><bar></foo>
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nokogiri
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.
|
|
4
|
+
version: 1.6.3.rc1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Patterson
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2014-05-
|
|
15
|
+
date: 2014-05-22 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: mini_portile
|
|
@@ -548,9 +548,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
548
548
|
version: 1.9.2
|
|
549
549
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
550
550
|
requirements:
|
|
551
|
-
- - '
|
|
551
|
+
- - '>'
|
|
552
552
|
- !ruby/object:Gem::Version
|
|
553
|
-
version:
|
|
553
|
+
version: 1.3.1
|
|
554
554
|
requirements: []
|
|
555
555
|
rubyforge_project: nokogiri
|
|
556
556
|
rubygems_version: 2.2.2
|