organicmaps/libexpat
13
Fork 0
mirror of https://github.com/libexpat/libexpat.git synced 2025-04-10 06:57:59 +00:00
Code Issues 1 Projects Releases Wiki Activity Actions
4538 commits 3 branches 65 tags 40 MiB
Commit graph

4538 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sebastian Pipping
80c2512d71 tests: Fix test_misc_deny_internal_entity_closing_doctype_issue_317 case 2 
"&#37;e1;" resolves to "%e1;" which resolves to "]><d/>".
Now with c20b758c33 reverted, test case
"inputTwo" has an actual chance of being a false positive parse.
 2024-11-05 00:19:00 +01:00
Sebastian Pipping
ef485e96a6
Merge pull request #915 from libexpat/stop-resumeparser-from-crashing 
[CVE-2024-50602] Stop `XML_ResumeParser` from crashing
 2024-10-28 15:14:02 +01:00
Sebastian Pipping
a190a98da2
Merge pull request #917 from libexpat/dependabot/github_actions/actions/checkout-4.2.2 
Actions(deps): Bump actions/checkout from 4.2.1 to 4.2.2
 2024-10-28 15:05:20 +01:00
dependabot[bot]
8662086834
Actions(deps): Bump actions/checkout from 4.2.1 to 4.2.2 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](eef61447b9...11bd71901b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-28 12:39:04 +00:00
Sebastian Pipping
cba3e03bbc
Merge pull request #914 from hannob/fixformatsign 
Fix signedness of format strings
 2024-10-23 17:44:39 +02:00
Hanno Böck
d827287012 Cast enum vars to unsigned int if used in printf 
It is not specified by the C standard whether enum is unsigned,
therefore, make sure it is always unsigned if we print it as a
number.
 2024-10-23 17:02:31 +02:00
Sebastian Pipping
b3836ff534 tests: Cover XML_StopParser's new handling of status XML_INITIALIZED 
Prior to the fix to XML_StopParser, test test_misc_resumeparser_not_crashing
would crash with a NULL pointer dereference in function normal_updatePosition.
This was the AddressSanitizer output:

> AddressSanitizer:DEADLYSIGNAL
> =================================================================
> ==19700==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5623e07ad85f bp 0x7ffcf40da650 sp 0x7ffcf40da590 T0)
> ==19700==The signal is caused by a READ memory access.
> ==19700==Hint: address points to the zero page.
>     #0 0x5623e07ad85f in normal_updatePosition [..]/lib/xmltok_impl.c:1781:13
>     #1 0x5623e07a52ff in initUpdatePosition [..]/lib/xmltok.c:1031:3
>     #2 0x5623e0762760 in XML_ResumeParser [..]/lib/xmlparse.c:2297:3
>     #3 0x5623e074f7c1 in test_misc_resumeparser_not_crashing() misc_tests_cxx.cpp
>     #4 0x5623e074e228 in srunner_run_all ([..]/build_asan_fuzzers/tests/runtests_cxx+0x136228)
>     #5 0x5623e0753d2d in main ([..]/build_asan_fuzzers/tests/runtests_cxx+0x13bd2d)
>     #6 0x7f802a39af79  (/lib64/libc.so.6+0x25f79)
>     #7 0x7f802a39b034 in __libc_start_main (/lib64/libc.so.6+0x26034)
>     #8 0x5623e064f340 in _start ([..]/build_asan_fuzzers/tests/runtests_cxx+0x37340)
>
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV [..]/lib/xmltok_impl.c:1781:13 in normal_updatePosition
> ==19700==ABORTING

And this the UndefinedBehaviorSanitizer output:

> [..]/lib/xmltok_impl.c:1781:13: runtime error: load of null pointer of type 'const char'
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior [..]/lib/xmltok_impl.c:1781:13 in
 2024-10-21 18:27:46 +02:00
Sebastian Pipping
5fb89e7b3a lib: Be explicit about XML_PARSING in XML_StopParser 2024-10-21 18:27:46 +02:00
Sebastian Pipping
51c7019069 lib: Make XML_StopParser refuse to stop/suspend an unstarted parser 2024-10-21 18:27:46 +02:00
Hanno Böck
424dd12400 Fix signedness of format strings 
Format strings used %d to print variables with unsigned values.
Changing to %u to match signedness.
Fixes "clang -Wformat-signedness" warnings.
 2024-10-20 08:45:59 +02:00
Sebastian Pipping
b70c8f5e51
Merge pull request #913 from libexpat/migrate-off-of-soon-gone-macos-12 
`macos.yml`: Drop `macos-12` and add `macos-15`
 2024-10-18 20:16:44 +02:00
Sebastian Pipping
0467264cca
Merge pull request #911 from libexpat/dependabot/github_actions/actions/checkout-4.2.1 
Actions(deps): Bump actions/checkout from 4.2.0 to 4.2.1
 2024-10-17 00:20:30 +02:00
Sebastian Pipping
c2905a6ea9 macos.yml: Drop macos-12 and add macos-15 2024-10-16 23:49:26 +02:00
Sebastian Pipping
efa6739d82
Merge pull request #912 from libexpat/dependabot/github_actions/actions/upload-artifact-4.4.3 
Actions(deps): Bump actions/upload-artifact from 4.4.0 to 4.4.3
 2024-10-15 00:42:53 +02:00
dependabot[bot]
4345924eca
Actions(deps): Bump actions/upload-artifact from 4.4.0 to 4.4.3 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.0 to 4.4.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](50769540e7...b4b15b8c7c)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-14 12:47:05 +00:00
dependabot[bot]
e619744a58
Actions(deps): Bump actions/checkout from 4.2.0 to 4.2.1 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](d632683dd7...eef61447b9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-14 12:47:01 +00:00
Sebastian Pipping
776417e726
Merge pull request #910 from libexpat/fix-ci 
Fix CI / `linux.yml`: Fix mishandling of package `debsuryorg-archive-keyring`
 2024-10-12 22:46:35 +02:00
Sebastian Pipping
996db2d204 linux.yml: Fix mishandling of package debsuryorg-archive-keyring 
There is no package debsuryorg-archive-keyring in Ubuntu focal, so it has
to be excluded from the list of packages that are reverted back to Ubuntu
focal.

Symptom was:
> # sudo apt-get install --yes --no-install-recommends --allow-downgrades -V \
>     debsuryorg-archive-keyring/focal libgd3:amd64/focal libhashkit2:amd64/focal \
>     libmemcached11:amd64/focal libpcre2-16-0:amd64/focal libpcre2-32-0:amd64/focal \
>     libpcre2-8-0:amd64/focal
> Reading package lists...
> Building dependency tree...
> Reading state information...
> E: Release 'focal' for 'debsuryorg-archive-keyring' was not found
 2024-10-12 21:27:18 +02:00
Sebastian Pipping
feed801167
Merge pull request #907 from libexpat/ci-clang-19 
CI: Upgrade to Clang 19
 2024-10-08 23:31:19 +02:00
Sebastian Pipping
806939b8c3 linux.yml|fuzzing.yml: Upgrade to Clang 19 2024-10-08 00:30:45 +02:00
Sebastian Pipping
79f2761f75 clang-tidy.yml: Upgrade to clang-tidy 19 2024-10-08 00:30:22 +02:00
Sebastian Pipping
91e50f83c4 clang-format.yml: Upgrade to clang-format 19 2024-10-08 00:29:48 +02:00
Sebastian Pipping
038a0bf44f
Merge pull request #903 from Vollstrecker/patch-1 
Add alias expat::expat
 2024-10-05 21:41:06 +02:00
Sebastian Pipping
e856a37920
Merge pull request #905 from libexpat/readme-document-use-via-cmake-fetchcontent 
`README.md`: Document use of Expat via CMake >=3.18 with `FetchContent` and `SOURCE_SUBDIR`
 2024-10-05 19:37:11 +02:00
Sebastian Pipping
75b550dc70 README.md: Document use of Expat via CMake >=3.18 with FetchContent 
.. and SOURCE_SUBDIR
 2024-10-05 16:44:48 +02:00
Sebastian Pipping
8f8d48265e
Merge pull request #906 from libexpat/dependabot/github_actions/actions/checkout-4.2.0 
Actions(deps): Bump actions/checkout from 4.1.7 to 4.2.0
 2024-09-30 22:02:38 +02:00
dependabot[bot]
91e8fff271
Actions(deps): Bump actions/checkout from 4.1.7 to 4.2.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](692973e3d9...d632683dd7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-30 12:32:51 +00:00
Sebastian Pipping
46cf63aef1
Merge pull request #904 from libexpat/tests-resolve-duplicate-handler 
tests: Resolve duplicate handler `accumulate_char_data`
 2024-09-27 22:11:31 +02:00
Sebastian Pipping
cfe35b96ef tests: Extract constant "storage" in function accumulate_characters 
.. to avoid potential reader confusion about where the input character
data is coming from: variable "storage" says that more clearly
and is consistent with multiple other places in the test suite.
 2024-09-27 00:01:37 +02:00
Sebastian Pipping
c46543e053 tests: Add "const" in two places 2024-09-27 00:01:37 +02:00
Sebastian Pipping
4d2e3b5f38 tests: Move last remaining handlers from common.{c,h} to handlers.{c,h} 2024-09-27 00:01:37 +02:00
Sebastian Pipping
fe9251de69 tests: Resolve duplicate handler accumulate_char_data 
Handler accumulate_characters does the exact same thing
and is used many times more throughout the test suite.
 2024-09-27 00:01:28 +02:00
Vollstrecker
cd8904c072
Add alias expat::expat 
As the find module and the config create the expat::expat alias for expat, the build-process should do this also to make it easier to include this in a chainbuild
 2024-09-26 19:37:43 +02:00
Sebastian Pipping
99b6fde742
Merge pull request #902 from libexpat/tests-reduce-use-of-global-parser 
Tests: Reduce use of global parser
 2024-09-23 20:16:31 +02:00
Sebastian Pipping
f001f38aed tests: Migrate test_attributes off of g_parser 2024-09-21 21:57:31 +02:00
Sebastian Pipping
1968906b22 tests: Stop counting_start_element_handler from using g_parser 
Use of g_parser means risk of cross-test interference
and hence risk of hard-to-catch bugs in the test suite,
and so we want to get rid of g_parser altogether midterm.
 2024-09-21 21:57:31 +02:00
Sebastian Pipping
624da0f593
Merge pull request #898 from libexpat/gitignore-sync 
`.gitignore`: Add missing example `element_declarations`
 2024-09-05 17:51:19 +02:00
Sebastian Pipping
57fc7b1379 .gitignore: Add missing example "element_declarations" 2024-09-05 15:00:02 +02:00
Sebastian Pipping
8c1d4371fc
Merge pull request #897 from libexpat/dependabot/github_actions/actions/upload-artifact-4.4.0 
Actions(deps): Bump actions/upload-artifact from 4.3.6 to 4.4.0
 2024-09-04 13:14:24 +02:00
Sebastian Pipping
88b3ed553d
Merge pull request #896 from libexpat/issue-894-prepare-release 
Prepare release 2.6.3 (part of #894, ETA 2024-09-04)
 2024-09-04 12:20:17 +02:00
Sebastian Pipping
f9cfbb7fce Sync file headers 2024-09-03 18:19:25 +02:00
Sebastian Pipping
156d4bab9d Set release date for 2.6.3 2024-09-03 18:19:25 +02:00
Sebastian Pipping
8707e02e1f Bump version to 2.6.3 2024-09-03 18:19:25 +02:00
Sebastian Pipping
93e5971fb5 Bump version info from 10:2:9 to 10:3:9 
See https://verbump.de/ for what these numbers do
 2024-09-03 18:19:25 +02:00
Sebastian Pipping
71e487dc1b Changes: Document changes in release Expat 2.6.3 2024-09-03 18:19:25 +02:00
Sebastian Pipping
29ef43a0ba
Merge pull request #892 from libexpat/taiyou-nextscaffoldpart-overflow 
[CVE-2024-45492] lib: Detect integer overflow in function `nextScaffoldPart` (fixes #889)
 2024-09-03 18:18:03 +02:00
Sebastian Pipping
b8a7dca467
Merge pull request #891 from libexpat/taiyou-dtdcopy-malloc-overflow 
[CVE-2024-45491] lib: Detect integer overflow in `dtdCopy` (fixes #888)
 2024-09-03 18:17:46 +02:00
Sebastian Pipping
e5d6bf015e
Merge pull request #890 from libexpat/taiyou-xml-parsebuffer-len 
[CVE-2024-45490] lib: Reject negative len for `XML_ParseBuffer` (fixes #887)
 2024-09-03 18:17:32 +02:00
dependabot[bot]
6edffb4fa9
Actions(deps): Bump actions/upload-artifact from 4.3.6 to 4.4.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](834a144ee9...50769540e7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-02 12:46:31 +00:00
Sebastian Pipping
234654c58b
Merge pull request #886 from berkayurun/master 
Remove `XML_DTD` guards before `is_param` accesses
 2024-09-01 16:45:32 +02:00