Permalink
Browse files

fixed a serious problem when substituing entities using the Reader, the

* parser.c xmlreader.c include/libxml/parser.h: fixed a serious
  problem when substituing entities using the Reader, the entities
  content might be freed and if rereferenced would crash
* Makefile.am test/* result/*: added a new test case and a new
  test operation for the reader with substitution of entities.
Daniel
  • Loading branch information...
Daniel Veillard
Daniel Veillard committed Jun 8, 2004
1 parent 1b243b4 commit 0df3bc3f287898e13a743d939b1d36f81be8f0fb
Showing with 37,745 additions and 9 deletions.
  1. +8 −0 ChangeLog
  2. +16 −0 Makefile.am
  3. +16 −1 include/libxml/parser.h
  4. +31 −8 parser.c
  5. +1 −0 result/att1.rde
  6. +1 −0 result/att2.rde
  7. +3 −0 result/att3.rde
  8. +27,785 −0 result/att4.rde
  9. +109 −0 result/att5.rde
  10. +15 −0 result/att6.rde
  11. +12 −0 result/att7.rde
  12. +22 −0 result/att8.rde
  13. +1 −0 result/attrib.xml.rde
  14. +4 −0 result/bigentname.xml.rde
  15. +1 −0 result/bigname.xml.rde
  16. +1 −0 result/bigname2.xml.rde
  17. +7 −0 result/cdata.rde
  18. +13 −0 result/cdata2.rde
  19. +13 −0 result/comment.xml.rde
  20. +9 −0 result/comment2.xml.rde
  21. +78 −0 result/dav1.rde
  22. +9 −0 result/dav10.rde
  23. +60 −0 result/dav11.rde
  24. +3 −0 result/dav12.rde
  25. +45 −0 result/dav13.rde
  26. +73 −0 result/dav15.rde
  27. +13 −0 result/dav16.rde
  28. +75 −0 result/dav17.rde
  29. +13 −0 result/dav18.rde
  30. +59 −0 result/dav19.rde
  31. +81 −0 result/dav2.rde
  32. +57 −0 result/dav3.rde
  33. +47 −0 result/dav4.rde
  34. +50 −0 result/dav5.rde
  35. +63 −0 result/dav6.rde
  36. +57 −0 result/dav7.rde
  37. +51 −0 result/dav8.rde
  38. +67 −0 result/dav9.rde
  39. +2 −0 result/defattr.xml.rde
  40. +2 −0 result/defattr2.xml.rde
  41. +292 −0 result/dia1.rde
  42. +292 −0 result/dia2.rde
  43. +5 −0 result/dtd1.rde
  44. +12 −0 result/dtd10.rde
  45. +2 −0 result/dtd11.rde
  46. +4 −0 result/dtd12.rde
  47. +4 −0 result/dtd13.rde
  48. +4 −0 result/dtd2.rde
  49. +4 −0 result/dtd3.rde
  50. +2 −0 result/dtd4.rde
  51. +11 −0 result/dtd5.rde
  52. +12 −0 result/dtd6.rde
  53. +9 −0 result/dtd7.rde
  54. +9 −0 result/dtd8.rde
  55. +9 −0 result/dtd9.rde
  56. +6 −0 result/ent1.rde
  57. +15 −0 result/ent2.rde
  58. +6 −0 result/ent3.rde
  59. +6 −0 result/ent4.rde
  60. +6 −0 result/ent5.rde
  61. +2 −0 result/ent6.rde
  62. +6 −0 result/ent7.rde
  63. +20 −0 result/ent8.rde
  64. +61 −0 result/ent9
  65. +300 −0 result/ent9.rde
  66. +280 −0 result/ent9.rdr
  67. +310 −0 result/ent9.sax
  68. +5 −0 result/eve.xml.rde
  69. +2 −0 result/intsubset.xml.rde
  70. +3 −0 result/isolat1.rde
  71. +108 −0 result/isolat2.rde
  72. +23 −0 result/isolat3.rde
  73. +61 −0 result/noent/ent9
  74. +7 −0 result/ns.rde
  75. +1 −0 result/ns2.rde
  76. +1 −0 result/ns3.rde
  77. +1 −0 result/ns4.rde
  78. +55 −0 result/p3p.rde
  79. +13 −0 result/pi.xml.rde
  80. +9 −0 result/pi2.xml.rde
  81. +214 −0 result/rdf1.rde
  82. +2,008 −0 result/rdf2.rde
  83. +218 −0 result/slashdot.rdf.rde
  84. +514 −0 result/slashdot.xml.rde
  85. +718 −0 result/slashdot16.xml.rde
  86. +477 −0 result/svg1.rde
  87. +178 −0 result/svg2.rde
  88. +2,164 −0 result/svg3.rde
  89. +3 −0 result/title.xml.rde
  90. +3 −0 result/tstblanks.xml.rde
  91. +4 −0 result/utf16bebom.xml.rde
  92. +3 −0 result/utf16bom.xml.rde
  93. +4 −0 result/utf16lebom.xml.rde
  94. +1 −0 result/utf8bom.xml.rde
  95. +70 −0 result/wap.xml.rde
  96. +24 −0 result/wml.xml.rde
  97. +95 −0 result/xhtml1.rde
  98. +19 −0 result/xhtmlcomp.rde
  99. +8 −0 result/xml1.rde
  100. +4 −0 result/xml2.rde
  101. +61 −0 test/ent9
  102. +4 −0 xmlreader.c
View
@@ -1,3 +1,11 @@
+Tue Jun 8 14:01:14 CEST 2004 Daniel Veillard <daniel@veillard.com>
+
+ * parser.c xmlreader.c include/libxml/parser.h: fixed a serious
+ problem when substituing entities using the Reader, the entities
+ content might be freed and if rereferenced would crash
+ * Makefile.am test/* result/*: added a new test case and a new
+ test operation for the reader with substitution of entities.
+
Tue Jun 8 12:14:16 CEST 2004 Daniel Veillard <daniel@veillard.com>
* globals.c xmlIO.c include/libxml/globals.h include/libxml/xmlIO.h:
View
@@ -642,6 +642,22 @@ Readertests : xmllint$(EXEEXT)
if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
rm result.$$name ; \
fi ; fi ; done)
+ @echo "## Reader entities substitution regression tests"
+ -@(for i in $(srcdir)/test/* ; do \
+ name=`basename $$i`; \
+ if [ ! -d $$i ] ; then \
+ if [ ! -f $(srcdir)/result/$$name.rde ] ; then \
+ echo New test file $$name ; \
+ $(CHECKER) $(top_builddir)/xmllint --noent --nonet --debug --stream $$i > $(srcdir)/result/$$name.rde 2>/dev/null ; \
+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0";\
+ else \
+ log=`$(CHECKER) $(top_builddir)/xmllint --noent --nonet --debug --stream $$i > result.$$name 2>/dev/null ; \
+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0";\
+ diff $(srcdir)/result/$$name.rde result.$$name` ; \
+ if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
+ rm result.$$name ; \
+ fi ; fi ; done)
+
SAXtests : testSAX$(EXEEXT)
@(echo > .memdump)
@echo "## SAX callbacks regression tests"
View
@@ -155,6 +155,20 @@ typedef enum {
*/
#define XML_SKIP_IDS 8
+/**
+ * xmlParserMode:
+ *
+ * A parser can operate in various modes
+ */
+typedef enum {
+ XML_PARSE_UNKNOWN = 0,
+ XML_PARSE_DOM = 1,
+ XML_PARSE_SAX = 2,
+ XML_PARSE_PUSH_DOM = 3,
+ XML_PARSE_PUSH_SAX = 4,
+ XML_PARSE_READER = 5
+} xmlParserMode;
+
/**
* xmlParserCtxt:
*
@@ -240,7 +254,7 @@ struct _xmlParserCtxt {
int loadsubset; /* should the external subset be loaded */
int linenumbers; /* set line number in element content */
- void *catalogs; /* document's own catalog */
+ void *catalogs; /* document's own catalog */
int recovery; /* run in recovery mode */
int progressive; /* is this a progressive parsing */
xmlDictPtr dict; /* dictionnary for the parser */
@@ -282,6 +296,7 @@ struct _xmlParserCtxt {
* the complete error informations for the last error.
*/
xmlError lastError;
+ xmlParserMode parseMode; /* the parser mode */
};
/**
View
@@ -5514,8 +5514,9 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
* Prune it directly in the generated document
* except for single text nodes.
*/
- if ((list->type == XML_TEXT_NODE) &&
- (list->next == NULL)) {
+ if (((list->type == XML_TEXT_NODE) &&
+ (list->next == NULL)) ||
+ (ctxt->parseMode == XML_PARSE_READER)) {
list->parent = (xmlNodePtr) ent;
list = NULL;
ent->owner = 1;
@@ -5568,10 +5569,21 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
/*
* Seems we are generating the DOM content, do
* a simple tree copy for all references except the first
- * In the first occurrence list contains the replacement
+ * In the first occurrence list contains the replacement.
+ * progressive == 2 means we are operating on the Reader
+ * and since nodes are discarded we must copy all the time.
*/
- if ((list == NULL) && (ent->owner == 0)) {
+ if (((list == NULL) && (ent->owner == 0)) ||
+ (ctxt->parseMode == XML_PARSE_READER)) {
xmlNodePtr nw = NULL, cur, firstChild = NULL;
+
+ /*
+ * when operating on a reader, the entities definitions
+ * are always owning the entities subtree.
+ if (ctxt->parseMode == XML_PARSE_READER)
+ ent->owner = 1;
+ */
+
cur = ent->children;
while (cur != NULL) {
nw = xmlCopyNode(cur, 1);
@@ -5580,10 +5592,20 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
if (firstChild == NULL){
firstChild = nw;
}
- xmlAddChild(ctxt->node, nw);
+ nw = xmlAddChild(ctxt->node, nw);
}
- if (cur == ent->last)
+ if (cur == ent->last) {
+ /*
+ * needed to detect some strange empty
+ * node cases in the reader tests
+ */
+ if ((ctxt->parseMode == XML_PARSE_READER) &&
+ (nw->type == XML_ELEMENT_NODE) &&
+ (nw->children == NULL))
+ nw->extra = 1;
+
break;
+ }
cur = cur->next;
}
#ifdef LIBXML_LEGACY_ENABLED
@@ -8790,7 +8812,7 @@ xmlParseGetLasts(xmlParserCtxtPtr ctxt, const xmlChar **lastlt,
"Internal error: xmlParseGetLasts\n");
return;
}
- if ((ctxt->progressive == 1) && (ctxt->inputNr == 1)) {
+ if ((ctxt->progressive != 0) && (ctxt->inputNr == 1)) {
tmp = ctxt->input->end;
tmp--;
while ((tmp >= ctxt->input->base) && (*tmp != '<') &&
@@ -9437,7 +9459,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
goto done;
} else {
ctxt->instate = XML_PARSER_START_TAG;
- ctxt->progressive = 1;
+ if (ctxt->progressive == 0)
+ ctxt->progressive = 1;
xmlParseGetLasts(ctxt, &lastlt, &lastgt);
#ifdef DEBUG_PUSH
xmlGenericError(xmlGenericErrorContext,
View
@@ -0,0 +1 @@
+0 1 doc 1 0
View
@@ -0,0 +1 @@
+0 1 doc 1 0
View
@@ -0,0 +1,3 @@
+0 1 select 0 0
+1 3 #text 0 1 f oo
+0 15 select 0 0
Oops, something went wrong.

0 comments on commit 0df3bc3

Please sign in to comment.