libxml2 in squeeze-lts: remove or activate patch files in debian/patches
Dear Debian LTS team
In libxml2 2.7.8-2+squeeze12, the following four patches were
added into debian/patches.
0001_CVE-2015-1819.patch
0002_stop-parsing-on-entity-boundary-errors.patch
0003_cleanup-conditional-section-error-handling.patch
1001_out-of-bounds-memory-access-on-unclosed-HTML-comment.patch
According to the report message[0], they are shipped individually
for better review. However, they are actually unused at build-time.
Instead, .diff.gz provides the same modifications as the above patches.
The patch files might be a bit confusing in future, so I suggest
removing either one (.diff.gz or debian/patches/*). I attached two patches.
Could you consider to use one of them in the next update?
A_libxml2_remove-unused-patches-from-debian-patches.patch:
Remove debian/patches/*
B_libxml2_apply-debian-patches-at-build-time.patch:
Apply debian/patches/* by debian/rules at build-time,
and remove the corresponding modifications from .diff.gz
[0] https://lists.debian.org/debian-lts/2015/06/msg00027.html
--
Kazuhiro Hayashi
TOSHIBA Corporation
E-mail: kazuhiro3.hayashi@toshiba.co.jp
diff -urN libxml2-2.7.8.dfsg.org/debian/patches/0001_CVE-2015-1819.patch libxml2-2.7.8.dfsg/debian/patches/0001_CVE-2015-1819.patch
--- libxml2-2.7.8.dfsg.org/debian/patches/0001_CVE-2015-1819.patch 2015-07-02 16:32:45.000000000 +0900
+++ libxml2-2.7.8.dfsg/debian/patches/0001_CVE-2015-1819.patch 1970-01-01 09:00:00.000000000 +0900
@@ -1,145 +0,0 @@
-From 213f1fe0d76d30eaed6e5853057defc43e6df2c9 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 14 Apr 2015 17:41:48 +0800
-Subject: CVE-2015-1819 Enforce the reader to run in constant memory
-
-One of the operation on the reader could resolve entities
-leading to the classic expansion issue. Make sure the
-buffer used for xmlreader operation is bounded.
-Introduce a new allocation type for the buffers for this effect.
-
-v2: rebased against libxml2 (<< 2.9)
- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
---- a/include/libxml/tree.h
-+++ b/include/libxml/tree.h
-@@ -74,7 +74,9 @@
- XML_BUFFER_ALLOC_DOUBLEIT, /* double each time one need to grow */
- XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */
- XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
-- XML_BUFFER_ALLOC_IO /* special allocation scheme used for I/O */
-+ XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */
-+ _XML_BUFFER_ALLOC_HYBRID, /* DUMMY: exact up to a threshold, and doubleit thereafter */
-+ XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */
- } xmlBufferAllocationScheme;
-
- /**
---- a/tree.c
-+++ b/tree.c
-@@ -678,11 +678,13 @@
- * XML_BUFFER_ALLOC_EXACT - use exact sizes, keeps memory usage down
- * XML_BUFFER_ALLOC_DOUBLEIT - double buffer when extra needed,
- * improves performance
-+ * XML_BUFFER_ALLOC_BOUNDED - limit the upper size of the buffer
- */
- void
- xmlSetBufferAllocationScheme(xmlBufferAllocationScheme scheme) {
- if ((scheme == XML_BUFFER_ALLOC_EXACT) ||
-- (scheme == XML_BUFFER_ALLOC_DOUBLEIT))
-+ (scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
-+ (scheme == XML_BUFFER_ALLOC_BOUNDED))
- xmlBufferAllocScheme = scheme;
- }
-
-@@ -7099,6 +7101,19 @@
- size = buf->use + len + 100;
- #endif
-
-+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+ /*
-+ * Used to provide parsing limits
-+ */
-+ if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
-+ (buf->size >= XML_MAX_TEXT_LENGTH)) {
-+ xmlTreeErrMemory("buffer error: text too long");
-+ return(0);
-+ }
-+ if (size >= XML_MAX_TEXT_LENGTH)
-+ size = XML_MAX_TEXT_LENGTH;
-+ }
-+
- if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
- size_t start_buf = buf->content - buf->contentIO;
-
-@@ -7209,7 +7224,15 @@
- return(0);
-
- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
--
-+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+ /*
-+ * Used to provide parsing limits
-+ */
-+ if (size >= XML_MAX_TEXT_LENGTH) {
-+ xmlTreeErrMemory("buffer error: text too long");
-+ return(0);
-+ }
-+ }
- /* Don't resize if we don't have to */
- if (size < buf->size)
- return 1;
-@@ -7388,6 +7411,15 @@
- }
- needSize = buf->use + len + 2;
- if (needSize > buf->size){
-+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+ /*
-+ * Used to provide parsing limits
-+ */
-+ if (needSize >= XML_MAX_TEXT_LENGTH) {
-+ xmlTreeErrMemory("buffer error: text too long");
-+ return(-1);
-+ }
-+ }
- if (!xmlBufferResize(buf, needSize)){
- xmlTreeErrMemory("growing buffer");
- return XML_ERR_NO_MEMORY;
---- a/xmlreader.c
-+++ b/xmlreader.c
-@@ -2062,6 +2062,8 @@
- "xmlNewTextReader : malloc failed\n");
- return(NULL);
- }
-+ /* no operation on a reader should require a huge buffer */
-+ xmlSetBufferAllocationScheme(XML_BUFFER_ALLOC_BOUNDED);
- ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
- if (ret->sax == NULL) {
- xmlBufferFree(ret->buffer);
-@@ -3585,6 +3587,7 @@
- return(((xmlNsPtr) node)->href);
- case XML_ATTRIBUTE_NODE:{
- xmlAttrPtr attr = (xmlAttrPtr) node;
-+ const xmlChar *ret;
-
- if ((attr->children != NULL) &&
- (attr->children->type == XML_TEXT_NODE) &&
-@@ -3599,8 +3602,20 @@
- return (NULL);
- }
- reader->buffer->use = 0;
-+ xmlSetBufferAllocationScheme(XML_BUFFER_ALLOC_BOUNDED);
- xmlNodeBufGetContent(reader->buffer, node);
-- return(reader->buffer->content);
-+ if (!reader->buffer)
-+ ret = NULL;
-+ else
-+ ret = reader->buffer->content;
-+ if (ret == NULL) {
-+ /* error on the buffer best to reallocate */
-+ xmlBufferFree(reader->buffer);
-+ reader->buffer = xmlBufferCreateSize(100);
-+ xmlSetBufferAllocationScheme(XML_BUFFER_ALLOC_BOUNDED);
-+ ret = BAD_CAST "";
-+ }
-+ return(ret);
- }
- break;
- }
-@@ -4977,6 +4992,8 @@
- "xmlTextReaderSetup : malloc failed\n");
- return (-1);
- }
-+ /* no operation on a reader should require a huge buffer */
-+ xmlSetBufferAllocationScheme(XML_BUFFER_ALLOC_BOUNDED);
- xmlSAXVersion(reader->sax, 2);
- reader->startElement = reader->sax->startElement;
- reader->sax->startElement = xmlTextReaderStartElement;
diff -urN libxml2-2.7.8.dfsg.org/debian/patches/0002_stop-parsing-on-entity-boundary-errors.patch libxml2-2.7.8.dfsg/debian/patches/0002_stop-parsing-on-entity-boundary-errors.patch
--- libxml2-2.7.8.dfsg.org/debian/patches/0002_stop-parsing-on-entity-boundary-errors.patch 2015-07-02 16:32:45.000000000 +0900
+++ libxml2-2.7.8.dfsg/debian/patches/0002_stop-parsing-on-entity-boundary-errors.patch 1970-01-01 09:00:00.000000000 +0900
@@ -1,24 +0,0 @@
-From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 23 Feb 2015 11:17:35 +0800
-Subject: Stop parsing on entities boundaries errors
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=744980
-
-There are times, like on unterminated entities that it's preferable to
-stop parsing, even if that means less error reporting. Entities are
-feeding the parser on further processing, and if they are ill defined
-then it's possible to get the parser to bug. Also do the same on
-Conditional Sections if the input is broken, as the structure of
-the document can't be guessed.
-
---- a/parser.c
-+++ b/parser.c
-@@ -5472,6 +5472,7 @@
- if (RAW != '>') {
- xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
- "xmlParseEntityDecl: entity %s not terminated\n", name);
-+ xmlStopParser(ctxt);
- } else {
- if (input != ctxt->input) {
- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
diff -urN libxml2-2.7.8.dfsg.org/debian/patches/0003_cleanup-conditional-section-error-handling.patch libxml2-2.7.8.dfsg/debian/patches/0003_cleanup-conditional-section-error-handling.patch
--- libxml2-2.7.8.dfsg.org/debian/patches/0003_cleanup-conditional-section-error-handling.patch 2015-07-02 16:32:45.000000000 +0900
+++ libxml2-2.7.8.dfsg/debian/patches/0003_cleanup-conditional-section-error-handling.patch 1970-01-01 09:00:00.000000000 +0900
@@ -1,44 +0,0 @@
-From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 23 Feb 2015 11:29:20 +0800
-Subject: Cleanup conditional section error handling
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=744980
-
-The error handling of Conditional Section also need to be
-straightened as the structure of the document can't be
-guessed on a failure there and it's better to stop parsing
-as further errors are likely to be irrelevant.
-
-v2: rebased against v2.7.8 (as found in Debian squeeze)
- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-
---- a/parser.c
-+++ b/parser.c
-@@ -6584,6 +6584,8 @@
- SKIP_BLANKS;
- if (RAW != '[') {
- xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+ xmlStopParser(ctxt);
-+ return;
- } else {
- if (ctxt->input->id != id) {
- xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6644,6 +6646,8 @@
- SKIP_BLANKS;
- if (RAW != '[') {
- xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+ xmlStopParser(ctxt);
-+ return;
- } else {
- if (ctxt->input->id != id) {
- xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6699,6 +6703,8 @@
-
- } else {
- xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
-+ xmlStopParser(ctxt);
-+ return;
- }
-
- if (RAW == 0)
diff -urN libxml2-2.7.8.dfsg.org/debian/patches/1001_out-of-bounds-memory-access-on-unclosed-HTML-comment.patch libxml2-2.7.8.dfsg/debian/patches/1001_out-of-bounds-memory-access-on-unclosed-HTML-comment.patch
--- libxml2-2.7.8.dfsg.org/debian/patches/1001_out-of-bounds-memory-access-on-unclosed-HTML-comment.patch 2015-07-02 16:32:45.000000000 +0900
+++ libxml2-2.7.8.dfsg/debian/patches/1001_out-of-bounds-memory-access-on-unclosed-HTML-comment.patch 1970-01-01 09:00:00.000000000 +0900
@@ -1,89 +0,0 @@
-Description: Out-of-bounds memory access when parsing unclosed HTML comments.
-Author: Francois Chagnon
-Origin: https://bugzilla.gnome.org/attachment.cgi?id=299127&action=diff
-
---- a/HTMLparser.c
-+++ b/HTMLparser.c
-@@ -3194,13 +3194,20 @@
- ctxt->instate = state;
- return;
- }
-+ if ((ctxt->input->end - ctxt->input->cur) < 3) {
-+ ctxt->instate = XML_PARSER_EOF;
-+ htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
-+ "Comment not terminated\n", NULL, NULL);
-+ xmlFree(buf);
-+ return;
-+ }
- q = CUR_CHAR(ql);
- NEXTL(ql);
- r = CUR_CHAR(rl);
- NEXTL(rl);
- cur = CUR_CHAR(l);
- len = 0;
-- while (IS_CHAR(cur) &&
-+ while (((ctxt->input->end - ctxt->input->cur) > 0) && IS_CHAR(cur) &&
- ((cur != '>') ||
- (r != '-') || (q != '-'))) {
- if (len + 5 >= size) {
-@@ -3230,7 +3237,7 @@
- }
- }
- buf[len] = 0;
-- if (!IS_CHAR(cur)) {
-+ if (!(ctxt->input->end - ctxt->input->cur) || !IS_CHAR(cur)) {
- htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
- "Comment not terminated \n<!--%.50s\n", buf, NULL);
- xmlFree(buf);
-@@ -3990,6 +3997,7 @@
- depth = ctxt->nameNr;
- while (1) {
- long cons = ctxt->nbChars;
-+ long rem = ctxt->input->end - ctxt->input->cur;
-
- GROW;
-
-@@ -4055,7 +4063,7 @@
- /*
- * Sometimes DOCTYPE arrives in the middle of the document
- */
-- if ((CUR == '<') && (NXT(1) == '!') &&
-+ if ((rem >= 9) && (CUR == '<') && (NXT(1) == '!') &&
- (UPP(2) == 'D') && (UPP(3) == 'O') &&
- (UPP(4) == 'C') && (UPP(5) == 'T') &&
- (UPP(6) == 'Y') && (UPP(7) == 'P') &&
-@@ -4069,7 +4077,7 @@
- /*
- * First case : a comment
- */
-- if ((CUR == '<') && (NXT(1) == '!') &&
-+ if ((rem >= 4) && (CUR == '<') && (NXT(1) == '!') &&
- (NXT(2) == '-') && (NXT(3) == '-')) {
- htmlParseComment(ctxt);
- }
-@@ -4077,14 +4085,14 @@
- /*
- * Second case : a Processing Instruction.
- */
-- else if ((CUR == '<') && (NXT(1) == '?')) {
-+ else if ((rem >= 2) && (CUR == '<') && (NXT(1) == '?')) {
- htmlParsePI(ctxt);
- }
-
- /*
- * Third case : a sub-element.
- */
-- else if (CUR == '<') {
-+ else if ((rem >= 1 ) && (CUR == '<')) {
- htmlParseElement(ctxt);
- }
-
-@@ -4092,7 +4100,7 @@
- * Fourth case : a reference. If if has not been resolved,
- * parsing returns it's Name, create the node
- */
-- else if (CUR == '&') {
-+ else if ((rem >= 1) && (CUR == '&')) {
- htmlParseReference(ctxt);
- }
-
diff -ruN libxml2-2.7.8.dfsg.org//HTMLparser.c libxml2-2.7.8.dfsg/HTMLparser.c
--- libxml2-2.7.8.dfsg.org//HTMLparser.c 2015-07-02 17:25:06.000000000 +0900
+++ libxml2-2.7.8.dfsg/HTMLparser.c 2015-07-02 17:14:30.016791531 +0900
@@ -3194,20 +3194,13 @@
ctxt->instate = state;
return;
}
- if ((ctxt->input->end - ctxt->input->cur) < 3) {
- ctxt->instate = XML_PARSER_EOF;
- htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
- "Comment not terminated\n", NULL, NULL);
- xmlFree(buf);
- return;
- }
q = CUR_CHAR(ql);
NEXTL(ql);
r = CUR_CHAR(rl);
NEXTL(rl);
cur = CUR_CHAR(l);
len = 0;
- while (((ctxt->input->end - ctxt->input->cur) > 0) && IS_CHAR(cur) &&
+ while (IS_CHAR(cur) &&
((cur != '>') ||
(r != '-') || (q != '-'))) {
if (len + 5 >= size) {
@@ -3237,7 +3230,7 @@
}
}
buf[len] = 0;
- if (!(ctxt->input->end - ctxt->input->cur) || !IS_CHAR(cur)) {
+ if (!IS_CHAR(cur)) {
htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
"Comment not terminated \n<!--%.50s\n", buf, NULL);
xmlFree(buf);
@@ -3997,7 +3990,6 @@
depth = ctxt->nameNr;
while (1) {
long cons = ctxt->nbChars;
- long rem = ctxt->input->end - ctxt->input->cur;
GROW;
@@ -4063,7 +4055,7 @@
/*
* Sometimes DOCTYPE arrives in the middle of the document
*/
- if ((rem >= 9) && (CUR == '<') && (NXT(1) == '!') &&
+ if ((CUR == '<') && (NXT(1) == '!') &&
(UPP(2) == 'D') && (UPP(3) == 'O') &&
(UPP(4) == 'C') && (UPP(5) == 'T') &&
(UPP(6) == 'Y') && (UPP(7) == 'P') &&
@@ -4077,7 +4069,7 @@
/*
* First case : a comment
*/
- if ((rem >= 4) && (CUR == '<') && (NXT(1) == '!') &&
+ if ((CUR == '<') && (NXT(1) == '!') &&
(NXT(2) == '-') && (NXT(3) == '-')) {
htmlParseComment(ctxt);
}
@@ -4085,14 +4077,14 @@
/*
* Second case : a Processing Instruction.
*/
- else if ((rem >= 2) && (CUR == '<') && (NXT(1) == '?')) {
+ else if ((CUR == '<') && (NXT(1) == '?')) {
htmlParsePI(ctxt);
}
/*
* Third case : a sub-element.
*/
- else if ((rem >= 1 ) && (CUR == '<')) {
+ else if (CUR == '<') {
htmlParseElement(ctxt);
}
@@ -4100,7 +4092,7 @@
* Fourth case : a reference. If if has not been resolved,
* parsing returns it's Name, create the node
*/
- else if ((rem >= 1) && (CUR == '&')) {
+ else if (CUR == '&') {
htmlParseReference(ctxt);
}
diff -ruN libxml2-2.7.8.dfsg.org//debian/patches/series libxml2-2.7.8.dfsg/debian/patches/series
--- libxml2-2.7.8.dfsg.org//debian/patches/series 1970-01-01 09:00:00.000000000 +0900
+++ libxml2-2.7.8.dfsg/debian/patches/series 2015-07-02 17:14:53.720807986 +0900
@@ -0,0 +1,4 @@
+0001_CVE-2015-1819.patch
+0002_stop-parsing-on-entity-boundary-errors.patch
+0003_cleanup-conditional-section-error-handling.patch
+1001_out-of-bounds-memory-access-on-unclosed-HTML-comment.patch
diff -ruN libxml2-2.7.8.dfsg.org//debian/rules libxml2-2.7.8.dfsg/debian/rules
--- libxml2-2.7.8.dfsg.org//debian/rules 2015-07-02 17:25:06.000000000 +0900
+++ libxml2-2.7.8.dfsg/debian/rules 2015-07-02 17:17:49.240807376 +0900
@@ -118,4 +118,4 @@
dh_makeshlibs -a $(if $(WITH_UDEB),--add-udeb=libxml2-udeb )-V 'libxml2 (>= 2.7.4)' -- -c4
%:
- dh $@
+ dh $@ --with quilt
diff -ruN libxml2-2.7.8.dfsg.org//include/libxml/tree.h libxml2-2.7.8.dfsg/include/libxml/tree.h
--- libxml2-2.7.8.dfsg.org//include/libxml/tree.h 2015-07-02 17:25:06.000000000 +0900
+++ libxml2-2.7.8.dfsg/include/libxml/tree.h 2015-07-02 17:14:10.952809336 +0900
@@ -74,9 +74,7 @@
XML_BUFFER_ALLOC_DOUBLEIT, /* double each time one need to grow */
XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */
XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
- XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */
- _XML_BUFFER_ALLOC_HYBRID, /* DUMMY: exact up to a threshold, and doubleit thereafter */
- XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */
+ XML_BUFFER_ALLOC_IO /* special allocation scheme used for I/O */
} xmlBufferAllocationScheme;
/**
diff -ruN libxml2-2.7.8.dfsg.org//parser.c libxml2-2.7.8.dfsg/parser.c
--- libxml2-2.7.8.dfsg.org//parser.c 2015-07-02 17:25:06.000000000 +0900
+++ libxml2-2.7.8.dfsg/parser.c 2015-07-02 17:14:22.107791601 +0900
@@ -5472,7 +5472,6 @@
if (RAW != '>') {
xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
"xmlParseEntityDecl: entity %s not terminated\n", name);
- xmlStopParser(ctxt);
} else {
if (input != ctxt->input) {
xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
@@ -6584,8 +6583,6 @@
SKIP_BLANKS;
if (RAW != '[') {
xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
- xmlStopParser(ctxt);
- return;
} else {
if (ctxt->input->id != id) {
xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
@@ -6646,8 +6643,6 @@
SKIP_BLANKS;
if (RAW != '[') {
xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
- xmlStopParser(ctxt);
- return;
} else {
if (ctxt->input->id != id) {
xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
@@ -6703,8 +6698,6 @@
} else {
xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
- xmlStopParser(ctxt);
- return;
}
if (RAW == 0)
diff -ruN libxml2-2.7.8.dfsg.org//tree.c libxml2-2.7.8.dfsg/tree.c
--- libxml2-2.7.8.dfsg.org//tree.c 2015-07-02 17:25:06.000000000 +0900
+++ libxml2-2.7.8.dfsg/tree.c 2015-07-02 17:14:10.957041481 +0900
@@ -678,13 +678,11 @@
* XML_BUFFER_ALLOC_EXACT - use exact sizes, keeps memory usage down
* XML_BUFFER_ALLOC_DOUBLEIT - double buffer when extra needed,
* improves performance
- * XML_BUFFER_ALLOC_BOUNDED - limit the upper size of the buffer
*/
void
xmlSetBufferAllocationScheme(xmlBufferAllocationScheme scheme) {
if ((scheme == XML_BUFFER_ALLOC_EXACT) ||
- (scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
- (scheme == XML_BUFFER_ALLOC_BOUNDED))
+ (scheme == XML_BUFFER_ALLOC_DOUBLEIT))
xmlBufferAllocScheme = scheme;
}
@@ -7101,19 +7099,6 @@
size = buf->use + len + 100;
#endif
- if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
- /*
- * Used to provide parsing limits
- */
- if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
- (buf->size >= XML_MAX_TEXT_LENGTH)) {
- xmlTreeErrMemory("buffer error: text too long");
- return(0);
- }
- if (size >= XML_MAX_TEXT_LENGTH)
- size = XML_MAX_TEXT_LENGTH;
- }
-
if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
size_t start_buf = buf->content - buf->contentIO;
@@ -7224,15 +7209,7 @@
return(0);
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
- if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
- /*
- * Used to provide parsing limits
- */
- if (size >= XML_MAX_TEXT_LENGTH) {
- xmlTreeErrMemory("buffer error: text too long");
- return(0);
- }
- }
+
/* Don't resize if we don't have to */
if (size < buf->size)
return 1;
@@ -7411,15 +7388,6 @@
}
needSize = buf->use + len + 2;
if (needSize > buf->size){
- if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
- /*
- * Used to provide parsing limits
- */
- if (needSize >= XML_MAX_TEXT_LENGTH) {
- xmlTreeErrMemory("buffer error: text too long");
- return(-1);
- }
- }
if (!xmlBufferResize(buf, needSize)){
xmlTreeErrMemory("growing buffer");
return XML_ERR_NO_MEMORY;
diff -ruN libxml2-2.7.8.dfsg.org//xmlreader.c libxml2-2.7.8.dfsg/xmlreader.c
--- libxml2-2.7.8.dfsg.org//xmlreader.c 2015-07-02 17:25:06.000000000 +0900
+++ libxml2-2.7.8.dfsg/xmlreader.c 2015-07-02 17:14:10.957041481 +0900
@@ -2062,8 +2062,6 @@
"xmlNewTextReader : malloc failed\n");
return(NULL);
}
- /* no operation on a reader should require a huge buffer */
- xmlSetBufferAllocationScheme(XML_BUFFER_ALLOC_BOUNDED);
ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
if (ret->sax == NULL) {
xmlBufferFree(ret->buffer);
@@ -3587,7 +3585,6 @@
return(((xmlNsPtr) node)->href);
case XML_ATTRIBUTE_NODE:{
xmlAttrPtr attr = (xmlAttrPtr) node;
- const xmlChar *ret;
if ((attr->children != NULL) &&
(attr->children->type == XML_TEXT_NODE) &&
@@ -3602,20 +3599,8 @@
return (NULL);
}
reader->buffer->use = 0;
- xmlSetBufferAllocationScheme(XML_BUFFER_ALLOC_BOUNDED);
xmlNodeBufGetContent(reader->buffer, node);
- if (!reader->buffer)
- ret = NULL;
- else
- ret = reader->buffer->content;
- if (ret == NULL) {
- /* error on the buffer best to reallocate */
- xmlBufferFree(reader->buffer);
- reader->buffer = xmlBufferCreateSize(100);
- xmlSetBufferAllocationScheme(XML_BUFFER_ALLOC_BOUNDED);
- ret = BAD_CAST "";
- }
- return(ret);
+ return(reader->buffer->content);
}
break;
}
@@ -4992,8 +4977,6 @@
"xmlTextReaderSetup : malloc failed\n");
return (-1);
}
- /* no operation on a reader should require a huge buffer */
- xmlSetBufferAllocationScheme(XML_BUFFER_ALLOC_BOUNDED);
xmlSAXVersion(reader->sax, 2);
reader->startElement = reader->sax->startElement;
reader->sax->startElement = xmlTextReaderStartElement;
Reply to: