1 /* 5ab094ffadd6edfc94c3eee53af44a86951f9f1f0933ada3114bbce2bfb02c99 (2.5.0+) 2 __ __ _ 3 ___\ \/ /_ __ __ _| |_ 4 / _ \\ /| '_ \ / _` | __| 5 | __// \| |_) | (_| | |_ 6 \___/_/\_\ .__/ \__,_|\__| 7 |_| XML parser 8 9 Copyright (c) 1997-2000 Thai Open Source Software Center Ltd 10 Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net> 11 Copyright (c) 2000-2006 Fred L. Drake, Jr. <fdrake@users.sourceforge.net> 12 Copyright (c) 2001-2002 Greg Stein <gstein@users.sourceforge.net> 13 Copyright (c) 2002-2016 Karl Waclawek <karl@waclawek.net> 14 Copyright (c) 2005-2009 Steven Solie <steven@solie.ca> 15 Copyright (c) 2016 Eric Rahm <erahm@mozilla.com> 16 Copyright (c) 2016-2022 Sebastian Pipping <sebastian@pipping.org> 17 Copyright (c) 2016 Gaurav <g.gupta@samsung.com> 18 Copyright (c) 2016 Thomas Beutlich <tc@tbeu.de> 19 Copyright (c) 2016 Gustavo Grieco <gustavo.grieco@imag.fr> 20 Copyright (c) 2016 Pascal Cuoq <cuoq@trust-in-soft.com> 21 Copyright (c) 2016 Ed Schouten <ed@nuxi.nl> 22 Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk> 23 Copyright (c) 2017 Václav Slavík <vaclav@slavik.io> 24 Copyright (c) 2017 Viktor Szakats <commit@vsz.me> 25 Copyright (c) 2017 Chanho Park <chanho61.park@samsung.com> 26 Copyright (c) 2017 Rolf Eike Beer <eike@sf-mail.de> 27 Copyright (c) 2017 Hans Wennborg <hans@chromium.org> 28 Copyright (c) 2018 Anton Maklakov <antmak.pub@gmail.com> 29 Copyright (c) 2018 Benjamin Peterson <benjamin@python.org> 30 Copyright (c) 2018 Marco Maggi <marco.maggi-ipsu@poste.it> 31 Copyright (c) 2018 Mariusz Zaborski <oshogbo@vexillium.org> 32 Copyright (c) 2019 David Loffredo <loffredo@steptools.com> 33 Copyright (c) 2019-2020 Ben Wagner <bungeman@chromium.org> 34 Copyright (c) 2019 Vadim Zeitlin <vadim@zeitlins.org> 35 Copyright (c) 2021 Dong-hee Na <donghee.na@python.org> 36 Copyright (c) 2022 Samanta Navarro <ferivoz@riseup.net> 37 Copyright (c) 2022 Jeffrey Walton <noloader@gmail.com> 38 Copyright (c) 2022 Jann Horn <jannh@google.com> 39 Licensed under the MIT license: 40 41 Permission is hereby granted, free of charge, to any person obtaining 42 a copy of this software and associated documentation files (the 43 "Software"), to deal in the Software without restriction, including 44 without limitation the rights to use, copy, modify, merge, publish, 45 distribute, sublicense, and/or sell copies of the Software, and to permit 46 persons to whom the Software is furnished to do so, subject to the 47 following conditions: 48 49 The above copyright notice and this permission notice shall be included 50 in all copies or substantial portions of the Software. 51 52 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 53 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 54 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN 55 NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 56 DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 57 OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 58 USE OR OTHER DEALINGS IN THE SOFTWARE. 59 */ 60 61 #define XML_BUILDING_EXPAT 1 62 63 #include <expat_config.h> 64 65 #if ! defined(_GNU_SOURCE) 66 # define _GNU_SOURCE 1 /* syscall prototype */ 67 #endif 68 69 #ifdef _WIN32 70 /* force stdlib to define rand_s() */ 71 # if ! defined(_CRT_RAND_S) 72 # define _CRT_RAND_S 73 # endif 74 #endif 75 76 #include <stddef.h> 77 #include <string.h> /* memset(), memcpy() */ 78 #include <assert.h> 79 #include <limits.h> /* UINT_MAX */ 80 #include <stdio.h> /* fprintf */ 81 #include <stdlib.h> /* getenv, rand_s */ 82 #include <stdint.h> /* uintptr_t */ 83 #include <math.h> /* isnan */ 84 85 #ifdef _WIN32 86 # define getpid GetCurrentProcessId 87 #else 88 # include <sys/time.h> /* gettimeofday() */ 89 # include <sys/types.h> /* getpid() */ 90 # include <unistd.h> /* getpid() */ 91 # include <fcntl.h> /* O_RDONLY */ 92 # include <errno.h> 93 #endif 94 95 #ifdef _WIN32 96 # include "winconfig.h" 97 #endif 98 99 #include "ascii.h" 100 #include "expat.h" 101 #include "siphash.h" 102 103 #if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) 104 # if defined(HAVE_GETRANDOM) 105 # include <sys/random.h> /* getrandom */ 106 # else 107 # include <unistd.h> /* syscall */ 108 # include <sys/syscall.h> /* SYS_getrandom */ 109 # endif 110 # if ! defined(GRND_NONBLOCK) 111 # define GRND_NONBLOCK 0x0001 112 # endif /* defined(GRND_NONBLOCK) */ 113 #endif /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */ 114 115 #if defined(HAVE_LIBBSD) \ 116 && (defined(HAVE_ARC4RANDOM_BUF) || defined(HAVE_ARC4RANDOM)) 117 # include <bsd/stdlib.h> 118 #endif 119 120 #if defined(_WIN32) && ! defined(LOAD_LIBRARY_SEARCH_SYSTEM32) 121 # define LOAD_LIBRARY_SEARCH_SYSTEM32 0x00000800 122 #endif 123 124 #if ! defined(HAVE_GETRANDOM) && ! defined(HAVE_SYSCALL_GETRANDOM) \ 125 && ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM) \ 126 && ! defined(XML_DEV_URANDOM) && ! defined(_WIN32) \ 127 && ! defined(XML_POOR_ENTROPY) 128 # error You do not have support for any sources of high quality entropy \ 129 enabled. For end user security, that is probably not what you want. \ 130 \ 131 Your options include: \ 132 * Linux >=3.17 + glibc >=2.25 (getrandom): HAVE_GETRANDOM, \ 133 * Linux >=3.17 + glibc (including <2.25) (syscall SYS_getrandom): HAVE_SYSCALL_GETRANDOM, \ 134 * BSD / macOS >=10.7 (arc4random_buf): HAVE_ARC4RANDOM_BUF, \ 135 * BSD / macOS (including <10.7) (arc4random): HAVE_ARC4RANDOM, \ 136 * libbsd (arc4random_buf): HAVE_ARC4RANDOM_BUF + HAVE_LIBBSD, \ 137 * libbsd (arc4random): HAVE_ARC4RANDOM + HAVE_LIBBSD, \ 138 * Linux (including <3.17) / BSD / macOS (including <10.7) / Solaris >=8 (/dev/urandom): XML_DEV_URANDOM, \ 139 * Windows >=Vista (rand_s): _WIN32. \ 140 \ 141 If insist on not using any of these, bypass this error by defining \ 142 XML_POOR_ENTROPY; you have been warned. \ 143 \ 144 If you have reasons to patch this detection code away or need changes \ 145 to the build system, please open a bug. Thank you! 146 #endif 147 148 #ifdef XML_UNICODE 149 # define XML_ENCODE_MAX XML_UTF16_ENCODE_MAX 150 # define XmlConvert XmlUtf16Convert 151 # define XmlGetInternalEncoding XmlGetUtf16InternalEncoding 152 # define XmlGetInternalEncodingNS XmlGetUtf16InternalEncodingNS 153 # define XmlEncode XmlUtf16Encode 154 # define MUST_CONVERT(enc, s) (! (enc)->isUtf16 || (((uintptr_t)(s)) & 1)) 155 typedef unsigned short ICHAR; 156 #else 157 # define XML_ENCODE_MAX XML_UTF8_ENCODE_MAX 158 # define XmlConvert XmlUtf8Convert 159 # define XmlGetInternalEncoding XmlGetUtf8InternalEncoding 160 # define XmlGetInternalEncodingNS XmlGetUtf8InternalEncodingNS 161 # define XmlEncode XmlUtf8Encode 162 # define MUST_CONVERT(enc, s) (! (enc)->isUtf8) 163 typedef char ICHAR; 164 #endif 165 166 #ifndef XML_NS 167 168 # define XmlInitEncodingNS XmlInitEncoding 169 # define XmlInitUnknownEncodingNS XmlInitUnknownEncoding 170 # undef XmlGetInternalEncodingNS 171 # define XmlGetInternalEncodingNS XmlGetInternalEncoding 172 # define XmlParseXmlDeclNS XmlParseXmlDecl 173 174 #endif 175 176 #ifdef XML_UNICODE 177 178 # ifdef XML_UNICODE_WCHAR_T 179 # define XML_T(x) (const wchar_t) x 180 # define XML_L(x) L##x 181 # else 182 # define XML_T(x) (const unsigned short)x 183 # define XML_L(x) x 184 # endif 185 186 #else 187 188 # define XML_T(x) x 189 # define XML_L(x) x 190 191 #endif 192 193 /* Round up n to be a multiple of sz, where sz is a power of 2. */ 194 #define ROUND_UP(n, sz) (((n) + ((sz)-1)) & ~((sz)-1)) 195 196 /* Do safe (NULL-aware) pointer arithmetic */ 197 #define EXPAT_SAFE_PTR_DIFF(p, q) (((p) && (q)) ? ((p) - (q)) : 0) 198 199 #include "internal.h" 200 #include "xmltok.h" 201 #include "xmlrole.h" 202 203 typedef const XML_Char *KEY; 204 205 typedef struct { 206 KEY name; 207 } NAMED; 208 209 typedef struct { 210 NAMED **v; 211 unsigned char power; 212 size_t size; 213 size_t used; 214 const XML_Memory_Handling_Suite *mem; 215 } HASH_TABLE; 216 217 static size_t keylen(KEY s); 218 219 static void copy_salt_to_sipkey(XML_Parser parser, struct sipkey *key); 220 221 /* For probing (after a collision) we need a step size relative prime 222 to the hash table size, which is a power of 2. We use double-hashing, 223 since we can calculate a second hash value cheaply by taking those bits 224 of the first hash value that were discarded (masked out) when the table 225 index was calculated: index = hash & mask, where mask = table->size - 1. 226 We limit the maximum step size to table->size / 4 (mask >> 2) and make 227 it odd, since odd numbers are always relative prime to a power of 2. 228 */ 229 #define SECOND_HASH(hash, mask, power) \ 230 ((((hash) & ~(mask)) >> ((power)-1)) & ((mask) >> 2)) 231 #define PROBE_STEP(hash, mask, power) \ 232 ((unsigned char)((SECOND_HASH(hash, mask, power)) | 1)) 233 234 typedef struct { 235 NAMED **p; 236 NAMED **end; 237 } HASH_TABLE_ITER; 238 239 #define INIT_TAG_BUF_SIZE 32 /* must be a multiple of sizeof(XML_Char) */ 240 #define INIT_DATA_BUF_SIZE 1024 241 #define INIT_ATTS_SIZE 16 242 #define INIT_ATTS_VERSION 0xFFFFFFFF 243 #define INIT_BLOCK_SIZE 1024 244 #define INIT_BUFFER_SIZE 1024 245 246 #define EXPAND_SPARE 24 247 248 typedef struct binding { 249 struct prefix *prefix; 250 struct binding *nextTagBinding; 251 struct binding *prevPrefixBinding; 252 const struct attribute_id *attId; 253 XML_Char *uri; 254 int uriLen; 255 int uriAlloc; 256 } BINDING; 257 258 typedef struct prefix { 259 const XML_Char *name; 260 BINDING *binding; 261 } PREFIX; 262 263 typedef struct { 264 const XML_Char *str; 265 const XML_Char *localPart; 266 const XML_Char *prefix; 267 int strLen; 268 int uriLen; 269 int prefixLen; 270 } TAG_NAME; 271 272 /* TAG represents an open element. 273 The name of the element is stored in both the document and API 274 encodings. The memory buffer 'buf' is a separately-allocated 275 memory area which stores the name. During the XML_Parse()/ 276 XMLParseBuffer() when the element is open, the memory for the 'raw' 277 version of the name (in the document encoding) is shared with the 278 document buffer. If the element is open across calls to 279 XML_Parse()/XML_ParseBuffer(), the buffer is re-allocated to 280 contain the 'raw' name as well. 281 282 A parser re-uses these structures, maintaining a list of allocated 283 TAG objects in a free list. 284 */ 285 typedef struct tag { 286 struct tag *parent; /* parent of this element */ 287 const char *rawName; /* tagName in the original encoding */ 288 int rawNameLength; 289 TAG_NAME name; /* tagName in the API encoding */ 290 char *buf; /* buffer for name components */ 291 char *bufEnd; /* end of the buffer */ 292 BINDING *bindings; 293 } TAG; 294 295 typedef struct { 296 const XML_Char *name; 297 const XML_Char *textPtr; 298 int textLen; /* length in XML_Chars */ 299 int processed; /* # of processed bytes - when suspended */ 300 const XML_Char *systemId; 301 const XML_Char *base; 302 const XML_Char *publicId; 303 const XML_Char *notation; 304 XML_Bool open; 305 XML_Bool is_param; 306 XML_Bool is_internal; /* true if declared in internal subset outside PE */ 307 } ENTITY; 308 309 typedef struct { 310 enum XML_Content_Type type; 311 enum XML_Content_Quant quant; 312 const XML_Char *name; 313 int firstchild; 314 int lastchild; 315 int childcnt; 316 int nextsib; 317 } CONTENT_SCAFFOLD; 318 319 #define INIT_SCAFFOLD_ELEMENTS 32 320 321 typedef struct block { 322 struct block *next; 323 int size; 324 XML_Char s[1]; 325 } BLOCK; 326 327 typedef struct { 328 BLOCK *blocks; 329 BLOCK *freeBlocks; 330 const XML_Char *end; 331 XML_Char *ptr; 332 XML_Char *start; 333 const XML_Memory_Handling_Suite *mem; 334 } STRING_POOL; 335 336 /* The XML_Char before the name is used to determine whether 337 an attribute has been specified. */ 338 typedef struct attribute_id { 339 XML_Char *name; 340 PREFIX *prefix; 341 XML_Bool maybeTokenized; 342 XML_Bool xmlns; 343 } ATTRIBUTE_ID; 344 345 typedef struct { 346 const ATTRIBUTE_ID *id; 347 XML_Bool isCdata; 348 const XML_Char *value; 349 } DEFAULT_ATTRIBUTE; 350 351 typedef struct { 352 unsigned long version; 353 unsigned long hash; 354 const XML_Char *uriName; 355 } NS_ATT; 356 357 typedef struct { 358 const XML_Char *name; 359 PREFIX *prefix; 360 const ATTRIBUTE_ID *idAtt; 361 int nDefaultAtts; 362 int allocDefaultAtts; 363 DEFAULT_ATTRIBUTE *defaultAtts; 364 } ELEMENT_TYPE; 365 366 typedef struct { 367 HASH_TABLE generalEntities; 368 HASH_TABLE elementTypes; 369 HASH_TABLE attributeIds; 370 HASH_TABLE prefixes; 371 STRING_POOL pool; 372 STRING_POOL entityValuePool; 373 /* false once a parameter entity reference has been skipped */ 374 XML_Bool keepProcessing; 375 /* true once an internal or external PE reference has been encountered; 376 this includes the reference to an external subset */ 377 XML_Bool hasParamEntityRefs; 378 XML_Bool standalone; 379 #ifdef XML_DTD 380 /* indicates if external PE has been read */ 381 XML_Bool paramEntityRead; 382 HASH_TABLE paramEntities; 383 #endif /* XML_DTD */ 384 PREFIX defaultPrefix; 385 /* === scaffolding for building content model === */ 386 XML_Bool in_eldecl; 387 CONTENT_SCAFFOLD *scaffold; 388 unsigned contentStringLen; 389 unsigned scaffSize; 390 unsigned scaffCount; 391 int scaffLevel; 392 int *scaffIndex; 393 } DTD; 394 395 typedef struct open_internal_entity { 396 const char *internalEventPtr; 397 const char *internalEventEndPtr; 398 struct open_internal_entity *next; 399 ENTITY *entity; 400 int startTagLevel; 401 XML_Bool betweenDecl; /* WFC: PE Between Declarations */ 402 } OPEN_INTERNAL_ENTITY; 403 404 enum XML_Account { 405 XML_ACCOUNT_DIRECT, /* bytes directly passed to the Expat parser */ 406 XML_ACCOUNT_ENTITY_EXPANSION, /* intermediate bytes produced during entity 407 expansion */ 408 XML_ACCOUNT_NONE /* i.e. do not account, was accounted already */ 409 }; 410 411 #ifdef XML_DTD 412 typedef unsigned long long XmlBigCount; 413 typedef struct accounting { 414 XmlBigCount countBytesDirect; 415 XmlBigCount countBytesIndirect; 416 int debugLevel; 417 float maximumAmplificationFactor; // >=1.0 418 unsigned long long activationThresholdBytes; 419 } ACCOUNTING; 420 421 typedef struct entity_stats { 422 unsigned int countEverOpened; 423 unsigned int currentDepth; 424 unsigned int maximumDepthSeen; 425 int debugLevel; 426 } ENTITY_STATS; 427 #endif /* XML_DTD */ 428 429 typedef enum XML_Error PTRCALL Processor(XML_Parser parser, const char *start, 430 const char *end, const char **endPtr); 431 432 static Processor prologProcessor; 433 static Processor prologInitProcessor; 434 static Processor contentProcessor; 435 static Processor cdataSectionProcessor; 436 #ifdef XML_DTD 437 static Processor ignoreSectionProcessor; 438 static Processor externalParEntProcessor; 439 static Processor externalParEntInitProcessor; 440 static Processor entityValueProcessor; 441 static Processor entityValueInitProcessor; 442 #endif /* XML_DTD */ 443 static Processor epilogProcessor; 444 static Processor errorProcessor; 445 static Processor externalEntityInitProcessor; 446 static Processor externalEntityInitProcessor2; 447 static Processor externalEntityInitProcessor3; 448 static Processor externalEntityContentProcessor; 449 static Processor internalEntityProcessor; 450 451 static enum XML_Error handleUnknownEncoding(XML_Parser parser, 452 const XML_Char *encodingName); 453 static enum XML_Error processXmlDecl(XML_Parser parser, int isGeneralTextEntity, 454 const char *s, const char *next); 455 static enum XML_Error initializeEncoding(XML_Parser parser); 456 static enum XML_Error doProlog(XML_Parser parser, const ENCODING *enc, 457 const char *s, const char *end, int tok, 458 const char *next, const char **nextPtr, 459 XML_Bool haveMore, XML_Bool allowClosingDoctype, 460 enum XML_Account account); 461 static enum XML_Error processInternalEntity(XML_Parser parser, ENTITY *entity, 462 XML_Bool betweenDecl); 463 static enum XML_Error doContent(XML_Parser parser, int startTagLevel, 464 const ENCODING *enc, const char *start, 465 const char *end, const char **endPtr, 466 XML_Bool haveMore, enum XML_Account account); 467 static enum XML_Error doCdataSection(XML_Parser parser, const ENCODING *, 468 const char **startPtr, const char *end, 469 const char **nextPtr, XML_Bool haveMore, 470 enum XML_Account account); 471 #ifdef XML_DTD 472 static enum XML_Error doIgnoreSection(XML_Parser parser, const ENCODING *, 473 const char **startPtr, const char *end, 474 const char **nextPtr, XML_Bool haveMore); 475 #endif /* XML_DTD */ 476 477 static void freeBindings(XML_Parser parser, BINDING *bindings); 478 static enum XML_Error storeAtts(XML_Parser parser, const ENCODING *, 479 const char *s, TAG_NAME *tagNamePtr, 480 BINDING **bindingsPtr, 481 enum XML_Account account); 482 static enum XML_Error addBinding(XML_Parser parser, PREFIX *prefix, 483 const ATTRIBUTE_ID *attId, const XML_Char *uri, 484 BINDING **bindingsPtr); 485 static int defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *, XML_Bool isCdata, 486 XML_Bool isId, const XML_Char *dfltValue, 487 XML_Parser parser); 488 static enum XML_Error storeAttributeValue(XML_Parser parser, const ENCODING *, 489 XML_Bool isCdata, const char *, 490 const char *, STRING_POOL *, 491 enum XML_Account account); 492 static enum XML_Error appendAttributeValue(XML_Parser parser, const ENCODING *, 493 XML_Bool isCdata, const char *, 494 const char *, STRING_POOL *, 495 enum XML_Account account); 496 static ATTRIBUTE_ID *getAttributeId(XML_Parser parser, const ENCODING *enc, 497 const char *start, const char *end); 498 static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *); 499 static enum XML_Error storeEntityValue(XML_Parser parser, const ENCODING *enc, 500 const char *start, const char *end, 501 enum XML_Account account); 502 static int reportProcessingInstruction(XML_Parser parser, const ENCODING *enc, 503 const char *start, const char *end); 504 static int reportComment(XML_Parser parser, const ENCODING *enc, 505 const char *start, const char *end); 506 static void reportDefault(XML_Parser parser, const ENCODING *enc, 507 const char *start, const char *end); 508 509 static const XML_Char *getContext(XML_Parser parser); 510 static XML_Bool setContext(XML_Parser parser, const XML_Char *context); 511 512 static void FASTCALL normalizePublicId(XML_Char *s); 513 514 static DTD *dtdCreate(const XML_Memory_Handling_Suite *ms); 515 /* do not call if m_parentParser != NULL */ 516 static void dtdReset(DTD *p, const XML_Memory_Handling_Suite *ms); 517 static void dtdDestroy(DTD *p, XML_Bool isDocEntity, 518 const XML_Memory_Handling_Suite *ms); 519 static int dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd, 520 const XML_Memory_Handling_Suite *ms); 521 static int copyEntityTable(XML_Parser oldParser, HASH_TABLE *, STRING_POOL *, 522 const HASH_TABLE *); 523 static NAMED *lookup(XML_Parser parser, HASH_TABLE *table, KEY name, 524 size_t createSize); 525 static void FASTCALL hashTableInit(HASH_TABLE *, 526 const XML_Memory_Handling_Suite *ms); 527 static void FASTCALL hashTableClear(HASH_TABLE *); 528 static void FASTCALL hashTableDestroy(HASH_TABLE *); 529 static void FASTCALL hashTableIterInit(HASH_TABLE_ITER *, const HASH_TABLE *); 530 static NAMED *FASTCALL hashTableIterNext(HASH_TABLE_ITER *); 531 532 static void FASTCALL poolInit(STRING_POOL *, 533 const XML_Memory_Handling_Suite *ms); 534 static void FASTCALL poolClear(STRING_POOL *); 535 static void FASTCALL poolDestroy(STRING_POOL *); 536 static XML_Char *poolAppend(STRING_POOL *pool, const ENCODING *enc, 537 const char *ptr, const char *end); 538 static XML_Char *poolStoreString(STRING_POOL *pool, const ENCODING *enc, 539 const char *ptr, const char *end); 540 static XML_Bool FASTCALL poolGrow(STRING_POOL *pool); 541 static const XML_Char *FASTCALL poolCopyString(STRING_POOL *pool, 542 const XML_Char *s); 543 static const XML_Char *poolCopyStringN(STRING_POOL *pool, const XML_Char *s, 544 int n); 545 static const XML_Char *FASTCALL poolAppendString(STRING_POOL *pool, 546 const XML_Char *s); 547 548 static int FASTCALL nextScaffoldPart(XML_Parser parser); 549 static XML_Content *build_model(XML_Parser parser); 550 static ELEMENT_TYPE *getElementType(XML_Parser parser, const ENCODING *enc, 551 const char *ptr, const char *end); 552 553 static XML_Char *copyString(const XML_Char *s, 554 const XML_Memory_Handling_Suite *memsuite); 555 556 static unsigned long generate_hash_secret_salt(XML_Parser parser); 557 static XML_Bool startParsing(XML_Parser parser); 558 559 static XML_Parser parserCreate(const XML_Char *encodingName, 560 const XML_Memory_Handling_Suite *memsuite, 561 const XML_Char *nameSep, DTD *dtd); 562 563 static void parserInit(XML_Parser parser, const XML_Char *encodingName); 564 565 #ifdef XML_DTD 566 static float accountingGetCurrentAmplification(XML_Parser rootParser); 567 static void accountingReportStats(XML_Parser originParser, const char *epilog); 568 static void accountingOnAbort(XML_Parser originParser); 569 static void accountingReportDiff(XML_Parser rootParser, 570 unsigned int levelsAwayFromRootParser, 571 const char *before, const char *after, 572 ptrdiff_t bytesMore, int source_line, 573 enum XML_Account account); 574 static XML_Bool accountingDiffTolerated(XML_Parser originParser, int tok, 575 const char *before, const char *after, 576 int source_line, 577 enum XML_Account account); 578 579 static void entityTrackingReportStats(XML_Parser parser, ENTITY *entity, 580 const char *action, int sourceLine); 581 static void entityTrackingOnOpen(XML_Parser parser, ENTITY *entity, 582 int sourceLine); 583 static void entityTrackingOnClose(XML_Parser parser, ENTITY *entity, 584 int sourceLine); 585 586 static XML_Parser getRootParserOf(XML_Parser parser, 587 unsigned int *outLevelDiff); 588 #endif /* XML_DTD */ 589 590 static unsigned long getDebugLevel(const char *variableName, 591 unsigned long defaultDebugLevel); 592 593 #define poolStart(pool) ((pool)->start) 594 #define poolEnd(pool) ((pool)->ptr) 595 #define poolLength(pool) ((pool)->ptr - (pool)->start) 596 #define poolChop(pool) ((void)--(pool->ptr)) 597 #define poolLastChar(pool) (((pool)->ptr)[-1]) 598 #define poolDiscard(pool) ((pool)->ptr = (pool)->start) 599 #define poolFinish(pool) ((pool)->start = (pool)->ptr) 600 #define poolAppendChar(pool, c) \ 601 (((pool)->ptr == (pool)->end && ! poolGrow(pool)) \ 602 ? 0 \ 603 : ((*((pool)->ptr)++ = c), 1)) 604 605 struct XML_ParserStruct { 606 /* The first member must be m_userData so that the XML_GetUserData 607 macro works. */ 608 void *m_userData; 609 void *m_handlerArg; 610 char *m_buffer; 611 const XML_Memory_Handling_Suite m_mem; 612 /* first character to be parsed */ 613 const char *m_bufferPtr; 614 /* past last character to be parsed */ 615 char *m_bufferEnd; 616 /* allocated end of m_buffer */ 617 const char *m_bufferLim; 618 XML_Index m_parseEndByteIndex; 619 const char *m_parseEndPtr; 620 XML_Char *m_dataBuf; 621 XML_Char *m_dataBufEnd; 622 XML_StartElementHandler m_startElementHandler; 623 XML_EndElementHandler m_endElementHandler; 624 XML_CharacterDataHandler m_characterDataHandler; 625 XML_ProcessingInstructionHandler m_processingInstructionHandler; 626 XML_CommentHandler m_commentHandler; 627 XML_StartCdataSectionHandler m_startCdataSectionHandler; 628 XML_EndCdataSectionHandler m_endCdataSectionHandler; 629 XML_DefaultHandler m_defaultHandler; 630 XML_StartDoctypeDeclHandler m_startDoctypeDeclHandler; 631 XML_EndDoctypeDeclHandler m_endDoctypeDeclHandler; 632 XML_UnparsedEntityDeclHandler m_unparsedEntityDeclHandler; 633 XML_NotationDeclHandler m_notationDeclHandler; 634 XML_StartNamespaceDeclHandler m_startNamespaceDeclHandler; 635 XML_EndNamespaceDeclHandler m_endNamespaceDeclHandler; 636 XML_NotStandaloneHandler m_notStandaloneHandler; 637 XML_ExternalEntityRefHandler m_externalEntityRefHandler; 638 XML_Parser m_externalEntityRefHandlerArg; 639 XML_SkippedEntityHandler m_skippedEntityHandler; 640 XML_UnknownEncodingHandler m_unknownEncodingHandler; 641 XML_ElementDeclHandler m_elementDeclHandler; 642 XML_AttlistDeclHandler m_attlistDeclHandler; 643 XML_EntityDeclHandler m_entityDeclHandler; 644 XML_XmlDeclHandler m_xmlDeclHandler; 645 const ENCODING *m_encoding; 646 INIT_ENCODING m_initEncoding; 647 const ENCODING *m_internalEncoding; 648 const XML_Char *m_protocolEncodingName; 649 XML_Bool m_ns; 650 XML_Bool m_ns_triplets; 651 void *m_unknownEncodingMem; 652 void *m_unknownEncodingData; 653 void *m_unknownEncodingHandlerData; 654 void(XMLCALL *m_unknownEncodingRelease)(void *); 655 PROLOG_STATE m_prologState; 656 Processor *m_processor; 657 enum XML_Error m_errorCode; 658 const char *m_eventPtr; 659 const char *m_eventEndPtr; 660 const char *m_positionPtr; 661 OPEN_INTERNAL_ENTITY *m_openInternalEntities; 662 OPEN_INTERNAL_ENTITY *m_freeInternalEntities; 663 XML_Bool m_defaultExpandInternalEntities; 664 int m_tagLevel; 665 ENTITY *m_declEntity; 666 const XML_Char *m_doctypeName; 667 const XML_Char *m_doctypeSysid; 668 const XML_Char *m_doctypePubid; 669 const XML_Char *m_declAttributeType; 670 const XML_Char *m_declNotationName; 671 const XML_Char *m_declNotationPublicId; 672 ELEMENT_TYPE *m_declElementType; 673 ATTRIBUTE_ID *m_declAttributeId; 674 XML_Bool m_declAttributeIsCdata; 675 XML_Bool m_declAttributeIsId; 676 DTD *m_dtd; 677 const XML_Char *m_curBase; 678 TAG *m_tagStack; 679 TAG *m_freeTagList; 680 BINDING *m_inheritedBindings; 681 BINDING *m_freeBindingList; 682 int m_attsSize; 683 int m_nSpecifiedAtts; 684 int m_idAttIndex; 685 ATTRIBUTE *m_atts; 686 NS_ATT *m_nsAtts; 687 unsigned long m_nsAttsVersion; 688 unsigned char m_nsAttsPower; 689 #ifdef XML_ATTR_INFO 690 XML_AttrInfo *m_attInfo; 691 #endif 692 POSITION m_position; 693 STRING_POOL m_tempPool; 694 STRING_POOL m_temp2Pool; 695 char *m_groupConnector; 696 unsigned int m_groupSize; 697 XML_Char m_namespaceSeparator; 698 XML_Parser m_parentParser; 699 XML_ParsingStatus m_parsingStatus; 700 #ifdef XML_DTD 701 XML_Bool m_isParamEntity; 702 XML_Bool m_useForeignDTD; 703 enum XML_ParamEntityParsing m_paramEntityParsing; 704 #endif 705 unsigned long m_hash_secret_salt; 706 #ifdef XML_DTD 707 ACCOUNTING m_accounting; 708 ENTITY_STATS m_entity_stats; 709 #endif 710 }; 711 712 #define MALLOC(parser, s) (parser->m_mem.malloc_fcn((s))) 713 #define REALLOC(parser, p, s) (parser->m_mem.realloc_fcn((p), (s))) 714 #define FREE(parser, p) (parser->m_mem.free_fcn((p))) 715 716 XML_Parser XMLCALL 717 XML_ParserCreate(const XML_Char *encodingName) { 718 return XML_ParserCreate_MM(encodingName, NULL, NULL); 719 } 720 721 XML_Parser XMLCALL 722 XML_ParserCreateNS(const XML_Char *encodingName, XML_Char nsSep) { 723 XML_Char tmp[2] = {nsSep, 0}; 724 return XML_ParserCreate_MM(encodingName, NULL, tmp); 725 } 726 727 // "xml=http://www.w3.org/XML/1998/namespace" 728 static const XML_Char implicitContext[] 729 = {ASCII_x, ASCII_m, ASCII_l, ASCII_EQUALS, ASCII_h, 730 ASCII_t, ASCII_t, ASCII_p, ASCII_COLON, ASCII_SLASH, 731 ASCII_SLASH, ASCII_w, ASCII_w, ASCII_w, ASCII_PERIOD, 732 ASCII_w, ASCII_3, ASCII_PERIOD, ASCII_o, ASCII_r, 733 ASCII_g, ASCII_SLASH, ASCII_X, ASCII_M, ASCII_L, 734 ASCII_SLASH, ASCII_1, ASCII_9, ASCII_9, ASCII_8, 735 ASCII_SLASH, ASCII_n, ASCII_a, ASCII_m, ASCII_e, 736 ASCII_s, ASCII_p, ASCII_a, ASCII_c, ASCII_e, 737 '\0'}; 738 739 /* To avoid warnings about unused functions: */ 740 #if ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM) 741 742 # if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) 743 744 /* Obtain entropy on Linux 3.17+ */ 745 static int 746 writeRandomBytes_getrandom_nonblock(void *target, size_t count) { 747 int success = 0; /* full count bytes written? */ 748 size_t bytesWrittenTotal = 0; 749 const unsigned int getrandomFlags = GRND_NONBLOCK; 750 751 do { 752 void *const currentTarget = (void *)((char *)target + bytesWrittenTotal); 753 const size_t bytesToWrite = count - bytesWrittenTotal; 754 755 const int bytesWrittenMore = 756 # if defined(HAVE_GETRANDOM) 757 getrandom(currentTarget, bytesToWrite, getrandomFlags); 758 # else 759 syscall(SYS_getrandom, currentTarget, bytesToWrite, getrandomFlags); 760 # endif 761 762 if (bytesWrittenMore > 0) { 763 bytesWrittenTotal += bytesWrittenMore; 764 if (bytesWrittenTotal >= count) 765 success = 1; 766 } 767 } while (! success && (errno == EINTR)); 768 769 return success; 770 } 771 772 # endif /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */ 773 774 # if ! defined(_WIN32) && defined(XML_DEV_URANDOM) 775 776 /* Extract entropy from /dev/urandom */ 777 static int 778 writeRandomBytes_dev_urandom(void *target, size_t count) { 779 int success = 0; /* full count bytes written? */ 780 size_t bytesWrittenTotal = 0; 781 782 const int fd = open("/dev/urandom", O_RDONLY); 783 if (fd < 0) { 784 return 0; 785 } 786 787 do { 788 void *const currentTarget = (void *)((char *)target + bytesWrittenTotal); 789 const size_t bytesToWrite = count - bytesWrittenTotal; 790 791 const ssize_t bytesWrittenMore = read(fd, currentTarget, bytesToWrite); 792 793 if (bytesWrittenMore > 0) { 794 bytesWrittenTotal += bytesWrittenMore; 795 if (bytesWrittenTotal >= count) 796 success = 1; 797 } 798 } while (! success && (errno == EINTR)); 799 800 close(fd); 801 return success; 802 } 803 804 # endif /* ! defined(_WIN32) && defined(XML_DEV_URANDOM) */ 805 806 #endif /* ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM) */ 807 808 #if defined(HAVE_ARC4RANDOM) && ! defined(HAVE_ARC4RANDOM_BUF) 809 810 static void 811 writeRandomBytes_arc4random(void *target, size_t count) { 812 size_t bytesWrittenTotal = 0; 813 814 while (bytesWrittenTotal < count) { 815 const uint32_t random32 = arc4random(); 816 size_t i = 0; 817 818 for (; (i < sizeof(random32)) && (bytesWrittenTotal < count); 819 i++, bytesWrittenTotal++) { 820 const uint8_t random8 = (uint8_t)(random32 >> (i * 8)); 821 ((uint8_t *)target)[bytesWrittenTotal] = random8; 822 } 823 } 824 } 825 826 #endif /* defined(HAVE_ARC4RANDOM) && ! defined(HAVE_ARC4RANDOM_BUF) */ 827 828 #ifdef _WIN32 829 830 /* Provide declaration of rand_s() for MinGW-32 (not 64, which has it), 831 as it didn't declare it in its header prior to version 5.3.0 of its 832 runtime package (mingwrt, containing stdlib.h). The upstream fix 833 was introduced at https://osdn.net/projects/mingw/ticket/39658 . */ 834 # if defined(__MINGW32__) && defined(__MINGW32_VERSION) \ 835 && __MINGW32_VERSION < 5003000L && ! defined(__MINGW64_VERSION_MAJOR) 836 __declspec(dllimport) int rand_s(unsigned int *); 837 # endif 838 839 /* Obtain entropy on Windows using the rand_s() function which 840 * generates cryptographically secure random numbers. Internally it 841 * uses RtlGenRandom API which is present in Windows XP and later. 842 */ 843 static int 844 writeRandomBytes_rand_s(void *target, size_t count) { 845 size_t bytesWrittenTotal = 0; 846 847 while (bytesWrittenTotal < count) { 848 unsigned int random32 = 0; 849 size_t i = 0; 850 851 if (rand_s(&random32)) 852 return 0; /* failure */ 853 854 for (; (i < sizeof(random32)) && (bytesWrittenTotal < count); 855 i++, bytesWrittenTotal++) { 856 const uint8_t random8 = (uint8_t)(random32 >> (i * 8)); 857 ((uint8_t *)target)[bytesWrittenTotal] = random8; 858 } 859 } 860 return 1; /* success */ 861 } 862 863 #endif /* _WIN32 */ 864 865 #if ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM) 866 867 static unsigned long 868 gather_time_entropy(void) { 869 # ifdef _WIN32 870 FILETIME ft; 871 GetSystemTimeAsFileTime(&ft); /* never fails */ 872 return ft.dwHighDateTime ^ ft.dwLowDateTime; 873 # else 874 struct timeval tv; 875 int gettimeofday_res; 876 877 gettimeofday_res = gettimeofday(&tv, NULL); 878 879 # if defined(NDEBUG) 880 (void)gettimeofday_res; 881 # else 882 assert(gettimeofday_res == 0); 883 # endif /* defined(NDEBUG) */ 884 885 /* Microseconds time is <20 bits entropy */ 886 return tv.tv_usec; 887 # endif 888 } 889 890 #endif /* ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM) */ 891 892 static unsigned long 893 ENTROPY_DEBUG(const char *label, unsigned long entropy) { 894 if (getDebugLevel("EXPAT_ENTROPY_DEBUG", 0) >= 1u) { 895 fprintf(stderr, "expat: Entropy: %s --> 0x%0*lx (%lu bytes)\n", label, 896 (int)sizeof(entropy) * 2, entropy, (unsigned long)sizeof(entropy)); 897 } 898 return entropy; 899 } 900 901 static unsigned long 902 generate_hash_secret_salt(XML_Parser parser) { 903 unsigned long entropy; 904 (void)parser; 905 906 /* "Failproof" high quality providers: */ 907 #if defined(HAVE_ARC4RANDOM_BUF) 908 arc4random_buf(&entropy, sizeof(entropy)); 909 return ENTROPY_DEBUG("arc4random_buf", entropy); 910 #elif defined(HAVE_ARC4RANDOM) 911 writeRandomBytes_arc4random((void *)&entropy, sizeof(entropy)); 912 return ENTROPY_DEBUG("arc4random", entropy); 913 #else 914 /* Try high quality providers first .. */ 915 # ifdef _WIN32 916 if (writeRandomBytes_rand_s((void *)&entropy, sizeof(entropy))) { 917 return ENTROPY_DEBUG("rand_s", entropy); 918 } 919 # elif defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) 920 if (writeRandomBytes_getrandom_nonblock((void *)&entropy, sizeof(entropy))) { 921 return ENTROPY_DEBUG("getrandom", entropy); 922 } 923 # endif 924 # if ! defined(_WIN32) && defined(XML_DEV_URANDOM) 925 if (writeRandomBytes_dev_urandom((void *)&entropy, sizeof(entropy))) { 926 return ENTROPY_DEBUG("/dev/urandom", entropy); 927 } 928 # endif /* ! defined(_WIN32) && defined(XML_DEV_URANDOM) */ 929 /* .. and self-made low quality for backup: */ 930 931 /* Process ID is 0 bits entropy if attacker has local access */ 932 entropy = gather_time_entropy() ^ getpid(); 933 934 /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ 935 if (sizeof(unsigned long) == 4) { 936 return ENTROPY_DEBUG("fallback(4)", entropy * 2147483647); 937 } else { 938 return ENTROPY_DEBUG("fallback(8)", 939 entropy * (unsigned long)2305843009213693951ULL); 940 } 941 #endif 942 } 943 944 static unsigned long 945 get_hash_secret_salt(XML_Parser parser) { 946 if (parser->m_parentParser != NULL) 947 return get_hash_secret_salt(parser->m_parentParser); 948 return parser->m_hash_secret_salt; 949 } 950 951 static XML_Bool /* only valid for root parser */ 952 startParsing(XML_Parser parser) { 953 /* hash functions must be initialized before setContext() is called */ 954 if (parser->m_hash_secret_salt == 0) 955 parser->m_hash_secret_salt = generate_hash_secret_salt(parser); 956 if (parser->m_ns) { 957 /* implicit context only set for root parser, since child 958 parsers (i.e. external entity parsers) will inherit it 959 */ 960 return setContext(parser, implicitContext); 961 } 962 return XML_TRUE; 963 } 964 965 XML_Parser XMLCALL 966 XML_ParserCreate_MM(const XML_Char *encodingName, 967 const XML_Memory_Handling_Suite *memsuite, 968 const XML_Char *nameSep) { 969 return parserCreate(encodingName, memsuite, nameSep, NULL); 970 } 971 972 static XML_Parser 973 parserCreate(const XML_Char *encodingName, 974 const XML_Memory_Handling_Suite *memsuite, const XML_Char *nameSep, 975 DTD *dtd) { 976 XML_Parser parser; 977 978 if (memsuite) { 979 XML_Memory_Handling_Suite *mtemp; 980 parser = memsuite->malloc_fcn(sizeof(struct XML_ParserStruct)); 981 if (parser != NULL) { 982 mtemp = (XML_Memory_Handling_Suite *)&(parser->m_mem); 983 mtemp->malloc_fcn = memsuite->malloc_fcn; 984 mtemp->realloc_fcn = memsuite->realloc_fcn; 985 mtemp->free_fcn = memsuite->free_fcn; 986 } 987 } else { 988 XML_Memory_Handling_Suite *mtemp; 989 parser = (XML_Parser)malloc(sizeof(struct XML_ParserStruct)); 990 if (parser != NULL) { 991 mtemp = (XML_Memory_Handling_Suite *)&(parser->m_mem); 992 mtemp->malloc_fcn = malloc; 993 mtemp->realloc_fcn = realloc; 994 mtemp->free_fcn = free; 995 } 996 } 997 998 if (! parser) 999 return parser; 1000 1001 parser->m_buffer = NULL; 1002 parser->m_bufferLim = NULL; 1003 1004 parser->m_attsSize = INIT_ATTS_SIZE; 1005 parser->m_atts 1006 = (ATTRIBUTE *)MALLOC(parser, parser->m_attsSize * sizeof(ATTRIBUTE)); 1007 if (parser->m_atts == NULL) { 1008 FREE(parser, parser); 1009 return NULL; 1010 } 1011 #ifdef XML_ATTR_INFO 1012 parser->m_attInfo = (XML_AttrInfo *)MALLOC( 1013 parser, parser->m_attsSize * sizeof(XML_AttrInfo)); 1014 if (parser->m_attInfo == NULL) { 1015 FREE(parser, parser->m_atts); 1016 FREE(parser, parser); 1017 return NULL; 1018 } 1019 #endif 1020 parser->m_dataBuf 1021 = (XML_Char *)MALLOC(parser, INIT_DATA_BUF_SIZE * sizeof(XML_Char)); 1022 if (parser->m_dataBuf == NULL) { 1023 FREE(parser, parser->m_atts); 1024 #ifdef XML_ATTR_INFO 1025 FREE(parser, parser->m_attInfo); 1026 #endif 1027 FREE(parser, parser); 1028 return NULL; 1029 } 1030 parser->m_dataBufEnd = parser->m_dataBuf + INIT_DATA_BUF_SIZE; 1031 1032 if (dtd) 1033 parser->m_dtd = dtd; 1034 else { 1035 parser->m_dtd = dtdCreate(&parser->m_mem); 1036 if (parser->m_dtd == NULL) { 1037 FREE(parser, parser->m_dataBuf); 1038 FREE(parser, parser->m_atts); 1039 #ifdef XML_ATTR_INFO 1040 FREE(parser, parser->m_attInfo); 1041 #endif 1042 FREE(parser, parser); 1043 return NULL; 1044 } 1045 } 1046 1047 parser->m_freeBindingList = NULL; 1048 parser->m_freeTagList = NULL; 1049 parser->m_freeInternalEntities = NULL; 1050 1051 parser->m_groupSize = 0; 1052 parser->m_groupConnector = NULL; 1053 1054 parser->m_unknownEncodingHandler = NULL; 1055 parser->m_unknownEncodingHandlerData = NULL; 1056 1057 parser->m_namespaceSeparator = ASCII_EXCL; 1058 parser->m_ns = XML_FALSE; 1059 parser->m_ns_triplets = XML_FALSE; 1060 1061 parser->m_nsAtts = NULL; 1062 parser->m_nsAttsVersion = 0; 1063 parser->m_nsAttsPower = 0; 1064 1065 parser->m_protocolEncodingName = NULL; 1066 1067 poolInit(&parser->m_tempPool, &(parser->m_mem)); 1068 poolInit(&parser->m_temp2Pool, &(parser->m_mem)); 1069 parserInit(parser, encodingName); 1070 1071 if (encodingName && ! parser->m_protocolEncodingName) { 1072 if (dtd) { 1073 // We need to stop the upcoming call to XML_ParserFree from happily 1074 // destroying parser->m_dtd because the DTD is shared with the parent 1075 // parser and the only guard that keeps XML_ParserFree from destroying 1076 // parser->m_dtd is parser->m_isParamEntity but it will be set to 1077 // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all). 1078 parser->m_dtd = NULL; 1079 } 1080 XML_ParserFree(parser); 1081 return NULL; 1082 } 1083 1084 if (nameSep) { 1085 parser->m_ns = XML_TRUE; 1086 parser->m_internalEncoding = XmlGetInternalEncodingNS(); 1087 parser->m_namespaceSeparator = *nameSep; 1088 } else { 1089 parser->m_internalEncoding = XmlGetInternalEncoding(); 1090 } 1091 1092 return parser; 1093 } 1094 1095 static void 1096 parserInit(XML_Parser parser, const XML_Char *encodingName) { 1097 parser->m_processor = prologInitProcessor; 1098 XmlPrologStateInit(&parser->m_prologState); 1099 if (encodingName != NULL) { 1100 parser->m_protocolEncodingName = copyString(encodingName, &(parser->m_mem)); 1101 } 1102 parser->m_curBase = NULL; 1103 XmlInitEncoding(&parser->m_initEncoding, &parser->m_encoding, 0); 1104 parser->m_userData = NULL; 1105 parser->m_handlerArg = NULL; 1106 parser->m_startElementHandler = NULL; 1107 parser->m_endElementHandler = NULL; 1108 parser->m_characterDataHandler = NULL; 1109 parser->m_processingInstructionHandler = NULL; 1110 parser->m_commentHandler = NULL; 1111 parser->m_startCdataSectionHandler = NULL; 1112 parser->m_endCdataSectionHandler = NULL; 1113 parser->m_defaultHandler = NULL; 1114 parser->m_startDoctypeDeclHandler = NULL; 1115 parser->m_endDoctypeDeclHandler = NULL; 1116 parser->m_unparsedEntityDeclHandler = NULL; 1117 parser->m_notationDeclHandler = NULL; 1118 parser->m_startNamespaceDeclHandler = NULL; 1119 parser->m_endNamespaceDeclHandler = NULL; 1120 parser->m_notStandaloneHandler = NULL; 1121 parser->m_externalEntityRefHandler = NULL; 1122 parser->m_externalEntityRefHandlerArg = parser; 1123 parser->m_skippedEntityHandler = NULL; 1124 parser->m_elementDeclHandler = NULL; 1125 parser->m_attlistDeclHandler = NULL; 1126 parser->m_entityDeclHandler = NULL; 1127 parser->m_xmlDeclHandler = NULL; 1128 parser->m_bufferPtr = parser->m_buffer; 1129 parser->m_bufferEnd = parser->m_buffer; 1130 parser->m_parseEndByteIndex = 0; 1131 parser->m_parseEndPtr = NULL; 1132 parser->m_declElementType = NULL; 1133 parser->m_declAttributeId = NULL; 1134 parser->m_declEntity = NULL; 1135 parser->m_doctypeName = NULL; 1136 parser->m_doctypeSysid = NULL; 1137 parser->m_doctypePubid = NULL; 1138 parser->m_declAttributeType = NULL; 1139 parser->m_declNotationName = NULL; 1140 parser->m_declNotationPublicId = NULL; 1141 parser->m_declAttributeIsCdata = XML_FALSE; 1142 parser->m_declAttributeIsId = XML_FALSE; 1143 memset(&parser->m_position, 0, sizeof(POSITION)); 1144 parser->m_errorCode = XML_ERROR_NONE; 1145 parser->m_eventPtr = NULL; 1146 parser->m_eventEndPtr = NULL; 1147 parser->m_positionPtr = NULL; 1148 parser->m_openInternalEntities = NULL; 1149 parser->m_defaultExpandInternalEntities = XML_TRUE; 1150 parser->m_tagLevel = 0; 1151 parser->m_tagStack = NULL; 1152 parser->m_inheritedBindings = NULL; 1153 parser->m_nSpecifiedAtts = 0; 1154 parser->m_unknownEncodingMem = NULL; 1155 parser->m_unknownEncodingRelease = NULL; 1156 parser->m_unknownEncodingData = NULL; 1157 parser->m_parentParser = NULL; 1158 parser->m_parsingStatus.parsing = XML_INITIALIZED; 1159 #ifdef XML_DTD 1160 parser->m_isParamEntity = XML_FALSE; 1161 parser->m_useForeignDTD = XML_FALSE; 1162 parser->m_paramEntityParsing = XML_PARAM_ENTITY_PARSING_NEVER; 1163 #endif 1164 parser->m_hash_secret_salt = 0; 1165 1166 #ifdef XML_DTD 1167 memset(&parser->m_accounting, 0, sizeof(ACCOUNTING)); 1168 parser->m_accounting.debugLevel = getDebugLevel("EXPAT_ACCOUNTING_DEBUG", 0u); 1169 parser->m_accounting.maximumAmplificationFactor 1170 = EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT; 1171 parser->m_accounting.activationThresholdBytes 1172 = EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT; 1173 1174 memset(&parser->m_entity_stats, 0, sizeof(ENTITY_STATS)); 1175 parser->m_entity_stats.debugLevel = getDebugLevel("EXPAT_ENTITY_DEBUG", 0u); 1176 #endif 1177 } 1178 1179 /* moves list of bindings to m_freeBindingList */ 1180 static void FASTCALL 1181 moveToFreeBindingList(XML_Parser parser, BINDING *bindings) { 1182 while (bindings) { 1183 BINDING *b = bindings; 1184 bindings = bindings->nextTagBinding; 1185 b->nextTagBinding = parser->m_freeBindingList; 1186 parser->m_freeBindingList = b; 1187 } 1188 } 1189 1190 XML_Bool XMLCALL 1191 XML_ParserReset(XML_Parser parser, const XML_Char *encodingName) { 1192 TAG *tStk; 1193 OPEN_INTERNAL_ENTITY *openEntityList; 1194 1195 if (parser == NULL) 1196 return XML_FALSE; 1197 1198 if (parser->m_parentParser) 1199 return XML_FALSE; 1200 /* move m_tagStack to m_freeTagList */ 1201 tStk = parser->m_tagStack; 1202 while (tStk) { 1203 TAG *tag = tStk; 1204 tStk = tStk->parent; 1205 tag->parent = parser->m_freeTagList; 1206 moveToFreeBindingList(parser, tag->bindings); 1207 tag->bindings = NULL; 1208 parser->m_freeTagList = tag; 1209 } 1210 /* move m_openInternalEntities to m_freeInternalEntities */ 1211 openEntityList = parser->m_openInternalEntities; 1212 while (openEntityList) { 1213 OPEN_INTERNAL_ENTITY *openEntity = openEntityList; 1214 openEntityList = openEntity->next; 1215 openEntity->next = parser->m_freeInternalEntities; 1216 parser->m_freeInternalEntities = openEntity; 1217 } 1218 moveToFreeBindingList(parser, parser->m_inheritedBindings); 1219 FREE(parser, parser->m_unknownEncodingMem); 1220 if (parser->m_unknownEncodingRelease) 1221 parser->m_unknownEncodingRelease(parser->m_unknownEncodingData); 1222 poolClear(&parser->m_tempPool); 1223 poolClear(&parser->m_temp2Pool); 1224 FREE(parser, (void *)parser->m_protocolEncodingName); 1225 parser->m_protocolEncodingName = NULL; 1226 parserInit(parser, encodingName); 1227 dtdReset(parser->m_dtd, &parser->m_mem); 1228 return XML_TRUE; 1229 } 1230 1231 enum XML_Status XMLCALL 1232 XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName) { 1233 if (parser == NULL) 1234 return XML_STATUS_ERROR; 1235 /* Block after XML_Parse()/XML_ParseBuffer() has been called. 1236 XXX There's no way for the caller to determine which of the 1237 XXX possible error cases caused the XML_STATUS_ERROR return. 1238 */ 1239 if (parser->m_parsingStatus.parsing == XML_PARSING 1240 || parser->m_parsingStatus.parsing == XML_SUSPENDED) 1241 return XML_STATUS_ERROR; 1242 1243 /* Get rid of any previous encoding name */ 1244 FREE(parser, (void *)parser->m_protocolEncodingName); 1245 1246 if (encodingName == NULL) 1247 /* No new encoding name */ 1248 parser->m_protocolEncodingName = NULL; 1249 else { 1250 /* Copy the new encoding name into allocated memory */ 1251 parser->m_protocolEncodingName = copyString(encodingName, &(parser->m_mem)); 1252 if (! parser->m_protocolEncodingName) 1253 return XML_STATUS_ERROR; 1254 } 1255 return XML_STATUS_OK; 1256 } 1257 1258 XML_Parser XMLCALL 1259 XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context, 1260 const XML_Char *encodingName) { 1261 XML_Parser parser = oldParser; 1262 DTD *newDtd = NULL; 1263 DTD *oldDtd; 1264 XML_StartElementHandler oldStartElementHandler; 1265 XML_EndElementHandler oldEndElementHandler; 1266 XML_CharacterDataHandler oldCharacterDataHandler; 1267 XML_ProcessingInstructionHandler oldProcessingInstructionHandler; 1268 XML_CommentHandler oldCommentHandler; 1269 XML_StartCdataSectionHandler oldStartCdataSectionHandler; 1270 XML_EndCdataSectionHandler oldEndCdataSectionHandler; 1271 XML_DefaultHandler oldDefaultHandler; 1272 XML_UnparsedEntityDeclHandler oldUnparsedEntityDeclHandler; 1273 XML_NotationDeclHandler oldNotationDeclHandler; 1274 XML_StartNamespaceDeclHandler oldStartNamespaceDeclHandler; 1275 XML_EndNamespaceDeclHandler oldEndNamespaceDeclHandler; 1276 XML_NotStandaloneHandler oldNotStandaloneHandler; 1277 XML_ExternalEntityRefHandler oldExternalEntityRefHandler; 1278 XML_SkippedEntityHandler oldSkippedEntityHandler; 1279 XML_UnknownEncodingHandler oldUnknownEncodingHandler; 1280 XML_ElementDeclHandler oldElementDeclHandler; 1281 XML_AttlistDeclHandler oldAttlistDeclHandler; 1282 XML_EntityDeclHandler oldEntityDeclHandler; 1283 XML_XmlDeclHandler oldXmlDeclHandler; 1284 ELEMENT_TYPE *oldDeclElementType; 1285 1286 void *oldUserData; 1287 void *oldHandlerArg; 1288 XML_Bool oldDefaultExpandInternalEntities; 1289 XML_Parser oldExternalEntityRefHandlerArg; 1290 #ifdef XML_DTD 1291 enum XML_ParamEntityParsing oldParamEntityParsing; 1292 int oldInEntityValue; 1293 #endif 1294 XML_Bool oldns_triplets; 1295 /* Note that the new parser shares the same hash secret as the old 1296 parser, so that dtdCopy and copyEntityTable can lookup values 1297 from hash tables associated with either parser without us having 1298 to worry which hash secrets each table has. 1299 */ 1300 unsigned long oldhash_secret_salt; 1301 1302 /* Validate the oldParser parameter before we pull everything out of it */ 1303 if (oldParser == NULL) 1304 return NULL; 1305 1306 /* Stash the original parser contents on the stack */ 1307 oldDtd = parser->m_dtd; 1308 oldStartElementHandler = parser->m_startElementHandler; 1309 oldEndElementHandler = parser->m_endElementHandler; 1310 oldCharacterDataHandler = parser->m_characterDataHandler; 1311 oldProcessingInstructionHandler = parser->m_processingInstructionHandler; 1312 oldCommentHandler = parser->m_commentHandler; 1313 oldStartCdataSectionHandler = parser->m_startCdataSectionHandler; 1314 oldEndCdataSectionHandler = parser->m_endCdataSectionHandler; 1315 oldDefaultHandler = parser->m_defaultHandler; 1316 oldUnparsedEntityDeclHandler = parser->m_unparsedEntityDeclHandler; 1317 oldNotationDeclHandler = parser->m_notationDeclHandler; 1318 oldStartNamespaceDeclHandler = parser->m_startNamespaceDeclHandler; 1319 oldEndNamespaceDeclHandler = parser->m_endNamespaceDeclHandler; 1320 oldNotStandaloneHandler = parser->m_notStandaloneHandler; 1321 oldExternalEntityRefHandler = parser->m_externalEntityRefHandler; 1322 oldSkippedEntityHandler = parser->m_skippedEntityHandler; 1323 oldUnknownEncodingHandler = parser->m_unknownEncodingHandler; 1324 oldElementDeclHandler = parser->m_elementDeclHandler; 1325 oldAttlistDeclHandler = parser->m_attlistDeclHandler; 1326 oldEntityDeclHandler = parser->m_entityDeclHandler; 1327 oldXmlDeclHandler = parser->m_xmlDeclHandler; 1328 oldDeclElementType = parser->m_declElementType; 1329 1330 oldUserData = parser->m_userData; 1331 oldHandlerArg = parser->m_handlerArg; 1332 oldDefaultExpandInternalEntities = parser->m_defaultExpandInternalEntities; 1333 oldExternalEntityRefHandlerArg = parser->m_externalEntityRefHandlerArg; 1334 #ifdef XML_DTD 1335 oldParamEntityParsing = parser->m_paramEntityParsing; 1336 oldInEntityValue = parser->m_prologState.inEntityValue; 1337 #endif 1338 oldns_triplets = parser->m_ns_triplets; 1339 /* Note that the new parser shares the same hash secret as the old 1340 parser, so that dtdCopy and copyEntityTable can lookup values 1341 from hash tables associated with either parser without us having 1342 to worry which hash secrets each table has. 1343 */ 1344 oldhash_secret_salt = parser->m_hash_secret_salt; 1345 1346 #ifdef XML_DTD 1347 if (! context) 1348 newDtd = oldDtd; 1349 #endif /* XML_DTD */ 1350 1351 /* Note that the magical uses of the pre-processor to make field 1352 access look more like C++ require that `parser' be overwritten 1353 here. This makes this function more painful to follow than it 1354 would be otherwise. 1355 */ 1356 if (parser->m_ns) { 1357 XML_Char tmp[2] = {parser->m_namespaceSeparator, 0}; 1358 parser = parserCreate(encodingName, &parser->m_mem, tmp, newDtd); 1359 } else { 1360 parser = parserCreate(encodingName, &parser->m_mem, NULL, newDtd); 1361 } 1362 1363 if (! parser) 1364 return NULL; 1365 1366 parser->m_startElementHandler = oldStartElementHandler; 1367 parser->m_endElementHandler = oldEndElementHandler; 1368 parser->m_characterDataHandler = oldCharacterDataHandler; 1369 parser->m_processingInstructionHandler = oldProcessingInstructionHandler; 1370 parser->m_commentHandler = oldCommentHandler; 1371 parser->m_startCdataSectionHandler = oldStartCdataSectionHandler; 1372 parser->m_endCdataSectionHandler = oldEndCdataSectionHandler; 1373 parser->m_defaultHandler = oldDefaultHandler; 1374 parser->m_unparsedEntityDeclHandler = oldUnparsedEntityDeclHandler; 1375 parser->m_notationDeclHandler = oldNotationDeclHandler; 1376 parser->m_startNamespaceDeclHandler = oldStartNamespaceDeclHandler; 1377 parser->m_endNamespaceDeclHandler = oldEndNamespaceDeclHandler; 1378 parser->m_notStandaloneHandler = oldNotStandaloneHandler; 1379 parser->m_externalEntityRefHandler = oldExternalEntityRefHandler; 1380 parser->m_skippedEntityHandler = oldSkippedEntityHandler; 1381 parser->m_unknownEncodingHandler = oldUnknownEncodingHandler; 1382 parser->m_elementDeclHandler = oldElementDeclHandler; 1383 parser->m_attlistDeclHandler = oldAttlistDeclHandler; 1384 parser->m_entityDeclHandler = oldEntityDeclHandler; 1385 parser->m_xmlDeclHandler = oldXmlDeclHandler; 1386 parser->m_declElementType = oldDeclElementType; 1387 parser->m_userData = oldUserData; 1388 if (oldUserData == oldHandlerArg) 1389 parser->m_handlerArg = parser->m_userData; 1390 else 1391 parser->m_handlerArg = parser; 1392 if (oldExternalEntityRefHandlerArg != oldParser) 1393 parser->m_externalEntityRefHandlerArg = oldExternalEntityRefHandlerArg; 1394 parser->m_defaultExpandInternalEntities = oldDefaultExpandInternalEntities; 1395 parser->m_ns_triplets = oldns_triplets; 1396 parser->m_hash_secret_salt = oldhash_secret_salt; 1397 parser->m_parentParser = oldParser; 1398 #ifdef XML_DTD 1399 parser->m_paramEntityParsing = oldParamEntityParsing; 1400 parser->m_prologState.inEntityValue = oldInEntityValue; 1401 if (context) { 1402 #endif /* XML_DTD */ 1403 if (! dtdCopy(oldParser, parser->m_dtd, oldDtd, &parser->m_mem) 1404 || ! setContext(parser, context)) { 1405 XML_ParserFree(parser); 1406 return NULL; 1407 } 1408 parser->m_processor = externalEntityInitProcessor; 1409 #ifdef XML_DTD 1410 } else { 1411 /* The DTD instance referenced by parser->m_dtd is shared between the 1412 document's root parser and external PE parsers, therefore one does not 1413 need to call setContext. In addition, one also *must* not call 1414 setContext, because this would overwrite existing prefix->binding 1415 pointers in parser->m_dtd with ones that get destroyed with the external 1416 PE parser. This would leave those prefixes with dangling pointers. 1417 */ 1418 parser->m_isParamEntity = XML_TRUE; 1419 XmlPrologStateInitExternalEntity(&parser->m_prologState); 1420 parser->m_processor = externalParEntInitProcessor; 1421 } 1422 #endif /* XML_DTD */ 1423 return parser; 1424 } 1425 1426 static void FASTCALL 1427 destroyBindings(BINDING *bindings, XML_Parser parser) { 1428 for (;;) { 1429 BINDING *b = bindings; 1430 if (! b) 1431 break; 1432 bindings = b->nextTagBinding; 1433 FREE(parser, b->uri); 1434 FREE(parser, b); 1435 } 1436 } 1437 1438 void XMLCALL 1439 XML_ParserFree(XML_Parser parser) { 1440 TAG *tagList; 1441 OPEN_INTERNAL_ENTITY *entityList; 1442 if (parser == NULL) 1443 return; 1444 /* free m_tagStack and m_freeTagList */ 1445 tagList = parser->m_tagStack; 1446 for (;;) { 1447 TAG *p; 1448 if (tagList == NULL) { 1449 if (parser->m_freeTagList == NULL) 1450 break; 1451 tagList = parser->m_freeTagList; 1452 parser->m_freeTagList = NULL; 1453 } 1454 p = tagList; 1455 tagList = tagList->parent; 1456 FREE(parser, p->buf); 1457 destroyBindings(p->bindings, parser); 1458 FREE(parser, p); 1459 } 1460 /* free m_openInternalEntities and m_freeInternalEntities */ 1461 entityList = parser->m_openInternalEntities; 1462 for (;;) { 1463 OPEN_INTERNAL_ENTITY *openEntity; 1464 if (entityList == NULL) { 1465 if (parser->m_freeInternalEntities == NULL) 1466 break; 1467 entityList = parser->m_freeInternalEntities; 1468 parser->m_freeInternalEntities = NULL; 1469 } 1470 openEntity = entityList; 1471 entityList = entityList->next; 1472 FREE(parser, openEntity); 1473 } 1474 1475 destroyBindings(parser->m_freeBindingList, parser); 1476 destroyBindings(parser->m_inheritedBindings, parser); 1477 poolDestroy(&parser->m_tempPool); 1478 poolDestroy(&parser->m_temp2Pool); 1479 FREE(parser, (void *)parser->m_protocolEncodingName); 1480 #ifdef XML_DTD 1481 /* external parameter entity parsers share the DTD structure 1482 parser->m_dtd with the root parser, so we must not destroy it 1483 */ 1484 if (! parser->m_isParamEntity && parser->m_dtd) 1485 #else 1486 if (parser->m_dtd) 1487 #endif /* XML_DTD */ 1488 dtdDestroy(parser->m_dtd, (XML_Bool)! parser->m_parentParser, 1489 &parser->m_mem); 1490 FREE(parser, (void *)parser->m_atts); 1491 #ifdef XML_ATTR_INFO 1492 FREE(parser, (void *)parser->m_attInfo); 1493 #endif 1494 FREE(parser, parser->m_groupConnector); 1495 FREE(parser, parser->m_buffer); 1496 FREE(parser, parser->m_dataBuf); 1497 FREE(parser, parser->m_nsAtts); 1498 FREE(parser, parser->m_unknownEncodingMem); 1499 if (parser->m_unknownEncodingRelease) 1500 parser->m_unknownEncodingRelease(parser->m_unknownEncodingData); 1501 FREE(parser, parser); 1502 } 1503 1504 void XMLCALL 1505 XML_UseParserAsHandlerArg(XML_Parser parser) { 1506 if (parser != NULL) 1507 parser->m_handlerArg = parser; 1508 } 1509 1510 enum XML_Error XMLCALL 1511 XML_UseForeignDTD(XML_Parser parser, XML_Bool useDTD) { 1512 if (parser == NULL) 1513 return XML_ERROR_INVALID_ARGUMENT; 1514 #ifdef XML_DTD 1515 /* block after XML_Parse()/XML_ParseBuffer() has been called */ 1516 if (parser->m_parsingStatus.parsing == XML_PARSING 1517 || parser->m_parsingStatus.parsing == XML_SUSPENDED) 1518 return XML_ERROR_CANT_CHANGE_FEATURE_ONCE_PARSING; 1519 parser->m_useForeignDTD = useDTD; 1520 return XML_ERROR_NONE; 1521 #else 1522 UNUSED_P(useDTD); 1523 return XML_ERROR_FEATURE_REQUIRES_XML_DTD; 1524 #endif 1525 } 1526 1527 void XMLCALL 1528 XML_SetReturnNSTriplet(XML_Parser parser, int do_nst) { 1529 if (parser == NULL) 1530 return; 1531 /* block after XML_Parse()/XML_ParseBuffer() has been called */ 1532 if (parser->m_parsingStatus.parsing == XML_PARSING 1533 || parser->m_parsingStatus.parsing == XML_SUSPENDED) 1534 return; 1535 parser->m_ns_triplets = do_nst ? XML_TRUE : XML_FALSE; 1536 } 1537 1538 void XMLCALL 1539 XML_SetUserData(XML_Parser parser, void *p) { 1540 if (parser == NULL) 1541 return; 1542 if (parser->m_handlerArg == parser->m_userData) 1543 parser->m_handlerArg = parser->m_userData = p; 1544 else 1545 parser->m_userData = p; 1546 } 1547 1548 enum XML_Status XMLCALL 1549 XML_SetBase(XML_Parser parser, const XML_Char *p) { 1550 if (parser == NULL) 1551 return XML_STATUS_ERROR; 1552 if (p) { 1553 p = poolCopyString(&parser->m_dtd->pool, p); 1554 if (! p) 1555 return XML_STATUS_ERROR; 1556 parser->m_curBase = p; 1557 } else 1558 parser->m_curBase = NULL; 1559 return XML_STATUS_OK; 1560 } 1561 1562 const XML_Char *XMLCALL 1563 XML_GetBase(XML_Parser parser) { 1564 if (parser == NULL) 1565 return NULL; 1566 return parser->m_curBase; 1567 } 1568 1569 int XMLCALL 1570 XML_GetSpecifiedAttributeCount(XML_Parser parser) { 1571 if (parser == NULL) 1572 return -1; 1573 return parser->m_nSpecifiedAtts; 1574 } 1575 1576 int XMLCALL 1577 XML_GetIdAttributeIndex(XML_Parser parser) { 1578 if (parser == NULL) 1579 return -1; 1580 return parser->m_idAttIndex; 1581 } 1582 1583 #ifdef XML_ATTR_INFO 1584 const XML_AttrInfo *XMLCALL 1585 XML_GetAttributeInfo(XML_Parser parser) { 1586 if (parser == NULL) 1587 return NULL; 1588 return parser->m_attInfo; 1589 } 1590 #endif 1591 1592 void XMLCALL 1593 XML_SetElementHandler(XML_Parser parser, XML_StartElementHandler start, 1594 XML_EndElementHandler end) { 1595 if (parser == NULL) 1596 return; 1597 parser->m_startElementHandler = start; 1598 parser->m_endElementHandler = end; 1599 } 1600 1601 void XMLCALL 1602 XML_SetStartElementHandler(XML_Parser parser, XML_StartElementHandler start) { 1603 if (parser != NULL) 1604 parser->m_startElementHandler = start; 1605 } 1606 1607 void XMLCALL 1608 XML_SetEndElementHandler(XML_Parser parser, XML_EndElementHandler end) { 1609 if (parser != NULL) 1610 parser->m_endElementHandler = end; 1611 } 1612 1613 void XMLCALL 1614 XML_SetCharacterDataHandler(XML_Parser parser, 1615 XML_CharacterDataHandler handler) { 1616 if (parser != NULL) 1617 parser->m_characterDataHandler = handler; 1618 } 1619 1620 void XMLCALL 1621 XML_SetProcessingInstructionHandler(XML_Parser parser, 1622 XML_ProcessingInstructionHandler handler) { 1623 if (parser != NULL) 1624 parser->m_processingInstructionHandler = handler; 1625 } 1626 1627 void XMLCALL 1628 XML_SetCommentHandler(XML_Parser parser, XML_CommentHandler handler) { 1629 if (parser != NULL) 1630 parser->m_commentHandler = handler; 1631 } 1632 1633 void XMLCALL 1634 XML_SetCdataSectionHandler(XML_Parser parser, 1635 XML_StartCdataSectionHandler start, 1636 XML_EndCdataSectionHandler end) { 1637 if (parser == NULL) 1638 return; 1639 parser->m_startCdataSectionHandler = start; 1640 parser->m_endCdataSectionHandler = end; 1641 } 1642 1643 void XMLCALL 1644 XML_SetStartCdataSectionHandler(XML_Parser parser, 1645 XML_StartCdataSectionHandler start) { 1646 if (parser != NULL) 1647 parser->m_startCdataSectionHandler = start; 1648 } 1649 1650 void XMLCALL 1651 XML_SetEndCdataSectionHandler(XML_Parser parser, 1652 XML_EndCdataSectionHandler end) { 1653 if (parser != NULL) 1654 parser->m_endCdataSectionHandler = end; 1655 } 1656 1657 void XMLCALL 1658 XML_SetDefaultHandler(XML_Parser parser, XML_DefaultHandler handler) { 1659 if (parser == NULL) 1660 return; 1661 parser->m_defaultHandler = handler; 1662 parser->m_defaultExpandInternalEntities = XML_FALSE; 1663 } 1664 1665 void XMLCALL 1666 XML_SetDefaultHandlerExpand(XML_Parser parser, XML_DefaultHandler handler) { 1667 if (parser == NULL) 1668 return; 1669 parser->m_defaultHandler = handler; 1670 parser->m_defaultExpandInternalEntities = XML_TRUE; 1671 } 1672 1673 void XMLCALL 1674 XML_SetDoctypeDeclHandler(XML_Parser parser, XML_StartDoctypeDeclHandler start, 1675 XML_EndDoctypeDeclHandler end) { 1676 if (parser == NULL) 1677 return; 1678 parser->m_startDoctypeDeclHandler = start; 1679 parser->m_endDoctypeDeclHandler = end; 1680 } 1681 1682 void XMLCALL 1683 XML_SetStartDoctypeDeclHandler(XML_Parser parser, 1684 XML_StartDoctypeDeclHandler start) { 1685 if (parser != NULL) 1686 parser->m_startDoctypeDeclHandler = start; 1687 } 1688 1689 void XMLCALL 1690 XML_SetEndDoctypeDeclHandler(XML_Parser parser, XML_EndDoctypeDeclHandler end) { 1691 if (parser != NULL) 1692 parser->m_endDoctypeDeclHandler = end; 1693 } 1694 1695 void XMLCALL 1696 XML_SetUnparsedEntityDeclHandler(XML_Parser parser, 1697 XML_UnparsedEntityDeclHandler handler) { 1698 if (parser != NULL) 1699 parser->m_unparsedEntityDeclHandler = handler; 1700 } 1701 1702 void XMLCALL 1703 XML_SetNotationDeclHandler(XML_Parser parser, XML_NotationDeclHandler handler) { 1704 if (parser != NULL) 1705 parser->m_notationDeclHandler = handler; 1706 } 1707 1708 void XMLCALL 1709 XML_SetNamespaceDeclHandler(XML_Parser parser, 1710 XML_StartNamespaceDeclHandler start, 1711 XML_EndNamespaceDeclHandler end) { 1712 if (parser == NULL) 1713 return; 1714 parser->m_startNamespaceDeclHandler = start; 1715 parser->m_endNamespaceDeclHandler = end; 1716 } 1717 1718 void XMLCALL 1719 XML_SetStartNamespaceDeclHandler(XML_Parser parser, 1720 XML_StartNamespaceDeclHandler start) { 1721 if (parser != NULL) 1722 parser->m_startNamespaceDeclHandler = start; 1723 } 1724 1725 void XMLCALL 1726 XML_SetEndNamespaceDeclHandler(XML_Parser parser, 1727 XML_EndNamespaceDeclHandler end) { 1728 if (parser != NULL) 1729 parser->m_endNamespaceDeclHandler = end; 1730 } 1731 1732 void XMLCALL 1733 XML_SetNotStandaloneHandler(XML_Parser parser, 1734 XML_NotStandaloneHandler handler) { 1735 if (parser != NULL) 1736 parser->m_notStandaloneHandler = handler; 1737 } 1738 1739 void XMLCALL 1740 XML_SetExternalEntityRefHandler(XML_Parser parser, 1741 XML_ExternalEntityRefHandler handler) { 1742 if (parser != NULL) 1743 parser->m_externalEntityRefHandler = handler; 1744 } 1745 1746 void XMLCALL 1747 XML_SetExternalEntityRefHandlerArg(XML_Parser parser, void *arg) { 1748 if (parser == NULL) 1749 return; 1750 if (arg) 1751 parser->m_externalEntityRefHandlerArg = (XML_Parser)arg; 1752 else 1753 parser->m_externalEntityRefHandlerArg = parser; 1754 } 1755 1756 void XMLCALL 1757 XML_SetSkippedEntityHandler(XML_Parser parser, 1758 XML_SkippedEntityHandler handler) { 1759 if (parser != NULL) 1760 parser->m_skippedEntityHandler = handler; 1761 } 1762 1763 void XMLCALL 1764 XML_SetUnknownEncodingHandler(XML_Parser parser, 1765 XML_UnknownEncodingHandler handler, void *data) { 1766 if (parser == NULL) 1767 return; 1768 parser->m_unknownEncodingHandler = handler; 1769 parser->m_unknownEncodingHandlerData = data; 1770 } 1771 1772 void XMLCALL 1773 XML_SetElementDeclHandler(XML_Parser parser, XML_ElementDeclHandler eldecl) { 1774 if (parser != NULL) 1775 parser->m_elementDeclHandler = eldecl; 1776 } 1777 1778 void XMLCALL 1779 XML_SetAttlistDeclHandler(XML_Parser parser, XML_AttlistDeclHandler attdecl) { 1780 if (parser != NULL) 1781 parser->m_attlistDeclHandler = attdecl; 1782 } 1783 1784 void XMLCALL 1785 XML_SetEntityDeclHandler(XML_Parser parser, XML_EntityDeclHandler handler) { 1786 if (parser != NULL) 1787 parser->m_entityDeclHandler = handler; 1788 } 1789 1790 void XMLCALL 1791 XML_SetXmlDeclHandler(XML_Parser parser, XML_XmlDeclHandler handler) { 1792 if (parser != NULL) 1793 parser->m_xmlDeclHandler = handler; 1794 } 1795 1796 int XMLCALL 1797 XML_SetParamEntityParsing(XML_Parser parser, 1798 enum XML_ParamEntityParsing peParsing) { 1799 if (parser == NULL) 1800 return 0; 1801 /* block after XML_Parse()/XML_ParseBuffer() has been called */ 1802 if (parser->m_parsingStatus.parsing == XML_PARSING 1803 || parser->m_parsingStatus.parsing == XML_SUSPENDED) 1804 return 0; 1805 #ifdef XML_DTD 1806 parser->m_paramEntityParsing = peParsing; 1807 return 1; 1808 #else 1809 return peParsing == XML_PARAM_ENTITY_PARSING_NEVER; 1810 #endif 1811 } 1812 1813 int XMLCALL 1814 XML_SetHashSalt(XML_Parser parser, unsigned long hash_salt) { 1815 if (parser == NULL) 1816 return 0; 1817 if (parser->m_parentParser) 1818 return XML_SetHashSalt(parser->m_parentParser, hash_salt); 1819 /* block after XML_Parse()/XML_ParseBuffer() has been called */ 1820 if (parser->m_parsingStatus.parsing == XML_PARSING 1821 || parser->m_parsingStatus.parsing == XML_SUSPENDED) 1822 return 0; 1823 parser->m_hash_secret_salt = hash_salt; 1824 return 1; 1825 } 1826 1827 enum XML_Status XMLCALL 1828 XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) { 1829 if ((parser == NULL) || (len < 0) || ((s == NULL) && (len != 0))) { 1830 if (parser != NULL) 1831 parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT; 1832 return XML_STATUS_ERROR; 1833 } 1834 switch (parser->m_parsingStatus.parsing) { 1835 case XML_SUSPENDED: 1836 parser->m_errorCode = XML_ERROR_SUSPENDED; 1837 return XML_STATUS_ERROR; 1838 case XML_FINISHED: 1839 parser->m_errorCode = XML_ERROR_FINISHED; 1840 return XML_STATUS_ERROR; 1841 case XML_INITIALIZED: 1842 if (parser->m_parentParser == NULL && ! startParsing(parser)) { 1843 parser->m_errorCode = XML_ERROR_NO_MEMORY; 1844 return XML_STATUS_ERROR; 1845 } 1846 /* fall through */ 1847 default: 1848 parser->m_parsingStatus.parsing = XML_PARSING; 1849 } 1850 1851 if (len == 0) { 1852 parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal; 1853 if (! isFinal) 1854 return XML_STATUS_OK; 1855 parser->m_positionPtr = parser->m_bufferPtr; 1856 parser->m_parseEndPtr = parser->m_bufferEnd; 1857 1858 /* If data are left over from last buffer, and we now know that these 1859 data are the final chunk of input, then we have to check them again 1860 to detect errors based on that fact. 1861 */ 1862 parser->m_errorCode 1863 = parser->m_processor(parser, parser->m_bufferPtr, 1864 parser->m_parseEndPtr, &parser->m_bufferPtr); 1865 1866 if (parser->m_errorCode == XML_ERROR_NONE) { 1867 switch (parser->m_parsingStatus.parsing) { 1868 case XML_SUSPENDED: 1869 /* It is hard to be certain, but it seems that this case 1870 * cannot occur. This code is cleaning up a previous parse 1871 * with no new data (since len == 0). Changing the parsing 1872 * state requires getting to execute a handler function, and 1873 * there doesn't seem to be an opportunity for that while in 1874 * this circumstance. 1875 * 1876 * Given the uncertainty, we retain the code but exclude it 1877 * from coverage tests. 1878 * 1879 * LCOV_EXCL_START 1880 */ 1881 XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr, 1882 parser->m_bufferPtr, &parser->m_position); 1883 parser->m_positionPtr = parser->m_bufferPtr; 1884 return XML_STATUS_SUSPENDED; 1885 /* LCOV_EXCL_STOP */ 1886 case XML_INITIALIZED: 1887 case XML_PARSING: 1888 parser->m_parsingStatus.parsing = XML_FINISHED; 1889 /* fall through */ 1890 default: 1891 return XML_STATUS_OK; 1892 } 1893 } 1894 parser->m_eventEndPtr = parser->m_eventPtr; 1895 parser->m_processor = errorProcessor; 1896 return XML_STATUS_ERROR; 1897 } 1898 #ifndef XML_CONTEXT_BYTES 1899 else if (parser->m_bufferPtr == parser->m_bufferEnd) { 1900 const char *end; 1901 int nLeftOver; 1902 enum XML_Status result; 1903 /* Detect overflow (a+b > MAX <==> b > MAX-a) */ 1904 if ((XML_Size)len > ((XML_Size)-1) / 2 - parser->m_parseEndByteIndex) { 1905 parser->m_errorCode = XML_ERROR_NO_MEMORY; 1906 parser->m_eventPtr = parser->m_eventEndPtr = NULL; 1907 parser->m_processor = errorProcessor; 1908 return XML_STATUS_ERROR; 1909 } 1910 parser->m_parseEndByteIndex += len; 1911 parser->m_positionPtr = s; 1912 parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal; 1913 1914 parser->m_errorCode 1915 = parser->m_processor(parser, s, parser->m_parseEndPtr = s + len, &end); 1916 1917 if (parser->m_errorCode != XML_ERROR_NONE) { 1918 parser->m_eventEndPtr = parser->m_eventPtr; 1919 parser->m_processor = errorProcessor; 1920 return XML_STATUS_ERROR; 1921 } else { 1922 switch (parser->m_parsingStatus.parsing) { 1923 case XML_SUSPENDED: 1924 result = XML_STATUS_SUSPENDED; 1925 break; 1926 case XML_INITIALIZED: 1927 case XML_PARSING: 1928 if (isFinal) { 1929 parser->m_parsingStatus.parsing = XML_FINISHED; 1930 return XML_STATUS_OK; 1931 } 1932 /* fall through */ 1933 default: 1934 result = XML_STATUS_OK; 1935 } 1936 } 1937 1938 XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr, end, 1939 &parser->m_position); 1940 nLeftOver = s + len - end; 1941 if (nLeftOver) { 1942 if (parser->m_buffer == NULL 1943 || nLeftOver > parser->m_bufferLim - parser->m_buffer) { 1944 /* avoid _signed_ integer overflow */ 1945 char *temp = NULL; 1946 const int bytesToAllocate = (int)((unsigned)len * 2U); 1947 if (bytesToAllocate > 0) { 1948 temp = (char *)REALLOC(parser, parser->m_buffer, bytesToAllocate); 1949 } 1950 if (temp == NULL) { 1951 parser->m_errorCode = XML_ERROR_NO_MEMORY; 1952 parser->m_eventPtr = parser->m_eventEndPtr = NULL; 1953 parser->m_processor = errorProcessor; 1954 return XML_STATUS_ERROR; 1955 } 1956 parser->m_buffer = temp; 1957 parser->m_bufferLim = parser->m_buffer + bytesToAllocate; 1958 } 1959 memcpy(parser->m_buffer, end, nLeftOver); 1960 } 1961 parser->m_bufferPtr = parser->m_buffer; 1962 parser->m_bufferEnd = parser->m_buffer + nLeftOver; 1963 parser->m_positionPtr = parser->m_bufferPtr; 1964 parser->m_parseEndPtr = parser->m_bufferEnd; 1965 parser->m_eventPtr = parser->m_bufferPtr; 1966 parser->m_eventEndPtr = parser->m_bufferPtr; 1967 return result; 1968 } 1969 #endif /* not defined XML_CONTEXT_BYTES */ 1970 else { 1971 void *buff = XML_GetBuffer(parser, len); 1972 if (buff == NULL) 1973 return XML_STATUS_ERROR; 1974 else { 1975 memcpy(buff, s, len); 1976 return XML_ParseBuffer(parser, len, isFinal); 1977 } 1978 } 1979 } 1980 1981 enum XML_Status XMLCALL 1982 XML_ParseBuffer(XML_Parser parser, int len, int isFinal) { 1983 const char *start; 1984 enum XML_Status result = XML_STATUS_OK; 1985 1986 if (parser == NULL) 1987 return XML_STATUS_ERROR; 1988 switch (parser->m_parsingStatus.parsing) { 1989 case XML_SUSPENDED: 1990 parser->m_errorCode = XML_ERROR_SUSPENDED; 1991 return XML_STATUS_ERROR; 1992 case XML_FINISHED: 1993 parser->m_errorCode = XML_ERROR_FINISHED; 1994 return XML_STATUS_ERROR; 1995 case XML_INITIALIZED: 1996 /* Has someone called XML_GetBuffer successfully before? */ 1997 if (! parser->m_bufferPtr) { 1998 parser->m_errorCode = XML_ERROR_NO_BUFFER; 1999 return XML_STATUS_ERROR; 2000 } 2001 2002 if (parser->m_parentParser == NULL && ! startParsing(parser)) { 2003 parser->m_errorCode = XML_ERROR_NO_MEMORY; 2004 return XML_STATUS_ERROR; 2005 } 2006 /* fall through */ 2007 default: 2008 parser->m_parsingStatus.parsing = XML_PARSING; 2009 } 2010 2011 start = parser->m_bufferPtr; 2012 parser->m_positionPtr = start; 2013 parser->m_bufferEnd += len; 2014 parser->m_parseEndPtr = parser->m_bufferEnd; 2015 parser->m_parseEndByteIndex += len; 2016 parser->m_parsingStatus.finalBuffer = (XML_Bool)isFinal; 2017 2018 parser->m_errorCode = parser->m_processor( 2019 parser, start, parser->m_parseEndPtr, &parser->m_bufferPtr); 2020 2021 if (parser->m_errorCode != XML_ERROR_NONE) { 2022 parser->m_eventEndPtr = parser->m_eventPtr; 2023 parser->m_processor = errorProcessor; 2024 return XML_STATUS_ERROR; 2025 } else { 2026 switch (parser->m_parsingStatus.parsing) { 2027 case XML_SUSPENDED: 2028 result = XML_STATUS_SUSPENDED; 2029 break; 2030 case XML_INITIALIZED: 2031 case XML_PARSING: 2032 if (isFinal) { 2033 parser->m_parsingStatus.parsing = XML_FINISHED; 2034 return result; 2035 } 2036 default:; /* should not happen */ 2037 } 2038 } 2039 2040 XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr, 2041 parser->m_bufferPtr, &parser->m_position); 2042 parser->m_positionPtr = parser->m_bufferPtr; 2043 return result; 2044 } 2045 2046 void *XMLCALL 2047 XML_GetBuffer(XML_Parser parser, int len) { 2048 if (parser == NULL) 2049 return NULL; 2050 if (len < 0) { 2051 parser->m_errorCode = XML_ERROR_NO_MEMORY; 2052 return NULL; 2053 } 2054 switch (parser->m_parsingStatus.parsing) { 2055 case XML_SUSPENDED: 2056 parser->m_errorCode = XML_ERROR_SUSPENDED; 2057 return NULL; 2058 case XML_FINISHED: 2059 parser->m_errorCode = XML_ERROR_FINISHED; 2060 return NULL; 2061 default:; 2062 } 2063 2064 if (len > EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferEnd)) { 2065 #ifdef XML_CONTEXT_BYTES 2066 int keep; 2067 #endif /* defined XML_CONTEXT_BYTES */ 2068 /* Do not invoke signed arithmetic overflow: */ 2069 int neededSize = (int)((unsigned)len 2070 + (unsigned)EXPAT_SAFE_PTR_DIFF( 2071 parser->m_bufferEnd, parser->m_bufferPtr)); 2072 if (neededSize < 0) { 2073 parser->m_errorCode = XML_ERROR_NO_MEMORY; 2074 return NULL; 2075 } 2076 #ifdef XML_CONTEXT_BYTES 2077 keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer); 2078 if (keep > XML_CONTEXT_BYTES) 2079 keep = XML_CONTEXT_BYTES; 2080 /* Detect and prevent integer overflow */ 2081 if (keep > INT_MAX - neededSize) { 2082 parser->m_errorCode = XML_ERROR_NO_MEMORY; 2083 return NULL; 2084 } 2085 neededSize += keep; 2086 #endif /* defined XML_CONTEXT_BYTES */ 2087 if (neededSize 2088 <= EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_buffer)) { 2089 #ifdef XML_CONTEXT_BYTES 2090 if (keep < EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer)) { 2091 int offset 2092 = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer) 2093 - keep; 2094 /* The buffer pointers cannot be NULL here; we have at least some bytes 2095 * in the buffer */ 2096 memmove(parser->m_buffer, &parser->m_buffer[offset], 2097 parser->m_bufferEnd - parser->m_bufferPtr + keep); 2098 parser->m_bufferEnd -= offset; 2099 parser->m_bufferPtr -= offset; 2100 } 2101 #else 2102 if (parser->m_buffer && parser->m_bufferPtr) { 2103 memmove(parser->m_buffer, parser->m_bufferPtr, 2104 EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr)); 2105 parser->m_bufferEnd 2106 = parser->m_buffer 2107 + EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr); 2108 parser->m_bufferPtr = parser->m_buffer; 2109 } 2110 #endif /* not defined XML_CONTEXT_BYTES */ 2111 } else { 2112 char *newBuf; 2113 int bufferSize 2114 = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferLim, parser->m_bufferPtr); 2115 if (bufferSize == 0) 2116 bufferSize = INIT_BUFFER_SIZE; 2117 do { 2118 /* Do not invoke signed arithmetic overflow: */ 2119 bufferSize = (int)(2U * (unsigned)bufferSize); 2120 } while (bufferSize < neededSize && bufferSize > 0); 2121 if (bufferSize <= 0) { 2122 parser->m_errorCode = XML_ERROR_NO_MEMORY; 2123 return NULL; 2124 } 2125 newBuf = (char *)MALLOC(parser, bufferSize); 2126 if (newBuf == 0) { 2127 parser->m_errorCode = XML_ERROR_NO_MEMORY; 2128 return NULL; 2129 } 2130 parser->m_bufferLim = newBuf + bufferSize; 2131 #ifdef XML_CONTEXT_BYTES 2132 if (parser->m_bufferPtr) { 2133 memcpy(newBuf, &parser->m_bufferPtr[-keep], 2134 EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr) 2135 + keep); 2136 FREE(parser, parser->m_buffer); 2137 parser->m_buffer = newBuf; 2138 parser->m_bufferEnd 2139 = parser->m_buffer 2140 + EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr) 2141 + keep; 2142 parser->m_bufferPtr = parser->m_buffer + keep; 2143 } else { 2144 /* This must be a brand new buffer with no data in it yet */ 2145 parser->m_bufferEnd = newBuf; 2146 parser->m_bufferPtr = parser->m_buffer = newBuf; 2147 } 2148 #else 2149 if (parser->m_bufferPtr) { 2150 memcpy(newBuf, parser->m_bufferPtr, 2151 EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr)); 2152 FREE(parser, parser->m_buffer); 2153 parser->m_bufferEnd 2154 = newBuf 2155 + EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr); 2156 } else { 2157 /* This must be a brand new buffer with no data in it yet */ 2158 parser->m_bufferEnd = newBuf; 2159 } 2160 parser->m_bufferPtr = parser->m_buffer = newBuf; 2161 #endif /* not defined XML_CONTEXT_BYTES */ 2162 } 2163 parser->m_eventPtr = parser->m_eventEndPtr = NULL; 2164 parser->m_positionPtr = NULL; 2165 } 2166 return parser->m_bufferEnd; 2167 } 2168 2169 enum XML_Status XMLCALL 2170 XML_StopParser(XML_Parser parser, XML_Bool resumable) { 2171 if (parser == NULL) 2172 return XML_STATUS_ERROR; 2173 switch (parser->m_parsingStatus.parsing) { 2174 case XML_SUSPENDED: 2175 if (resumable) { 2176 parser->m_errorCode = XML_ERROR_SUSPENDED; 2177 return XML_STATUS_ERROR; 2178 } 2179 parser->m_parsingStatus.parsing = XML_FINISHED; 2180 break; 2181 case XML_FINISHED: 2182 parser->m_errorCode = XML_ERROR_FINISHED; 2183 return XML_STATUS_ERROR; 2184 default: 2185 if (resumable) { 2186 #ifdef XML_DTD 2187 if (parser->m_isParamEntity) { 2188 parser->m_errorCode = XML_ERROR_SUSPEND_PE; 2189 return XML_STATUS_ERROR; 2190 } 2191 #endif 2192 parser->m_parsingStatus.parsing = XML_SUSPENDED; 2193 } else 2194 parser->m_parsingStatus.parsing = XML_FINISHED; 2195 } 2196 return XML_STATUS_OK; 2197 } 2198 2199 enum XML_Status XMLCALL 2200 XML_ResumeParser(XML_Parser parser) { 2201 enum XML_Status result = XML_STATUS_OK; 2202 2203 if (parser == NULL) 2204 return XML_STATUS_ERROR; 2205 if (parser->m_parsingStatus.parsing != XML_SUSPENDED) { 2206 parser->m_errorCode = XML_ERROR_NOT_SUSPENDED; 2207 return XML_STATUS_ERROR; 2208 } 2209 parser->m_parsingStatus.parsing = XML_PARSING; 2210 2211 parser->m_errorCode = parser->m_processor( 2212 parser, parser->m_bufferPtr, parser->m_parseEndPtr, &parser->m_bufferPtr); 2213 2214 if (parser->m_errorCode != XML_ERROR_NONE) { 2215 parser->m_eventEndPtr = parser->m_eventPtr; 2216 parser->m_processor = errorProcessor; 2217 return XML_STATUS_ERROR; 2218 } else { 2219 switch (parser->m_parsingStatus.parsing) { 2220 case XML_SUSPENDED: 2221 result = XML_STATUS_SUSPENDED; 2222 break; 2223 case XML_INITIALIZED: 2224 case XML_PARSING: 2225 if (parser->m_parsingStatus.finalBuffer) { 2226 parser->m_parsingStatus.parsing = XML_FINISHED; 2227 return result; 2228 } 2229 default:; 2230 } 2231 } 2232 2233 XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr, 2234 parser->m_bufferPtr, &parser->m_position); 2235 parser->m_positionPtr = parser->m_bufferPtr; 2236 return result; 2237 } 2238 2239 void XMLCALL 2240 XML_GetParsingStatus(XML_Parser parser, XML_ParsingStatus *status) { 2241 if (parser == NULL) 2242 return; 2243 assert(status != NULL); 2244 *status = parser->m_parsingStatus; 2245 } 2246 2247 enum XML_Error XMLCALL 2248 XML_GetErrorCode(XML_Parser parser) { 2249 if (parser == NULL) 2250 return XML_ERROR_INVALID_ARGUMENT; 2251 return parser->m_errorCode; 2252 } 2253 2254 XML_Index XMLCALL 2255 XML_GetCurrentByteIndex(XML_Parser parser) { 2256 if (parser == NULL) 2257 return -1; 2258 if (parser->m_eventPtr) 2259 return (XML_Index)(parser->m_parseEndByteIndex 2260 - (parser->m_parseEndPtr - parser->m_eventPtr)); 2261 return -1; 2262 } 2263 2264 int XMLCALL 2265 XML_GetCurrentByteCount(XML_Parser parser) { 2266 if (parser == NULL) 2267 return 0; 2268 if (parser->m_eventEndPtr && parser->m_eventPtr) 2269 return (int)(parser->m_eventEndPtr - parser->m_eventPtr); 2270 return 0; 2271 } 2272 2273 const char *XMLCALL 2274 XML_GetInputContext(XML_Parser parser, int *offset, int *size) { 2275 #ifdef XML_CONTEXT_BYTES 2276 if (parser == NULL) 2277 return NULL; 2278 if (parser->m_eventPtr && parser->m_buffer) { 2279 if (offset != NULL) 2280 *offset = (int)(parser->m_eventPtr - parser->m_buffer); 2281 if (size != NULL) 2282 *size = (int)(parser->m_bufferEnd - parser->m_buffer); 2283 return parser->m_buffer; 2284 } 2285 #else 2286 (void)parser; 2287 (void)offset; 2288 (void)size; 2289 #endif /* defined XML_CONTEXT_BYTES */ 2290 return (const char *)0; 2291 } 2292 2293 XML_Size XMLCALL 2294 XML_GetCurrentLineNumber(XML_Parser parser) { 2295 if (parser == NULL) 2296 return 0; 2297 if (parser->m_eventPtr && parser->m_eventPtr >= parser->m_positionPtr) { 2298 XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr, 2299 parser->m_eventPtr, &parser->m_position); 2300 parser->m_positionPtr = parser->m_eventPtr; 2301 } 2302 return parser->m_position.lineNumber + 1; 2303 } 2304 2305 XML_Size XMLCALL 2306 XML_GetCurrentColumnNumber(XML_Parser parser) { 2307 if (parser == NULL) 2308 return 0; 2309 if (parser->m_eventPtr && parser->m_eventPtr >= parser->m_positionPtr) { 2310 XmlUpdatePosition(parser->m_encoding, parser->m_positionPtr, 2311 parser->m_eventPtr, &parser->m_position); 2312 parser->m_positionPtr = parser->m_eventPtr; 2313 } 2314 return parser->m_position.columnNumber; 2315 } 2316 2317 void XMLCALL 2318 XML_FreeContentModel(XML_Parser parser, XML_Content *model) { 2319 if (parser != NULL) 2320 FREE(parser, model); 2321 } 2322 2323 void *XMLCALL 2324 XML_MemMalloc(XML_Parser parser, size_t size) { 2325 if (parser == NULL) 2326 return NULL; 2327 return MALLOC(parser, size); 2328 } 2329 2330 void *XMLCALL 2331 XML_MemRealloc(XML_Parser parser, void *ptr, size_t size) { 2332 if (parser == NULL) 2333 return NULL; 2334 return REALLOC(parser, ptr, size); 2335 } 2336 2337 void XMLCALL 2338 XML_MemFree(XML_Parser parser, void *ptr) { 2339 if (parser != NULL) 2340 FREE(parser, ptr); 2341 } 2342 2343 void XMLCALL 2344 XML_DefaultCurrent(XML_Parser parser) { 2345 if (parser == NULL) 2346 return; 2347 if (parser->m_defaultHandler) { 2348 if (parser->m_openInternalEntities) 2349 reportDefault(parser, parser->m_internalEncoding, 2350 parser->m_openInternalEntities->internalEventPtr, 2351 parser->m_openInternalEntities->internalEventEndPtr); 2352 else 2353 reportDefault(parser, parser->m_encoding, parser->m_eventPtr, 2354 parser->m_eventEndPtr); 2355 } 2356 } 2357 2358 const XML_LChar *XMLCALL 2359 XML_ErrorString(enum XML_Error code) { 2360 switch (code) { 2361 case XML_ERROR_NONE: 2362 return NULL; 2363 case XML_ERROR_NO_MEMORY: 2364 return XML_L("out of memory"); 2365 case XML_ERROR_SYNTAX: 2366 return XML_L("syntax error"); 2367 case XML_ERROR_NO_ELEMENTS: 2368 return XML_L("no element found"); 2369 case XML_ERROR_INVALID_TOKEN: 2370 return XML_L("not well-formed (invalid token)"); 2371 case XML_ERROR_UNCLOSED_TOKEN: 2372 return XML_L("unclosed token"); 2373 case XML_ERROR_PARTIAL_CHAR: 2374 return XML_L("partial character"); 2375 case XML_ERROR_TAG_MISMATCH: 2376 return XML_L("mismatched tag"); 2377 case XML_ERROR_DUPLICATE_ATTRIBUTE: 2378 return XML_L("duplicate attribute"); 2379 case XML_ERROR_JUNK_AFTER_DOC_ELEMENT: 2380 return XML_L("junk after document element"); 2381 case XML_ERROR_PARAM_ENTITY_REF: 2382 return XML_L("illegal parameter entity reference"); 2383 case XML_ERROR_UNDEFINED_ENTITY: 2384 return XML_L("undefined entity"); 2385 case XML_ERROR_RECURSIVE_ENTITY_REF: 2386 return XML_L("recursive entity reference"); 2387 case XML_ERROR_ASYNC_ENTITY: 2388 return XML_L("asynchronous entity"); 2389 case XML_ERROR_BAD_CHAR_REF: 2390 return XML_L("reference to invalid character number"); 2391 case XML_ERROR_BINARY_ENTITY_REF: 2392 return XML_L("reference to binary entity"); 2393 case XML_ERROR_ATTRIBUTE_EXTERNAL_ENTITY_REF: 2394 return XML_L("reference to external entity in attribute"); 2395 case XML_ERROR_MISPLACED_XML_PI: 2396 return XML_L("XML or text declaration not at start of entity"); 2397 case XML_ERROR_UNKNOWN_ENCODING: 2398 return XML_L("unknown encoding"); 2399 case XML_ERROR_INCORRECT_ENCODING: 2400 return XML_L("encoding specified in XML declaration is incorrect"); 2401 case XML_ERROR_UNCLOSED_CDATA_SECTION: 2402 return XML_L("unclosed CDATA section"); 2403 case XML_ERROR_EXTERNAL_ENTITY_HANDLING: 2404 return XML_L("error in processing external entity reference"); 2405 case XML_ERROR_NOT_STANDALONE: 2406 return XML_L("document is not standalone"); 2407 case XML_ERROR_UNEXPECTED_STATE: 2408 return XML_L("unexpected parser state - please send a bug report"); 2409 case XML_ERROR_ENTITY_DECLARED_IN_PE: 2410 return XML_L("entity declared in parameter entity"); 2411 case XML_ERROR_FEATURE_REQUIRES_XML_DTD: 2412 return XML_L("requested feature requires XML_DTD support in Expat"); 2413 case XML_ERROR_CANT_CHANGE_FEATURE_ONCE_PARSING: 2414 return XML_L("cannot change setting once parsing has begun"); 2415 /* Added in 1.95.7. */ 2416 case XML_ERROR_UNBOUND_PREFIX: 2417 return XML_L("unbound prefix"); 2418 /* Added in 1.95.8. */ 2419 case XML_ERROR_UNDECLARING_PREFIX: 2420 return XML_L("must not undeclare prefix"); 2421 case XML_ERROR_INCOMPLETE_PE: 2422 return XML_L("incomplete markup in parameter entity"); 2423 case XML_ERROR_XML_DECL: 2424 return XML_L("XML declaration not well-formed"); 2425 case XML_ERROR_TEXT_DECL: 2426 return XML_L("text declaration not well-formed"); 2427 case XML_ERROR_PUBLICID: 2428 return XML_L("illegal character(s) in public id"); 2429 case XML_ERROR_SUSPENDED: 2430 return XML_L("parser suspended"); 2431 case XML_ERROR_NOT_SUSPENDED: 2432 return XML_L("parser not suspended"); 2433 case XML_ERROR_ABORTED: 2434 return XML_L("parsing aborted"); 2435 case XML_ERROR_FINISHED: 2436 return XML_L("parsing finished"); 2437 case XML_ERROR_SUSPEND_PE: 2438 return XML_L("cannot suspend in external parameter entity"); 2439 /* Added in 2.0.0. */ 2440 case XML_ERROR_RESERVED_PREFIX_XML: 2441 return XML_L( 2442 "reserved prefix (xml) must not be undeclared or bound to another namespace name"); 2443 case XML_ERROR_RESERVED_PREFIX_XMLNS: 2444 return XML_L("reserved prefix (xmlns) must not be declared or undeclared"); 2445 case XML_ERROR_RESERVED_NAMESPACE_URI: 2446 return XML_L( 2447 "prefix must not be bound to one of the reserved namespace names"); 2448 /* Added in 2.2.5. */ 2449 case XML_ERROR_INVALID_ARGUMENT: /* Constant added in 2.2.1, already */ 2450 return XML_L("invalid argument"); 2451 /* Added in 2.3.0. */ 2452 case XML_ERROR_NO_BUFFER: 2453 return XML_L( 2454 "a successful prior call to function XML_GetBuffer is required"); 2455 /* Added in 2.4.0. */ 2456 case XML_ERROR_AMPLIFICATION_LIMIT_BREACH: 2457 return XML_L( 2458 "limit on input amplification factor (from DTD and entities) breached"); 2459 } 2460 return NULL; 2461 } 2462 2463 const XML_LChar *XMLCALL 2464 XML_ExpatVersion(void) { 2465 /* V1 is used to string-ize the version number. However, it would 2466 string-ize the actual version macro *names* unless we get them 2467 substituted before being passed to V1. CPP is defined to expand 2468 a macro, then rescan for more expansions. Thus, we use V2 to expand 2469 the version macros, then CPP will expand the resulting V1() macro 2470 with the correct numerals. */ 2471 /* ### I'm assuming cpp is portable in this respect... */ 2472 2473 #define V1(a, b, c) XML_L(#a) XML_L(".") XML_L(#b) XML_L(".") XML_L(#c) 2474 #define V2(a, b, c) XML_L("expat_") V1(a, b, c) 2475 2476 return V2(XML_MAJOR_VERSION, XML_MINOR_VERSION, XML_MICRO_VERSION); 2477 2478 #undef V1 2479 #undef V2 2480 } 2481 2482 XML_Expat_Version XMLCALL 2483 XML_ExpatVersionInfo(void) { 2484 XML_Expat_Version version; 2485 2486 version.major = XML_MAJOR_VERSION; 2487 version.minor = XML_MINOR_VERSION; 2488 version.micro = XML_MICRO_VERSION; 2489 2490 return version; 2491 } 2492 2493 const XML_Feature *XMLCALL 2494 XML_GetFeatureList(void) { 2495 static const XML_Feature features[] = { 2496 {XML_FEATURE_SIZEOF_XML_CHAR, XML_L("sizeof(XML_Char)"), 2497 sizeof(XML_Char)}, 2498 {XML_FEATURE_SIZEOF_XML_LCHAR, XML_L("sizeof(XML_LChar)"), 2499 sizeof(XML_LChar)}, 2500 #ifdef XML_UNICODE 2501 {XML_FEATURE_UNICODE, XML_L("XML_UNICODE"), 0}, 2502 #endif 2503 #ifdef XML_UNICODE_WCHAR_T 2504 {XML_FEATURE_UNICODE_WCHAR_T, XML_L("XML_UNICODE_WCHAR_T"), 0}, 2505 #endif 2506 #ifdef XML_DTD 2507 {XML_FEATURE_DTD, XML_L("XML_DTD"), 0}, 2508 #endif 2509 #ifdef XML_CONTEXT_BYTES 2510 {XML_FEATURE_CONTEXT_BYTES, XML_L("XML_CONTEXT_BYTES"), 2511 XML_CONTEXT_BYTES}, 2512 #endif 2513 #ifdef XML_MIN_SIZE 2514 {XML_FEATURE_MIN_SIZE, XML_L("XML_MIN_SIZE"), 0}, 2515 #endif 2516 #ifdef XML_NS 2517 {XML_FEATURE_NS, XML_L("XML_NS"), 0}, 2518 #endif 2519 #ifdef XML_LARGE_SIZE 2520 {XML_FEATURE_LARGE_SIZE, XML_L("XML_LARGE_SIZE"), 0}, 2521 #endif 2522 #ifdef XML_ATTR_INFO 2523 {XML_FEATURE_ATTR_INFO, XML_L("XML_ATTR_INFO"), 0}, 2524 #endif 2525 #ifdef XML_DTD 2526 /* Added in Expat 2.4.0. */ 2527 {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT, 2528 XML_L("XML_BLAP_MAX_AMP"), 2529 (long int) 2530 EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT}, 2531 {XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT, 2532 XML_L("XML_BLAP_ACT_THRES"), 2533 EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT}, 2534 #endif 2535 {XML_FEATURE_END, NULL, 0}}; 2536 2537 return features; 2538 } 2539 2540 #ifdef XML_DTD 2541 XML_Bool XMLCALL 2542 XML_SetBillionLaughsAttackProtectionMaximumAmplification( 2543 XML_Parser parser, float maximumAmplificationFactor) { 2544 if ((parser == NULL) || (parser->m_parentParser != NULL) 2545 || isnan(maximumAmplificationFactor) 2546 || (maximumAmplificationFactor < 1.0f)) { 2547 return XML_FALSE; 2548 } 2549 parser->m_accounting.maximumAmplificationFactor = maximumAmplificationFactor; 2550 return XML_TRUE; 2551 } 2552 2553 XML_Bool XMLCALL 2554 XML_SetBillionLaughsAttackProtectionActivationThreshold( 2555 XML_Parser parser, unsigned long long activationThresholdBytes) { 2556 if ((parser == NULL) || (parser->m_parentParser != NULL)) { 2557 return XML_FALSE; 2558 } 2559 parser->m_accounting.activationThresholdBytes = activationThresholdBytes; 2560 return XML_TRUE; 2561 } 2562 #endif /* XML_DTD */ 2563 2564 /* Initially tag->rawName always points into the parse buffer; 2565 for those TAG instances opened while the current parse buffer was 2566 processed, and not yet closed, we need to store tag->rawName in a more 2567 permanent location, since the parse buffer is about to be discarded. 2568 */ 2569 static XML_Bool 2570 storeRawNames(XML_Parser parser) { 2571 TAG *tag = parser->m_tagStack; 2572 while (tag) { 2573 int bufSize; 2574 int nameLen = sizeof(XML_Char) * (tag->name.strLen + 1); 2575 size_t rawNameLen; 2576 char *rawNameBuf = tag->buf + nameLen; 2577 /* Stop if already stored. Since m_tagStack is a stack, we can stop 2578 at the first entry that has already been copied; everything 2579 below it in the stack is already been accounted for in a 2580 previous call to this function. 2581 */ 2582 if (tag->rawName == rawNameBuf) 2583 break; 2584 /* For re-use purposes we need to ensure that the 2585 size of tag->buf is a multiple of sizeof(XML_Char). 2586 */ 2587 rawNameLen = ROUND_UP(tag->rawNameLength, sizeof(XML_Char)); 2588 /* Detect and prevent integer overflow. */ 2589 if (rawNameLen > (size_t)INT_MAX - nameLen) 2590 return XML_FALSE; 2591 bufSize = nameLen + (int)rawNameLen; 2592 if (bufSize > tag->bufEnd - tag->buf) { 2593 char *temp = (char *)REALLOC(parser, tag->buf, bufSize); 2594 if (temp == NULL) 2595 return XML_FALSE; 2596 /* if tag->name.str points to tag->buf (only when namespace 2597 processing is off) then we have to update it 2598 */ 2599 if (tag->name.str == (XML_Char *)tag->buf) 2600 tag->name.str = (XML_Char *)temp; 2601 /* if tag->name.localPart is set (when namespace processing is on) 2602 then update it as well, since it will always point into tag->buf 2603 */ 2604 if (tag->name.localPart) 2605 tag->name.localPart 2606 = (XML_Char *)temp + (tag->name.localPart - (XML_Char *)tag->buf); 2607 tag->buf = temp; 2608 tag->bufEnd = temp + bufSize; 2609 rawNameBuf = temp + nameLen; 2610 } 2611 memcpy(rawNameBuf, tag->rawName, tag->rawNameLength); 2612 tag->rawName = rawNameBuf; 2613 tag = tag->parent; 2614 } 2615 return XML_TRUE; 2616 } 2617 2618 static enum XML_Error PTRCALL 2619 contentProcessor(XML_Parser parser, const char *start, const char *end, 2620 const char **endPtr) { 2621 enum XML_Error result = doContent( 2622 parser, 0, parser->m_encoding, start, end, endPtr, 2623 (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_ACCOUNT_DIRECT); 2624 if (result == XML_ERROR_NONE) { 2625 if (! storeRawNames(parser)) 2626 return XML_ERROR_NO_MEMORY; 2627 } 2628 return result; 2629 } 2630 2631 static enum XML_Error PTRCALL 2632 externalEntityInitProcessor(XML_Parser parser, const char *start, 2633 const char *end, const char **endPtr) { 2634 enum XML_Error result = initializeEncoding(parser); 2635 if (result != XML_ERROR_NONE) 2636 return result; 2637 parser->m_processor = externalEntityInitProcessor2; 2638 return externalEntityInitProcessor2(parser, start, end, endPtr); 2639 } 2640 2641 static enum XML_Error PTRCALL 2642 externalEntityInitProcessor2(XML_Parser parser, const char *start, 2643 const char *end, const char **endPtr) { 2644 const char *next = start; /* XmlContentTok doesn't always set the last arg */ 2645 int tok = XmlContentTok(parser->m_encoding, start, end, &next); 2646 switch (tok) { 2647 case XML_TOK_BOM: 2648 #ifdef XML_DTD 2649 if (! accountingDiffTolerated(parser, tok, start, next, __LINE__, 2650 XML_ACCOUNT_DIRECT)) { 2651 accountingOnAbort(parser); 2652 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 2653 } 2654 #endif /* XML_DTD */ 2655 2656 /* If we are at the end of the buffer, this would cause the next stage, 2657 i.e. externalEntityInitProcessor3, to pass control directly to 2658 doContent (by detecting XML_TOK_NONE) without processing any xml text 2659 declaration - causing the error XML_ERROR_MISPLACED_XML_PI in doContent. 2660 */ 2661 if (next == end && ! parser->m_parsingStatus.finalBuffer) { 2662 *endPtr = next; 2663 return XML_ERROR_NONE; 2664 } 2665 start = next; 2666 break; 2667 case XML_TOK_PARTIAL: 2668 if (! parser->m_parsingStatus.finalBuffer) { 2669 *endPtr = start; 2670 return XML_ERROR_NONE; 2671 } 2672 parser->m_eventPtr = start; 2673 return XML_ERROR_UNCLOSED_TOKEN; 2674 case XML_TOK_PARTIAL_CHAR: 2675 if (! parser->m_parsingStatus.finalBuffer) { 2676 *endPtr = start; 2677 return XML_ERROR_NONE; 2678 } 2679 parser->m_eventPtr = start; 2680 return XML_ERROR_PARTIAL_CHAR; 2681 } 2682 parser->m_processor = externalEntityInitProcessor3; 2683 return externalEntityInitProcessor3(parser, start, end, endPtr); 2684 } 2685 2686 static enum XML_Error PTRCALL 2687 externalEntityInitProcessor3(XML_Parser parser, const char *start, 2688 const char *end, const char **endPtr) { 2689 int tok; 2690 const char *next = start; /* XmlContentTok doesn't always set the last arg */ 2691 parser->m_eventPtr = start; 2692 tok = XmlContentTok(parser->m_encoding, start, end, &next); 2693 /* Note: These bytes are accounted later in: 2694 - processXmlDecl 2695 - externalEntityContentProcessor 2696 */ 2697 parser->m_eventEndPtr = next; 2698 2699 switch (tok) { 2700 case XML_TOK_XML_DECL: { 2701 enum XML_Error result; 2702 result = processXmlDecl(parser, 1, start, next); 2703 if (result != XML_ERROR_NONE) 2704 return result; 2705 switch (parser->m_parsingStatus.parsing) { 2706 case XML_SUSPENDED: 2707 *endPtr = next; 2708 return XML_ERROR_NONE; 2709 case XML_FINISHED: 2710 return XML_ERROR_ABORTED; 2711 default: 2712 start = next; 2713 } 2714 } break; 2715 case XML_TOK_PARTIAL: 2716 if (! parser->m_parsingStatus.finalBuffer) { 2717 *endPtr = start; 2718 return XML_ERROR_NONE; 2719 } 2720 return XML_ERROR_UNCLOSED_TOKEN; 2721 case XML_TOK_PARTIAL_CHAR: 2722 if (! parser->m_parsingStatus.finalBuffer) { 2723 *endPtr = start; 2724 return XML_ERROR_NONE; 2725 } 2726 return XML_ERROR_PARTIAL_CHAR; 2727 } 2728 parser->m_processor = externalEntityContentProcessor; 2729 parser->m_tagLevel = 1; 2730 return externalEntityContentProcessor(parser, start, end, endPtr); 2731 } 2732 2733 static enum XML_Error PTRCALL 2734 externalEntityContentProcessor(XML_Parser parser, const char *start, 2735 const char *end, const char **endPtr) { 2736 enum XML_Error result 2737 = doContent(parser, 1, parser->m_encoding, start, end, endPtr, 2738 (XML_Bool)! parser->m_parsingStatus.finalBuffer, 2739 XML_ACCOUNT_ENTITY_EXPANSION); 2740 if (result == XML_ERROR_NONE) { 2741 if (! storeRawNames(parser)) 2742 return XML_ERROR_NO_MEMORY; 2743 } 2744 return result; 2745 } 2746 2747 static enum XML_Error 2748 doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, 2749 const char *s, const char *end, const char **nextPtr, 2750 XML_Bool haveMore, enum XML_Account account) { 2751 /* save one level of indirection */ 2752 DTD *const dtd = parser->m_dtd; 2753 2754 const char **eventPP; 2755 const char **eventEndPP; 2756 if (enc == parser->m_encoding) { 2757 eventPP = &parser->m_eventPtr; 2758 eventEndPP = &parser->m_eventEndPtr; 2759 } else { 2760 eventPP = &(parser->m_openInternalEntities->internalEventPtr); 2761 eventEndPP = &(parser->m_openInternalEntities->internalEventEndPtr); 2762 } 2763 *eventPP = s; 2764 2765 for (;;) { 2766 const char *next = s; /* XmlContentTok doesn't always set the last arg */ 2767 int tok = XmlContentTok(enc, s, end, &next); 2768 #ifdef XML_DTD 2769 const char *accountAfter 2770 = ((tok == XML_TOK_TRAILING_RSQB) || (tok == XML_TOK_TRAILING_CR)) 2771 ? (haveMore ? s /* i.e. 0 bytes */ : end) 2772 : next; 2773 if (! accountingDiffTolerated(parser, tok, s, accountAfter, __LINE__, 2774 account)) { 2775 accountingOnAbort(parser); 2776 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 2777 } 2778 #endif 2779 *eventEndPP = next; 2780 switch (tok) { 2781 case XML_TOK_TRAILING_CR: 2782 if (haveMore) { 2783 *nextPtr = s; 2784 return XML_ERROR_NONE; 2785 } 2786 *eventEndPP = end; 2787 if (parser->m_characterDataHandler) { 2788 XML_Char c = 0xA; 2789 parser->m_characterDataHandler(parser->m_handlerArg, &c, 1); 2790 } else if (parser->m_defaultHandler) 2791 reportDefault(parser, enc, s, end); 2792 /* We are at the end of the final buffer, should we check for 2793 XML_SUSPENDED, XML_FINISHED? 2794 */ 2795 if (startTagLevel == 0) 2796 return XML_ERROR_NO_ELEMENTS; 2797 if (parser->m_tagLevel != startTagLevel) 2798 return XML_ERROR_ASYNC_ENTITY; 2799 *nextPtr = end; 2800 return XML_ERROR_NONE; 2801 case XML_TOK_NONE: 2802 if (haveMore) { 2803 *nextPtr = s; 2804 return XML_ERROR_NONE; 2805 } 2806 if (startTagLevel > 0) { 2807 if (parser->m_tagLevel != startTagLevel) 2808 return XML_ERROR_ASYNC_ENTITY; 2809 *nextPtr = s; 2810 return XML_ERROR_NONE; 2811 } 2812 return XML_ERROR_NO_ELEMENTS; 2813 case XML_TOK_INVALID: 2814 *eventPP = next; 2815 return XML_ERROR_INVALID_TOKEN; 2816 case XML_TOK_PARTIAL: 2817 if (haveMore) { 2818 *nextPtr = s; 2819 return XML_ERROR_NONE; 2820 } 2821 return XML_ERROR_UNCLOSED_TOKEN; 2822 case XML_TOK_PARTIAL_CHAR: 2823 if (haveMore) { 2824 *nextPtr = s; 2825 return XML_ERROR_NONE; 2826 } 2827 return XML_ERROR_PARTIAL_CHAR; 2828 case XML_TOK_ENTITY_REF: { 2829 const XML_Char *name; 2830 ENTITY *entity; 2831 XML_Char ch = (XML_Char)XmlPredefinedEntityName( 2832 enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); 2833 if (ch) { 2834 #ifdef XML_DTD 2835 /* NOTE: We are replacing 4-6 characters original input for 1 character 2836 * so there is no amplification and hence recording without 2837 * protection. */ 2838 accountingDiffTolerated(parser, tok, (char *)&ch, 2839 ((char *)&ch) + sizeof(XML_Char), __LINE__, 2840 XML_ACCOUNT_ENTITY_EXPANSION); 2841 #endif /* XML_DTD */ 2842 if (parser->m_characterDataHandler) 2843 parser->m_characterDataHandler(parser->m_handlerArg, &ch, 1); 2844 else if (parser->m_defaultHandler) 2845 reportDefault(parser, enc, s, next); 2846 break; 2847 } 2848 name = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, 2849 next - enc->minBytesPerChar); 2850 if (! name) 2851 return XML_ERROR_NO_MEMORY; 2852 entity = (ENTITY *)lookup(parser, &dtd->generalEntities, name, 0); 2853 poolDiscard(&dtd->pool); 2854 /* First, determine if a check for an existing declaration is needed; 2855 if yes, check that the entity exists, and that it is internal, 2856 otherwise call the skipped entity or default handler. 2857 */ 2858 if (! dtd->hasParamEntityRefs || dtd->standalone) { 2859 if (! entity) 2860 return XML_ERROR_UNDEFINED_ENTITY; 2861 else if (! entity->is_internal) 2862 return XML_ERROR_ENTITY_DECLARED_IN_PE; 2863 } else if (! entity) { 2864 if (parser->m_skippedEntityHandler) 2865 parser->m_skippedEntityHandler(parser->m_handlerArg, name, 0); 2866 else if (parser->m_defaultHandler) 2867 reportDefault(parser, enc, s, next); 2868 break; 2869 } 2870 if (entity->open) 2871 return XML_ERROR_RECURSIVE_ENTITY_REF; 2872 if (entity->notation) 2873 return XML_ERROR_BINARY_ENTITY_REF; 2874 if (entity->textPtr) { 2875 enum XML_Error result; 2876 if (! parser->m_defaultExpandInternalEntities) { 2877 if (parser->m_skippedEntityHandler) 2878 parser->m_skippedEntityHandler(parser->m_handlerArg, entity->name, 2879 0); 2880 else if (parser->m_defaultHandler) 2881 reportDefault(parser, enc, s, next); 2882 break; 2883 } 2884 result = processInternalEntity(parser, entity, XML_FALSE); 2885 if (result != XML_ERROR_NONE) 2886 return result; 2887 } else if (parser->m_externalEntityRefHandler) { 2888 const XML_Char *context; 2889 entity->open = XML_TRUE; 2890 context = getContext(parser); 2891 entity->open = XML_FALSE; 2892 if (! context) 2893 return XML_ERROR_NO_MEMORY; 2894 if (! parser->m_externalEntityRefHandler( 2895 parser->m_externalEntityRefHandlerArg, context, entity->base, 2896 entity->systemId, entity->publicId)) 2897 return XML_ERROR_EXTERNAL_ENTITY_HANDLING; 2898 poolDiscard(&parser->m_tempPool); 2899 } else if (parser->m_defaultHandler) 2900 reportDefault(parser, enc, s, next); 2901 break; 2902 } 2903 case XML_TOK_START_TAG_NO_ATTS: 2904 /* fall through */ 2905 case XML_TOK_START_TAG_WITH_ATTS: { 2906 TAG *tag; 2907 enum XML_Error result; 2908 XML_Char *toPtr; 2909 if (parser->m_freeTagList) { 2910 tag = parser->m_freeTagList; 2911 parser->m_freeTagList = parser->m_freeTagList->parent; 2912 } else { 2913 tag = (TAG *)MALLOC(parser, sizeof(TAG)); 2914 if (! tag) 2915 return XML_ERROR_NO_MEMORY; 2916 tag->buf = (char *)MALLOC(parser, INIT_TAG_BUF_SIZE); 2917 if (! tag->buf) { 2918 FREE(parser, tag); 2919 return XML_ERROR_NO_MEMORY; 2920 } 2921 tag->bufEnd = tag->buf + INIT_TAG_BUF_SIZE; 2922 } 2923 tag->bindings = NULL; 2924 tag->parent = parser->m_tagStack; 2925 parser->m_tagStack = tag; 2926 tag->name.localPart = NULL; 2927 tag->name.prefix = NULL; 2928 tag->rawName = s + enc->minBytesPerChar; 2929 tag->rawNameLength = XmlNameLength(enc, tag->rawName); 2930 ++parser->m_tagLevel; 2931 { 2932 const char *rawNameEnd = tag->rawName + tag->rawNameLength; 2933 const char *fromPtr = tag->rawName; 2934 toPtr = (XML_Char *)tag->buf; 2935 for (;;) { 2936 int bufSize; 2937 int convLen; 2938 const enum XML_Convert_Result convert_res 2939 = XmlConvert(enc, &fromPtr, rawNameEnd, (ICHAR **)&toPtr, 2940 (ICHAR *)tag->bufEnd - 1); 2941 convLen = (int)(toPtr - (XML_Char *)tag->buf); 2942 if ((fromPtr >= rawNameEnd) 2943 || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { 2944 tag->name.strLen = convLen; 2945 break; 2946 } 2947 bufSize = (int)(tag->bufEnd - tag->buf) << 1; 2948 { 2949 char *temp = (char *)REALLOC(parser, tag->buf, bufSize); 2950 if (temp == NULL) 2951 return XML_ERROR_NO_MEMORY; 2952 tag->buf = temp; 2953 tag->bufEnd = temp + bufSize; 2954 toPtr = (XML_Char *)temp + convLen; 2955 } 2956 } 2957 } 2958 tag->name.str = (XML_Char *)tag->buf; 2959 *toPtr = XML_T('\0'); 2960 result 2961 = storeAtts(parser, enc, s, &(tag->name), &(tag->bindings), account); 2962 if (result) 2963 return result; 2964 if (parser->m_startElementHandler) 2965 parser->m_startElementHandler(parser->m_handlerArg, tag->name.str, 2966 (const XML_Char **)parser->m_atts); 2967 else if (parser->m_defaultHandler) 2968 reportDefault(parser, enc, s, next); 2969 poolClear(&parser->m_tempPool); 2970 break; 2971 } 2972 case XML_TOK_EMPTY_ELEMENT_NO_ATTS: 2973 /* fall through */ 2974 case XML_TOK_EMPTY_ELEMENT_WITH_ATTS: { 2975 const char *rawName = s + enc->minBytesPerChar; 2976 enum XML_Error result; 2977 BINDING *bindings = NULL; 2978 XML_Bool noElmHandlers = XML_TRUE; 2979 TAG_NAME name; 2980 name.str = poolStoreString(&parser->m_tempPool, enc, rawName, 2981 rawName + XmlNameLength(enc, rawName)); 2982 if (! name.str) 2983 return XML_ERROR_NO_MEMORY; 2984 poolFinish(&parser->m_tempPool); 2985 result = storeAtts(parser, enc, s, &name, &bindings, 2986 XML_ACCOUNT_NONE /* token spans whole start tag */); 2987 if (result != XML_ERROR_NONE) { 2988 freeBindings(parser, bindings); 2989 return result; 2990 } 2991 poolFinish(&parser->m_tempPool); 2992 if (parser->m_startElementHandler) { 2993 parser->m_startElementHandler(parser->m_handlerArg, name.str, 2994 (const XML_Char **)parser->m_atts); 2995 noElmHandlers = XML_FALSE; 2996 } 2997 if (parser->m_endElementHandler) { 2998 if (parser->m_startElementHandler) 2999 *eventPP = *eventEndPP; 3000 parser->m_endElementHandler(parser->m_handlerArg, name.str); 3001 noElmHandlers = XML_FALSE; 3002 } 3003 if (noElmHandlers && parser->m_defaultHandler) 3004 reportDefault(parser, enc, s, next); 3005 poolClear(&parser->m_tempPool); 3006 freeBindings(parser, bindings); 3007 } 3008 if ((parser->m_tagLevel == 0) 3009 && (parser->m_parsingStatus.parsing != XML_FINISHED)) { 3010 if (parser->m_parsingStatus.parsing == XML_SUSPENDED) 3011 parser->m_processor = epilogProcessor; 3012 else 3013 return epilogProcessor(parser, next, end, nextPtr); 3014 } 3015 break; 3016 case XML_TOK_END_TAG: 3017 if (parser->m_tagLevel == startTagLevel) 3018 return XML_ERROR_ASYNC_ENTITY; 3019 else { 3020 int len; 3021 const char *rawName; 3022 TAG *tag = parser->m_tagStack; 3023 rawName = s + enc->minBytesPerChar * 2; 3024 len = XmlNameLength(enc, rawName); 3025 if (len != tag->rawNameLength 3026 || memcmp(tag->rawName, rawName, len) != 0) { 3027 *eventPP = rawName; 3028 return XML_ERROR_TAG_MISMATCH; 3029 } 3030 parser->m_tagStack = tag->parent; 3031 tag->parent = parser->m_freeTagList; 3032 parser->m_freeTagList = tag; 3033 --parser->m_tagLevel; 3034 if (parser->m_endElementHandler) { 3035 const XML_Char *localPart; 3036 const XML_Char *prefix; 3037 XML_Char *uri; 3038 localPart = tag->name.localPart; 3039 if (parser->m_ns && localPart) { 3040 /* localPart and prefix may have been overwritten in 3041 tag->name.str, since this points to the binding->uri 3042 buffer which gets re-used; so we have to add them again 3043 */ 3044 uri = (XML_Char *)tag->name.str + tag->name.uriLen; 3045 /* don't need to check for space - already done in storeAtts() */ 3046 while (*localPart) 3047 *uri++ = *localPart++; 3048 prefix = (XML_Char *)tag->name.prefix; 3049 if (parser->m_ns_triplets && prefix) { 3050 *uri++ = parser->m_namespaceSeparator; 3051 while (*prefix) 3052 *uri++ = *prefix++; 3053 } 3054 *uri = XML_T('\0'); 3055 } 3056 parser->m_endElementHandler(parser->m_handlerArg, tag->name.str); 3057 } else if (parser->m_defaultHandler) 3058 reportDefault(parser, enc, s, next); 3059 while (tag->bindings) { 3060 BINDING *b = tag->bindings; 3061 if (parser->m_endNamespaceDeclHandler) 3062 parser->m_endNamespaceDeclHandler(parser->m_handlerArg, 3063 b->prefix->name); 3064 tag->bindings = tag->bindings->nextTagBinding; 3065 b->nextTagBinding = parser->m_freeBindingList; 3066 parser->m_freeBindingList = b; 3067 b->prefix->binding = b->prevPrefixBinding; 3068 } 3069 if ((parser->m_tagLevel == 0) 3070 && (parser->m_parsingStatus.parsing != XML_FINISHED)) { 3071 if (parser->m_parsingStatus.parsing == XML_SUSPENDED) 3072 parser->m_processor = epilogProcessor; 3073 else 3074 return epilogProcessor(parser, next, end, nextPtr); 3075 } 3076 } 3077 break; 3078 case XML_TOK_CHAR_REF: { 3079 int n = XmlCharRefNumber(enc, s); 3080 if (n < 0) 3081 return XML_ERROR_BAD_CHAR_REF; 3082 if (parser->m_characterDataHandler) { 3083 XML_Char buf[XML_ENCODE_MAX]; 3084 parser->m_characterDataHandler(parser->m_handlerArg, buf, 3085 XmlEncode(n, (ICHAR *)buf)); 3086 } else if (parser->m_defaultHandler) 3087 reportDefault(parser, enc, s, next); 3088 } break; 3089 case XML_TOK_XML_DECL: 3090 return XML_ERROR_MISPLACED_XML_PI; 3091 case XML_TOK_DATA_NEWLINE: 3092 if (parser->m_characterDataHandler) { 3093 XML_Char c = 0xA; 3094 parser->m_characterDataHandler(parser->m_handlerArg, &c, 1); 3095 } else if (parser->m_defaultHandler) 3096 reportDefault(parser, enc, s, next); 3097 break; 3098 case XML_TOK_CDATA_SECT_OPEN: { 3099 enum XML_Error result; 3100 if (parser->m_startCdataSectionHandler) 3101 parser->m_startCdataSectionHandler(parser->m_handlerArg); 3102 /* BEGIN disabled code */ 3103 /* Suppose you doing a transformation on a document that involves 3104 changing only the character data. You set up a defaultHandler 3105 and a characterDataHandler. The defaultHandler simply copies 3106 characters through. The characterDataHandler does the 3107 transformation and writes the characters out escaping them as 3108 necessary. This case will fail to work if we leave out the 3109 following two lines (because & and < inside CDATA sections will 3110 be incorrectly escaped). 3111 3112 However, now we have a start/endCdataSectionHandler, so it seems 3113 easier to let the user deal with this. 3114 */ 3115 else if (0 && parser->m_characterDataHandler) 3116 parser->m_characterDataHandler(parser->m_handlerArg, parser->m_dataBuf, 3117 0); 3118 /* END disabled code */ 3119 else if (parser->m_defaultHandler) 3120 reportDefault(parser, enc, s, next); 3121 result 3122 = doCdataSection(parser, enc, &next, end, nextPtr, haveMore, account); 3123 if (result != XML_ERROR_NONE) 3124 return result; 3125 else if (! next) { 3126 parser->m_processor = cdataSectionProcessor; 3127 return result; 3128 } 3129 } break; 3130 case XML_TOK_TRAILING_RSQB: 3131 if (haveMore) { 3132 *nextPtr = s; 3133 return XML_ERROR_NONE; 3134 } 3135 if (parser->m_characterDataHandler) { 3136 if (MUST_CONVERT(enc, s)) { 3137 ICHAR *dataPtr = (ICHAR *)parser->m_dataBuf; 3138 XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)parser->m_dataBufEnd); 3139 parser->m_characterDataHandler( 3140 parser->m_handlerArg, parser->m_dataBuf, 3141 (int)(dataPtr - (ICHAR *)parser->m_dataBuf)); 3142 } else 3143 parser->m_characterDataHandler( 3144 parser->m_handlerArg, (XML_Char *)s, 3145 (int)((XML_Char *)end - (XML_Char *)s)); 3146 } else if (parser->m_defaultHandler) 3147 reportDefault(parser, enc, s, end); 3148 /* We are at the end of the final buffer, should we check for 3149 XML_SUSPENDED, XML_FINISHED? 3150 */ 3151 if (startTagLevel == 0) { 3152 *eventPP = end; 3153 return XML_ERROR_NO_ELEMENTS; 3154 } 3155 if (parser->m_tagLevel != startTagLevel) { 3156 *eventPP = end; 3157 return XML_ERROR_ASYNC_ENTITY; 3158 } 3159 *nextPtr = end; 3160 return XML_ERROR_NONE; 3161 case XML_TOK_DATA_CHARS: { 3162 XML_CharacterDataHandler charDataHandler = parser->m_characterDataHandler; 3163 if (charDataHandler) { 3164 if (MUST_CONVERT(enc, s)) { 3165 for (;;) { 3166 ICHAR *dataPtr = (ICHAR *)parser->m_dataBuf; 3167 const enum XML_Convert_Result convert_res = XmlConvert( 3168 enc, &s, next, &dataPtr, (ICHAR *)parser->m_dataBufEnd); 3169 *eventEndPP = s; 3170 charDataHandler(parser->m_handlerArg, parser->m_dataBuf, 3171 (int)(dataPtr - (ICHAR *)parser->m_dataBuf)); 3172 if ((convert_res == XML_CONVERT_COMPLETED) 3173 || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) 3174 break; 3175 *eventPP = s; 3176 } 3177 } else 3178 charDataHandler(parser->m_handlerArg, (XML_Char *)s, 3179 (int)((XML_Char *)next - (XML_Char *)s)); 3180 } else if (parser->m_defaultHandler) 3181 reportDefault(parser, enc, s, next); 3182 } break; 3183 case XML_TOK_PI: 3184 if (! reportProcessingInstruction(parser, enc, s, next)) 3185 return XML_ERROR_NO_MEMORY; 3186 break; 3187 case XML_TOK_COMMENT: 3188 if (! reportComment(parser, enc, s, next)) 3189 return XML_ERROR_NO_MEMORY; 3190 break; 3191 default: 3192 /* All of the tokens produced by XmlContentTok() have their own 3193 * explicit cases, so this default is not strictly necessary. 3194 * However it is a useful safety net, so we retain the code and 3195 * simply exclude it from the coverage tests. 3196 * 3197 * LCOV_EXCL_START 3198 */ 3199 if (parser->m_defaultHandler) 3200 reportDefault(parser, enc, s, next); 3201 break; 3202 /* LCOV_EXCL_STOP */ 3203 } 3204 *eventPP = s = next; 3205 switch (parser->m_parsingStatus.parsing) { 3206 case XML_SUSPENDED: 3207 *nextPtr = next; 3208 return XML_ERROR_NONE; 3209 case XML_FINISHED: 3210 return XML_ERROR_ABORTED; 3211 default:; 3212 } 3213 } 3214 /* not reached */ 3215 } 3216 3217 /* This function does not call free() on the allocated memory, merely 3218 * moving it to the parser's m_freeBindingList where it can be freed or 3219 * reused as appropriate. 3220 */ 3221 static void 3222 freeBindings(XML_Parser parser, BINDING *bindings) { 3223 while (bindings) { 3224 BINDING *b = bindings; 3225 3226 /* m_startNamespaceDeclHandler will have been called for this 3227 * binding in addBindings(), so call the end handler now. 3228 */ 3229 if (parser->m_endNamespaceDeclHandler) 3230 parser->m_endNamespaceDeclHandler(parser->m_handlerArg, b->prefix->name); 3231 3232 bindings = bindings->nextTagBinding; 3233 b->nextTagBinding = parser->m_freeBindingList; 3234 parser->m_freeBindingList = b; 3235 b->prefix->binding = b->prevPrefixBinding; 3236 } 3237 } 3238 3239 /* Precondition: all arguments must be non-NULL; 3240 Purpose: 3241 - normalize attributes 3242 - check attributes for well-formedness 3243 - generate namespace aware attribute names (URI, prefix) 3244 - build list of attributes for startElementHandler 3245 - default attributes 3246 - process namespace declarations (check and report them) 3247 - generate namespace aware element name (URI, prefix) 3248 */ 3249 static enum XML_Error 3250 storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, 3251 TAG_NAME *tagNamePtr, BINDING **bindingsPtr, 3252 enum XML_Account account) { 3253 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 3254 ELEMENT_TYPE *elementType; 3255 int nDefaultAtts; 3256 const XML_Char **appAtts; /* the attribute list for the application */ 3257 int attIndex = 0; 3258 int prefixLen; 3259 int i; 3260 int n; 3261 XML_Char *uri; 3262 int nPrefixes = 0; 3263 BINDING *binding; 3264 const XML_Char *localPart; 3265 3266 /* lookup the element type name */ 3267 elementType 3268 = (ELEMENT_TYPE *)lookup(parser, &dtd->elementTypes, tagNamePtr->str, 0); 3269 if (! elementType) { 3270 const XML_Char *name = poolCopyString(&dtd->pool, tagNamePtr->str); 3271 if (! name) 3272 return XML_ERROR_NO_MEMORY; 3273 elementType = (ELEMENT_TYPE *)lookup(parser, &dtd->elementTypes, name, 3274 sizeof(ELEMENT_TYPE)); 3275 if (! elementType) 3276 return XML_ERROR_NO_MEMORY; 3277 if (parser->m_ns && ! setElementTypePrefix(parser, elementType)) 3278 return XML_ERROR_NO_MEMORY; 3279 } 3280 nDefaultAtts = elementType->nDefaultAtts; 3281 3282 /* get the attributes from the tokenizer */ 3283 n = XmlGetAttributes(enc, attStr, parser->m_attsSize, parser->m_atts); 3284 3285 /* Detect and prevent integer overflow */ 3286 if (n > INT_MAX - nDefaultAtts) { 3287 return XML_ERROR_NO_MEMORY; 3288 } 3289 3290 if (n + nDefaultAtts > parser->m_attsSize) { 3291 int oldAttsSize = parser->m_attsSize; 3292 ATTRIBUTE *temp; 3293 #ifdef XML_ATTR_INFO 3294 XML_AttrInfo *temp2; 3295 #endif 3296 3297 /* Detect and prevent integer overflow */ 3298 if ((nDefaultAtts > INT_MAX - INIT_ATTS_SIZE) 3299 || (n > INT_MAX - (nDefaultAtts + INIT_ATTS_SIZE))) { 3300 return XML_ERROR_NO_MEMORY; 3301 } 3302 3303 parser->m_attsSize = n + nDefaultAtts + INIT_ATTS_SIZE; 3304 3305 /* Detect and prevent integer overflow. 3306 * The preprocessor guard addresses the "always false" warning 3307 * from -Wtype-limits on platforms where 3308 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 3309 #if UINT_MAX >= SIZE_MAX 3310 if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(ATTRIBUTE)) { 3311 parser->m_attsSize = oldAttsSize; 3312 return XML_ERROR_NO_MEMORY; 3313 } 3314 #endif 3315 3316 temp = (ATTRIBUTE *)REALLOC(parser, (void *)parser->m_atts, 3317 parser->m_attsSize * sizeof(ATTRIBUTE)); 3318 if (temp == NULL) { 3319 parser->m_attsSize = oldAttsSize; 3320 return XML_ERROR_NO_MEMORY; 3321 } 3322 parser->m_atts = temp; 3323 #ifdef XML_ATTR_INFO 3324 /* Detect and prevent integer overflow. 3325 * The preprocessor guard addresses the "always false" warning 3326 * from -Wtype-limits on platforms where 3327 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 3328 # if UINT_MAX >= SIZE_MAX 3329 if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(XML_AttrInfo)) { 3330 parser->m_attsSize = oldAttsSize; 3331 return XML_ERROR_NO_MEMORY; 3332 } 3333 # endif 3334 3335 temp2 = (XML_AttrInfo *)REALLOC(parser, (void *)parser->m_attInfo, 3336 parser->m_attsSize * sizeof(XML_AttrInfo)); 3337 if (temp2 == NULL) { 3338 parser->m_attsSize = oldAttsSize; 3339 return XML_ERROR_NO_MEMORY; 3340 } 3341 parser->m_attInfo = temp2; 3342 #endif 3343 if (n > oldAttsSize) 3344 XmlGetAttributes(enc, attStr, n, parser->m_atts); 3345 } 3346 3347 appAtts = (const XML_Char **)parser->m_atts; 3348 for (i = 0; i < n; i++) { 3349 ATTRIBUTE *currAtt = &parser->m_atts[i]; 3350 #ifdef XML_ATTR_INFO 3351 XML_AttrInfo *currAttInfo = &parser->m_attInfo[i]; 3352 #endif 3353 /* add the name and value to the attribute list */ 3354 ATTRIBUTE_ID *attId 3355 = getAttributeId(parser, enc, currAtt->name, 3356 currAtt->name + XmlNameLength(enc, currAtt->name)); 3357 if (! attId) 3358 return XML_ERROR_NO_MEMORY; 3359 #ifdef XML_ATTR_INFO 3360 currAttInfo->nameStart 3361 = parser->m_parseEndByteIndex - (parser->m_parseEndPtr - currAtt->name); 3362 currAttInfo->nameEnd 3363 = currAttInfo->nameStart + XmlNameLength(enc, currAtt->name); 3364 currAttInfo->valueStart = parser->m_parseEndByteIndex 3365 - (parser->m_parseEndPtr - currAtt->valuePtr); 3366 currAttInfo->valueEnd = parser->m_parseEndByteIndex 3367 - (parser->m_parseEndPtr - currAtt->valueEnd); 3368 #endif 3369 /* Detect duplicate attributes by their QNames. This does not work when 3370 namespace processing is turned on and different prefixes for the same 3371 namespace are used. For this case we have a check further down. 3372 */ 3373 if ((attId->name)[-1]) { 3374 if (enc == parser->m_encoding) 3375 parser->m_eventPtr = parser->m_atts[i].name; 3376 return XML_ERROR_DUPLICATE_ATTRIBUTE; 3377 } 3378 (attId->name)[-1] = 1; 3379 appAtts[attIndex++] = attId->name; 3380 if (! parser->m_atts[i].normalized) { 3381 enum XML_Error result; 3382 XML_Bool isCdata = XML_TRUE; 3383 3384 /* figure out whether declared as other than CDATA */ 3385 if (attId->maybeTokenized) { 3386 int j; 3387 for (j = 0; j < nDefaultAtts; j++) { 3388 if (attId == elementType->defaultAtts[j].id) { 3389 isCdata = elementType->defaultAtts[j].isCdata; 3390 break; 3391 } 3392 } 3393 } 3394 3395 /* normalize the attribute value */ 3396 result = storeAttributeValue( 3397 parser, enc, isCdata, parser->m_atts[i].valuePtr, 3398 parser->m_atts[i].valueEnd, &parser->m_tempPool, account); 3399 if (result) 3400 return result; 3401 appAtts[attIndex] = poolStart(&parser->m_tempPool); 3402 poolFinish(&parser->m_tempPool); 3403 } else { 3404 /* the value did not need normalizing */ 3405 appAtts[attIndex] = poolStoreString(&parser->m_tempPool, enc, 3406 parser->m_atts[i].valuePtr, 3407 parser->m_atts[i].valueEnd); 3408 if (appAtts[attIndex] == 0) 3409 return XML_ERROR_NO_MEMORY; 3410 poolFinish(&parser->m_tempPool); 3411 } 3412 /* handle prefixed attribute names */ 3413 if (attId->prefix) { 3414 if (attId->xmlns) { 3415 /* deal with namespace declarations here */ 3416 enum XML_Error result = addBinding(parser, attId->prefix, attId, 3417 appAtts[attIndex], bindingsPtr); 3418 if (result) 3419 return result; 3420 --attIndex; 3421 } else { 3422 /* deal with other prefixed names later */ 3423 attIndex++; 3424 nPrefixes++; 3425 (attId->name)[-1] = 2; 3426 } 3427 } else 3428 attIndex++; 3429 } 3430 3431 /* set-up for XML_GetSpecifiedAttributeCount and XML_GetIdAttributeIndex */ 3432 parser->m_nSpecifiedAtts = attIndex; 3433 if (elementType->idAtt && (elementType->idAtt->name)[-1]) { 3434 for (i = 0; i < attIndex; i += 2) 3435 if (appAtts[i] == elementType->idAtt->name) { 3436 parser->m_idAttIndex = i; 3437 break; 3438 } 3439 } else 3440 parser->m_idAttIndex = -1; 3441 3442 /* do attribute defaulting */ 3443 for (i = 0; i < nDefaultAtts; i++) { 3444 const DEFAULT_ATTRIBUTE *da = elementType->defaultAtts + i; 3445 if (! (da->id->name)[-1] && da->value) { 3446 if (da->id->prefix) { 3447 if (da->id->xmlns) { 3448 enum XML_Error result = addBinding(parser, da->id->prefix, da->id, 3449 da->value, bindingsPtr); 3450 if (result) 3451 return result; 3452 } else { 3453 (da->id->name)[-1] = 2; 3454 nPrefixes++; 3455 appAtts[attIndex++] = da->id->name; 3456 appAtts[attIndex++] = da->value; 3457 } 3458 } else { 3459 (da->id->name)[-1] = 1; 3460 appAtts[attIndex++] = da->id->name; 3461 appAtts[attIndex++] = da->value; 3462 } 3463 } 3464 } 3465 appAtts[attIndex] = 0; 3466 3467 /* expand prefixed attribute names, check for duplicates, 3468 and clear flags that say whether attributes were specified */ 3469 i = 0; 3470 if (nPrefixes) { 3471 int j; /* hash table index */ 3472 unsigned long version = parser->m_nsAttsVersion; 3473 3474 /* Detect and prevent invalid shift */ 3475 if (parser->m_nsAttsPower >= sizeof(unsigned int) * 8 /* bits per byte */) { 3476 return XML_ERROR_NO_MEMORY; 3477 } 3478 3479 unsigned int nsAttsSize = 1u << parser->m_nsAttsPower; 3480 unsigned char oldNsAttsPower = parser->m_nsAttsPower; 3481 /* size of hash table must be at least 2 * (# of prefixed attributes) */ 3482 if ((nPrefixes << 1) 3483 >> parser->m_nsAttsPower) { /* true for m_nsAttsPower = 0 */ 3484 NS_ATT *temp; 3485 /* hash table size must also be a power of 2 and >= 8 */ 3486 while (nPrefixes >> parser->m_nsAttsPower++) 3487 ; 3488 if (parser->m_nsAttsPower < 3) 3489 parser->m_nsAttsPower = 3; 3490 3491 /* Detect and prevent invalid shift */ 3492 if (parser->m_nsAttsPower >= sizeof(nsAttsSize) * 8 /* bits per byte */) { 3493 /* Restore actual size of memory in m_nsAtts */ 3494 parser->m_nsAttsPower = oldNsAttsPower; 3495 return XML_ERROR_NO_MEMORY; 3496 } 3497 3498 nsAttsSize = 1u << parser->m_nsAttsPower; 3499 3500 /* Detect and prevent integer overflow. 3501 * The preprocessor guard addresses the "always false" warning 3502 * from -Wtype-limits on platforms where 3503 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 3504 #if UINT_MAX >= SIZE_MAX 3505 if (nsAttsSize > (size_t)(-1) / sizeof(NS_ATT)) { 3506 /* Restore actual size of memory in m_nsAtts */ 3507 parser->m_nsAttsPower = oldNsAttsPower; 3508 return XML_ERROR_NO_MEMORY; 3509 } 3510 #endif 3511 3512 temp = (NS_ATT *)REALLOC(parser, parser->m_nsAtts, 3513 nsAttsSize * sizeof(NS_ATT)); 3514 if (! temp) { 3515 /* Restore actual size of memory in m_nsAtts */ 3516 parser->m_nsAttsPower = oldNsAttsPower; 3517 return XML_ERROR_NO_MEMORY; 3518 } 3519 parser->m_nsAtts = temp; 3520 version = 0; /* force re-initialization of m_nsAtts hash table */ 3521 } 3522 /* using a version flag saves us from initializing m_nsAtts every time */ 3523 if (! version) { /* initialize version flags when version wraps around */ 3524 version = INIT_ATTS_VERSION; 3525 for (j = nsAttsSize; j != 0;) 3526 parser->m_nsAtts[--j].version = version; 3527 } 3528 parser->m_nsAttsVersion = --version; 3529 3530 /* expand prefixed names and check for duplicates */ 3531 for (; i < attIndex; i += 2) { 3532 const XML_Char *s = appAtts[i]; 3533 if (s[-1] == 2) { /* prefixed */ 3534 ATTRIBUTE_ID *id; 3535 const BINDING *b; 3536 unsigned long uriHash; 3537 struct siphash sip_state; 3538 struct sipkey sip_key; 3539 3540 copy_salt_to_sipkey(parser, &sip_key); 3541 sip24_init(&sip_state, &sip_key); 3542 3543 ((XML_Char *)s)[-1] = 0; /* clear flag */ 3544 id = (ATTRIBUTE_ID *)lookup(parser, &dtd->attributeIds, s, 0); 3545 if (! id || ! id->prefix) { 3546 /* This code is walking through the appAtts array, dealing 3547 * with (in this case) a prefixed attribute name. To be in 3548 * the array, the attribute must have already been bound, so 3549 * has to have passed through the hash table lookup once 3550 * already. That implies that an entry for it already 3551 * exists, so the lookup above will return a pointer to 3552 * already allocated memory. There is no opportunaity for 3553 * the allocator to fail, so the condition above cannot be 3554 * fulfilled. 3555 * 3556 * Since it is difficult to be certain that the above 3557 * analysis is complete, we retain the test and merely 3558 * remove the code from coverage tests. 3559 */ 3560 return XML_ERROR_NO_MEMORY; /* LCOV_EXCL_LINE */ 3561 } 3562 b = id->prefix->binding; 3563 if (! b) 3564 return XML_ERROR_UNBOUND_PREFIX; 3565 3566 for (j = 0; j < b->uriLen; j++) { 3567 const XML_Char c = b->uri[j]; 3568 if (! poolAppendChar(&parser->m_tempPool, c)) 3569 return XML_ERROR_NO_MEMORY; 3570 } 3571 3572 sip24_update(&sip_state, b->uri, b->uriLen * sizeof(XML_Char)); 3573 3574 while (*s++ != XML_T(ASCII_COLON)) 3575 ; 3576 3577 sip24_update(&sip_state, s, keylen(s) * sizeof(XML_Char)); 3578 3579 do { /* copies null terminator */ 3580 if (! poolAppendChar(&parser->m_tempPool, *s)) 3581 return XML_ERROR_NO_MEMORY; 3582 } while (*s++); 3583 3584 uriHash = (unsigned long)sip24_final(&sip_state); 3585 3586 { /* Check hash table for duplicate of expanded name (uriName). 3587 Derived from code in lookup(parser, HASH_TABLE *table, ...). 3588 */ 3589 unsigned char step = 0; 3590 unsigned long mask = nsAttsSize - 1; 3591 j = uriHash & mask; /* index into hash table */ 3592 while (parser->m_nsAtts[j].version == version) { 3593 /* for speed we compare stored hash values first */ 3594 if (uriHash == parser->m_nsAtts[j].hash) { 3595 const XML_Char *s1 = poolStart(&parser->m_tempPool); 3596 const XML_Char *s2 = parser->m_nsAtts[j].uriName; 3597 /* s1 is null terminated, but not s2 */ 3598 for (; *s1 == *s2 && *s1 != 0; s1++, s2++) 3599 ; 3600 if (*s1 == 0) 3601 return XML_ERROR_DUPLICATE_ATTRIBUTE; 3602 } 3603 if (! step) 3604 step = PROBE_STEP(uriHash, mask, parser->m_nsAttsPower); 3605 j < step ? (j += nsAttsSize - step) : (j -= step); 3606 } 3607 } 3608 3609 if (parser->m_ns_triplets) { /* append namespace separator and prefix */ 3610 parser->m_tempPool.ptr[-1] = parser->m_namespaceSeparator; 3611 s = b->prefix->name; 3612 do { 3613 if (! poolAppendChar(&parser->m_tempPool, *s)) 3614 return XML_ERROR_NO_MEMORY; 3615 } while (*s++); 3616 } 3617 3618 /* store expanded name in attribute list */ 3619 s = poolStart(&parser->m_tempPool); 3620 poolFinish(&parser->m_tempPool); 3621 appAtts[i] = s; 3622 3623 /* fill empty slot with new version, uriName and hash value */ 3624 parser->m_nsAtts[j].version = version; 3625 parser->m_nsAtts[j].hash = uriHash; 3626 parser->m_nsAtts[j].uriName = s; 3627 3628 if (! --nPrefixes) { 3629 i += 2; 3630 break; 3631 } 3632 } else /* not prefixed */ 3633 ((XML_Char *)s)[-1] = 0; /* clear flag */ 3634 } 3635 } 3636 /* clear flags for the remaining attributes */ 3637 for (; i < attIndex; i += 2) 3638 ((XML_Char *)(appAtts[i]))[-1] = 0; 3639 for (binding = *bindingsPtr; binding; binding = binding->nextTagBinding) 3640 binding->attId->name[-1] = 0; 3641 3642 if (! parser->m_ns) 3643 return XML_ERROR_NONE; 3644 3645 /* expand the element type name */ 3646 if (elementType->prefix) { 3647 binding = elementType->prefix->binding; 3648 if (! binding) 3649 return XML_ERROR_UNBOUND_PREFIX; 3650 localPart = tagNamePtr->str; 3651 while (*localPart++ != XML_T(ASCII_COLON)) 3652 ; 3653 } else if (dtd->defaultPrefix.binding) { 3654 binding = dtd->defaultPrefix.binding; 3655 localPart = tagNamePtr->str; 3656 } else 3657 return XML_ERROR_NONE; 3658 prefixLen = 0; 3659 if (parser->m_ns_triplets && binding->prefix->name) { 3660 for (; binding->prefix->name[prefixLen++];) 3661 ; /* prefixLen includes null terminator */ 3662 } 3663 tagNamePtr->localPart = localPart; 3664 tagNamePtr->uriLen = binding->uriLen; 3665 tagNamePtr->prefix = binding->prefix->name; 3666 tagNamePtr->prefixLen = prefixLen; 3667 for (i = 0; localPart[i++];) 3668 ; /* i includes null terminator */ 3669 3670 /* Detect and prevent integer overflow */ 3671 if (binding->uriLen > INT_MAX - prefixLen 3672 || i > INT_MAX - (binding->uriLen + prefixLen)) { 3673 return XML_ERROR_NO_MEMORY; 3674 } 3675 3676 n = i + binding->uriLen + prefixLen; 3677 if (n > binding->uriAlloc) { 3678 TAG *p; 3679 3680 /* Detect and prevent integer overflow */ 3681 if (n > INT_MAX - EXPAND_SPARE) { 3682 return XML_ERROR_NO_MEMORY; 3683 } 3684 /* Detect and prevent integer overflow. 3685 * The preprocessor guard addresses the "always false" warning 3686 * from -Wtype-limits on platforms where 3687 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 3688 #if UINT_MAX >= SIZE_MAX 3689 if ((unsigned)(n + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) { 3690 return XML_ERROR_NO_MEMORY; 3691 } 3692 #endif 3693 3694 uri = (XML_Char *)MALLOC(parser, (n + EXPAND_SPARE) * sizeof(XML_Char)); 3695 if (! uri) 3696 return XML_ERROR_NO_MEMORY; 3697 binding->uriAlloc = n + EXPAND_SPARE; 3698 memcpy(uri, binding->uri, binding->uriLen * sizeof(XML_Char)); 3699 for (p = parser->m_tagStack; p; p = p->parent) 3700 if (p->name.str == binding->uri) 3701 p->name.str = uri; 3702 FREE(parser, binding->uri); 3703 binding->uri = uri; 3704 } 3705 /* if m_namespaceSeparator != '\0' then uri includes it already */ 3706 uri = binding->uri + binding->uriLen; 3707 memcpy(uri, localPart, i * sizeof(XML_Char)); 3708 /* we always have a namespace separator between localPart and prefix */ 3709 if (prefixLen) { 3710 uri += i - 1; 3711 *uri = parser->m_namespaceSeparator; /* replace null terminator */ 3712 memcpy(uri + 1, binding->prefix->name, prefixLen * sizeof(XML_Char)); 3713 } 3714 tagNamePtr->str = binding->uri; 3715 return XML_ERROR_NONE; 3716 } 3717 3718 static XML_Bool 3719 is_rfc3986_uri_char(XML_Char candidate) { 3720 // For the RFC 3986 ANBF grammar see 3721 // https://datatracker.ietf.org/doc/html/rfc3986#appendix-A 3722 3723 switch (candidate) { 3724 // From rule "ALPHA" (uppercase half) 3725 case 'A': 3726 case 'B': 3727 case 'C': 3728 case 'D': 3729 case 'E': 3730 case 'F': 3731 case 'G': 3732 case 'H': 3733 case 'I': 3734 case 'J': 3735 case 'K': 3736 case 'L': 3737 case 'M': 3738 case 'N': 3739 case 'O': 3740 case 'P': 3741 case 'Q': 3742 case 'R': 3743 case 'S': 3744 case 'T': 3745 case 'U': 3746 case 'V': 3747 case 'W': 3748 case 'X': 3749 case 'Y': 3750 case 'Z': 3751 3752 // From rule "ALPHA" (lowercase half) 3753 case 'a': 3754 case 'b': 3755 case 'c': 3756 case 'd': 3757 case 'e': 3758 case 'f': 3759 case 'g': 3760 case 'h': 3761 case 'i': 3762 case 'j': 3763 case 'k': 3764 case 'l': 3765 case 'm': 3766 case 'n': 3767 case 'o': 3768 case 'p': 3769 case 'q': 3770 case 'r': 3771 case 's': 3772 case 't': 3773 case 'u': 3774 case 'v': 3775 case 'w': 3776 case 'x': 3777 case 'y': 3778 case 'z': 3779 3780 // From rule "DIGIT" 3781 case '0': 3782 case '1': 3783 case '2': 3784 case '3': 3785 case '4': 3786 case '5': 3787 case '6': 3788 case '7': 3789 case '8': 3790 case '9': 3791 3792 // From rule "pct-encoded" 3793 case '%': 3794 3795 // From rule "unreserved" 3796 case '-': 3797 case '.': 3798 case '_': 3799 case '~': 3800 3801 // From rule "gen-delims" 3802 case ':': 3803 case '/': 3804 case '?': 3805 case '#': 3806 case '[': 3807 case ']': 3808 case '@': 3809 3810 // From rule "sub-delims" 3811 case '!': 3812 case '$': 3813 case '&': 3814 case '\'': 3815 case '(': 3816 case ')': 3817 case '*': 3818 case '+': 3819 case ',': 3820 case ';': 3821 case '=': 3822 return XML_TRUE; 3823 3824 default: 3825 return XML_FALSE; 3826 } 3827 } 3828 3829 /* addBinding() overwrites the value of prefix->binding without checking. 3830 Therefore one must keep track of the old value outside of addBinding(). 3831 */ 3832 static enum XML_Error 3833 addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, 3834 const XML_Char *uri, BINDING **bindingsPtr) { 3835 // "http://www.w3.org/XML/1998/namespace" 3836 static const XML_Char xmlNamespace[] 3837 = {ASCII_h, ASCII_t, ASCII_t, ASCII_p, ASCII_COLON, 3838 ASCII_SLASH, ASCII_SLASH, ASCII_w, ASCII_w, ASCII_w, 3839 ASCII_PERIOD, ASCII_w, ASCII_3, ASCII_PERIOD, ASCII_o, 3840 ASCII_r, ASCII_g, ASCII_SLASH, ASCII_X, ASCII_M, 3841 ASCII_L, ASCII_SLASH, ASCII_1, ASCII_9, ASCII_9, 3842 ASCII_8, ASCII_SLASH, ASCII_n, ASCII_a, ASCII_m, 3843 ASCII_e, ASCII_s, ASCII_p, ASCII_a, ASCII_c, 3844 ASCII_e, '\0'}; 3845 static const int xmlLen = (int)sizeof(xmlNamespace) / sizeof(XML_Char) - 1; 3846 // "http://www.w3.org/2000/xmlns/" 3847 static const XML_Char xmlnsNamespace[] 3848 = {ASCII_h, ASCII_t, ASCII_t, ASCII_p, ASCII_COLON, ASCII_SLASH, 3849 ASCII_SLASH, ASCII_w, ASCII_w, ASCII_w, ASCII_PERIOD, ASCII_w, 3850 ASCII_3, ASCII_PERIOD, ASCII_o, ASCII_r, ASCII_g, ASCII_SLASH, 3851 ASCII_2, ASCII_0, ASCII_0, ASCII_0, ASCII_SLASH, ASCII_x, 3852 ASCII_m, ASCII_l, ASCII_n, ASCII_s, ASCII_SLASH, '\0'}; 3853 static const int xmlnsLen 3854 = (int)sizeof(xmlnsNamespace) / sizeof(XML_Char) - 1; 3855 3856 XML_Bool mustBeXML = XML_FALSE; 3857 XML_Bool isXML = XML_TRUE; 3858 XML_Bool isXMLNS = XML_TRUE; 3859 3860 BINDING *b; 3861 int len; 3862 3863 /* empty URI is only valid for default namespace per XML NS 1.0 (not 1.1) */ 3864 if (*uri == XML_T('\0') && prefix->name) 3865 return XML_ERROR_UNDECLARING_PREFIX; 3866 3867 if (prefix->name && prefix->name[0] == XML_T(ASCII_x) 3868 && prefix->name[1] == XML_T(ASCII_m) 3869 && prefix->name[2] == XML_T(ASCII_l)) { 3870 /* Not allowed to bind xmlns */ 3871 if (prefix->name[3] == XML_T(ASCII_n) && prefix->name[4] == XML_T(ASCII_s) 3872 && prefix->name[5] == XML_T('\0')) 3873 return XML_ERROR_RESERVED_PREFIX_XMLNS; 3874 3875 if (prefix->name[3] == XML_T('\0')) 3876 mustBeXML = XML_TRUE; 3877 } 3878 3879 for (len = 0; uri[len]; len++) { 3880 if (isXML && (len > xmlLen || uri[len] != xmlNamespace[len])) 3881 isXML = XML_FALSE; 3882 3883 if (! mustBeXML && isXMLNS 3884 && (len > xmlnsLen || uri[len] != xmlnsNamespace[len])) 3885 isXMLNS = XML_FALSE; 3886 3887 // NOTE: While Expat does not validate namespace URIs against RFC 3986 3888 // today (and is not REQUIRED to do so with regard to the XML 1.0 3889 // namespaces specification) we have to at least make sure, that 3890 // the application on top of Expat (that is likely splitting expanded 3891 // element names ("qualified names") of form 3892 // "[uri sep] local [sep prefix] '\0'" back into 1, 2 or 3 pieces 3893 // in its element handler code) cannot be confused by an attacker 3894 // putting additional namespace separator characters into namespace 3895 // declarations. That would be ambiguous and not to be expected. 3896 // 3897 // While the HTML API docs of function XML_ParserCreateNS have been 3898 // advising against use of a namespace separator character that can 3899 // appear in a URI for >20 years now, some widespread applications 3900 // are using URI characters (':' (colon) in particular) for a 3901 // namespace separator, in practice. To keep these applications 3902 // functional, we only reject namespaces URIs containing the 3903 // application-chosen namespace separator if the chosen separator 3904 // is a non-URI character with regard to RFC 3986. 3905 if (parser->m_ns && (uri[len] == parser->m_namespaceSeparator) 3906 && ! is_rfc3986_uri_char(uri[len])) { 3907 return XML_ERROR_SYNTAX; 3908 } 3909 } 3910 isXML = isXML && len == xmlLen; 3911 isXMLNS = isXMLNS && len == xmlnsLen; 3912 3913 if (mustBeXML != isXML) 3914 return mustBeXML ? XML_ERROR_RESERVED_PREFIX_XML 3915 : XML_ERROR_RESERVED_NAMESPACE_URI; 3916 3917 if (isXMLNS) 3918 return XML_ERROR_RESERVED_NAMESPACE_URI; 3919 3920 if (parser->m_namespaceSeparator) 3921 len++; 3922 if (parser->m_freeBindingList) { 3923 b = parser->m_freeBindingList; 3924 if (len > b->uriAlloc) { 3925 /* Detect and prevent integer overflow */ 3926 if (len > INT_MAX - EXPAND_SPARE) { 3927 return XML_ERROR_NO_MEMORY; 3928 } 3929 3930 /* Detect and prevent integer overflow. 3931 * The preprocessor guard addresses the "always false" warning 3932 * from -Wtype-limits on platforms where 3933 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 3934 #if UINT_MAX >= SIZE_MAX 3935 if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) { 3936 return XML_ERROR_NO_MEMORY; 3937 } 3938 #endif 3939 3940 XML_Char *temp = (XML_Char *)REALLOC( 3941 parser, b->uri, sizeof(XML_Char) * (len + EXPAND_SPARE)); 3942 if (temp == NULL) 3943 return XML_ERROR_NO_MEMORY; 3944 b->uri = temp; 3945 b->uriAlloc = len + EXPAND_SPARE; 3946 } 3947 parser->m_freeBindingList = b->nextTagBinding; 3948 } else { 3949 b = (BINDING *)MALLOC(parser, sizeof(BINDING)); 3950 if (! b) 3951 return XML_ERROR_NO_MEMORY; 3952 3953 /* Detect and prevent integer overflow */ 3954 if (len > INT_MAX - EXPAND_SPARE) { 3955 return XML_ERROR_NO_MEMORY; 3956 } 3957 /* Detect and prevent integer overflow. 3958 * The preprocessor guard addresses the "always false" warning 3959 * from -Wtype-limits on platforms where 3960 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 3961 #if UINT_MAX >= SIZE_MAX 3962 if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) { 3963 return XML_ERROR_NO_MEMORY; 3964 } 3965 #endif 3966 3967 b->uri 3968 = (XML_Char *)MALLOC(parser, sizeof(XML_Char) * (len + EXPAND_SPARE)); 3969 if (! b->uri) { 3970 FREE(parser, b); 3971 return XML_ERROR_NO_MEMORY; 3972 } 3973 b->uriAlloc = len + EXPAND_SPARE; 3974 } 3975 b->uriLen = len; 3976 memcpy(b->uri, uri, len * sizeof(XML_Char)); 3977 if (parser->m_namespaceSeparator) 3978 b->uri[len - 1] = parser->m_namespaceSeparator; 3979 b->prefix = prefix; 3980 b->attId = attId; 3981 b->prevPrefixBinding = prefix->binding; 3982 /* NULL binding when default namespace undeclared */ 3983 if (*uri == XML_T('\0') && prefix == &parser->m_dtd->defaultPrefix) 3984 prefix->binding = NULL; 3985 else 3986 prefix->binding = b; 3987 b->nextTagBinding = *bindingsPtr; 3988 *bindingsPtr = b; 3989 /* if attId == NULL then we are not starting a namespace scope */ 3990 if (attId && parser->m_startNamespaceDeclHandler) 3991 parser->m_startNamespaceDeclHandler(parser->m_handlerArg, prefix->name, 3992 prefix->binding ? uri : 0); 3993 return XML_ERROR_NONE; 3994 } 3995 3996 /* The idea here is to avoid using stack for each CDATA section when 3997 the whole file is parsed with one call. 3998 */ 3999 static enum XML_Error PTRCALL 4000 cdataSectionProcessor(XML_Parser parser, const char *start, const char *end, 4001 const char **endPtr) { 4002 enum XML_Error result = doCdataSection( 4003 parser, parser->m_encoding, &start, end, endPtr, 4004 (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_ACCOUNT_DIRECT); 4005 if (result != XML_ERROR_NONE) 4006 return result; 4007 if (start) { 4008 if (parser->m_parentParser) { /* we are parsing an external entity */ 4009 parser->m_processor = externalEntityContentProcessor; 4010 return externalEntityContentProcessor(parser, start, end, endPtr); 4011 } else { 4012 parser->m_processor = contentProcessor; 4013 return contentProcessor(parser, start, end, endPtr); 4014 } 4015 } 4016 return result; 4017 } 4018 4019 /* startPtr gets set to non-null if the section is closed, and to null if 4020 the section is not yet closed. 4021 */ 4022 static enum XML_Error 4023 doCdataSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, 4024 const char *end, const char **nextPtr, XML_Bool haveMore, 4025 enum XML_Account account) { 4026 const char *s = *startPtr; 4027 const char **eventPP; 4028 const char **eventEndPP; 4029 if (enc == parser->m_encoding) { 4030 eventPP = &parser->m_eventPtr; 4031 *eventPP = s; 4032 eventEndPP = &parser->m_eventEndPtr; 4033 } else { 4034 eventPP = &(parser->m_openInternalEntities->internalEventPtr); 4035 eventEndPP = &(parser->m_openInternalEntities->internalEventEndPtr); 4036 } 4037 *eventPP = s; 4038 *startPtr = NULL; 4039 4040 for (;;) { 4041 const char *next = s; /* in case of XML_TOK_NONE or XML_TOK_PARTIAL */ 4042 int tok = XmlCdataSectionTok(enc, s, end, &next); 4043 #ifdef XML_DTD 4044 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, account)) { 4045 accountingOnAbort(parser); 4046 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 4047 } 4048 #else 4049 UNUSED_P(account); 4050 #endif 4051 *eventEndPP = next; 4052 switch (tok) { 4053 case XML_TOK_CDATA_SECT_CLOSE: 4054 if (parser->m_endCdataSectionHandler) 4055 parser->m_endCdataSectionHandler(parser->m_handlerArg); 4056 /* BEGIN disabled code */ 4057 /* see comment under XML_TOK_CDATA_SECT_OPEN */ 4058 else if (0 && parser->m_characterDataHandler) 4059 parser->m_characterDataHandler(parser->m_handlerArg, parser->m_dataBuf, 4060 0); 4061 /* END disabled code */ 4062 else if (parser->m_defaultHandler) 4063 reportDefault(parser, enc, s, next); 4064 *startPtr = next; 4065 *nextPtr = next; 4066 if (parser->m_parsingStatus.parsing == XML_FINISHED) 4067 return XML_ERROR_ABORTED; 4068 else 4069 return XML_ERROR_NONE; 4070 case XML_TOK_DATA_NEWLINE: 4071 if (parser->m_characterDataHandler) { 4072 XML_Char c = 0xA; 4073 parser->m_characterDataHandler(parser->m_handlerArg, &c, 1); 4074 } else if (parser->m_defaultHandler) 4075 reportDefault(parser, enc, s, next); 4076 break; 4077 case XML_TOK_DATA_CHARS: { 4078 XML_CharacterDataHandler charDataHandler = parser->m_characterDataHandler; 4079 if (charDataHandler) { 4080 if (MUST_CONVERT(enc, s)) { 4081 for (;;) { 4082 ICHAR *dataPtr = (ICHAR *)parser->m_dataBuf; 4083 const enum XML_Convert_Result convert_res = XmlConvert( 4084 enc, &s, next, &dataPtr, (ICHAR *)parser->m_dataBufEnd); 4085 *eventEndPP = next; 4086 charDataHandler(parser->m_handlerArg, parser->m_dataBuf, 4087 (int)(dataPtr - (ICHAR *)parser->m_dataBuf)); 4088 if ((convert_res == XML_CONVERT_COMPLETED) 4089 || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) 4090 break; 4091 *eventPP = s; 4092 } 4093 } else 4094 charDataHandler(parser->m_handlerArg, (XML_Char *)s, 4095 (int)((XML_Char *)next - (XML_Char *)s)); 4096 } else if (parser->m_defaultHandler) 4097 reportDefault(parser, enc, s, next); 4098 } break; 4099 case XML_TOK_INVALID: 4100 *eventPP = next; 4101 return XML_ERROR_INVALID_TOKEN; 4102 case XML_TOK_PARTIAL_CHAR: 4103 if (haveMore) { 4104 *nextPtr = s; 4105 return XML_ERROR_NONE; 4106 } 4107 return XML_ERROR_PARTIAL_CHAR; 4108 case XML_TOK_PARTIAL: 4109 case XML_TOK_NONE: 4110 if (haveMore) { 4111 *nextPtr = s; 4112 return XML_ERROR_NONE; 4113 } 4114 return XML_ERROR_UNCLOSED_CDATA_SECTION; 4115 default: 4116 /* Every token returned by XmlCdataSectionTok() has its own 4117 * explicit case, so this default case will never be executed. 4118 * We retain it as a safety net and exclude it from the coverage 4119 * statistics. 4120 * 4121 * LCOV_EXCL_START 4122 */ 4123 *eventPP = next; 4124 return XML_ERROR_UNEXPECTED_STATE; 4125 /* LCOV_EXCL_STOP */ 4126 } 4127 4128 *eventPP = s = next; 4129 switch (parser->m_parsingStatus.parsing) { 4130 case XML_SUSPENDED: 4131 *nextPtr = next; 4132 return XML_ERROR_NONE; 4133 case XML_FINISHED: 4134 return XML_ERROR_ABORTED; 4135 default:; 4136 } 4137 } 4138 /* not reached */ 4139 } 4140 4141 #ifdef XML_DTD 4142 4143 /* The idea here is to avoid using stack for each IGNORE section when 4144 the whole file is parsed with one call. 4145 */ 4146 static enum XML_Error PTRCALL 4147 ignoreSectionProcessor(XML_Parser parser, const char *start, const char *end, 4148 const char **endPtr) { 4149 enum XML_Error result 4150 = doIgnoreSection(parser, parser->m_encoding, &start, end, endPtr, 4151 (XML_Bool)! parser->m_parsingStatus.finalBuffer); 4152 if (result != XML_ERROR_NONE) 4153 return result; 4154 if (start) { 4155 parser->m_processor = prologProcessor; 4156 return prologProcessor(parser, start, end, endPtr); 4157 } 4158 return result; 4159 } 4160 4161 /* startPtr gets set to non-null is the section is closed, and to null 4162 if the section is not yet closed. 4163 */ 4164 static enum XML_Error 4165 doIgnoreSection(XML_Parser parser, const ENCODING *enc, const char **startPtr, 4166 const char *end, const char **nextPtr, XML_Bool haveMore) { 4167 const char *next = *startPtr; /* in case of XML_TOK_NONE or XML_TOK_PARTIAL */ 4168 int tok; 4169 const char *s = *startPtr; 4170 const char **eventPP; 4171 const char **eventEndPP; 4172 if (enc == parser->m_encoding) { 4173 eventPP = &parser->m_eventPtr; 4174 *eventPP = s; 4175 eventEndPP = &parser->m_eventEndPtr; 4176 } else { 4177 /* It's not entirely clear, but it seems the following two lines 4178 * of code cannot be executed. The only occasions on which 'enc' 4179 * is not 'encoding' are when this function is called 4180 * from the internal entity processing, and IGNORE sections are an 4181 * error in internal entities. 4182 * 4183 * Since it really isn't clear that this is true, we keep the code 4184 * and just remove it from our coverage tests. 4185 * 4186 * LCOV_EXCL_START 4187 */ 4188 eventPP = &(parser->m_openInternalEntities->internalEventPtr); 4189 eventEndPP = &(parser->m_openInternalEntities->internalEventEndPtr); 4190 /* LCOV_EXCL_STOP */ 4191 } 4192 *eventPP = s; 4193 *startPtr = NULL; 4194 tok = XmlIgnoreSectionTok(enc, s, end, &next); 4195 # ifdef XML_DTD 4196 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, 4197 XML_ACCOUNT_DIRECT)) { 4198 accountingOnAbort(parser); 4199 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 4200 } 4201 # endif 4202 *eventEndPP = next; 4203 switch (tok) { 4204 case XML_TOK_IGNORE_SECT: 4205 if (parser->m_defaultHandler) 4206 reportDefault(parser, enc, s, next); 4207 *startPtr = next; 4208 *nextPtr = next; 4209 if (parser->m_parsingStatus.parsing == XML_FINISHED) 4210 return XML_ERROR_ABORTED; 4211 else 4212 return XML_ERROR_NONE; 4213 case XML_TOK_INVALID: 4214 *eventPP = next; 4215 return XML_ERROR_INVALID_TOKEN; 4216 case XML_TOK_PARTIAL_CHAR: 4217 if (haveMore) { 4218 *nextPtr = s; 4219 return XML_ERROR_NONE; 4220 } 4221 return XML_ERROR_PARTIAL_CHAR; 4222 case XML_TOK_PARTIAL: 4223 case XML_TOK_NONE: 4224 if (haveMore) { 4225 *nextPtr = s; 4226 return XML_ERROR_NONE; 4227 } 4228 return XML_ERROR_SYNTAX; /* XML_ERROR_UNCLOSED_IGNORE_SECTION */ 4229 default: 4230 /* All of the tokens that XmlIgnoreSectionTok() returns have 4231 * explicit cases to handle them, so this default case is never 4232 * executed. We keep it as a safety net anyway, and remove it 4233 * from our test coverage statistics. 4234 * 4235 * LCOV_EXCL_START 4236 */ 4237 *eventPP = next; 4238 return XML_ERROR_UNEXPECTED_STATE; 4239 /* LCOV_EXCL_STOP */ 4240 } 4241 /* not reached */ 4242 } 4243 4244 #endif /* XML_DTD */ 4245 4246 static enum XML_Error 4247 initializeEncoding(XML_Parser parser) { 4248 const char *s; 4249 #ifdef XML_UNICODE 4250 char encodingBuf[128]; 4251 /* See comments about `protocolEncodingName` in parserInit() */ 4252 if (! parser->m_protocolEncodingName) 4253 s = NULL; 4254 else { 4255 int i; 4256 for (i = 0; parser->m_protocolEncodingName[i]; i++) { 4257 if (i == sizeof(encodingBuf) - 1 4258 || (parser->m_protocolEncodingName[i] & ~0x7f) != 0) { 4259 encodingBuf[0] = '\0'; 4260 break; 4261 } 4262 encodingBuf[i] = (char)parser->m_protocolEncodingName[i]; 4263 } 4264 encodingBuf[i] = '\0'; 4265 s = encodingBuf; 4266 } 4267 #else 4268 s = parser->m_protocolEncodingName; 4269 #endif 4270 if ((parser->m_ns ? XmlInitEncodingNS : XmlInitEncoding)( 4271 &parser->m_initEncoding, &parser->m_encoding, s)) 4272 return XML_ERROR_NONE; 4273 return handleUnknownEncoding(parser, parser->m_protocolEncodingName); 4274 } 4275 4276 static enum XML_Error 4277 processXmlDecl(XML_Parser parser, int isGeneralTextEntity, const char *s, 4278 const char *next) { 4279 const char *encodingName = NULL; 4280 const XML_Char *storedEncName = NULL; 4281 const ENCODING *newEncoding = NULL; 4282 const char *version = NULL; 4283 const char *versionend = NULL; 4284 const XML_Char *storedversion = NULL; 4285 int standalone = -1; 4286 4287 #ifdef XML_DTD 4288 if (! accountingDiffTolerated(parser, XML_TOK_XML_DECL, s, next, __LINE__, 4289 XML_ACCOUNT_DIRECT)) { 4290 accountingOnAbort(parser); 4291 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 4292 } 4293 #endif 4294 4295 if (! (parser->m_ns ? XmlParseXmlDeclNS : XmlParseXmlDecl)( 4296 isGeneralTextEntity, parser->m_encoding, s, next, &parser->m_eventPtr, 4297 &version, &versionend, &encodingName, &newEncoding, &standalone)) { 4298 if (isGeneralTextEntity) 4299 return XML_ERROR_TEXT_DECL; 4300 else 4301 return XML_ERROR_XML_DECL; 4302 } 4303 if (! isGeneralTextEntity && standalone == 1) { 4304 parser->m_dtd->standalone = XML_TRUE; 4305 #ifdef XML_DTD 4306 if (parser->m_paramEntityParsing 4307 == XML_PARAM_ENTITY_PARSING_UNLESS_STANDALONE) 4308 parser->m_paramEntityParsing = XML_PARAM_ENTITY_PARSING_NEVER; 4309 #endif /* XML_DTD */ 4310 } 4311 if (parser->m_xmlDeclHandler) { 4312 if (encodingName != NULL) { 4313 storedEncName = poolStoreString( 4314 &parser->m_temp2Pool, parser->m_encoding, encodingName, 4315 encodingName + XmlNameLength(parser->m_encoding, encodingName)); 4316 if (! storedEncName) 4317 return XML_ERROR_NO_MEMORY; 4318 poolFinish(&parser->m_temp2Pool); 4319 } 4320 if (version) { 4321 storedversion 4322 = poolStoreString(&parser->m_temp2Pool, parser->m_encoding, version, 4323 versionend - parser->m_encoding->minBytesPerChar); 4324 if (! storedversion) 4325 return XML_ERROR_NO_MEMORY; 4326 } 4327 parser->m_xmlDeclHandler(parser->m_handlerArg, storedversion, storedEncName, 4328 standalone); 4329 } else if (parser->m_defaultHandler) 4330 reportDefault(parser, parser->m_encoding, s, next); 4331 if (parser->m_protocolEncodingName == NULL) { 4332 if (newEncoding) { 4333 /* Check that the specified encoding does not conflict with what 4334 * the parser has already deduced. Do we have the same number 4335 * of bytes in the smallest representation of a character? If 4336 * this is UTF-16, is it the same endianness? 4337 */ 4338 if (newEncoding->minBytesPerChar != parser->m_encoding->minBytesPerChar 4339 || (newEncoding->minBytesPerChar == 2 4340 && newEncoding != parser->m_encoding)) { 4341 parser->m_eventPtr = encodingName; 4342 return XML_ERROR_INCORRECT_ENCODING; 4343 } 4344 parser->m_encoding = newEncoding; 4345 } else if (encodingName) { 4346 enum XML_Error result; 4347 if (! storedEncName) { 4348 storedEncName = poolStoreString( 4349 &parser->m_temp2Pool, parser->m_encoding, encodingName, 4350 encodingName + XmlNameLength(parser->m_encoding, encodingName)); 4351 if (! storedEncName) 4352 return XML_ERROR_NO_MEMORY; 4353 } 4354 result = handleUnknownEncoding(parser, storedEncName); 4355 poolClear(&parser->m_temp2Pool); 4356 if (result == XML_ERROR_UNKNOWN_ENCODING) 4357 parser->m_eventPtr = encodingName; 4358 return result; 4359 } 4360 } 4361 4362 if (storedEncName || storedversion) 4363 poolClear(&parser->m_temp2Pool); 4364 4365 return XML_ERROR_NONE; 4366 } 4367 4368 static enum XML_Error 4369 handleUnknownEncoding(XML_Parser parser, const XML_Char *encodingName) { 4370 if (parser->m_unknownEncodingHandler) { 4371 XML_Encoding info; 4372 int i; 4373 for (i = 0; i < 256; i++) 4374 info.map[i] = -1; 4375 info.convert = NULL; 4376 info.data = NULL; 4377 info.release = NULL; 4378 if (parser->m_unknownEncodingHandler(parser->m_unknownEncodingHandlerData, 4379 encodingName, &info)) { 4380 ENCODING *enc; 4381 parser->m_unknownEncodingMem = MALLOC(parser, XmlSizeOfUnknownEncoding()); 4382 if (! parser->m_unknownEncodingMem) { 4383 if (info.release) 4384 info.release(info.data); 4385 return XML_ERROR_NO_MEMORY; 4386 } 4387 enc = (parser->m_ns ? XmlInitUnknownEncodingNS : XmlInitUnknownEncoding)( 4388 parser->m_unknownEncodingMem, info.map, info.convert, info.data); 4389 if (enc) { 4390 parser->m_unknownEncodingData = info.data; 4391 parser->m_unknownEncodingRelease = info.release; 4392 parser->m_encoding = enc; 4393 return XML_ERROR_NONE; 4394 } 4395 } 4396 if (info.release != NULL) 4397 info.release(info.data); 4398 } 4399 return XML_ERROR_UNKNOWN_ENCODING; 4400 } 4401 4402 static enum XML_Error PTRCALL 4403 prologInitProcessor(XML_Parser parser, const char *s, const char *end, 4404 const char **nextPtr) { 4405 enum XML_Error result = initializeEncoding(parser); 4406 if (result != XML_ERROR_NONE) 4407 return result; 4408 parser->m_processor = prologProcessor; 4409 return prologProcessor(parser, s, end, nextPtr); 4410 } 4411 4412 #ifdef XML_DTD 4413 4414 static enum XML_Error PTRCALL 4415 externalParEntInitProcessor(XML_Parser parser, const char *s, const char *end, 4416 const char **nextPtr) { 4417 enum XML_Error result = initializeEncoding(parser); 4418 if (result != XML_ERROR_NONE) 4419 return result; 4420 4421 /* we know now that XML_Parse(Buffer) has been called, 4422 so we consider the external parameter entity read */ 4423 parser->m_dtd->paramEntityRead = XML_TRUE; 4424 4425 if (parser->m_prologState.inEntityValue) { 4426 parser->m_processor = entityValueInitProcessor; 4427 return entityValueInitProcessor(parser, s, end, nextPtr); 4428 } else { 4429 parser->m_processor = externalParEntProcessor; 4430 return externalParEntProcessor(parser, s, end, nextPtr); 4431 } 4432 } 4433 4434 static enum XML_Error PTRCALL 4435 entityValueInitProcessor(XML_Parser parser, const char *s, const char *end, 4436 const char **nextPtr) { 4437 int tok; 4438 const char *start = s; 4439 const char *next = start; 4440 parser->m_eventPtr = start; 4441 4442 for (;;) { 4443 tok = XmlPrologTok(parser->m_encoding, start, end, &next); 4444 /* Note: Except for XML_TOK_BOM below, these bytes are accounted later in: 4445 - storeEntityValue 4446 - processXmlDecl 4447 */ 4448 parser->m_eventEndPtr = next; 4449 if (tok <= 0) { 4450 if (! parser->m_parsingStatus.finalBuffer && tok != XML_TOK_INVALID) { 4451 *nextPtr = s; 4452 return XML_ERROR_NONE; 4453 } 4454 switch (tok) { 4455 case XML_TOK_INVALID: 4456 return XML_ERROR_INVALID_TOKEN; 4457 case XML_TOK_PARTIAL: 4458 return XML_ERROR_UNCLOSED_TOKEN; 4459 case XML_TOK_PARTIAL_CHAR: 4460 return XML_ERROR_PARTIAL_CHAR; 4461 case XML_TOK_NONE: /* start == end */ 4462 default: 4463 break; 4464 } 4465 /* found end of entity value - can store it now */ 4466 return storeEntityValue(parser, parser->m_encoding, s, end, 4467 XML_ACCOUNT_DIRECT); 4468 } else if (tok == XML_TOK_XML_DECL) { 4469 enum XML_Error result; 4470 result = processXmlDecl(parser, 0, start, next); 4471 if (result != XML_ERROR_NONE) 4472 return result; 4473 /* At this point, m_parsingStatus.parsing cannot be XML_SUSPENDED. For 4474 * that to happen, a parameter entity parsing handler must have attempted 4475 * to suspend the parser, which fails and raises an error. The parser can 4476 * be aborted, but can't be suspended. 4477 */ 4478 if (parser->m_parsingStatus.parsing == XML_FINISHED) 4479 return XML_ERROR_ABORTED; 4480 *nextPtr = next; 4481 /* stop scanning for text declaration - we found one */ 4482 parser->m_processor = entityValueProcessor; 4483 return entityValueProcessor(parser, next, end, nextPtr); 4484 } 4485 /* If we are at the end of the buffer, this would cause XmlPrologTok to 4486 return XML_TOK_NONE on the next call, which would then cause the 4487 function to exit with *nextPtr set to s - that is what we want for other 4488 tokens, but not for the BOM - we would rather like to skip it; 4489 then, when this routine is entered the next time, XmlPrologTok will 4490 return XML_TOK_INVALID, since the BOM is still in the buffer 4491 */ 4492 else if (tok == XML_TOK_BOM && next == end 4493 && ! parser->m_parsingStatus.finalBuffer) { 4494 # ifdef XML_DTD 4495 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, 4496 XML_ACCOUNT_DIRECT)) { 4497 accountingOnAbort(parser); 4498 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 4499 } 4500 # endif 4501 4502 *nextPtr = next; 4503 return XML_ERROR_NONE; 4504 } 4505 /* If we get this token, we have the start of what might be a 4506 normal tag, but not a declaration (i.e. it doesn't begin with 4507 "<!"). In a DTD context, that isn't legal. 4508 */ 4509 else if (tok == XML_TOK_INSTANCE_START) { 4510 *nextPtr = next; 4511 return XML_ERROR_SYNTAX; 4512 } 4513 start = next; 4514 parser->m_eventPtr = start; 4515 } 4516 } 4517 4518 static enum XML_Error PTRCALL 4519 externalParEntProcessor(XML_Parser parser, const char *s, const char *end, 4520 const char **nextPtr) { 4521 const char *next = s; 4522 int tok; 4523 4524 tok = XmlPrologTok(parser->m_encoding, s, end, &next); 4525 if (tok <= 0) { 4526 if (! parser->m_parsingStatus.finalBuffer && tok != XML_TOK_INVALID) { 4527 *nextPtr = s; 4528 return XML_ERROR_NONE; 4529 } 4530 switch (tok) { 4531 case XML_TOK_INVALID: 4532 return XML_ERROR_INVALID_TOKEN; 4533 case XML_TOK_PARTIAL: 4534 return XML_ERROR_UNCLOSED_TOKEN; 4535 case XML_TOK_PARTIAL_CHAR: 4536 return XML_ERROR_PARTIAL_CHAR; 4537 case XML_TOK_NONE: /* start == end */ 4538 default: 4539 break; 4540 } 4541 } 4542 /* This would cause the next stage, i.e. doProlog to be passed XML_TOK_BOM. 4543 However, when parsing an external subset, doProlog will not accept a BOM 4544 as valid, and report a syntax error, so we have to skip the BOM, and 4545 account for the BOM bytes. 4546 */ 4547 else if (tok == XML_TOK_BOM) { 4548 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, 4549 XML_ACCOUNT_DIRECT)) { 4550 accountingOnAbort(parser); 4551 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 4552 } 4553 4554 s = next; 4555 tok = XmlPrologTok(parser->m_encoding, s, end, &next); 4556 } 4557 4558 parser->m_processor = prologProcessor; 4559 return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, 4560 (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE, 4561 XML_ACCOUNT_DIRECT); 4562 } 4563 4564 static enum XML_Error PTRCALL 4565 entityValueProcessor(XML_Parser parser, const char *s, const char *end, 4566 const char **nextPtr) { 4567 const char *start = s; 4568 const char *next = s; 4569 const ENCODING *enc = parser->m_encoding; 4570 int tok; 4571 4572 for (;;) { 4573 tok = XmlPrologTok(enc, start, end, &next); 4574 /* Note: These bytes are accounted later in: 4575 - storeEntityValue 4576 */ 4577 if (tok <= 0) { 4578 if (! parser->m_parsingStatus.finalBuffer && tok != XML_TOK_INVALID) { 4579 *nextPtr = s; 4580 return XML_ERROR_NONE; 4581 } 4582 switch (tok) { 4583 case XML_TOK_INVALID: 4584 return XML_ERROR_INVALID_TOKEN; 4585 case XML_TOK_PARTIAL: 4586 return XML_ERROR_UNCLOSED_TOKEN; 4587 case XML_TOK_PARTIAL_CHAR: 4588 return XML_ERROR_PARTIAL_CHAR; 4589 case XML_TOK_NONE: /* start == end */ 4590 default: 4591 break; 4592 } 4593 /* found end of entity value - can store it now */ 4594 return storeEntityValue(parser, enc, s, end, XML_ACCOUNT_DIRECT); 4595 } 4596 start = next; 4597 } 4598 } 4599 4600 #endif /* XML_DTD */ 4601 4602 static enum XML_Error PTRCALL 4603 prologProcessor(XML_Parser parser, const char *s, const char *end, 4604 const char **nextPtr) { 4605 const char *next = s; 4606 int tok = XmlPrologTok(parser->m_encoding, s, end, &next); 4607 return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, 4608 (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE, 4609 XML_ACCOUNT_DIRECT); 4610 } 4611 4612 static enum XML_Error 4613 doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, 4614 int tok, const char *next, const char **nextPtr, XML_Bool haveMore, 4615 XML_Bool allowClosingDoctype, enum XML_Account account) { 4616 #ifdef XML_DTD 4617 static const XML_Char externalSubsetName[] = {ASCII_HASH, '\0'}; 4618 #endif /* XML_DTD */ 4619 static const XML_Char atypeCDATA[] 4620 = {ASCII_C, ASCII_D, ASCII_A, ASCII_T, ASCII_A, '\0'}; 4621 static const XML_Char atypeID[] = {ASCII_I, ASCII_D, '\0'}; 4622 static const XML_Char atypeIDREF[] 4623 = {ASCII_I, ASCII_D, ASCII_R, ASCII_E, ASCII_F, '\0'}; 4624 static const XML_Char atypeIDREFS[] 4625 = {ASCII_I, ASCII_D, ASCII_R, ASCII_E, ASCII_F, ASCII_S, '\0'}; 4626 static const XML_Char atypeENTITY[] 4627 = {ASCII_E, ASCII_N, ASCII_T, ASCII_I, ASCII_T, ASCII_Y, '\0'}; 4628 static const XML_Char atypeENTITIES[] 4629 = {ASCII_E, ASCII_N, ASCII_T, ASCII_I, ASCII_T, 4630 ASCII_I, ASCII_E, ASCII_S, '\0'}; 4631 static const XML_Char atypeNMTOKEN[] 4632 = {ASCII_N, ASCII_M, ASCII_T, ASCII_O, ASCII_K, ASCII_E, ASCII_N, '\0'}; 4633 static const XML_Char atypeNMTOKENS[] 4634 = {ASCII_N, ASCII_M, ASCII_T, ASCII_O, ASCII_K, 4635 ASCII_E, ASCII_N, ASCII_S, '\0'}; 4636 static const XML_Char notationPrefix[] 4637 = {ASCII_N, ASCII_O, ASCII_T, ASCII_A, ASCII_T, 4638 ASCII_I, ASCII_O, ASCII_N, ASCII_LPAREN, '\0'}; 4639 static const XML_Char enumValueSep[] = {ASCII_PIPE, '\0'}; 4640 static const XML_Char enumValueStart[] = {ASCII_LPAREN, '\0'}; 4641 4642 #ifndef XML_DTD 4643 UNUSED_P(account); 4644 #endif 4645 4646 /* save one level of indirection */ 4647 DTD *const dtd = parser->m_dtd; 4648 4649 const char **eventPP; 4650 const char **eventEndPP; 4651 enum XML_Content_Quant quant; 4652 4653 if (enc == parser->m_encoding) { 4654 eventPP = &parser->m_eventPtr; 4655 eventEndPP = &parser->m_eventEndPtr; 4656 } else { 4657 eventPP = &(parser->m_openInternalEntities->internalEventPtr); 4658 eventEndPP = &(parser->m_openInternalEntities->internalEventEndPtr); 4659 } 4660 4661 for (;;) { 4662 int role; 4663 XML_Bool handleDefault = XML_TRUE; 4664 *eventPP = s; 4665 *eventEndPP = next; 4666 if (tok <= 0) { 4667 if (haveMore && tok != XML_TOK_INVALID) { 4668 *nextPtr = s; 4669 return XML_ERROR_NONE; 4670 } 4671 switch (tok) { 4672 case XML_TOK_INVALID: 4673 *eventPP = next; 4674 return XML_ERROR_INVALID_TOKEN; 4675 case XML_TOK_PARTIAL: 4676 return XML_ERROR_UNCLOSED_TOKEN; 4677 case XML_TOK_PARTIAL_CHAR: 4678 return XML_ERROR_PARTIAL_CHAR; 4679 case -XML_TOK_PROLOG_S: 4680 tok = -tok; 4681 break; 4682 case XML_TOK_NONE: 4683 #ifdef XML_DTD 4684 /* for internal PE NOT referenced between declarations */ 4685 if (enc != parser->m_encoding 4686 && ! parser->m_openInternalEntities->betweenDecl) { 4687 *nextPtr = s; 4688 return XML_ERROR_NONE; 4689 } 4690 /* WFC: PE Between Declarations - must check that PE contains 4691 complete markup, not only for external PEs, but also for 4692 internal PEs if the reference occurs between declarations. 4693 */ 4694 if (parser->m_isParamEntity || enc != parser->m_encoding) { 4695 if (XmlTokenRole(&parser->m_prologState, XML_TOK_NONE, end, end, enc) 4696 == XML_ROLE_ERROR) 4697 return XML_ERROR_INCOMPLETE_PE; 4698 *nextPtr = s; 4699 return XML_ERROR_NONE; 4700 } 4701 #endif /* XML_DTD */ 4702 return XML_ERROR_NO_ELEMENTS; 4703 default: 4704 tok = -tok; 4705 next = end; 4706 break; 4707 } 4708 } 4709 role = XmlTokenRole(&parser->m_prologState, tok, s, next, enc); 4710 #ifdef XML_DTD 4711 switch (role) { 4712 case XML_ROLE_INSTANCE_START: // bytes accounted in contentProcessor 4713 case XML_ROLE_XML_DECL: // bytes accounted in processXmlDecl 4714 case XML_ROLE_TEXT_DECL: // bytes accounted in processXmlDecl 4715 break; 4716 default: 4717 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, account)) { 4718 accountingOnAbort(parser); 4719 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 4720 } 4721 } 4722 #endif 4723 switch (role) { 4724 case XML_ROLE_XML_DECL: { 4725 enum XML_Error result = processXmlDecl(parser, 0, s, next); 4726 if (result != XML_ERROR_NONE) 4727 return result; 4728 enc = parser->m_encoding; 4729 handleDefault = XML_FALSE; 4730 } break; 4731 case XML_ROLE_DOCTYPE_NAME: 4732 if (parser->m_startDoctypeDeclHandler) { 4733 parser->m_doctypeName 4734 = poolStoreString(&parser->m_tempPool, enc, s, next); 4735 if (! parser->m_doctypeName) 4736 return XML_ERROR_NO_MEMORY; 4737 poolFinish(&parser->m_tempPool); 4738 parser->m_doctypePubid = NULL; 4739 handleDefault = XML_FALSE; 4740 } 4741 parser->m_doctypeSysid = NULL; /* always initialize to NULL */ 4742 break; 4743 case XML_ROLE_DOCTYPE_INTERNAL_SUBSET: 4744 if (parser->m_startDoctypeDeclHandler) { 4745 parser->m_startDoctypeDeclHandler( 4746 parser->m_handlerArg, parser->m_doctypeName, parser->m_doctypeSysid, 4747 parser->m_doctypePubid, 1); 4748 parser->m_doctypeName = NULL; 4749 poolClear(&parser->m_tempPool); 4750 handleDefault = XML_FALSE; 4751 } 4752 break; 4753 #ifdef XML_DTD 4754 case XML_ROLE_TEXT_DECL: { 4755 enum XML_Error result = processXmlDecl(parser, 1, s, next); 4756 if (result != XML_ERROR_NONE) 4757 return result; 4758 enc = parser->m_encoding; 4759 handleDefault = XML_FALSE; 4760 } break; 4761 #endif /* XML_DTD */ 4762 case XML_ROLE_DOCTYPE_PUBLIC_ID: 4763 #ifdef XML_DTD 4764 parser->m_useForeignDTD = XML_FALSE; 4765 parser->m_declEntity = (ENTITY *)lookup( 4766 parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); 4767 if (! parser->m_declEntity) 4768 return XML_ERROR_NO_MEMORY; 4769 #endif /* XML_DTD */ 4770 dtd->hasParamEntityRefs = XML_TRUE; 4771 if (parser->m_startDoctypeDeclHandler) { 4772 XML_Char *pubId; 4773 if (! XmlIsPublicId(enc, s, next, eventPP)) 4774 return XML_ERROR_PUBLICID; 4775 pubId = poolStoreString(&parser->m_tempPool, enc, 4776 s + enc->minBytesPerChar, 4777 next - enc->minBytesPerChar); 4778 if (! pubId) 4779 return XML_ERROR_NO_MEMORY; 4780 normalizePublicId(pubId); 4781 poolFinish(&parser->m_tempPool); 4782 parser->m_doctypePubid = pubId; 4783 handleDefault = XML_FALSE; 4784 goto alreadyChecked; 4785 } 4786 /* fall through */ 4787 case XML_ROLE_ENTITY_PUBLIC_ID: 4788 if (! XmlIsPublicId(enc, s, next, eventPP)) 4789 return XML_ERROR_PUBLICID; 4790 alreadyChecked: 4791 if (dtd->keepProcessing && parser->m_declEntity) { 4792 XML_Char *tem 4793 = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, 4794 next - enc->minBytesPerChar); 4795 if (! tem) 4796 return XML_ERROR_NO_MEMORY; 4797 normalizePublicId(tem); 4798 parser->m_declEntity->publicId = tem; 4799 poolFinish(&dtd->pool); 4800 /* Don't suppress the default handler if we fell through from 4801 * the XML_ROLE_DOCTYPE_PUBLIC_ID case. 4802 */ 4803 if (parser->m_entityDeclHandler && role == XML_ROLE_ENTITY_PUBLIC_ID) 4804 handleDefault = XML_FALSE; 4805 } 4806 break; 4807 case XML_ROLE_DOCTYPE_CLOSE: 4808 if (allowClosingDoctype != XML_TRUE) { 4809 /* Must not close doctype from within expanded parameter entities */ 4810 return XML_ERROR_INVALID_TOKEN; 4811 } 4812 4813 if (parser->m_doctypeName) { 4814 parser->m_startDoctypeDeclHandler( 4815 parser->m_handlerArg, parser->m_doctypeName, parser->m_doctypeSysid, 4816 parser->m_doctypePubid, 0); 4817 poolClear(&parser->m_tempPool); 4818 handleDefault = XML_FALSE; 4819 } 4820 /* parser->m_doctypeSysid will be non-NULL in the case of a previous 4821 XML_ROLE_DOCTYPE_SYSTEM_ID, even if parser->m_startDoctypeDeclHandler 4822 was not set, indicating an external subset 4823 */ 4824 #ifdef XML_DTD 4825 if (parser->m_doctypeSysid || parser->m_useForeignDTD) { 4826 XML_Bool hadParamEntityRefs = dtd->hasParamEntityRefs; 4827 dtd->hasParamEntityRefs = XML_TRUE; 4828 if (parser->m_paramEntityParsing 4829 && parser->m_externalEntityRefHandler) { 4830 ENTITY *entity = (ENTITY *)lookup(parser, &dtd->paramEntities, 4831 externalSubsetName, sizeof(ENTITY)); 4832 if (! entity) { 4833 /* The external subset name "#" will have already been 4834 * inserted into the hash table at the start of the 4835 * external entity parsing, so no allocation will happen 4836 * and lookup() cannot fail. 4837 */ 4838 return XML_ERROR_NO_MEMORY; /* LCOV_EXCL_LINE */ 4839 } 4840 if (parser->m_useForeignDTD) 4841 entity->base = parser->m_curBase; 4842 dtd->paramEntityRead = XML_FALSE; 4843 if (! parser->m_externalEntityRefHandler( 4844 parser->m_externalEntityRefHandlerArg, 0, entity->base, 4845 entity->systemId, entity->publicId)) 4846 return XML_ERROR_EXTERNAL_ENTITY_HANDLING; 4847 if (dtd->paramEntityRead) { 4848 if (! dtd->standalone && parser->m_notStandaloneHandler 4849 && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) 4850 return XML_ERROR_NOT_STANDALONE; 4851 } 4852 /* if we didn't read the foreign DTD then this means that there 4853 is no external subset and we must reset dtd->hasParamEntityRefs 4854 */ 4855 else if (! parser->m_doctypeSysid) 4856 dtd->hasParamEntityRefs = hadParamEntityRefs; 4857 /* end of DTD - no need to update dtd->keepProcessing */ 4858 } 4859 parser->m_useForeignDTD = XML_FALSE; 4860 } 4861 #endif /* XML_DTD */ 4862 if (parser->m_endDoctypeDeclHandler) { 4863 parser->m_endDoctypeDeclHandler(parser->m_handlerArg); 4864 handleDefault = XML_FALSE; 4865 } 4866 break; 4867 case XML_ROLE_INSTANCE_START: 4868 #ifdef XML_DTD 4869 /* if there is no DOCTYPE declaration then now is the 4870 last chance to read the foreign DTD 4871 */ 4872 if (parser->m_useForeignDTD) { 4873 XML_Bool hadParamEntityRefs = dtd->hasParamEntityRefs; 4874 dtd->hasParamEntityRefs = XML_TRUE; 4875 if (parser->m_paramEntityParsing 4876 && parser->m_externalEntityRefHandler) { 4877 ENTITY *entity = (ENTITY *)lookup(parser, &dtd->paramEntities, 4878 externalSubsetName, sizeof(ENTITY)); 4879 if (! entity) 4880 return XML_ERROR_NO_MEMORY; 4881 entity->base = parser->m_curBase; 4882 dtd->paramEntityRead = XML_FALSE; 4883 if (! parser->m_externalEntityRefHandler( 4884 parser->m_externalEntityRefHandlerArg, 0, entity->base, 4885 entity->systemId, entity->publicId)) 4886 return XML_ERROR_EXTERNAL_ENTITY_HANDLING; 4887 if (dtd->paramEntityRead) { 4888 if (! dtd->standalone && parser->m_notStandaloneHandler 4889 && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) 4890 return XML_ERROR_NOT_STANDALONE; 4891 } 4892 /* if we didn't read the foreign DTD then this means that there 4893 is no external subset and we must reset dtd->hasParamEntityRefs 4894 */ 4895 else 4896 dtd->hasParamEntityRefs = hadParamEntityRefs; 4897 /* end of DTD - no need to update dtd->keepProcessing */ 4898 } 4899 } 4900 #endif /* XML_DTD */ 4901 parser->m_processor = contentProcessor; 4902 return contentProcessor(parser, s, end, nextPtr); 4903 case XML_ROLE_ATTLIST_ELEMENT_NAME: 4904 parser->m_declElementType = getElementType(parser, enc, s, next); 4905 if (! parser->m_declElementType) 4906 return XML_ERROR_NO_MEMORY; 4907 goto checkAttListDeclHandler; 4908 case XML_ROLE_ATTRIBUTE_NAME: 4909 parser->m_declAttributeId = getAttributeId(parser, enc, s, next); 4910 if (! parser->m_declAttributeId) 4911 return XML_ERROR_NO_MEMORY; 4912 parser->m_declAttributeIsCdata = XML_FALSE; 4913 parser->m_declAttributeType = NULL; 4914 parser->m_declAttributeIsId = XML_FALSE; 4915 goto checkAttListDeclHandler; 4916 case XML_ROLE_ATTRIBUTE_TYPE_CDATA: 4917 parser->m_declAttributeIsCdata = XML_TRUE; 4918 parser->m_declAttributeType = atypeCDATA; 4919 goto checkAttListDeclHandler; 4920 case XML_ROLE_ATTRIBUTE_TYPE_ID: 4921 parser->m_declAttributeIsId = XML_TRUE; 4922 parser->m_declAttributeType = atypeID; 4923 goto checkAttListDeclHandler; 4924 case XML_ROLE_ATTRIBUTE_TYPE_IDREF: 4925 parser->m_declAttributeType = atypeIDREF; 4926 goto checkAttListDeclHandler; 4927 case XML_ROLE_ATTRIBUTE_TYPE_IDREFS: 4928 parser->m_declAttributeType = atypeIDREFS; 4929 goto checkAttListDeclHandler; 4930 case XML_ROLE_ATTRIBUTE_TYPE_ENTITY: 4931 parser->m_declAttributeType = atypeENTITY; 4932 goto checkAttListDeclHandler; 4933 case XML_ROLE_ATTRIBUTE_TYPE_ENTITIES: 4934 parser->m_declAttributeType = atypeENTITIES; 4935 goto checkAttListDeclHandler; 4936 case XML_ROLE_ATTRIBUTE_TYPE_NMTOKEN: 4937 parser->m_declAttributeType = atypeNMTOKEN; 4938 goto checkAttListDeclHandler; 4939 case XML_ROLE_ATTRIBUTE_TYPE_NMTOKENS: 4940 parser->m_declAttributeType = atypeNMTOKENS; 4941 checkAttListDeclHandler: 4942 if (dtd->keepProcessing && parser->m_attlistDeclHandler) 4943 handleDefault = XML_FALSE; 4944 break; 4945 case XML_ROLE_ATTRIBUTE_ENUM_VALUE: 4946 case XML_ROLE_ATTRIBUTE_NOTATION_VALUE: 4947 if (dtd->keepProcessing && parser->m_attlistDeclHandler) { 4948 const XML_Char *prefix; 4949 if (parser->m_declAttributeType) { 4950 prefix = enumValueSep; 4951 } else { 4952 prefix = (role == XML_ROLE_ATTRIBUTE_NOTATION_VALUE ? notationPrefix 4953 : enumValueStart); 4954 } 4955 if (! poolAppendString(&parser->m_tempPool, prefix)) 4956 return XML_ERROR_NO_MEMORY; 4957 if (! poolAppend(&parser->m_tempPool, enc, s, next)) 4958 return XML_ERROR_NO_MEMORY; 4959 parser->m_declAttributeType = parser->m_tempPool.start; 4960 handleDefault = XML_FALSE; 4961 } 4962 break; 4963 case XML_ROLE_IMPLIED_ATTRIBUTE_VALUE: 4964 case XML_ROLE_REQUIRED_ATTRIBUTE_VALUE: 4965 if (dtd->keepProcessing) { 4966 if (! defineAttribute(parser->m_declElementType, 4967 parser->m_declAttributeId, 4968 parser->m_declAttributeIsCdata, 4969 parser->m_declAttributeIsId, 0, parser)) 4970 return XML_ERROR_NO_MEMORY; 4971 if (parser->m_attlistDeclHandler && parser->m_declAttributeType) { 4972 if (*parser->m_declAttributeType == XML_T(ASCII_LPAREN) 4973 || (*parser->m_declAttributeType == XML_T(ASCII_N) 4974 && parser->m_declAttributeType[1] == XML_T(ASCII_O))) { 4975 /* Enumerated or Notation type */ 4976 if (! poolAppendChar(&parser->m_tempPool, XML_T(ASCII_RPAREN)) 4977 || ! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) 4978 return XML_ERROR_NO_MEMORY; 4979 parser->m_declAttributeType = parser->m_tempPool.start; 4980 poolFinish(&parser->m_tempPool); 4981 } 4982 *eventEndPP = s; 4983 parser->m_attlistDeclHandler( 4984 parser->m_handlerArg, parser->m_declElementType->name, 4985 parser->m_declAttributeId->name, parser->m_declAttributeType, 0, 4986 role == XML_ROLE_REQUIRED_ATTRIBUTE_VALUE); 4987 handleDefault = XML_FALSE; 4988 } 4989 } 4990 poolClear(&parser->m_tempPool); 4991 break; 4992 case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE: 4993 case XML_ROLE_FIXED_ATTRIBUTE_VALUE: 4994 if (dtd->keepProcessing) { 4995 const XML_Char *attVal; 4996 enum XML_Error result = storeAttributeValue( 4997 parser, enc, parser->m_declAttributeIsCdata, 4998 s + enc->minBytesPerChar, next - enc->minBytesPerChar, &dtd->pool, 4999 XML_ACCOUNT_NONE); 5000 if (result) 5001 return result; 5002 attVal = poolStart(&dtd->pool); 5003 poolFinish(&dtd->pool); 5004 /* ID attributes aren't allowed to have a default */ 5005 if (! defineAttribute( 5006 parser->m_declElementType, parser->m_declAttributeId, 5007 parser->m_declAttributeIsCdata, XML_FALSE, attVal, parser)) 5008 return XML_ERROR_NO_MEMORY; 5009 if (parser->m_attlistDeclHandler && parser->m_declAttributeType) { 5010 if (*parser->m_declAttributeType == XML_T(ASCII_LPAREN) 5011 || (*parser->m_declAttributeType == XML_T(ASCII_N) 5012 && parser->m_declAttributeType[1] == XML_T(ASCII_O))) { 5013 /* Enumerated or Notation type */ 5014 if (! poolAppendChar(&parser->m_tempPool, XML_T(ASCII_RPAREN)) 5015 || ! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) 5016 return XML_ERROR_NO_MEMORY; 5017 parser->m_declAttributeType = parser->m_tempPool.start; 5018 poolFinish(&parser->m_tempPool); 5019 } 5020 *eventEndPP = s; 5021 parser->m_attlistDeclHandler( 5022 parser->m_handlerArg, parser->m_declElementType->name, 5023 parser->m_declAttributeId->name, parser->m_declAttributeType, 5024 attVal, role == XML_ROLE_FIXED_ATTRIBUTE_VALUE); 5025 poolClear(&parser->m_tempPool); 5026 handleDefault = XML_FALSE; 5027 } 5028 } 5029 break; 5030 case XML_ROLE_ENTITY_VALUE: 5031 if (dtd->keepProcessing) { 5032 enum XML_Error result 5033 = storeEntityValue(parser, enc, s + enc->minBytesPerChar, 5034 next - enc->minBytesPerChar, XML_ACCOUNT_NONE); 5035 if (parser->m_declEntity) { 5036 parser->m_declEntity->textPtr = poolStart(&dtd->entityValuePool); 5037 parser->m_declEntity->textLen 5038 = (int)(poolLength(&dtd->entityValuePool)); 5039 poolFinish(&dtd->entityValuePool); 5040 if (parser->m_entityDeclHandler) { 5041 *eventEndPP = s; 5042 parser->m_entityDeclHandler( 5043 parser->m_handlerArg, parser->m_declEntity->name, 5044 parser->m_declEntity->is_param, parser->m_declEntity->textPtr, 5045 parser->m_declEntity->textLen, parser->m_curBase, 0, 0, 0); 5046 handleDefault = XML_FALSE; 5047 } 5048 } else 5049 poolDiscard(&dtd->entityValuePool); 5050 if (result != XML_ERROR_NONE) 5051 return result; 5052 } 5053 break; 5054 case XML_ROLE_DOCTYPE_SYSTEM_ID: 5055 #ifdef XML_DTD 5056 parser->m_useForeignDTD = XML_FALSE; 5057 #endif /* XML_DTD */ 5058 dtd->hasParamEntityRefs = XML_TRUE; 5059 if (parser->m_startDoctypeDeclHandler) { 5060 parser->m_doctypeSysid = poolStoreString(&parser->m_tempPool, enc, 5061 s + enc->minBytesPerChar, 5062 next - enc->minBytesPerChar); 5063 if (parser->m_doctypeSysid == NULL) 5064 return XML_ERROR_NO_MEMORY; 5065 poolFinish(&parser->m_tempPool); 5066 handleDefault = XML_FALSE; 5067 } 5068 #ifdef XML_DTD 5069 else 5070 /* use externalSubsetName to make parser->m_doctypeSysid non-NULL 5071 for the case where no parser->m_startDoctypeDeclHandler is set */ 5072 parser->m_doctypeSysid = externalSubsetName; 5073 #endif /* XML_DTD */ 5074 if (! dtd->standalone 5075 #ifdef XML_DTD 5076 && ! parser->m_paramEntityParsing 5077 #endif /* XML_DTD */ 5078 && parser->m_notStandaloneHandler 5079 && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) 5080 return XML_ERROR_NOT_STANDALONE; 5081 #ifndef XML_DTD 5082 break; 5083 #else /* XML_DTD */ 5084 if (! parser->m_declEntity) { 5085 parser->m_declEntity = (ENTITY *)lookup( 5086 parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); 5087 if (! parser->m_declEntity) 5088 return XML_ERROR_NO_MEMORY; 5089 parser->m_declEntity->publicId = NULL; 5090 } 5091 #endif /* XML_DTD */ 5092 /* fall through */ 5093 case XML_ROLE_ENTITY_SYSTEM_ID: 5094 if (dtd->keepProcessing && parser->m_declEntity) { 5095 parser->m_declEntity->systemId 5096 = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, 5097 next - enc->minBytesPerChar); 5098 if (! parser->m_declEntity->systemId) 5099 return XML_ERROR_NO_MEMORY; 5100 parser->m_declEntity->base = parser->m_curBase; 5101 poolFinish(&dtd->pool); 5102 /* Don't suppress the default handler if we fell through from 5103 * the XML_ROLE_DOCTYPE_SYSTEM_ID case. 5104 */ 5105 if (parser->m_entityDeclHandler && role == XML_ROLE_ENTITY_SYSTEM_ID) 5106 handleDefault = XML_FALSE; 5107 } 5108 break; 5109 case XML_ROLE_ENTITY_COMPLETE: 5110 if (dtd->keepProcessing && parser->m_declEntity 5111 && parser->m_entityDeclHandler) { 5112 *eventEndPP = s; 5113 parser->m_entityDeclHandler( 5114 parser->m_handlerArg, parser->m_declEntity->name, 5115 parser->m_declEntity->is_param, 0, 0, parser->m_declEntity->base, 5116 parser->m_declEntity->systemId, parser->m_declEntity->publicId, 0); 5117 handleDefault = XML_FALSE; 5118 } 5119 break; 5120 case XML_ROLE_ENTITY_NOTATION_NAME: 5121 if (dtd->keepProcessing && parser->m_declEntity) { 5122 parser->m_declEntity->notation 5123 = poolStoreString(&dtd->pool, enc, s, next); 5124 if (! parser->m_declEntity->notation) 5125 return XML_ERROR_NO_MEMORY; 5126 poolFinish(&dtd->pool); 5127 if (parser->m_unparsedEntityDeclHandler) { 5128 *eventEndPP = s; 5129 parser->m_unparsedEntityDeclHandler( 5130 parser->m_handlerArg, parser->m_declEntity->name, 5131 parser->m_declEntity->base, parser->m_declEntity->systemId, 5132 parser->m_declEntity->publicId, parser->m_declEntity->notation); 5133 handleDefault = XML_FALSE; 5134 } else if (parser->m_entityDeclHandler) { 5135 *eventEndPP = s; 5136 parser->m_entityDeclHandler( 5137 parser->m_handlerArg, parser->m_declEntity->name, 0, 0, 0, 5138 parser->m_declEntity->base, parser->m_declEntity->systemId, 5139 parser->m_declEntity->publicId, parser->m_declEntity->notation); 5140 handleDefault = XML_FALSE; 5141 } 5142 } 5143 break; 5144 case XML_ROLE_GENERAL_ENTITY_NAME: { 5145 if (XmlPredefinedEntityName(enc, s, next)) { 5146 parser->m_declEntity = NULL; 5147 break; 5148 } 5149 if (dtd->keepProcessing) { 5150 const XML_Char *name = poolStoreString(&dtd->pool, enc, s, next); 5151 if (! name) 5152 return XML_ERROR_NO_MEMORY; 5153 parser->m_declEntity = (ENTITY *)lookup(parser, &dtd->generalEntities, 5154 name, sizeof(ENTITY)); 5155 if (! parser->m_declEntity) 5156 return XML_ERROR_NO_MEMORY; 5157 if (parser->m_declEntity->name != name) { 5158 poolDiscard(&dtd->pool); 5159 parser->m_declEntity = NULL; 5160 } else { 5161 poolFinish(&dtd->pool); 5162 parser->m_declEntity->publicId = NULL; 5163 parser->m_declEntity->is_param = XML_FALSE; 5164 /* if we have a parent parser or are reading an internal parameter 5165 entity, then the entity declaration is not considered "internal" 5166 */ 5167 parser->m_declEntity->is_internal 5168 = ! (parser->m_parentParser || parser->m_openInternalEntities); 5169 if (parser->m_entityDeclHandler) 5170 handleDefault = XML_FALSE; 5171 } 5172 } else { 5173 poolDiscard(&dtd->pool); 5174 parser->m_declEntity = NULL; 5175 } 5176 } break; 5177 case XML_ROLE_PARAM_ENTITY_NAME: 5178 #ifdef XML_DTD 5179 if (dtd->keepProcessing) { 5180 const XML_Char *name = poolStoreString(&dtd->pool, enc, s, next); 5181 if (! name) 5182 return XML_ERROR_NO_MEMORY; 5183 parser->m_declEntity = (ENTITY *)lookup(parser, &dtd->paramEntities, 5184 name, sizeof(ENTITY)); 5185 if (! parser->m_declEntity) 5186 return XML_ERROR_NO_MEMORY; 5187 if (parser->m_declEntity->name != name) { 5188 poolDiscard(&dtd->pool); 5189 parser->m_declEntity = NULL; 5190 } else { 5191 poolFinish(&dtd->pool); 5192 parser->m_declEntity->publicId = NULL; 5193 parser->m_declEntity->is_param = XML_TRUE; 5194 /* if we have a parent parser or are reading an internal parameter 5195 entity, then the entity declaration is not considered "internal" 5196 */ 5197 parser->m_declEntity->is_internal 5198 = ! (parser->m_parentParser || parser->m_openInternalEntities); 5199 if (parser->m_entityDeclHandler) 5200 handleDefault = XML_FALSE; 5201 } 5202 } else { 5203 poolDiscard(&dtd->pool); 5204 parser->m_declEntity = NULL; 5205 } 5206 #else /* not XML_DTD */ 5207 parser->m_declEntity = NULL; 5208 #endif /* XML_DTD */ 5209 break; 5210 case XML_ROLE_NOTATION_NAME: 5211 parser->m_declNotationPublicId = NULL; 5212 parser->m_declNotationName = NULL; 5213 if (parser->m_notationDeclHandler) { 5214 parser->m_declNotationName 5215 = poolStoreString(&parser->m_tempPool, enc, s, next); 5216 if (! parser->m_declNotationName) 5217 return XML_ERROR_NO_MEMORY; 5218 poolFinish(&parser->m_tempPool); 5219 handleDefault = XML_FALSE; 5220 } 5221 break; 5222 case XML_ROLE_NOTATION_PUBLIC_ID: 5223 if (! XmlIsPublicId(enc, s, next, eventPP)) 5224 return XML_ERROR_PUBLICID; 5225 if (parser 5226 ->m_declNotationName) { /* means m_notationDeclHandler != NULL */ 5227 XML_Char *tem = poolStoreString(&parser->m_tempPool, enc, 5228 s + enc->minBytesPerChar, 5229 next - enc->minBytesPerChar); 5230 if (! tem) 5231 return XML_ERROR_NO_MEMORY; 5232 normalizePublicId(tem); 5233 parser->m_declNotationPublicId = tem; 5234 poolFinish(&parser->m_tempPool); 5235 handleDefault = XML_FALSE; 5236 } 5237 break; 5238 case XML_ROLE_NOTATION_SYSTEM_ID: 5239 if (parser->m_declNotationName && parser->m_notationDeclHandler) { 5240 const XML_Char *systemId = poolStoreString(&parser->m_tempPool, enc, 5241 s + enc->minBytesPerChar, 5242 next - enc->minBytesPerChar); 5243 if (! systemId) 5244 return XML_ERROR_NO_MEMORY; 5245 *eventEndPP = s; 5246 parser->m_notationDeclHandler( 5247 parser->m_handlerArg, parser->m_declNotationName, parser->m_curBase, 5248 systemId, parser->m_declNotationPublicId); 5249 handleDefault = XML_FALSE; 5250 } 5251 poolClear(&parser->m_tempPool); 5252 break; 5253 case XML_ROLE_NOTATION_NO_SYSTEM_ID: 5254 if (parser->m_declNotationPublicId && parser->m_notationDeclHandler) { 5255 *eventEndPP = s; 5256 parser->m_notationDeclHandler( 5257 parser->m_handlerArg, parser->m_declNotationName, parser->m_curBase, 5258 0, parser->m_declNotationPublicId); 5259 handleDefault = XML_FALSE; 5260 } 5261 poolClear(&parser->m_tempPool); 5262 break; 5263 case XML_ROLE_ERROR: 5264 switch (tok) { 5265 case XML_TOK_PARAM_ENTITY_REF: 5266 /* PE references in internal subset are 5267 not allowed within declarations. */ 5268 return XML_ERROR_PARAM_ENTITY_REF; 5269 case XML_TOK_XML_DECL: 5270 return XML_ERROR_MISPLACED_XML_PI; 5271 default: 5272 return XML_ERROR_SYNTAX; 5273 } 5274 #ifdef XML_DTD 5275 case XML_ROLE_IGNORE_SECT: { 5276 enum XML_Error result; 5277 if (parser->m_defaultHandler) 5278 reportDefault(parser, enc, s, next); 5279 handleDefault = XML_FALSE; 5280 result = doIgnoreSection(parser, enc, &next, end, nextPtr, haveMore); 5281 if (result != XML_ERROR_NONE) 5282 return result; 5283 else if (! next) { 5284 parser->m_processor = ignoreSectionProcessor; 5285 return result; 5286 } 5287 } break; 5288 #endif /* XML_DTD */ 5289 case XML_ROLE_GROUP_OPEN: 5290 if (parser->m_prologState.level >= parser->m_groupSize) { 5291 if (parser->m_groupSize) { 5292 { 5293 /* Detect and prevent integer overflow */ 5294 if (parser->m_groupSize > (unsigned int)(-1) / 2u) { 5295 return XML_ERROR_NO_MEMORY; 5296 } 5297 5298 char *const new_connector = (char *)REALLOC( 5299 parser, parser->m_groupConnector, parser->m_groupSize *= 2); 5300 if (new_connector == NULL) { 5301 parser->m_groupSize /= 2; 5302 return XML_ERROR_NO_MEMORY; 5303 } 5304 parser->m_groupConnector = new_connector; 5305 } 5306 5307 if (dtd->scaffIndex) { 5308 /* Detect and prevent integer overflow. 5309 * The preprocessor guard addresses the "always false" warning 5310 * from -Wtype-limits on platforms where 5311 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 5312 #if UINT_MAX >= SIZE_MAX 5313 if (parser->m_groupSize > (size_t)(-1) / sizeof(int)) { 5314 return XML_ERROR_NO_MEMORY; 5315 } 5316 #endif 5317 5318 int *const new_scaff_index = (int *)REALLOC( 5319 parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int)); 5320 if (new_scaff_index == NULL) 5321 return XML_ERROR_NO_MEMORY; 5322 dtd->scaffIndex = new_scaff_index; 5323 } 5324 } else { 5325 parser->m_groupConnector 5326 = (char *)MALLOC(parser, parser->m_groupSize = 32); 5327 if (! parser->m_groupConnector) { 5328 parser->m_groupSize = 0; 5329 return XML_ERROR_NO_MEMORY; 5330 } 5331 } 5332 } 5333 parser->m_groupConnector[parser->m_prologState.level] = 0; 5334 if (dtd->in_eldecl) { 5335 int myindex = nextScaffoldPart(parser); 5336 if (myindex < 0) 5337 return XML_ERROR_NO_MEMORY; 5338 assert(dtd->scaffIndex != NULL); 5339 dtd->scaffIndex[dtd->scaffLevel] = myindex; 5340 dtd->scaffLevel++; 5341 dtd->scaffold[myindex].type = XML_CTYPE_SEQ; 5342 if (parser->m_elementDeclHandler) 5343 handleDefault = XML_FALSE; 5344 } 5345 break; 5346 case XML_ROLE_GROUP_SEQUENCE: 5347 if (parser->m_groupConnector[parser->m_prologState.level] == ASCII_PIPE) 5348 return XML_ERROR_SYNTAX; 5349 parser->m_groupConnector[parser->m_prologState.level] = ASCII_COMMA; 5350 if (dtd->in_eldecl && parser->m_elementDeclHandler) 5351 handleDefault = XML_FALSE; 5352 break; 5353 case XML_ROLE_GROUP_CHOICE: 5354 if (parser->m_groupConnector[parser->m_prologState.level] == ASCII_COMMA) 5355 return XML_ERROR_SYNTAX; 5356 if (dtd->in_eldecl 5357 && ! parser->m_groupConnector[parser->m_prologState.level] 5358 && (dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]].type 5359 != XML_CTYPE_MIXED)) { 5360 dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]].type 5361 = XML_CTYPE_CHOICE; 5362 if (parser->m_elementDeclHandler) 5363 handleDefault = XML_FALSE; 5364 } 5365 parser->m_groupConnector[parser->m_prologState.level] = ASCII_PIPE; 5366 break; 5367 case XML_ROLE_PARAM_ENTITY_REF: 5368 #ifdef XML_DTD 5369 case XML_ROLE_INNER_PARAM_ENTITY_REF: 5370 dtd->hasParamEntityRefs = XML_TRUE; 5371 if (! parser->m_paramEntityParsing) 5372 dtd->keepProcessing = dtd->standalone; 5373 else { 5374 const XML_Char *name; 5375 ENTITY *entity; 5376 name = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, 5377 next - enc->minBytesPerChar); 5378 if (! name) 5379 return XML_ERROR_NO_MEMORY; 5380 entity = (ENTITY *)lookup(parser, &dtd->paramEntities, name, 0); 5381 poolDiscard(&dtd->pool); 5382 /* first, determine if a check for an existing declaration is needed; 5383 if yes, check that the entity exists, and that it is internal, 5384 otherwise call the skipped entity handler 5385 */ 5386 if (parser->m_prologState.documentEntity 5387 && (dtd->standalone ? ! parser->m_openInternalEntities 5388 : ! dtd->hasParamEntityRefs)) { 5389 if (! entity) 5390 return XML_ERROR_UNDEFINED_ENTITY; 5391 else if (! entity->is_internal) { 5392 /* It's hard to exhaustively search the code to be sure, 5393 * but there doesn't seem to be a way of executing the 5394 * following line. There are two cases: 5395 * 5396 * If 'standalone' is false, the DTD must have no 5397 * parameter entities or we wouldn't have passed the outer 5398 * 'if' statement. That means the only entity in the hash 5399 * table is the external subset name "#" which cannot be 5400 * given as a parameter entity name in XML syntax, so the 5401 * lookup must have returned NULL and we don't even reach 5402 * the test for an internal entity. 5403 * 5404 * If 'standalone' is true, it does not seem to be 5405 * possible to create entities taking this code path that 5406 * are not internal entities, so fail the test above. 5407 * 5408 * Because this analysis is very uncertain, the code is 5409 * being left in place and merely removed from the 5410 * coverage test statistics. 5411 */ 5412 return XML_ERROR_ENTITY_DECLARED_IN_PE; /* LCOV_EXCL_LINE */ 5413 } 5414 } else if (! entity) { 5415 dtd->keepProcessing = dtd->standalone; 5416 /* cannot report skipped entities in declarations */ 5417 if ((role == XML_ROLE_PARAM_ENTITY_REF) 5418 && parser->m_skippedEntityHandler) { 5419 parser->m_skippedEntityHandler(parser->m_handlerArg, name, 1); 5420 handleDefault = XML_FALSE; 5421 } 5422 break; 5423 } 5424 if (entity->open) 5425 return XML_ERROR_RECURSIVE_ENTITY_REF; 5426 if (entity->textPtr) { 5427 enum XML_Error result; 5428 XML_Bool betweenDecl 5429 = (role == XML_ROLE_PARAM_ENTITY_REF ? XML_TRUE : XML_FALSE); 5430 result = processInternalEntity(parser, entity, betweenDecl); 5431 if (result != XML_ERROR_NONE) 5432 return result; 5433 handleDefault = XML_FALSE; 5434 break; 5435 } 5436 if (parser->m_externalEntityRefHandler) { 5437 dtd->paramEntityRead = XML_FALSE; 5438 entity->open = XML_TRUE; 5439 entityTrackingOnOpen(parser, entity, __LINE__); 5440 if (! parser->m_externalEntityRefHandler( 5441 parser->m_externalEntityRefHandlerArg, 0, entity->base, 5442 entity->systemId, entity->publicId)) { 5443 entityTrackingOnClose(parser, entity, __LINE__); 5444 entity->open = XML_FALSE; 5445 return XML_ERROR_EXTERNAL_ENTITY_HANDLING; 5446 } 5447 entityTrackingOnClose(parser, entity, __LINE__); 5448 entity->open = XML_FALSE; 5449 handleDefault = XML_FALSE; 5450 if (! dtd->paramEntityRead) { 5451 dtd->keepProcessing = dtd->standalone; 5452 break; 5453 } 5454 } else { 5455 dtd->keepProcessing = dtd->standalone; 5456 break; 5457 } 5458 } 5459 #endif /* XML_DTD */ 5460 if (! dtd->standalone && parser->m_notStandaloneHandler 5461 && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) 5462 return XML_ERROR_NOT_STANDALONE; 5463 break; 5464 5465 /* Element declaration stuff */ 5466 5467 case XML_ROLE_ELEMENT_NAME: 5468 if (parser->m_elementDeclHandler) { 5469 parser->m_declElementType = getElementType(parser, enc, s, next); 5470 if (! parser->m_declElementType) 5471 return XML_ERROR_NO_MEMORY; 5472 dtd->scaffLevel = 0; 5473 dtd->scaffCount = 0; 5474 dtd->in_eldecl = XML_TRUE; 5475 handleDefault = XML_FALSE; 5476 } 5477 break; 5478 5479 case XML_ROLE_CONTENT_ANY: 5480 case XML_ROLE_CONTENT_EMPTY: 5481 if (dtd->in_eldecl) { 5482 if (parser->m_elementDeclHandler) { 5483 XML_Content *content 5484 = (XML_Content *)MALLOC(parser, sizeof(XML_Content)); 5485 if (! content) 5486 return XML_ERROR_NO_MEMORY; 5487 content->quant = XML_CQUANT_NONE; 5488 content->name = NULL; 5489 content->numchildren = 0; 5490 content->children = NULL; 5491 content->type = ((role == XML_ROLE_CONTENT_ANY) ? XML_CTYPE_ANY 5492 : XML_CTYPE_EMPTY); 5493 *eventEndPP = s; 5494 parser->m_elementDeclHandler( 5495 parser->m_handlerArg, parser->m_declElementType->name, content); 5496 handleDefault = XML_FALSE; 5497 } 5498 dtd->in_eldecl = XML_FALSE; 5499 } 5500 break; 5501 5502 case XML_ROLE_CONTENT_PCDATA: 5503 if (dtd->in_eldecl) { 5504 dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]].type 5505 = XML_CTYPE_MIXED; 5506 if (parser->m_elementDeclHandler) 5507 handleDefault = XML_FALSE; 5508 } 5509 break; 5510 5511 case XML_ROLE_CONTENT_ELEMENT: 5512 quant = XML_CQUANT_NONE; 5513 goto elementContent; 5514 case XML_ROLE_CONTENT_ELEMENT_OPT: 5515 quant = XML_CQUANT_OPT; 5516 goto elementContent; 5517 case XML_ROLE_CONTENT_ELEMENT_REP: 5518 quant = XML_CQUANT_REP; 5519 goto elementContent; 5520 case XML_ROLE_CONTENT_ELEMENT_PLUS: 5521 quant = XML_CQUANT_PLUS; 5522 elementContent: 5523 if (dtd->in_eldecl) { 5524 ELEMENT_TYPE *el; 5525 const XML_Char *name; 5526 size_t nameLen; 5527 const char *nxt 5528 = (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar); 5529 int myindex = nextScaffoldPart(parser); 5530 if (myindex < 0) 5531 return XML_ERROR_NO_MEMORY; 5532 dtd->scaffold[myindex].type = XML_CTYPE_NAME; 5533 dtd->scaffold[myindex].quant = quant; 5534 el = getElementType(parser, enc, s, nxt); 5535 if (! el) 5536 return XML_ERROR_NO_MEMORY; 5537 name = el->name; 5538 dtd->scaffold[myindex].name = name; 5539 nameLen = 0; 5540 for (; name[nameLen++];) 5541 ; 5542 5543 /* Detect and prevent integer overflow */ 5544 if (nameLen > UINT_MAX - dtd->contentStringLen) { 5545 return XML_ERROR_NO_MEMORY; 5546 } 5547 5548 dtd->contentStringLen += (unsigned)nameLen; 5549 if (parser->m_elementDeclHandler) 5550 handleDefault = XML_FALSE; 5551 } 5552 break; 5553 5554 case XML_ROLE_GROUP_CLOSE: 5555 quant = XML_CQUANT_NONE; 5556 goto closeGroup; 5557 case XML_ROLE_GROUP_CLOSE_OPT: 5558 quant = XML_CQUANT_OPT; 5559 goto closeGroup; 5560 case XML_ROLE_GROUP_CLOSE_REP: 5561 quant = XML_CQUANT_REP; 5562 goto closeGroup; 5563 case XML_ROLE_GROUP_CLOSE_PLUS: 5564 quant = XML_CQUANT_PLUS; 5565 closeGroup: 5566 if (dtd->in_eldecl) { 5567 if (parser->m_elementDeclHandler) 5568 handleDefault = XML_FALSE; 5569 dtd->scaffLevel--; 5570 dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel]].quant = quant; 5571 if (dtd->scaffLevel == 0) { 5572 if (! handleDefault) { 5573 XML_Content *model = build_model(parser); 5574 if (! model) 5575 return XML_ERROR_NO_MEMORY; 5576 *eventEndPP = s; 5577 parser->m_elementDeclHandler( 5578 parser->m_handlerArg, parser->m_declElementType->name, model); 5579 } 5580 dtd->in_eldecl = XML_FALSE; 5581 dtd->contentStringLen = 0; 5582 } 5583 } 5584 break; 5585 /* End element declaration stuff */ 5586 5587 case XML_ROLE_PI: 5588 if (! reportProcessingInstruction(parser, enc, s, next)) 5589 return XML_ERROR_NO_MEMORY; 5590 handleDefault = XML_FALSE; 5591 break; 5592 case XML_ROLE_COMMENT: 5593 if (! reportComment(parser, enc, s, next)) 5594 return XML_ERROR_NO_MEMORY; 5595 handleDefault = XML_FALSE; 5596 break; 5597 case XML_ROLE_NONE: 5598 switch (tok) { 5599 case XML_TOK_BOM: 5600 handleDefault = XML_FALSE; 5601 break; 5602 } 5603 break; 5604 case XML_ROLE_DOCTYPE_NONE: 5605 if (parser->m_startDoctypeDeclHandler) 5606 handleDefault = XML_FALSE; 5607 break; 5608 case XML_ROLE_ENTITY_NONE: 5609 if (dtd->keepProcessing && parser->m_entityDeclHandler) 5610 handleDefault = XML_FALSE; 5611 break; 5612 case XML_ROLE_NOTATION_NONE: 5613 if (parser->m_notationDeclHandler) 5614 handleDefault = XML_FALSE; 5615 break; 5616 case XML_ROLE_ATTLIST_NONE: 5617 if (dtd->keepProcessing && parser->m_attlistDeclHandler) 5618 handleDefault = XML_FALSE; 5619 break; 5620 case XML_ROLE_ELEMENT_NONE: 5621 if (parser->m_elementDeclHandler) 5622 handleDefault = XML_FALSE; 5623 break; 5624 } /* end of big switch */ 5625 5626 if (handleDefault && parser->m_defaultHandler) 5627 reportDefault(parser, enc, s, next); 5628 5629 switch (parser->m_parsingStatus.parsing) { 5630 case XML_SUSPENDED: 5631 *nextPtr = next; 5632 return XML_ERROR_NONE; 5633 case XML_FINISHED: 5634 return XML_ERROR_ABORTED; 5635 default: 5636 s = next; 5637 tok = XmlPrologTok(enc, s, end, &next); 5638 } 5639 } 5640 /* not reached */ 5641 } 5642 5643 static enum XML_Error PTRCALL 5644 epilogProcessor(XML_Parser parser, const char *s, const char *end, 5645 const char **nextPtr) { 5646 parser->m_processor = epilogProcessor; 5647 parser->m_eventPtr = s; 5648 for (;;) { 5649 const char *next = NULL; 5650 int tok = XmlPrologTok(parser->m_encoding, s, end, &next); 5651 #ifdef XML_DTD 5652 if (! accountingDiffTolerated(parser, tok, s, next, __LINE__, 5653 XML_ACCOUNT_DIRECT)) { 5654 accountingOnAbort(parser); 5655 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 5656 } 5657 #endif 5658 parser->m_eventEndPtr = next; 5659 switch (tok) { 5660 /* report partial linebreak - it might be the last token */ 5661 case -XML_TOK_PROLOG_S: 5662 if (parser->m_defaultHandler) { 5663 reportDefault(parser, parser->m_encoding, s, next); 5664 if (parser->m_parsingStatus.parsing == XML_FINISHED) 5665 return XML_ERROR_ABORTED; 5666 } 5667 *nextPtr = next; 5668 return XML_ERROR_NONE; 5669 case XML_TOK_NONE: 5670 *nextPtr = s; 5671 return XML_ERROR_NONE; 5672 case XML_TOK_PROLOG_S: 5673 if (parser->m_defaultHandler) 5674 reportDefault(parser, parser->m_encoding, s, next); 5675 break; 5676 case XML_TOK_PI: 5677 if (! reportProcessingInstruction(parser, parser->m_encoding, s, next)) 5678 return XML_ERROR_NO_MEMORY; 5679 break; 5680 case XML_TOK_COMMENT: 5681 if (! reportComment(parser, parser->m_encoding, s, next)) 5682 return XML_ERROR_NO_MEMORY; 5683 break; 5684 case XML_TOK_INVALID: 5685 parser->m_eventPtr = next; 5686 return XML_ERROR_INVALID_TOKEN; 5687 case XML_TOK_PARTIAL: 5688 if (! parser->m_parsingStatus.finalBuffer) { 5689 *nextPtr = s; 5690 return XML_ERROR_NONE; 5691 } 5692 return XML_ERROR_UNCLOSED_TOKEN; 5693 case XML_TOK_PARTIAL_CHAR: 5694 if (! parser->m_parsingStatus.finalBuffer) { 5695 *nextPtr = s; 5696 return XML_ERROR_NONE; 5697 } 5698 return XML_ERROR_PARTIAL_CHAR; 5699 default: 5700 return XML_ERROR_JUNK_AFTER_DOC_ELEMENT; 5701 } 5702 parser->m_eventPtr = s = next; 5703 switch (parser->m_parsingStatus.parsing) { 5704 case XML_SUSPENDED: 5705 *nextPtr = next; 5706 return XML_ERROR_NONE; 5707 case XML_FINISHED: 5708 return XML_ERROR_ABORTED; 5709 default:; 5710 } 5711 } 5712 } 5713 5714 static enum XML_Error 5715 processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) { 5716 const char *textStart, *textEnd; 5717 const char *next; 5718 enum XML_Error result; 5719 OPEN_INTERNAL_ENTITY *openEntity; 5720 5721 if (parser->m_freeInternalEntities) { 5722 openEntity = parser->m_freeInternalEntities; 5723 parser->m_freeInternalEntities = openEntity->next; 5724 } else { 5725 openEntity 5726 = (OPEN_INTERNAL_ENTITY *)MALLOC(parser, sizeof(OPEN_INTERNAL_ENTITY)); 5727 if (! openEntity) 5728 return XML_ERROR_NO_MEMORY; 5729 } 5730 entity->open = XML_TRUE; 5731 #ifdef XML_DTD 5732 entityTrackingOnOpen(parser, entity, __LINE__); 5733 #endif 5734 entity->processed = 0; 5735 openEntity->next = parser->m_openInternalEntities; 5736 parser->m_openInternalEntities = openEntity; 5737 openEntity->entity = entity; 5738 openEntity->startTagLevel = parser->m_tagLevel; 5739 openEntity->betweenDecl = betweenDecl; 5740 openEntity->internalEventPtr = NULL; 5741 openEntity->internalEventEndPtr = NULL; 5742 textStart = (const char *)entity->textPtr; 5743 textEnd = (const char *)(entity->textPtr + entity->textLen); 5744 /* Set a safe default value in case 'next' does not get set */ 5745 next = textStart; 5746 5747 #ifdef XML_DTD 5748 if (entity->is_param) { 5749 int tok 5750 = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); 5751 result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, 5752 tok, next, &next, XML_FALSE, XML_FALSE, 5753 XML_ACCOUNT_ENTITY_EXPANSION); 5754 } else 5755 #endif /* XML_DTD */ 5756 result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding, 5757 textStart, textEnd, &next, XML_FALSE, 5758 XML_ACCOUNT_ENTITY_EXPANSION); 5759 5760 if (result == XML_ERROR_NONE) { 5761 if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { 5762 entity->processed = (int)(next - textStart); 5763 parser->m_processor = internalEntityProcessor; 5764 } else { 5765 #ifdef XML_DTD 5766 entityTrackingOnClose(parser, entity, __LINE__); 5767 #endif /* XML_DTD */ 5768 entity->open = XML_FALSE; 5769 parser->m_openInternalEntities = openEntity->next; 5770 /* put openEntity back in list of free instances */ 5771 openEntity->next = parser->m_freeInternalEntities; 5772 parser->m_freeInternalEntities = openEntity; 5773 } 5774 } 5775 return result; 5776 } 5777 5778 static enum XML_Error PTRCALL 5779 internalEntityProcessor(XML_Parser parser, const char *s, const char *end, 5780 const char **nextPtr) { 5781 ENTITY *entity; 5782 const char *textStart, *textEnd; 5783 const char *next; 5784 enum XML_Error result; 5785 OPEN_INTERNAL_ENTITY *openEntity = parser->m_openInternalEntities; 5786 if (! openEntity) 5787 return XML_ERROR_UNEXPECTED_STATE; 5788 5789 entity = openEntity->entity; 5790 textStart = ((const char *)entity->textPtr) + entity->processed; 5791 textEnd = (const char *)(entity->textPtr + entity->textLen); 5792 /* Set a safe default value in case 'next' does not get set */ 5793 next = textStart; 5794 5795 #ifdef XML_DTD 5796 if (entity->is_param) { 5797 int tok 5798 = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); 5799 result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, 5800 tok, next, &next, XML_FALSE, XML_TRUE, 5801 XML_ACCOUNT_ENTITY_EXPANSION); 5802 } else 5803 #endif /* XML_DTD */ 5804 result = doContent(parser, openEntity->startTagLevel, 5805 parser->m_internalEncoding, textStart, textEnd, &next, 5806 XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION); 5807 5808 if (result != XML_ERROR_NONE) 5809 return result; 5810 5811 if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { 5812 entity->processed = (int)(next - (const char *)entity->textPtr); 5813 return result; 5814 } 5815 5816 #ifdef XML_DTD 5817 entityTrackingOnClose(parser, entity, __LINE__); 5818 #endif 5819 entity->open = XML_FALSE; 5820 parser->m_openInternalEntities = openEntity->next; 5821 /* put openEntity back in list of free instances */ 5822 openEntity->next = parser->m_freeInternalEntities; 5823 parser->m_freeInternalEntities = openEntity; 5824 5825 // If there are more open entities we want to stop right here and have the 5826 // upcoming call to XML_ResumeParser continue with entity content, or it would 5827 // be ignored altogether. 5828 if (parser->m_openInternalEntities != NULL 5829 && parser->m_parsingStatus.parsing == XML_SUSPENDED) { 5830 return XML_ERROR_NONE; 5831 } 5832 5833 #ifdef XML_DTD 5834 if (entity->is_param) { 5835 int tok; 5836 parser->m_processor = prologProcessor; 5837 tok = XmlPrologTok(parser->m_encoding, s, end, &next); 5838 return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, 5839 (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE, 5840 XML_ACCOUNT_DIRECT); 5841 } else 5842 #endif /* XML_DTD */ 5843 { 5844 parser->m_processor = contentProcessor; 5845 /* see externalEntityContentProcessor vs contentProcessor */ 5846 result = doContent(parser, parser->m_parentParser ? 1 : 0, 5847 parser->m_encoding, s, end, nextPtr, 5848 (XML_Bool)! parser->m_parsingStatus.finalBuffer, 5849 XML_ACCOUNT_DIRECT); 5850 if (result == XML_ERROR_NONE) { 5851 if (! storeRawNames(parser)) 5852 return XML_ERROR_NO_MEMORY; 5853 } 5854 return result; 5855 } 5856 } 5857 5858 static enum XML_Error PTRCALL 5859 errorProcessor(XML_Parser parser, const char *s, const char *end, 5860 const char **nextPtr) { 5861 UNUSED_P(s); 5862 UNUSED_P(end); 5863 UNUSED_P(nextPtr); 5864 return parser->m_errorCode; 5865 } 5866 5867 static enum XML_Error 5868 storeAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, 5869 const char *ptr, const char *end, STRING_POOL *pool, 5870 enum XML_Account account) { 5871 enum XML_Error result 5872 = appendAttributeValue(parser, enc, isCdata, ptr, end, pool, account); 5873 if (result) 5874 return result; 5875 if (! isCdata && poolLength(pool) && poolLastChar(pool) == 0x20) 5876 poolChop(pool); 5877 if (! poolAppendChar(pool, XML_T('\0'))) 5878 return XML_ERROR_NO_MEMORY; 5879 return XML_ERROR_NONE; 5880 } 5881 5882 static enum XML_Error 5883 appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, 5884 const char *ptr, const char *end, STRING_POOL *pool, 5885 enum XML_Account account) { 5886 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 5887 #ifndef XML_DTD 5888 UNUSED_P(account); 5889 #endif 5890 5891 for (;;) { 5892 const char *next 5893 = ptr; /* XmlAttributeValueTok doesn't always set the last arg */ 5894 int tok = XmlAttributeValueTok(enc, ptr, end, &next); 5895 #ifdef XML_DTD 5896 if (! accountingDiffTolerated(parser, tok, ptr, next, __LINE__, account)) { 5897 accountingOnAbort(parser); 5898 return XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 5899 } 5900 #endif 5901 switch (tok) { 5902 case XML_TOK_NONE: 5903 return XML_ERROR_NONE; 5904 case XML_TOK_INVALID: 5905 if (enc == parser->m_encoding) 5906 parser->m_eventPtr = next; 5907 return XML_ERROR_INVALID_TOKEN; 5908 case XML_TOK_PARTIAL: 5909 if (enc == parser->m_encoding) 5910 parser->m_eventPtr = ptr; 5911 return XML_ERROR_INVALID_TOKEN; 5912 case XML_TOK_CHAR_REF: { 5913 XML_Char buf[XML_ENCODE_MAX]; 5914 int i; 5915 int n = XmlCharRefNumber(enc, ptr); 5916 if (n < 0) { 5917 if (enc == parser->m_encoding) 5918 parser->m_eventPtr = ptr; 5919 return XML_ERROR_BAD_CHAR_REF; 5920 } 5921 if (! isCdata && n == 0x20 /* space */ 5922 && (poolLength(pool) == 0 || poolLastChar(pool) == 0x20)) 5923 break; 5924 n = XmlEncode(n, (ICHAR *)buf); 5925 /* The XmlEncode() functions can never return 0 here. That 5926 * error return happens if the code point passed in is either 5927 * negative or greater than or equal to 0x110000. The 5928 * XmlCharRefNumber() functions will all return a number 5929 * strictly less than 0x110000 or a negative value if an error 5930 * occurred. The negative value is intercepted above, so 5931 * XmlEncode() is never passed a value it might return an 5932 * error for. 5933 */ 5934 for (i = 0; i < n; i++) { 5935 if (! poolAppendChar(pool, buf[i])) 5936 return XML_ERROR_NO_MEMORY; 5937 } 5938 } break; 5939 case XML_TOK_DATA_CHARS: 5940 if (! poolAppend(pool, enc, ptr, next)) 5941 return XML_ERROR_NO_MEMORY; 5942 break; 5943 case XML_TOK_TRAILING_CR: 5944 next = ptr + enc->minBytesPerChar; 5945 /* fall through */ 5946 case XML_TOK_ATTRIBUTE_VALUE_S: 5947 case XML_TOK_DATA_NEWLINE: 5948 if (! isCdata && (poolLength(pool) == 0 || poolLastChar(pool) == 0x20)) 5949 break; 5950 if (! poolAppendChar(pool, 0x20)) 5951 return XML_ERROR_NO_MEMORY; 5952 break; 5953 case XML_TOK_ENTITY_REF: { 5954 const XML_Char *name; 5955 ENTITY *entity; 5956 char checkEntityDecl; 5957 XML_Char ch = (XML_Char)XmlPredefinedEntityName( 5958 enc, ptr + enc->minBytesPerChar, next - enc->minBytesPerChar); 5959 if (ch) { 5960 #ifdef XML_DTD 5961 /* NOTE: We are replacing 4-6 characters original input for 1 character 5962 * so there is no amplification and hence recording without 5963 * protection. */ 5964 accountingDiffTolerated(parser, tok, (char *)&ch, 5965 ((char *)&ch) + sizeof(XML_Char), __LINE__, 5966 XML_ACCOUNT_ENTITY_EXPANSION); 5967 #endif /* XML_DTD */ 5968 if (! poolAppendChar(pool, ch)) 5969 return XML_ERROR_NO_MEMORY; 5970 break; 5971 } 5972 name = poolStoreString(&parser->m_temp2Pool, enc, 5973 ptr + enc->minBytesPerChar, 5974 next - enc->minBytesPerChar); 5975 if (! name) 5976 return XML_ERROR_NO_MEMORY; 5977 entity = (ENTITY *)lookup(parser, &dtd->generalEntities, name, 0); 5978 poolDiscard(&parser->m_temp2Pool); 5979 /* First, determine if a check for an existing declaration is needed; 5980 if yes, check that the entity exists, and that it is internal. 5981 */ 5982 if (pool == &dtd->pool) /* are we called from prolog? */ 5983 checkEntityDecl = 5984 #ifdef XML_DTD 5985 parser->m_prologState.documentEntity && 5986 #endif /* XML_DTD */ 5987 (dtd->standalone ? ! parser->m_openInternalEntities 5988 : ! dtd->hasParamEntityRefs); 5989 else /* if (pool == &parser->m_tempPool): we are called from content */ 5990 checkEntityDecl = ! dtd->hasParamEntityRefs || dtd->standalone; 5991 if (checkEntityDecl) { 5992 if (! entity) 5993 return XML_ERROR_UNDEFINED_ENTITY; 5994 else if (! entity->is_internal) 5995 return XML_ERROR_ENTITY_DECLARED_IN_PE; 5996 } else if (! entity) { 5997 /* Cannot report skipped entity here - see comments on 5998 parser->m_skippedEntityHandler. 5999 if (parser->m_skippedEntityHandler) 6000 parser->m_skippedEntityHandler(parser->m_handlerArg, name, 0); 6001 */ 6002 /* Cannot call the default handler because this would be 6003 out of sync with the call to the startElementHandler. 6004 if ((pool == &parser->m_tempPool) && parser->m_defaultHandler) 6005 reportDefault(parser, enc, ptr, next); 6006 */ 6007 break; 6008 } 6009 if (entity->open) { 6010 if (enc == parser->m_encoding) { 6011 /* It does not appear that this line can be executed. 6012 * 6013 * The "if (entity->open)" check catches recursive entity 6014 * definitions. In order to be called with an open 6015 * entity, it must have gone through this code before and 6016 * been through the recursive call to 6017 * appendAttributeValue() some lines below. That call 6018 * sets the local encoding ("enc") to the parser's 6019 * internal encoding (internal_utf8 or internal_utf16), 6020 * which can never be the same as the principle encoding. 6021 * It doesn't appear there is another code path that gets 6022 * here with entity->open being TRUE. 6023 * 6024 * Since it is not certain that this logic is watertight, 6025 * we keep the line and merely exclude it from coverage 6026 * tests. 6027 */ 6028 parser->m_eventPtr = ptr; /* LCOV_EXCL_LINE */ 6029 } 6030 return XML_ERROR_RECURSIVE_ENTITY_REF; 6031 } 6032 if (entity->notation) { 6033 if (enc == parser->m_encoding) 6034 parser->m_eventPtr = ptr; 6035 return XML_ERROR_BINARY_ENTITY_REF; 6036 } 6037 if (! entity->textPtr) { 6038 if (enc == parser->m_encoding) 6039 parser->m_eventPtr = ptr; 6040 return XML_ERROR_ATTRIBUTE_EXTERNAL_ENTITY_REF; 6041 } else { 6042 enum XML_Error result; 6043 const XML_Char *textEnd = entity->textPtr + entity->textLen; 6044 entity->open = XML_TRUE; 6045 #ifdef XML_DTD 6046 entityTrackingOnOpen(parser, entity, __LINE__); 6047 #endif 6048 result = appendAttributeValue(parser, parser->m_internalEncoding, 6049 isCdata, (const char *)entity->textPtr, 6050 (const char *)textEnd, pool, 6051 XML_ACCOUNT_ENTITY_EXPANSION); 6052 #ifdef XML_DTD 6053 entityTrackingOnClose(parser, entity, __LINE__); 6054 #endif 6055 entity->open = XML_FALSE; 6056 if (result) 6057 return result; 6058 } 6059 } break; 6060 default: 6061 /* The only token returned by XmlAttributeValueTok() that does 6062 * not have an explicit case here is XML_TOK_PARTIAL_CHAR. 6063 * Getting that would require an entity name to contain an 6064 * incomplete XML character (e.g. \xE2\x82); however previous 6065 * tokenisers will have already recognised and rejected such 6066 * names before XmlAttributeValueTok() gets a look-in. This 6067 * default case should be retained as a safety net, but the code 6068 * excluded from coverage tests. 6069 * 6070 * LCOV_EXCL_START 6071 */ 6072 if (enc == parser->m_encoding) 6073 parser->m_eventPtr = ptr; 6074 return XML_ERROR_UNEXPECTED_STATE; 6075 /* LCOV_EXCL_STOP */ 6076 } 6077 ptr = next; 6078 } 6079 /* not reached */ 6080 } 6081 6082 static enum XML_Error 6083 storeEntityValue(XML_Parser parser, const ENCODING *enc, 6084 const char *entityTextPtr, const char *entityTextEnd, 6085 enum XML_Account account) { 6086 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 6087 STRING_POOL *pool = &(dtd->entityValuePool); 6088 enum XML_Error result = XML_ERROR_NONE; 6089 #ifdef XML_DTD 6090 int oldInEntityValue = parser->m_prologState.inEntityValue; 6091 parser->m_prologState.inEntityValue = 1; 6092 #else 6093 UNUSED_P(account); 6094 #endif /* XML_DTD */ 6095 /* never return Null for the value argument in EntityDeclHandler, 6096 since this would indicate an external entity; therefore we 6097 have to make sure that entityValuePool.start is not null */ 6098 if (! pool->blocks) { 6099 if (! poolGrow(pool)) 6100 return XML_ERROR_NO_MEMORY; 6101 } 6102 6103 for (;;) { 6104 const char *next 6105 = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */ 6106 int tok = XmlEntityValueTok(enc, entityTextPtr, entityTextEnd, &next); 6107 6108 #ifdef XML_DTD 6109 if (! accountingDiffTolerated(parser, tok, entityTextPtr, next, __LINE__, 6110 account)) { 6111 accountingOnAbort(parser); 6112 result = XML_ERROR_AMPLIFICATION_LIMIT_BREACH; 6113 goto endEntityValue; 6114 } 6115 #endif 6116 6117 switch (tok) { 6118 case XML_TOK_PARAM_ENTITY_REF: 6119 #ifdef XML_DTD 6120 if (parser->m_isParamEntity || enc != parser->m_encoding) { 6121 const XML_Char *name; 6122 ENTITY *entity; 6123 name = poolStoreString(&parser->m_tempPool, enc, 6124 entityTextPtr + enc->minBytesPerChar, 6125 next - enc->minBytesPerChar); 6126 if (! name) { 6127 result = XML_ERROR_NO_MEMORY; 6128 goto endEntityValue; 6129 } 6130 entity = (ENTITY *)lookup(parser, &dtd->paramEntities, name, 0); 6131 poolDiscard(&parser->m_tempPool); 6132 if (! entity) { 6133 /* not a well-formedness error - see XML 1.0: WFC Entity Declared */ 6134 /* cannot report skipped entity here - see comments on 6135 parser->m_skippedEntityHandler 6136 if (parser->m_skippedEntityHandler) 6137 parser->m_skippedEntityHandler(parser->m_handlerArg, name, 0); 6138 */ 6139 dtd->keepProcessing = dtd->standalone; 6140 goto endEntityValue; 6141 } 6142 if (entity->open) { 6143 if (enc == parser->m_encoding) 6144 parser->m_eventPtr = entityTextPtr; 6145 result = XML_ERROR_RECURSIVE_ENTITY_REF; 6146 goto endEntityValue; 6147 } 6148 if (entity->systemId) { 6149 if (parser->m_externalEntityRefHandler) { 6150 dtd->paramEntityRead = XML_FALSE; 6151 entity->open = XML_TRUE; 6152 entityTrackingOnOpen(parser, entity, __LINE__); 6153 if (! parser->m_externalEntityRefHandler( 6154 parser->m_externalEntityRefHandlerArg, 0, entity->base, 6155 entity->systemId, entity->publicId)) { 6156 entityTrackingOnClose(parser, entity, __LINE__); 6157 entity->open = XML_FALSE; 6158 result = XML_ERROR_EXTERNAL_ENTITY_HANDLING; 6159 goto endEntityValue; 6160 } 6161 entityTrackingOnClose(parser, entity, __LINE__); 6162 entity->open = XML_FALSE; 6163 if (! dtd->paramEntityRead) 6164 dtd->keepProcessing = dtd->standalone; 6165 } else 6166 dtd->keepProcessing = dtd->standalone; 6167 } else { 6168 entity->open = XML_TRUE; 6169 entityTrackingOnOpen(parser, entity, __LINE__); 6170 result = storeEntityValue( 6171 parser, parser->m_internalEncoding, (const char *)entity->textPtr, 6172 (const char *)(entity->textPtr + entity->textLen), 6173 XML_ACCOUNT_ENTITY_EXPANSION); 6174 entityTrackingOnClose(parser, entity, __LINE__); 6175 entity->open = XML_FALSE; 6176 if (result) 6177 goto endEntityValue; 6178 } 6179 break; 6180 } 6181 #endif /* XML_DTD */ 6182 /* In the internal subset, PE references are not legal 6183 within markup declarations, e.g entity values in this case. */ 6184 parser->m_eventPtr = entityTextPtr; 6185 result = XML_ERROR_PARAM_ENTITY_REF; 6186 goto endEntityValue; 6187 case XML_TOK_NONE: 6188 result = XML_ERROR_NONE; 6189 goto endEntityValue; 6190 case XML_TOK_ENTITY_REF: 6191 case XML_TOK_DATA_CHARS: 6192 if (! poolAppend(pool, enc, entityTextPtr, next)) { 6193 result = XML_ERROR_NO_MEMORY; 6194 goto endEntityValue; 6195 } 6196 break; 6197 case XML_TOK_TRAILING_CR: 6198 next = entityTextPtr + enc->minBytesPerChar; 6199 /* fall through */ 6200 case XML_TOK_DATA_NEWLINE: 6201 if (pool->end == pool->ptr && ! poolGrow(pool)) { 6202 result = XML_ERROR_NO_MEMORY; 6203 goto endEntityValue; 6204 } 6205 *(pool->ptr)++ = 0xA; 6206 break; 6207 case XML_TOK_CHAR_REF: { 6208 XML_Char buf[XML_ENCODE_MAX]; 6209 int i; 6210 int n = XmlCharRefNumber(enc, entityTextPtr); 6211 if (n < 0) { 6212 if (enc == parser->m_encoding) 6213 parser->m_eventPtr = entityTextPtr; 6214 result = XML_ERROR_BAD_CHAR_REF; 6215 goto endEntityValue; 6216 } 6217 n = XmlEncode(n, (ICHAR *)buf); 6218 /* The XmlEncode() functions can never return 0 here. That 6219 * error return happens if the code point passed in is either 6220 * negative or greater than or equal to 0x110000. The 6221 * XmlCharRefNumber() functions will all return a number 6222 * strictly less than 0x110000 or a negative value if an error 6223 * occurred. The negative value is intercepted above, so 6224 * XmlEncode() is never passed a value it might return an 6225 * error for. 6226 */ 6227 for (i = 0; i < n; i++) { 6228 if (pool->end == pool->ptr && ! poolGrow(pool)) { 6229 result = XML_ERROR_NO_MEMORY; 6230 goto endEntityValue; 6231 } 6232 *(pool->ptr)++ = buf[i]; 6233 } 6234 } break; 6235 case XML_TOK_PARTIAL: 6236 if (enc == parser->m_encoding) 6237 parser->m_eventPtr = entityTextPtr; 6238 result = XML_ERROR_INVALID_TOKEN; 6239 goto endEntityValue; 6240 case XML_TOK_INVALID: 6241 if (enc == parser->m_encoding) 6242 parser->m_eventPtr = next; 6243 result = XML_ERROR_INVALID_TOKEN; 6244 goto endEntityValue; 6245 default: 6246 /* This default case should be unnecessary -- all the tokens 6247 * that XmlEntityValueTok() can return have their own explicit 6248 * cases -- but should be retained for safety. We do however 6249 * exclude it from the coverage statistics. 6250 * 6251 * LCOV_EXCL_START 6252 */ 6253 if (enc == parser->m_encoding) 6254 parser->m_eventPtr = entityTextPtr; 6255 result = XML_ERROR_UNEXPECTED_STATE; 6256 goto endEntityValue; 6257 /* LCOV_EXCL_STOP */ 6258 } 6259 entityTextPtr = next; 6260 } 6261 endEntityValue: 6262 #ifdef XML_DTD 6263 parser->m_prologState.inEntityValue = oldInEntityValue; 6264 #endif /* XML_DTD */ 6265 return result; 6266 } 6267 6268 static void FASTCALL 6269 normalizeLines(XML_Char *s) { 6270 XML_Char *p; 6271 for (;; s++) { 6272 if (*s == XML_T('\0')) 6273 return; 6274 if (*s == 0xD) 6275 break; 6276 } 6277 p = s; 6278 do { 6279 if (*s == 0xD) { 6280 *p++ = 0xA; 6281 if (*++s == 0xA) 6282 s++; 6283 } else 6284 *p++ = *s++; 6285 } while (*s); 6286 *p = XML_T('\0'); 6287 } 6288 6289 static int 6290 reportProcessingInstruction(XML_Parser parser, const ENCODING *enc, 6291 const char *start, const char *end) { 6292 const XML_Char *target; 6293 XML_Char *data; 6294 const char *tem; 6295 if (! parser->m_processingInstructionHandler) { 6296 if (parser->m_defaultHandler) 6297 reportDefault(parser, enc, start, end); 6298 return 1; 6299 } 6300 start += enc->minBytesPerChar * 2; 6301 tem = start + XmlNameLength(enc, start); 6302 target = poolStoreString(&parser->m_tempPool, enc, start, tem); 6303 if (! target) 6304 return 0; 6305 poolFinish(&parser->m_tempPool); 6306 data = poolStoreString(&parser->m_tempPool, enc, XmlSkipS(enc, tem), 6307 end - enc->minBytesPerChar * 2); 6308 if (! data) 6309 return 0; 6310 normalizeLines(data); 6311 parser->m_processingInstructionHandler(parser->m_handlerArg, target, data); 6312 poolClear(&parser->m_tempPool); 6313 return 1; 6314 } 6315 6316 static int 6317 reportComment(XML_Parser parser, const ENCODING *enc, const char *start, 6318 const char *end) { 6319 XML_Char *data; 6320 if (! parser->m_commentHandler) { 6321 if (parser->m_defaultHandler) 6322 reportDefault(parser, enc, start, end); 6323 return 1; 6324 } 6325 data = poolStoreString(&parser->m_tempPool, enc, 6326 start + enc->minBytesPerChar * 4, 6327 end - enc->minBytesPerChar * 3); 6328 if (! data) 6329 return 0; 6330 normalizeLines(data); 6331 parser->m_commentHandler(parser->m_handlerArg, data); 6332 poolClear(&parser->m_tempPool); 6333 return 1; 6334 } 6335 6336 static void 6337 reportDefault(XML_Parser parser, const ENCODING *enc, const char *s, 6338 const char *end) { 6339 if (MUST_CONVERT(enc, s)) { 6340 enum XML_Convert_Result convert_res; 6341 const char **eventPP; 6342 const char **eventEndPP; 6343 if (enc == parser->m_encoding) { 6344 eventPP = &parser->m_eventPtr; 6345 eventEndPP = &parser->m_eventEndPtr; 6346 } else { 6347 /* To get here, two things must be true; the parser must be 6348 * using a character encoding that is not the same as the 6349 * encoding passed in, and the encoding passed in must need 6350 * conversion to the internal format (UTF-8 unless XML_UNICODE 6351 * is defined). The only occasions on which the encoding passed 6352 * in is not the same as the parser's encoding are when it is 6353 * the internal encoding (e.g. a previously defined parameter 6354 * entity, already converted to internal format). This by 6355 * definition doesn't need conversion, so the whole branch never 6356 * gets executed. 6357 * 6358 * For safety's sake we don't delete these lines and merely 6359 * exclude them from coverage statistics. 6360 * 6361 * LCOV_EXCL_START 6362 */ 6363 eventPP = &(parser->m_openInternalEntities->internalEventPtr); 6364 eventEndPP = &(parser->m_openInternalEntities->internalEventEndPtr); 6365 /* LCOV_EXCL_STOP */ 6366 } 6367 do { 6368 ICHAR *dataPtr = (ICHAR *)parser->m_dataBuf; 6369 convert_res 6370 = XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)parser->m_dataBufEnd); 6371 *eventEndPP = s; 6372 parser->m_defaultHandler(parser->m_handlerArg, parser->m_dataBuf, 6373 (int)(dataPtr - (ICHAR *)parser->m_dataBuf)); 6374 *eventPP = s; 6375 } while ((convert_res != XML_CONVERT_COMPLETED) 6376 && (convert_res != XML_CONVERT_INPUT_INCOMPLETE)); 6377 } else 6378 parser->m_defaultHandler(parser->m_handlerArg, (XML_Char *)s, 6379 (int)((XML_Char *)end - (XML_Char *)s)); 6380 } 6381 6382 static int 6383 defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata, 6384 XML_Bool isId, const XML_Char *value, XML_Parser parser) { 6385 DEFAULT_ATTRIBUTE *att; 6386 if (value || isId) { 6387 /* The handling of default attributes gets messed up if we have 6388 a default which duplicates a non-default. */ 6389 int i; 6390 for (i = 0; i < type->nDefaultAtts; i++) 6391 if (attId == type->defaultAtts[i].id) 6392 return 1; 6393 if (isId && ! type->idAtt && ! attId->xmlns) 6394 type->idAtt = attId; 6395 } 6396 if (type->nDefaultAtts == type->allocDefaultAtts) { 6397 if (type->allocDefaultAtts == 0) { 6398 type->allocDefaultAtts = 8; 6399 type->defaultAtts = (DEFAULT_ATTRIBUTE *)MALLOC( 6400 parser, type->allocDefaultAtts * sizeof(DEFAULT_ATTRIBUTE)); 6401 if (! type->defaultAtts) { 6402 type->allocDefaultAtts = 0; 6403 return 0; 6404 } 6405 } else { 6406 DEFAULT_ATTRIBUTE *temp; 6407 6408 /* Detect and prevent integer overflow */ 6409 if (type->allocDefaultAtts > INT_MAX / 2) { 6410 return 0; 6411 } 6412 6413 int count = type->allocDefaultAtts * 2; 6414 6415 /* Detect and prevent integer overflow. 6416 * The preprocessor guard addresses the "always false" warning 6417 * from -Wtype-limits on platforms where 6418 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 6419 #if UINT_MAX >= SIZE_MAX 6420 if ((unsigned)count > (size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE)) { 6421 return 0; 6422 } 6423 #endif 6424 6425 temp = (DEFAULT_ATTRIBUTE *)REALLOC(parser, type->defaultAtts, 6426 (count * sizeof(DEFAULT_ATTRIBUTE))); 6427 if (temp == NULL) 6428 return 0; 6429 type->allocDefaultAtts = count; 6430 type->defaultAtts = temp; 6431 } 6432 } 6433 att = type->defaultAtts + type->nDefaultAtts; 6434 att->id = attId; 6435 att->value = value; 6436 att->isCdata = isCdata; 6437 if (! isCdata) 6438 attId->maybeTokenized = XML_TRUE; 6439 type->nDefaultAtts += 1; 6440 return 1; 6441 } 6442 6443 static int 6444 setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType) { 6445 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 6446 const XML_Char *name; 6447 for (name = elementType->name; *name; name++) { 6448 if (*name == XML_T(ASCII_COLON)) { 6449 PREFIX *prefix; 6450 const XML_Char *s; 6451 for (s = elementType->name; s != name; s++) { 6452 if (! poolAppendChar(&dtd->pool, *s)) 6453 return 0; 6454 } 6455 if (! poolAppendChar(&dtd->pool, XML_T('\0'))) 6456 return 0; 6457 prefix = (PREFIX *)lookup(parser, &dtd->prefixes, poolStart(&dtd->pool), 6458 sizeof(PREFIX)); 6459 if (! prefix) 6460 return 0; 6461 if (prefix->name == poolStart(&dtd->pool)) 6462 poolFinish(&dtd->pool); 6463 else 6464 poolDiscard(&dtd->pool); 6465 elementType->prefix = prefix; 6466 break; 6467 } 6468 } 6469 return 1; 6470 } 6471 6472 static ATTRIBUTE_ID * 6473 getAttributeId(XML_Parser parser, const ENCODING *enc, const char *start, 6474 const char *end) { 6475 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 6476 ATTRIBUTE_ID *id; 6477 const XML_Char *name; 6478 if (! poolAppendChar(&dtd->pool, XML_T('\0'))) 6479 return NULL; 6480 name = poolStoreString(&dtd->pool, enc, start, end); 6481 if (! name) 6482 return NULL; 6483 /* skip quotation mark - its storage will be re-used (like in name[-1]) */ 6484 ++name; 6485 id = (ATTRIBUTE_ID *)lookup(parser, &dtd->attributeIds, name, 6486 sizeof(ATTRIBUTE_ID)); 6487 if (! id) 6488 return NULL; 6489 if (id->name != name) 6490 poolDiscard(&dtd->pool); 6491 else { 6492 poolFinish(&dtd->pool); 6493 if (! parser->m_ns) 6494 ; 6495 else if (name[0] == XML_T(ASCII_x) && name[1] == XML_T(ASCII_m) 6496 && name[2] == XML_T(ASCII_l) && name[3] == XML_T(ASCII_n) 6497 && name[4] == XML_T(ASCII_s) 6498 && (name[5] == XML_T('\0') || name[5] == XML_T(ASCII_COLON))) { 6499 if (name[5] == XML_T('\0')) 6500 id->prefix = &dtd->defaultPrefix; 6501 else 6502 id->prefix = (PREFIX *)lookup(parser, &dtd->prefixes, name + 6, 6503 sizeof(PREFIX)); 6504 id->xmlns = XML_TRUE; 6505 } else { 6506 int i; 6507 for (i = 0; name[i]; i++) { 6508 /* attributes without prefix are *not* in the default namespace */ 6509 if (name[i] == XML_T(ASCII_COLON)) { 6510 int j; 6511 for (j = 0; j < i; j++) { 6512 if (! poolAppendChar(&dtd->pool, name[j])) 6513 return NULL; 6514 } 6515 if (! poolAppendChar(&dtd->pool, XML_T('\0'))) 6516 return NULL; 6517 id->prefix = (PREFIX *)lookup(parser, &dtd->prefixes, 6518 poolStart(&dtd->pool), sizeof(PREFIX)); 6519 if (! id->prefix) 6520 return NULL; 6521 if (id->prefix->name == poolStart(&dtd->pool)) 6522 poolFinish(&dtd->pool); 6523 else 6524 poolDiscard(&dtd->pool); 6525 break; 6526 } 6527 } 6528 } 6529 } 6530 return id; 6531 } 6532 6533 #define CONTEXT_SEP XML_T(ASCII_FF) 6534 6535 static const XML_Char * 6536 getContext(XML_Parser parser) { 6537 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 6538 HASH_TABLE_ITER iter; 6539 XML_Bool needSep = XML_FALSE; 6540 6541 if (dtd->defaultPrefix.binding) { 6542 int i; 6543 int len; 6544 if (! poolAppendChar(&parser->m_tempPool, XML_T(ASCII_EQUALS))) 6545 return NULL; 6546 len = dtd->defaultPrefix.binding->uriLen; 6547 if (parser->m_namespaceSeparator) 6548 len--; 6549 for (i = 0; i < len; i++) { 6550 if (! poolAppendChar(&parser->m_tempPool, 6551 dtd->defaultPrefix.binding->uri[i])) { 6552 /* Because of memory caching, I don't believe this line can be 6553 * executed. 6554 * 6555 * This is part of a loop copying the default prefix binding 6556 * URI into the parser's temporary string pool. Previously, 6557 * that URI was copied into the same string pool, with a 6558 * terminating NUL character, as part of setContext(). When 6559 * the pool was cleared, that leaves a block definitely big 6560 * enough to hold the URI on the free block list of the pool. 6561 * The URI copy in getContext() therefore cannot run out of 6562 * memory. 6563 * 6564 * If the pool is used between the setContext() and 6565 * getContext() calls, the worst it can do is leave a bigger 6566 * block on the front of the free list. Given that this is 6567 * all somewhat inobvious and program logic can be changed, we 6568 * don't delete the line but we do exclude it from the test 6569 * coverage statistics. 6570 */ 6571 return NULL; /* LCOV_EXCL_LINE */ 6572 } 6573 } 6574 needSep = XML_TRUE; 6575 } 6576 6577 hashTableIterInit(&iter, &(dtd->prefixes)); 6578 for (;;) { 6579 int i; 6580 int len; 6581 const XML_Char *s; 6582 PREFIX *prefix = (PREFIX *)hashTableIterNext(&iter); 6583 if (! prefix) 6584 break; 6585 if (! prefix->binding) { 6586 /* This test appears to be (justifiable) paranoia. There does 6587 * not seem to be a way of injecting a prefix without a binding 6588 * that doesn't get errored long before this function is called. 6589 * The test should remain for safety's sake, so we instead 6590 * exclude the following line from the coverage statistics. 6591 */ 6592 continue; /* LCOV_EXCL_LINE */ 6593 } 6594 if (needSep && ! poolAppendChar(&parser->m_tempPool, CONTEXT_SEP)) 6595 return NULL; 6596 for (s = prefix->name; *s; s++) 6597 if (! poolAppendChar(&parser->m_tempPool, *s)) 6598 return NULL; 6599 if (! poolAppendChar(&parser->m_tempPool, XML_T(ASCII_EQUALS))) 6600 return NULL; 6601 len = prefix->binding->uriLen; 6602 if (parser->m_namespaceSeparator) 6603 len--; 6604 for (i = 0; i < len; i++) 6605 if (! poolAppendChar(&parser->m_tempPool, prefix->binding->uri[i])) 6606 return NULL; 6607 needSep = XML_TRUE; 6608 } 6609 6610 hashTableIterInit(&iter, &(dtd->generalEntities)); 6611 for (;;) { 6612 const XML_Char *s; 6613 ENTITY *e = (ENTITY *)hashTableIterNext(&iter); 6614 if (! e) 6615 break; 6616 if (! e->open) 6617 continue; 6618 if (needSep && ! poolAppendChar(&parser->m_tempPool, CONTEXT_SEP)) 6619 return NULL; 6620 for (s = e->name; *s; s++) 6621 if (! poolAppendChar(&parser->m_tempPool, *s)) 6622 return 0; 6623 needSep = XML_TRUE; 6624 } 6625 6626 if (! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) 6627 return NULL; 6628 return parser->m_tempPool.start; 6629 } 6630 6631 static XML_Bool 6632 setContext(XML_Parser parser, const XML_Char *context) { 6633 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 6634 const XML_Char *s = context; 6635 6636 while (*context != XML_T('\0')) { 6637 if (*s == CONTEXT_SEP || *s == XML_T('\0')) { 6638 ENTITY *e; 6639 if (! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) 6640 return XML_FALSE; 6641 e = (ENTITY *)lookup(parser, &dtd->generalEntities, 6642 poolStart(&parser->m_tempPool), 0); 6643 if (e) 6644 e->open = XML_TRUE; 6645 if (*s != XML_T('\0')) 6646 s++; 6647 context = s; 6648 poolDiscard(&parser->m_tempPool); 6649 } else if (*s == XML_T(ASCII_EQUALS)) { 6650 PREFIX *prefix; 6651 if (poolLength(&parser->m_tempPool) == 0) 6652 prefix = &dtd->defaultPrefix; 6653 else { 6654 if (! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) 6655 return XML_FALSE; 6656 prefix 6657 = (PREFIX *)lookup(parser, &dtd->prefixes, 6658 poolStart(&parser->m_tempPool), sizeof(PREFIX)); 6659 if (! prefix) 6660 return XML_FALSE; 6661 if (prefix->name == poolStart(&parser->m_tempPool)) { 6662 prefix->name = poolCopyString(&dtd->pool, prefix->name); 6663 if (! prefix->name) 6664 return XML_FALSE; 6665 } 6666 poolDiscard(&parser->m_tempPool); 6667 } 6668 for (context = s + 1; *context != CONTEXT_SEP && *context != XML_T('\0'); 6669 context++) 6670 if (! poolAppendChar(&parser->m_tempPool, *context)) 6671 return XML_FALSE; 6672 if (! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) 6673 return XML_FALSE; 6674 if (addBinding(parser, prefix, NULL, poolStart(&parser->m_tempPool), 6675 &parser->m_inheritedBindings) 6676 != XML_ERROR_NONE) 6677 return XML_FALSE; 6678 poolDiscard(&parser->m_tempPool); 6679 if (*context != XML_T('\0')) 6680 ++context; 6681 s = context; 6682 } else { 6683 if (! poolAppendChar(&parser->m_tempPool, *s)) 6684 return XML_FALSE; 6685 s++; 6686 } 6687 } 6688 return XML_TRUE; 6689 } 6690 6691 static void FASTCALL 6692 normalizePublicId(XML_Char *publicId) { 6693 XML_Char *p = publicId; 6694 XML_Char *s; 6695 for (s = publicId; *s; s++) { 6696 switch (*s) { 6697 case 0x20: 6698 case 0xD: 6699 case 0xA: 6700 if (p != publicId && p[-1] != 0x20) 6701 *p++ = 0x20; 6702 break; 6703 default: 6704 *p++ = *s; 6705 } 6706 } 6707 if (p != publicId && p[-1] == 0x20) 6708 --p; 6709 *p = XML_T('\0'); 6710 } 6711 6712 static DTD * 6713 dtdCreate(const XML_Memory_Handling_Suite *ms) { 6714 DTD *p = ms->malloc_fcn(sizeof(DTD)); 6715 if (p == NULL) 6716 return p; 6717 poolInit(&(p->pool), ms); 6718 poolInit(&(p->entityValuePool), ms); 6719 hashTableInit(&(p->generalEntities), ms); 6720 hashTableInit(&(p->elementTypes), ms); 6721 hashTableInit(&(p->attributeIds), ms); 6722 hashTableInit(&(p->prefixes), ms); 6723 #ifdef XML_DTD 6724 p->paramEntityRead = XML_FALSE; 6725 hashTableInit(&(p->paramEntities), ms); 6726 #endif /* XML_DTD */ 6727 p->defaultPrefix.name = NULL; 6728 p->defaultPrefix.binding = NULL; 6729 6730 p->in_eldecl = XML_FALSE; 6731 p->scaffIndex = NULL; 6732 p->scaffold = NULL; 6733 p->scaffLevel = 0; 6734 p->scaffSize = 0; 6735 p->scaffCount = 0; 6736 p->contentStringLen = 0; 6737 6738 p->keepProcessing = XML_TRUE; 6739 p->hasParamEntityRefs = XML_FALSE; 6740 p->standalone = XML_FALSE; 6741 return p; 6742 } 6743 6744 static void 6745 dtdReset(DTD *p, const XML_Memory_Handling_Suite *ms) { 6746 HASH_TABLE_ITER iter; 6747 hashTableIterInit(&iter, &(p->elementTypes)); 6748 for (;;) { 6749 ELEMENT_TYPE *e = (ELEMENT_TYPE *)hashTableIterNext(&iter); 6750 if (! e) 6751 break; 6752 if (e->allocDefaultAtts != 0) 6753 ms->free_fcn(e->defaultAtts); 6754 } 6755 hashTableClear(&(p->generalEntities)); 6756 #ifdef XML_DTD 6757 p->paramEntityRead = XML_FALSE; 6758 hashTableClear(&(p->paramEntities)); 6759 #endif /* XML_DTD */ 6760 hashTableClear(&(p->elementTypes)); 6761 hashTableClear(&(p->attributeIds)); 6762 hashTableClear(&(p->prefixes)); 6763 poolClear(&(p->pool)); 6764 poolClear(&(p->entityValuePool)); 6765 p->defaultPrefix.name = NULL; 6766 p->defaultPrefix.binding = NULL; 6767 6768 p->in_eldecl = XML_FALSE; 6769 6770 ms->free_fcn(p->scaffIndex); 6771 p->scaffIndex = NULL; 6772 ms->free_fcn(p->scaffold); 6773 p->scaffold = NULL; 6774 6775 p->scaffLevel = 0; 6776 p->scaffSize = 0; 6777 p->scaffCount = 0; 6778 p->contentStringLen = 0; 6779 6780 p->keepProcessing = XML_TRUE; 6781 p->hasParamEntityRefs = XML_FALSE; 6782 p->standalone = XML_FALSE; 6783 } 6784 6785 static void 6786 dtdDestroy(DTD *p, XML_Bool isDocEntity, const XML_Memory_Handling_Suite *ms) { 6787 HASH_TABLE_ITER iter; 6788 hashTableIterInit(&iter, &(p->elementTypes)); 6789 for (;;) { 6790 ELEMENT_TYPE *e = (ELEMENT_TYPE *)hashTableIterNext(&iter); 6791 if (! e) 6792 break; 6793 if (e->allocDefaultAtts != 0) 6794 ms->free_fcn(e->defaultAtts); 6795 } 6796 hashTableDestroy(&(p->generalEntities)); 6797 #ifdef XML_DTD 6798 hashTableDestroy(&(p->paramEntities)); 6799 #endif /* XML_DTD */ 6800 hashTableDestroy(&(p->elementTypes)); 6801 hashTableDestroy(&(p->attributeIds)); 6802 hashTableDestroy(&(p->prefixes)); 6803 poolDestroy(&(p->pool)); 6804 poolDestroy(&(p->entityValuePool)); 6805 if (isDocEntity) { 6806 ms->free_fcn(p->scaffIndex); 6807 ms->free_fcn(p->scaffold); 6808 } 6809 ms->free_fcn(p); 6810 } 6811 6812 /* Do a deep copy of the DTD. Return 0 for out of memory, non-zero otherwise. 6813 The new DTD has already been initialized. 6814 */ 6815 static int 6816 dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd, 6817 const XML_Memory_Handling_Suite *ms) { 6818 HASH_TABLE_ITER iter; 6819 6820 /* Copy the prefix table. */ 6821 6822 hashTableIterInit(&iter, &(oldDtd->prefixes)); 6823 for (;;) { 6824 const XML_Char *name; 6825 const PREFIX *oldP = (PREFIX *)hashTableIterNext(&iter); 6826 if (! oldP) 6827 break; 6828 name = poolCopyString(&(newDtd->pool), oldP->name); 6829 if (! name) 6830 return 0; 6831 if (! lookup(oldParser, &(newDtd->prefixes), name, sizeof(PREFIX))) 6832 return 0; 6833 } 6834 6835 hashTableIterInit(&iter, &(oldDtd->attributeIds)); 6836 6837 /* Copy the attribute id table. */ 6838 6839 for (;;) { 6840 ATTRIBUTE_ID *newA; 6841 const XML_Char *name; 6842 const ATTRIBUTE_ID *oldA = (ATTRIBUTE_ID *)hashTableIterNext(&iter); 6843 6844 if (! oldA) 6845 break; 6846 /* Remember to allocate the scratch byte before the name. */ 6847 if (! poolAppendChar(&(newDtd->pool), XML_T('\0'))) 6848 return 0; 6849 name = poolCopyString(&(newDtd->pool), oldA->name); 6850 if (! name) 6851 return 0; 6852 ++name; 6853 newA = (ATTRIBUTE_ID *)lookup(oldParser, &(newDtd->attributeIds), name, 6854 sizeof(ATTRIBUTE_ID)); 6855 if (! newA) 6856 return 0; 6857 newA->maybeTokenized = oldA->maybeTokenized; 6858 if (oldA->prefix) { 6859 newA->xmlns = oldA->xmlns; 6860 if (oldA->prefix == &oldDtd->defaultPrefix) 6861 newA->prefix = &newDtd->defaultPrefix; 6862 else 6863 newA->prefix = (PREFIX *)lookup(oldParser, &(newDtd->prefixes), 6864 oldA->prefix->name, 0); 6865 } 6866 } 6867 6868 /* Copy the element type table. */ 6869 6870 hashTableIterInit(&iter, &(oldDtd->elementTypes)); 6871 6872 for (;;) { 6873 int i; 6874 ELEMENT_TYPE *newE; 6875 const XML_Char *name; 6876 const ELEMENT_TYPE *oldE = (ELEMENT_TYPE *)hashTableIterNext(&iter); 6877 if (! oldE) 6878 break; 6879 name = poolCopyString(&(newDtd->pool), oldE->name); 6880 if (! name) 6881 return 0; 6882 newE = (ELEMENT_TYPE *)lookup(oldParser, &(newDtd->elementTypes), name, 6883 sizeof(ELEMENT_TYPE)); 6884 if (! newE) 6885 return 0; 6886 if (oldE->nDefaultAtts) { 6887 newE->defaultAtts 6888 = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE)); 6889 if (! newE->defaultAtts) { 6890 return 0; 6891 } 6892 } 6893 if (oldE->idAtt) 6894 newE->idAtt = (ATTRIBUTE_ID *)lookup(oldParser, &(newDtd->attributeIds), 6895 oldE->idAtt->name, 0); 6896 newE->allocDefaultAtts = newE->nDefaultAtts = oldE->nDefaultAtts; 6897 if (oldE->prefix) 6898 newE->prefix = (PREFIX *)lookup(oldParser, &(newDtd->prefixes), 6899 oldE->prefix->name, 0); 6900 for (i = 0; i < newE->nDefaultAtts; i++) { 6901 newE->defaultAtts[i].id = (ATTRIBUTE_ID *)lookup( 6902 oldParser, &(newDtd->attributeIds), oldE->defaultAtts[i].id->name, 0); 6903 newE->defaultAtts[i].isCdata = oldE->defaultAtts[i].isCdata; 6904 if (oldE->defaultAtts[i].value) { 6905 newE->defaultAtts[i].value 6906 = poolCopyString(&(newDtd->pool), oldE->defaultAtts[i].value); 6907 if (! newE->defaultAtts[i].value) 6908 return 0; 6909 } else 6910 newE->defaultAtts[i].value = NULL; 6911 } 6912 } 6913 6914 /* Copy the entity tables. */ 6915 if (! copyEntityTable(oldParser, &(newDtd->generalEntities), &(newDtd->pool), 6916 &(oldDtd->generalEntities))) 6917 return 0; 6918 6919 #ifdef XML_DTD 6920 if (! copyEntityTable(oldParser, &(newDtd->paramEntities), &(newDtd->pool), 6921 &(oldDtd->paramEntities))) 6922 return 0; 6923 newDtd->paramEntityRead = oldDtd->paramEntityRead; 6924 #endif /* XML_DTD */ 6925 6926 newDtd->keepProcessing = oldDtd->keepProcessing; 6927 newDtd->hasParamEntityRefs = oldDtd->hasParamEntityRefs; 6928 newDtd->standalone = oldDtd->standalone; 6929 6930 /* Don't want deep copying for scaffolding */ 6931 newDtd->in_eldecl = oldDtd->in_eldecl; 6932 newDtd->scaffold = oldDtd->scaffold; 6933 newDtd->contentStringLen = oldDtd->contentStringLen; 6934 newDtd->scaffSize = oldDtd->scaffSize; 6935 newDtd->scaffLevel = oldDtd->scaffLevel; 6936 newDtd->scaffIndex = oldDtd->scaffIndex; 6937 6938 return 1; 6939 } /* End dtdCopy */ 6940 6941 static int 6942 copyEntityTable(XML_Parser oldParser, HASH_TABLE *newTable, 6943 STRING_POOL *newPool, const HASH_TABLE *oldTable) { 6944 HASH_TABLE_ITER iter; 6945 const XML_Char *cachedOldBase = NULL; 6946 const XML_Char *cachedNewBase = NULL; 6947 6948 hashTableIterInit(&iter, oldTable); 6949 6950 for (;;) { 6951 ENTITY *newE; 6952 const XML_Char *name; 6953 const ENTITY *oldE = (ENTITY *)hashTableIterNext(&iter); 6954 if (! oldE) 6955 break; 6956 name = poolCopyString(newPool, oldE->name); 6957 if (! name) 6958 return 0; 6959 newE = (ENTITY *)lookup(oldParser, newTable, name, sizeof(ENTITY)); 6960 if (! newE) 6961 return 0; 6962 if (oldE->systemId) { 6963 const XML_Char *tem = poolCopyString(newPool, oldE->systemId); 6964 if (! tem) 6965 return 0; 6966 newE->systemId = tem; 6967 if (oldE->base) { 6968 if (oldE->base == cachedOldBase) 6969 newE->base = cachedNewBase; 6970 else { 6971 cachedOldBase = oldE->base; 6972 tem = poolCopyString(newPool, cachedOldBase); 6973 if (! tem) 6974 return 0; 6975 cachedNewBase = newE->base = tem; 6976 } 6977 } 6978 if (oldE->publicId) { 6979 tem = poolCopyString(newPool, oldE->publicId); 6980 if (! tem) 6981 return 0; 6982 newE->publicId = tem; 6983 } 6984 } else { 6985 const XML_Char *tem 6986 = poolCopyStringN(newPool, oldE->textPtr, oldE->textLen); 6987 if (! tem) 6988 return 0; 6989 newE->textPtr = tem; 6990 newE->textLen = oldE->textLen; 6991 } 6992 if (oldE->notation) { 6993 const XML_Char *tem = poolCopyString(newPool, oldE->notation); 6994 if (! tem) 6995 return 0; 6996 newE->notation = tem; 6997 } 6998 newE->is_param = oldE->is_param; 6999 newE->is_internal = oldE->is_internal; 7000 } 7001 return 1; 7002 } 7003 7004 #define INIT_POWER 6 7005 7006 static XML_Bool FASTCALL 7007 keyeq(KEY s1, KEY s2) { 7008 for (; *s1 == *s2; s1++, s2++) 7009 if (*s1 == 0) 7010 return XML_TRUE; 7011 return XML_FALSE; 7012 } 7013 7014 static size_t 7015 keylen(KEY s) { 7016 size_t len = 0; 7017 for (; *s; s++, len++) 7018 ; 7019 return len; 7020 } 7021 7022 static void 7023 copy_salt_to_sipkey(XML_Parser parser, struct sipkey *key) { 7024 key->k[0] = 0; 7025 key->k[1] = get_hash_secret_salt(parser); 7026 } 7027 7028 static unsigned long FASTCALL 7029 hash(XML_Parser parser, KEY s) { 7030 struct siphash state; 7031 struct sipkey key; 7032 (void)sip24_valid; 7033 copy_salt_to_sipkey(parser, &key); 7034 sip24_init(&state, &key); 7035 sip24_update(&state, s, keylen(s) * sizeof(XML_Char)); 7036 return (unsigned long)sip24_final(&state); 7037 } 7038 7039 static NAMED * 7040 lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) { 7041 size_t i; 7042 if (table->size == 0) { 7043 size_t tsize; 7044 if (! createSize) 7045 return NULL; 7046 table->power = INIT_POWER; 7047 /* table->size is a power of 2 */ 7048 table->size = (size_t)1 << INIT_POWER; 7049 tsize = table->size * sizeof(NAMED *); 7050 table->v = table->mem->malloc_fcn(tsize); 7051 if (! table->v) { 7052 table->size = 0; 7053 return NULL; 7054 } 7055 memset(table->v, 0, tsize); 7056 i = hash(parser, name) & ((unsigned long)table->size - 1); 7057 } else { 7058 unsigned long h = hash(parser, name); 7059 unsigned long mask = (unsigned long)table->size - 1; 7060 unsigned char step = 0; 7061 i = h & mask; 7062 while (table->v[i]) { 7063 if (keyeq(name, table->v[i]->name)) 7064 return table->v[i]; 7065 if (! step) 7066 step = PROBE_STEP(h, mask, table->power); 7067 i < step ? (i += table->size - step) : (i -= step); 7068 } 7069 if (! createSize) 7070 return NULL; 7071 7072 /* check for overflow (table is half full) */ 7073 if (table->used >> (table->power - 1)) { 7074 unsigned char newPower = table->power + 1; 7075 7076 /* Detect and prevent invalid shift */ 7077 if (newPower >= sizeof(unsigned long) * 8 /* bits per byte */) { 7078 return NULL; 7079 } 7080 7081 size_t newSize = (size_t)1 << newPower; 7082 unsigned long newMask = (unsigned long)newSize - 1; 7083 7084 /* Detect and prevent integer overflow */ 7085 if (newSize > (size_t)(-1) / sizeof(NAMED *)) { 7086 return NULL; 7087 } 7088 7089 size_t tsize = newSize * sizeof(NAMED *); 7090 NAMED **newV = table->mem->malloc_fcn(tsize); 7091 if (! newV) 7092 return NULL; 7093 memset(newV, 0, tsize); 7094 for (i = 0; i < table->size; i++) 7095 if (table->v[i]) { 7096 unsigned long newHash = hash(parser, table->v[i]->name); 7097 size_t j = newHash & newMask; 7098 step = 0; 7099 while (newV[j]) { 7100 if (! step) 7101 step = PROBE_STEP(newHash, newMask, newPower); 7102 j < step ? (j += newSize - step) : (j -= step); 7103 } 7104 newV[j] = table->v[i]; 7105 } 7106 table->mem->free_fcn(table->v); 7107 table->v = newV; 7108 table->power = newPower; 7109 table->size = newSize; 7110 i = h & newMask; 7111 step = 0; 7112 while (table->v[i]) { 7113 if (! step) 7114 step = PROBE_STEP(h, newMask, newPower); 7115 i < step ? (i += newSize - step) : (i -= step); 7116 } 7117 } 7118 } 7119 table->v[i] = table->mem->malloc_fcn(createSize); 7120 if (! table->v[i]) 7121 return NULL; 7122 memset(table->v[i], 0, createSize); 7123 table->v[i]->name = name; 7124 (table->used)++; 7125 return table->v[i]; 7126 } 7127 7128 static void FASTCALL 7129 hashTableClear(HASH_TABLE *table) { 7130 size_t i; 7131 for (i = 0; i < table->size; i++) { 7132 table->mem->free_fcn(table->v[i]); 7133 table->v[i] = NULL; 7134 } 7135 table->used = 0; 7136 } 7137 7138 static void FASTCALL 7139 hashTableDestroy(HASH_TABLE *table) { 7140 size_t i; 7141 for (i = 0; i < table->size; i++) 7142 table->mem->free_fcn(table->v[i]); 7143 table->mem->free_fcn(table->v); 7144 } 7145 7146 static void FASTCALL 7147 hashTableInit(HASH_TABLE *p, const XML_Memory_Handling_Suite *ms) { 7148 p->power = 0; 7149 p->size = 0; 7150 p->used = 0; 7151 p->v = NULL; 7152 p->mem = ms; 7153 } 7154 7155 static void FASTCALL 7156 hashTableIterInit(HASH_TABLE_ITER *iter, const HASH_TABLE *table) { 7157 iter->p = table->v; 7158 iter->end = iter->p ? iter->p + table->size : NULL; 7159 } 7160 7161 static NAMED *FASTCALL 7162 hashTableIterNext(HASH_TABLE_ITER *iter) { 7163 while (iter->p != iter->end) { 7164 NAMED *tem = *(iter->p)++; 7165 if (tem) 7166 return tem; 7167 } 7168 return NULL; 7169 } 7170 7171 static void FASTCALL 7172 poolInit(STRING_POOL *pool, const XML_Memory_Handling_Suite *ms) { 7173 pool->blocks = NULL; 7174 pool->freeBlocks = NULL; 7175 pool->start = NULL; 7176 pool->ptr = NULL; 7177 pool->end = NULL; 7178 pool->mem = ms; 7179 } 7180 7181 static void FASTCALL 7182 poolClear(STRING_POOL *pool) { 7183 if (! pool->freeBlocks) 7184 pool->freeBlocks = pool->blocks; 7185 else { 7186 BLOCK *p = pool->blocks; 7187 while (p) { 7188 BLOCK *tem = p->next; 7189 p->next = pool->freeBlocks; 7190 pool->freeBlocks = p; 7191 p = tem; 7192 } 7193 } 7194 pool->blocks = NULL; 7195 pool->start = NULL; 7196 pool->ptr = NULL; 7197 pool->end = NULL; 7198 } 7199 7200 static void FASTCALL 7201 poolDestroy(STRING_POOL *pool) { 7202 BLOCK *p = pool->blocks; 7203 while (p) { 7204 BLOCK *tem = p->next; 7205 pool->mem->free_fcn(p); 7206 p = tem; 7207 } 7208 p = pool->freeBlocks; 7209 while (p) { 7210 BLOCK *tem = p->next; 7211 pool->mem->free_fcn(p); 7212 p = tem; 7213 } 7214 } 7215 7216 static XML_Char * 7217 poolAppend(STRING_POOL *pool, const ENCODING *enc, const char *ptr, 7218 const char *end) { 7219 if (! pool->ptr && ! poolGrow(pool)) 7220 return NULL; 7221 for (;;) { 7222 const enum XML_Convert_Result convert_res = XmlConvert( 7223 enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end); 7224 if ((convert_res == XML_CONVERT_COMPLETED) 7225 || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) 7226 break; 7227 if (! poolGrow(pool)) 7228 return NULL; 7229 } 7230 return pool->start; 7231 } 7232 7233 static const XML_Char *FASTCALL 7234 poolCopyString(STRING_POOL *pool, const XML_Char *s) { 7235 do { 7236 if (! poolAppendChar(pool, *s)) 7237 return NULL; 7238 } while (*s++); 7239 s = pool->start; 7240 poolFinish(pool); 7241 return s; 7242 } 7243 7244 static const XML_Char * 7245 poolCopyStringN(STRING_POOL *pool, const XML_Char *s, int n) { 7246 if (! pool->ptr && ! poolGrow(pool)) { 7247 /* The following line is unreachable given the current usage of 7248 * poolCopyStringN(). Currently it is called from exactly one 7249 * place to copy the text of a simple general entity. By that 7250 * point, the name of the entity is already stored in the pool, so 7251 * pool->ptr cannot be NULL. 7252 * 7253 * If poolCopyStringN() is used elsewhere as it well might be, 7254 * this line may well become executable again. Regardless, this 7255 * sort of check shouldn't be removed lightly, so we just exclude 7256 * it from the coverage statistics. 7257 */ 7258 return NULL; /* LCOV_EXCL_LINE */ 7259 } 7260 for (; n > 0; --n, s++) { 7261 if (! poolAppendChar(pool, *s)) 7262 return NULL; 7263 } 7264 s = pool->start; 7265 poolFinish(pool); 7266 return s; 7267 } 7268 7269 static const XML_Char *FASTCALL 7270 poolAppendString(STRING_POOL *pool, const XML_Char *s) { 7271 while (*s) { 7272 if (! poolAppendChar(pool, *s)) 7273 return NULL; 7274 s++; 7275 } 7276 return pool->start; 7277 } 7278 7279 static XML_Char * 7280 poolStoreString(STRING_POOL *pool, const ENCODING *enc, const char *ptr, 7281 const char *end) { 7282 if (! poolAppend(pool, enc, ptr, end)) 7283 return NULL; 7284 if (pool->ptr == pool->end && ! poolGrow(pool)) 7285 return NULL; 7286 *(pool->ptr)++ = 0; 7287 return pool->start; 7288 } 7289 7290 static size_t 7291 poolBytesToAllocateFor(int blockSize) { 7292 /* Unprotected math would be: 7293 ** return offsetof(BLOCK, s) + blockSize * sizeof(XML_Char); 7294 ** 7295 ** Detect overflow, avoiding _signed_ overflow undefined behavior 7296 ** For a + b * c we check b * c in isolation first, so that addition of a 7297 ** on top has no chance of making us accept a small non-negative number 7298 */ 7299 const size_t stretch = sizeof(XML_Char); /* can be 4 bytes */ 7300 7301 if (blockSize <= 0) 7302 return 0; 7303 7304 if (blockSize > (int)(INT_MAX / stretch)) 7305 return 0; 7306 7307 { 7308 const int stretchedBlockSize = blockSize * (int)stretch; 7309 const int bytesToAllocate 7310 = (int)(offsetof(BLOCK, s) + (unsigned)stretchedBlockSize); 7311 if (bytesToAllocate < 0) 7312 return 0; 7313 7314 return (size_t)bytesToAllocate; 7315 } 7316 } 7317 7318 static XML_Bool FASTCALL 7319 poolGrow(STRING_POOL *pool) { 7320 if (pool->freeBlocks) { 7321 if (pool->start == 0) { 7322 pool->blocks = pool->freeBlocks; 7323 pool->freeBlocks = pool->freeBlocks->next; 7324 pool->blocks->next = NULL; 7325 pool->start = pool->blocks->s; 7326 pool->end = pool->start + pool->blocks->size; 7327 pool->ptr = pool->start; 7328 return XML_TRUE; 7329 } 7330 if (pool->end - pool->start < pool->freeBlocks->size) { 7331 BLOCK *tem = pool->freeBlocks->next; 7332 pool->freeBlocks->next = pool->blocks; 7333 pool->blocks = pool->freeBlocks; 7334 pool->freeBlocks = tem; 7335 memcpy(pool->blocks->s, pool->start, 7336 (pool->end - pool->start) * sizeof(XML_Char)); 7337 pool->ptr = pool->blocks->s + (pool->ptr - pool->start); 7338 pool->start = pool->blocks->s; 7339 pool->end = pool->start + pool->blocks->size; 7340 return XML_TRUE; 7341 } 7342 } 7343 if (pool->blocks && pool->start == pool->blocks->s) { 7344 BLOCK *temp; 7345 int blockSize = (int)((unsigned)(pool->end - pool->start) * 2U); 7346 size_t bytesToAllocate; 7347 7348 /* NOTE: Needs to be calculated prior to calling `realloc` 7349 to avoid dangling pointers: */ 7350 const ptrdiff_t offsetInsideBlock = pool->ptr - pool->start; 7351 7352 if (blockSize < 0) { 7353 /* This condition traps a situation where either more than 7354 * INT_MAX/2 bytes have already been allocated. This isn't 7355 * readily testable, since it is unlikely that an average 7356 * machine will have that much memory, so we exclude it from the 7357 * coverage statistics. 7358 */ 7359 return XML_FALSE; /* LCOV_EXCL_LINE */ 7360 } 7361 7362 bytesToAllocate = poolBytesToAllocateFor(blockSize); 7363 if (bytesToAllocate == 0) 7364 return XML_FALSE; 7365 7366 temp = (BLOCK *)pool->mem->realloc_fcn(pool->blocks, 7367 (unsigned)bytesToAllocate); 7368 if (temp == NULL) 7369 return XML_FALSE; 7370 pool->blocks = temp; 7371 pool->blocks->size = blockSize; 7372 pool->ptr = pool->blocks->s + offsetInsideBlock; 7373 pool->start = pool->blocks->s; 7374 pool->end = pool->start + blockSize; 7375 } else { 7376 BLOCK *tem; 7377 int blockSize = (int)(pool->end - pool->start); 7378 size_t bytesToAllocate; 7379 7380 if (blockSize < 0) { 7381 /* This condition traps a situation where either more than 7382 * INT_MAX bytes have already been allocated (which is prevented 7383 * by various pieces of program logic, not least this one, never 7384 * mind the unlikelihood of actually having that much memory) or 7385 * the pool control fields have been corrupted (which could 7386 * conceivably happen in an extremely buggy user handler 7387 * function). Either way it isn't readily testable, so we 7388 * exclude it from the coverage statistics. 7389 */ 7390 return XML_FALSE; /* LCOV_EXCL_LINE */ 7391 } 7392 7393 if (blockSize < INIT_BLOCK_SIZE) 7394 blockSize = INIT_BLOCK_SIZE; 7395 else { 7396 /* Detect overflow, avoiding _signed_ overflow undefined behavior */ 7397 if ((int)((unsigned)blockSize * 2U) < 0) { 7398 return XML_FALSE; 7399 } 7400 blockSize *= 2; 7401 } 7402 7403 bytesToAllocate = poolBytesToAllocateFor(blockSize); 7404 if (bytesToAllocate == 0) 7405 return XML_FALSE; 7406 7407 tem = pool->mem->malloc_fcn(bytesToAllocate); 7408 if (! tem) 7409 return XML_FALSE; 7410 tem->size = blockSize; 7411 tem->next = pool->blocks; 7412 pool->blocks = tem; 7413 if (pool->ptr != pool->start) 7414 memcpy(tem->s, pool->start, (pool->ptr - pool->start) * sizeof(XML_Char)); 7415 pool->ptr = tem->s + (pool->ptr - pool->start); 7416 pool->start = tem->s; 7417 pool->end = tem->s + blockSize; 7418 } 7419 return XML_TRUE; 7420 } 7421 7422 static int FASTCALL 7423 nextScaffoldPart(XML_Parser parser) { 7424 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 7425 CONTENT_SCAFFOLD *me; 7426 int next; 7427 7428 if (! dtd->scaffIndex) { 7429 dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int)); 7430 if (! dtd->scaffIndex) 7431 return -1; 7432 dtd->scaffIndex[0] = 0; 7433 } 7434 7435 if (dtd->scaffCount >= dtd->scaffSize) { 7436 CONTENT_SCAFFOLD *temp; 7437 if (dtd->scaffold) { 7438 /* Detect and prevent integer overflow */ 7439 if (dtd->scaffSize > UINT_MAX / 2u) { 7440 return -1; 7441 } 7442 /* Detect and prevent integer overflow. 7443 * The preprocessor guard addresses the "always false" warning 7444 * from -Wtype-limits on platforms where 7445 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 7446 #if UINT_MAX >= SIZE_MAX 7447 if (dtd->scaffSize > (size_t)(-1) / 2u / sizeof(CONTENT_SCAFFOLD)) { 7448 return -1; 7449 } 7450 #endif 7451 7452 temp = (CONTENT_SCAFFOLD *)REALLOC( 7453 parser, dtd->scaffold, dtd->scaffSize * 2 * sizeof(CONTENT_SCAFFOLD)); 7454 if (temp == NULL) 7455 return -1; 7456 dtd->scaffSize *= 2; 7457 } else { 7458 temp = (CONTENT_SCAFFOLD *)MALLOC(parser, INIT_SCAFFOLD_ELEMENTS 7459 * sizeof(CONTENT_SCAFFOLD)); 7460 if (temp == NULL) 7461 return -1; 7462 dtd->scaffSize = INIT_SCAFFOLD_ELEMENTS; 7463 } 7464 dtd->scaffold = temp; 7465 } 7466 next = dtd->scaffCount++; 7467 me = &dtd->scaffold[next]; 7468 if (dtd->scaffLevel) { 7469 CONTENT_SCAFFOLD *parent 7470 = &dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]]; 7471 if (parent->lastchild) { 7472 dtd->scaffold[parent->lastchild].nextsib = next; 7473 } 7474 if (! parent->childcnt) 7475 parent->firstchild = next; 7476 parent->lastchild = next; 7477 parent->childcnt++; 7478 } 7479 me->firstchild = me->lastchild = me->childcnt = me->nextsib = 0; 7480 return next; 7481 } 7482 7483 static XML_Content * 7484 build_model(XML_Parser parser) { 7485 /* Function build_model transforms the existing parser->m_dtd->scaffold 7486 * array of CONTENT_SCAFFOLD tree nodes into a new array of 7487 * XML_Content tree nodes followed by a gapless list of zero-terminated 7488 * strings. */ 7489 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 7490 XML_Content *ret; 7491 XML_Char *str; /* the current string writing location */ 7492 7493 /* Detect and prevent integer overflow. 7494 * The preprocessor guard addresses the "always false" warning 7495 * from -Wtype-limits on platforms where 7496 * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ 7497 #if UINT_MAX >= SIZE_MAX 7498 if (dtd->scaffCount > (size_t)(-1) / sizeof(XML_Content)) { 7499 return NULL; 7500 } 7501 if (dtd->contentStringLen > (size_t)(-1) / sizeof(XML_Char)) { 7502 return NULL; 7503 } 7504 #endif 7505 if (dtd->scaffCount * sizeof(XML_Content) 7506 > (size_t)(-1) - dtd->contentStringLen * sizeof(XML_Char)) { 7507 return NULL; 7508 } 7509 7510 const size_t allocsize = (dtd->scaffCount * sizeof(XML_Content) 7511 + (dtd->contentStringLen * sizeof(XML_Char))); 7512 7513 ret = (XML_Content *)MALLOC(parser, allocsize); 7514 if (! ret) 7515 return NULL; 7516 7517 /* What follows is an iterative implementation (of what was previously done 7518 * recursively in a dedicated function called "build_node". The old recursive 7519 * build_node could be forced into stack exhaustion from input as small as a 7520 * few megabyte, and so that was a security issue. Hence, a function call 7521 * stack is avoided now by resolving recursion.) 7522 * 7523 * The iterative approach works as follows: 7524 * 7525 * - We have two writing pointers, both walking up the result array; one does 7526 * the work, the other creates "jobs" for its colleague to do, and leads 7527 * the way: 7528 * 7529 * - The faster one, pointer jobDest, always leads and writes "what job 7530 * to do" by the other, once they reach that place in the 7531 * array: leader "jobDest" stores the source node array index (relative 7532 * to array dtd->scaffold) in field "numchildren". 7533 * 7534 * - The slower one, pointer dest, looks at the value stored in the 7535 * "numchildren" field (which actually holds a source node array index 7536 * at that time) and puts the real data from dtd->scaffold in. 7537 * 7538 * - Before the loop starts, jobDest writes source array index 0 7539 * (where the root node is located) so that dest will have something to do 7540 * when it starts operation. 7541 * 7542 * - Whenever nodes with children are encountered, jobDest appends 7543 * them as new jobs, in order. As a result, tree node siblings are 7544 * adjacent in the resulting array, for example: 7545 * 7546 * [0] root, has two children 7547 * [1] first child of 0, has three children 7548 * [3] first child of 1, does not have children 7549 * [4] second child of 1, does not have children 7550 * [5] third child of 1, does not have children 7551 * [2] second child of 0, does not have children 7552 * 7553 * Or (the same data) presented in flat array view: 7554 * 7555 * [0] root, has two children 7556 * 7557 * [1] first child of 0, has three children 7558 * [2] second child of 0, does not have children 7559 * 7560 * [3] first child of 1, does not have children 7561 * [4] second child of 1, does not have children 7562 * [5] third child of 1, does not have children 7563 * 7564 * - The algorithm repeats until all target array indices have been processed. 7565 */ 7566 XML_Content *dest = ret; /* tree node writing location, moves upwards */ 7567 XML_Content *const destLimit = &ret[dtd->scaffCount]; 7568 XML_Content *jobDest = ret; /* next free writing location in target array */ 7569 str = (XML_Char *)&ret[dtd->scaffCount]; 7570 7571 /* Add the starting job, the root node (index 0) of the source tree */ 7572 (jobDest++)->numchildren = 0; 7573 7574 for (; dest < destLimit; dest++) { 7575 /* Retrieve source tree array index from job storage */ 7576 const int src_node = (int)dest->numchildren; 7577 7578 /* Convert item */ 7579 dest->type = dtd->scaffold[src_node].type; 7580 dest->quant = dtd->scaffold[src_node].quant; 7581 if (dest->type == XML_CTYPE_NAME) { 7582 const XML_Char *src; 7583 dest->name = str; 7584 src = dtd->scaffold[src_node].name; 7585 for (;;) { 7586 *str++ = *src; 7587 if (! *src) 7588 break; 7589 src++; 7590 } 7591 dest->numchildren = 0; 7592 dest->children = NULL; 7593 } else { 7594 unsigned int i; 7595 int cn; 7596 dest->name = NULL; 7597 dest->numchildren = dtd->scaffold[src_node].childcnt; 7598 dest->children = jobDest; 7599 7600 /* Append scaffold indices of children to array */ 7601 for (i = 0, cn = dtd->scaffold[src_node].firstchild; 7602 i < dest->numchildren; i++, cn = dtd->scaffold[cn].nextsib) 7603 (jobDest++)->numchildren = (unsigned int)cn; 7604 } 7605 } 7606 7607 return ret; 7608 } 7609 7610 static ELEMENT_TYPE * 7611 getElementType(XML_Parser parser, const ENCODING *enc, const char *ptr, 7612 const char *end) { 7613 DTD *const dtd = parser->m_dtd; /* save one level of indirection */ 7614 const XML_Char *name = poolStoreString(&dtd->pool, enc, ptr, end); 7615 ELEMENT_TYPE *ret; 7616 7617 if (! name) 7618 return NULL; 7619 ret = (ELEMENT_TYPE *)lookup(parser, &dtd->elementTypes, name, 7620 sizeof(ELEMENT_TYPE)); 7621 if (! ret) 7622 return NULL; 7623 if (ret->name != name) 7624 poolDiscard(&dtd->pool); 7625 else { 7626 poolFinish(&dtd->pool); 7627 if (! setElementTypePrefix(parser, ret)) 7628 return NULL; 7629 } 7630 return ret; 7631 } 7632 7633 static XML_Char * 7634 copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) { 7635 size_t charsRequired = 0; 7636 XML_Char *result; 7637 7638 /* First determine how long the string is */ 7639 while (s[charsRequired] != 0) { 7640 charsRequired++; 7641 } 7642 /* Include the terminator */ 7643 charsRequired++; 7644 7645 /* Now allocate space for the copy */ 7646 result = memsuite->malloc_fcn(charsRequired * sizeof(XML_Char)); 7647 if (result == NULL) 7648 return NULL; 7649 /* Copy the original into place */ 7650 memcpy(result, s, charsRequired * sizeof(XML_Char)); 7651 return result; 7652 } 7653 7654 #ifdef XML_DTD 7655 7656 static float 7657 accountingGetCurrentAmplification(XML_Parser rootParser) { 7658 const XmlBigCount countBytesOutput 7659 = rootParser->m_accounting.countBytesDirect 7660 + rootParser->m_accounting.countBytesIndirect; 7661 const float amplificationFactor 7662 = rootParser->m_accounting.countBytesDirect 7663 ? (countBytesOutput 7664 / (float)(rootParser->m_accounting.countBytesDirect)) 7665 : 1.0f; 7666 assert(! rootParser->m_parentParser); 7667 return amplificationFactor; 7668 } 7669 7670 static void 7671 accountingReportStats(XML_Parser originParser, const char *epilog) { 7672 const XML_Parser rootParser = getRootParserOf(originParser, NULL); 7673 assert(! rootParser->m_parentParser); 7674 7675 if (rootParser->m_accounting.debugLevel < 1) { 7676 return; 7677 } 7678 7679 const float amplificationFactor 7680 = accountingGetCurrentAmplification(rootParser); 7681 fprintf(stderr, 7682 "expat: Accounting(%p): Direct " EXPAT_FMT_ULL( 7683 "10") ", indirect " EXPAT_FMT_ULL("10") ", amplification %8.2f%s", 7684 (void *)rootParser, rootParser->m_accounting.countBytesDirect, 7685 rootParser->m_accounting.countBytesIndirect, 7686 (double)amplificationFactor, epilog); 7687 } 7688 7689 static void 7690 accountingOnAbort(XML_Parser originParser) { 7691 accountingReportStats(originParser, " ABORTING\n"); 7692 } 7693 7694 static void 7695 accountingReportDiff(XML_Parser rootParser, 7696 unsigned int levelsAwayFromRootParser, const char *before, 7697 const char *after, ptrdiff_t bytesMore, int source_line, 7698 enum XML_Account account) { 7699 assert(! rootParser->m_parentParser); 7700 7701 fprintf(stderr, 7702 " (+" EXPAT_FMT_PTRDIFF_T("6") " bytes %s|%d, xmlparse.c:%d) %*s\"", 7703 bytesMore, (account == XML_ACCOUNT_DIRECT) ? "DIR" : "EXP", 7704 levelsAwayFromRootParser, source_line, 10, ""); 7705 7706 const char ellipis[] = "[..]"; 7707 const size_t ellipsisLength = sizeof(ellipis) /* because compile-time */ - 1; 7708 const unsigned int contextLength = 10; 7709 7710 /* Note: Performance is of no concern here */ 7711 const char *walker = before; 7712 if ((rootParser->m_accounting.debugLevel >= 3) 7713 || (after - before) 7714 <= (ptrdiff_t)(contextLength + ellipsisLength + contextLength)) { 7715 for (; walker < after; walker++) { 7716 fprintf(stderr, "%s", unsignedCharToPrintable(walker[0])); 7717 } 7718 } else { 7719 for (; walker < before + contextLength; walker++) { 7720 fprintf(stderr, "%s", unsignedCharToPrintable(walker[0])); 7721 } 7722 fprintf(stderr, ellipis); 7723 walker = after - contextLength; 7724 for (; walker < after; walker++) { 7725 fprintf(stderr, "%s", unsignedCharToPrintable(walker[0])); 7726 } 7727 } 7728 fprintf(stderr, "\"\n"); 7729 } 7730 7731 static XML_Bool 7732 accountingDiffTolerated(XML_Parser originParser, int tok, const char *before, 7733 const char *after, int source_line, 7734 enum XML_Account account) { 7735 /* Note: We need to check the token type *first* to be sure that 7736 * we can even access variable <after>, safely. 7737 * E.g. for XML_TOK_NONE <after> may hold an invalid pointer. */ 7738 switch (tok) { 7739 case XML_TOK_INVALID: 7740 case XML_TOK_PARTIAL: 7741 case XML_TOK_PARTIAL_CHAR: 7742 case XML_TOK_NONE: 7743 return XML_TRUE; 7744 } 7745 7746 if (account == XML_ACCOUNT_NONE) 7747 return XML_TRUE; /* because these bytes have been accounted for, already */ 7748 7749 unsigned int levelsAwayFromRootParser; 7750 const XML_Parser rootParser 7751 = getRootParserOf(originParser, &levelsAwayFromRootParser); 7752 assert(! rootParser->m_parentParser); 7753 7754 const int isDirect 7755 = (account == XML_ACCOUNT_DIRECT) && (originParser == rootParser); 7756 const ptrdiff_t bytesMore = after - before; 7757 7758 XmlBigCount *const additionTarget 7759 = isDirect ? &rootParser->m_accounting.countBytesDirect 7760 : &rootParser->m_accounting.countBytesIndirect; 7761 7762 /* Detect and avoid integer overflow */ 7763 if (*additionTarget > (XmlBigCount)(-1) - (XmlBigCount)bytesMore) 7764 return XML_FALSE; 7765 *additionTarget += bytesMore; 7766 7767 const XmlBigCount countBytesOutput 7768 = rootParser->m_accounting.countBytesDirect 7769 + rootParser->m_accounting.countBytesIndirect; 7770 const float amplificationFactor 7771 = accountingGetCurrentAmplification(rootParser); 7772 const XML_Bool tolerated 7773 = (countBytesOutput < rootParser->m_accounting.activationThresholdBytes) 7774 || (amplificationFactor 7775 <= rootParser->m_accounting.maximumAmplificationFactor); 7776 7777 if (rootParser->m_accounting.debugLevel >= 2) { 7778 accountingReportStats(rootParser, ""); 7779 accountingReportDiff(rootParser, levelsAwayFromRootParser, before, after, 7780 bytesMore, source_line, account); 7781 } 7782 7783 return tolerated; 7784 } 7785 7786 unsigned long long 7787 testingAccountingGetCountBytesDirect(XML_Parser parser) { 7788 if (! parser) 7789 return 0; 7790 return parser->m_accounting.countBytesDirect; 7791 } 7792 7793 unsigned long long 7794 testingAccountingGetCountBytesIndirect(XML_Parser parser) { 7795 if (! parser) 7796 return 0; 7797 return parser->m_accounting.countBytesIndirect; 7798 } 7799 7800 static void 7801 entityTrackingReportStats(XML_Parser rootParser, ENTITY *entity, 7802 const char *action, int sourceLine) { 7803 assert(! rootParser->m_parentParser); 7804 if (rootParser->m_entity_stats.debugLevel < 1) 7805 return; 7806 7807 # if defined(XML_UNICODE) 7808 const char *const entityName = "[..]"; 7809 # else 7810 const char *const entityName = entity->name; 7811 # endif 7812 7813 fprintf( 7814 stderr, 7815 "expat: Entities(%p): Count %9d, depth %2d/%2d %*s%s%s; %s length %d (xmlparse.c:%d)\n", 7816 (void *)rootParser, rootParser->m_entity_stats.countEverOpened, 7817 rootParser->m_entity_stats.currentDepth, 7818 rootParser->m_entity_stats.maximumDepthSeen, 7819 (rootParser->m_entity_stats.currentDepth - 1) * 2, "", 7820 entity->is_param ? "%" : "&", entityName, action, entity->textLen, 7821 sourceLine); 7822 } 7823 7824 static void 7825 entityTrackingOnOpen(XML_Parser originParser, ENTITY *entity, int sourceLine) { 7826 const XML_Parser rootParser = getRootParserOf(originParser, NULL); 7827 assert(! rootParser->m_parentParser); 7828 7829 rootParser->m_entity_stats.countEverOpened++; 7830 rootParser->m_entity_stats.currentDepth++; 7831 if (rootParser->m_entity_stats.currentDepth 7832 > rootParser->m_entity_stats.maximumDepthSeen) { 7833 rootParser->m_entity_stats.maximumDepthSeen++; 7834 } 7835 7836 entityTrackingReportStats(rootParser, entity, "OPEN ", sourceLine); 7837 } 7838 7839 static void 7840 entityTrackingOnClose(XML_Parser originParser, ENTITY *entity, int sourceLine) { 7841 const XML_Parser rootParser = getRootParserOf(originParser, NULL); 7842 assert(! rootParser->m_parentParser); 7843 7844 entityTrackingReportStats(rootParser, entity, "CLOSE", sourceLine); 7845 rootParser->m_entity_stats.currentDepth--; 7846 } 7847 7848 static XML_Parser 7849 getRootParserOf(XML_Parser parser, unsigned int *outLevelDiff) { 7850 XML_Parser rootParser = parser; 7851 unsigned int stepsTakenUpwards = 0; 7852 while (rootParser->m_parentParser) { 7853 rootParser = rootParser->m_parentParser; 7854 stepsTakenUpwards++; 7855 } 7856 assert(! rootParser->m_parentParser); 7857 if (outLevelDiff != NULL) { 7858 *outLevelDiff = stepsTakenUpwards; 7859 } 7860 return rootParser; 7861 } 7862 7863 const char * 7864 unsignedCharToPrintable(unsigned char c) { 7865 switch (c) { 7866 case 0: 7867 return "\\0"; 7868 case 1: 7869 return "\\x1"; 7870 case 2: 7871 return "\\x2"; 7872 case 3: 7873 return "\\x3"; 7874 case 4: 7875 return "\\x4"; 7876 case 5: 7877 return "\\x5"; 7878 case 6: 7879 return "\\x6"; 7880 case 7: 7881 return "\\x7"; 7882 case 8: 7883 return "\\x8"; 7884 case 9: 7885 return "\\t"; 7886 case 10: 7887 return "\\n"; 7888 case 11: 7889 return "\\xB"; 7890 case 12: 7891 return "\\xC"; 7892 case 13: 7893 return "\\r"; 7894 case 14: 7895 return "\\xE"; 7896 case 15: 7897 return "\\xF"; 7898 case 16: 7899 return "\\x10"; 7900 case 17: 7901 return "\\x11"; 7902 case 18: 7903 return "\\x12"; 7904 case 19: 7905 return "\\x13"; 7906 case 20: 7907 return "\\x14"; 7908 case 21: 7909 return "\\x15"; 7910 case 22: 7911 return "\\x16"; 7912 case 23: 7913 return "\\x17"; 7914 case 24: 7915 return "\\x18"; 7916 case 25: 7917 return "\\x19"; 7918 case 26: 7919 return "\\x1A"; 7920 case 27: 7921 return "\\x1B"; 7922 case 28: 7923 return "\\x1C"; 7924 case 29: 7925 return "\\x1D"; 7926 case 30: 7927 return "\\x1E"; 7928 case 31: 7929 return "\\x1F"; 7930 case 32: 7931 return " "; 7932 case 33: 7933 return "!"; 7934 case 34: 7935 return "\\\""; 7936 case 35: 7937 return "#"; 7938 case 36: 7939 return "$"; 7940 case 37: 7941 return "%"; 7942 case 38: 7943 return "&"; 7944 case 39: 7945 return "'"; 7946 case 40: 7947 return "("; 7948 case 41: 7949 return ")"; 7950 case 42: 7951 return "*"; 7952 case 43: 7953 return "+"; 7954 case 44: 7955 return ","; 7956 case 45: 7957 return "-"; 7958 case 46: 7959 return "."; 7960 case 47: 7961 return "/"; 7962 case 48: 7963 return "0"; 7964 case 49: 7965 return "1"; 7966 case 50: 7967 return "2"; 7968 case 51: 7969 return "3"; 7970 case 52: 7971 return "4"; 7972 case 53: 7973 return "5"; 7974 case 54: 7975 return "6"; 7976 case 55: 7977 return "7"; 7978 case 56: 7979 return "8"; 7980 case 57: 7981 return "9"; 7982 case 58: 7983 return ":"; 7984 case 59: 7985 return ";"; 7986 case 60: 7987 return "<"; 7988 case 61: 7989 return "="; 7990 case 62: 7991 return ">"; 7992 case 63: 7993 return "?"; 7994 case 64: 7995 return "@"; 7996 case 65: 7997 return "A"; 7998 case 66: 7999 return "B"; 8000 case 67: 8001 return "C"; 8002 case 68: 8003 return "D"; 8004 case 69: 8005 return "E"; 8006 case 70: 8007 return "F"; 8008 case 71: 8009 return "G"; 8010 case 72: 8011 return "H"; 8012 case 73: 8013 return "I"; 8014 case 74: 8015 return "J"; 8016 case 75: 8017 return "K"; 8018 case 76: 8019 return "L"; 8020 case 77: 8021 return "M"; 8022 case 78: 8023 return "N"; 8024 case 79: 8025 return "O"; 8026 case 80: 8027 return "P"; 8028 case 81: 8029 return "Q"; 8030 case 82: 8031 return "R"; 8032 case 83: 8033 return "S"; 8034 case 84: 8035 return "T"; 8036 case 85: 8037 return "U"; 8038 case 86: 8039 return "V"; 8040 case 87: 8041 return "W"; 8042 case 88: 8043 return "X"; 8044 case 89: 8045 return "Y"; 8046 case 90: 8047 return "Z"; 8048 case 91: 8049 return "["; 8050 case 92: 8051 return "\\\\"; 8052 case 93: 8053 return "]"; 8054 case 94: 8055 return "^"; 8056 case 95: 8057 return "_"; 8058 case 96: 8059 return "`"; 8060 case 97: 8061 return "a"; 8062 case 98: 8063 return "b"; 8064 case 99: 8065 return "c"; 8066 case 100: 8067 return "d"; 8068 case 101: 8069 return "e"; 8070 case 102: 8071 return "f"; 8072 case 103: 8073 return "g"; 8074 case 104: 8075 return "h"; 8076 case 105: 8077 return "i"; 8078 case 106: 8079 return "j"; 8080 case 107: 8081 return "k"; 8082 case 108: 8083 return "l"; 8084 case 109: 8085 return "m"; 8086 case 110: 8087 return "n"; 8088 case 111: 8089 return "o"; 8090 case 112: 8091 return "p"; 8092 case 113: 8093 return "q"; 8094 case 114: 8095 return "r"; 8096 case 115: 8097 return "s"; 8098 case 116: 8099 return "t"; 8100 case 117: 8101 return "u"; 8102 case 118: 8103 return "v"; 8104 case 119: 8105 return "w"; 8106 case 120: 8107 return "x"; 8108 case 121: 8109 return "y"; 8110 case 122: 8111 return "z"; 8112 case 123: 8113 return "{"; 8114 case 124: 8115 return "|"; 8116 case 125: 8117 return "}"; 8118 case 126: 8119 return "~"; 8120 case 127: 8121 return "\\x7F"; 8122 case 128: 8123 return "\\x80"; 8124 case 129: 8125 return "\\x81"; 8126 case 130: 8127 return "\\x82"; 8128 case 131: 8129 return "\\x83"; 8130 case 132: 8131 return "\\x84"; 8132 case 133: 8133 return "\\x85"; 8134 case 134: 8135 return "\\x86"; 8136 case 135: 8137 return "\\x87"; 8138 case 136: 8139 return "\\x88"; 8140 case 137: 8141 return "\\x89"; 8142 case 138: 8143 return "\\x8A"; 8144 case 139: 8145 return "\\x8B"; 8146 case 140: 8147 return "\\x8C"; 8148 case 141: 8149 return "\\x8D"; 8150 case 142: 8151 return "\\x8E"; 8152 case 143: 8153 return "\\x8F"; 8154 case 144: 8155 return "\\x90"; 8156 case 145: 8157 return "\\x91"; 8158 case 146: 8159 return "\\x92"; 8160 case 147: 8161 return "\\x93"; 8162 case 148: 8163 return "\\x94"; 8164 case 149: 8165 return "\\x95"; 8166 case 150: 8167 return "\\x96"; 8168 case 151: 8169 return "\\x97"; 8170 case 152: 8171 return "\\x98"; 8172 case 153: 8173 return "\\x99"; 8174 case 154: 8175 return "\\x9A"; 8176 case 155: 8177 return "\\x9B"; 8178 case 156: 8179 return "\\x9C"; 8180 case 157: 8181 return "\\x9D"; 8182 case 158: 8183 return "\\x9E"; 8184 case 159: 8185 return "\\x9F"; 8186 case 160: 8187 return "\\xA0"; 8188 case 161: 8189 return "\\xA1"; 8190 case 162: 8191 return "\\xA2"; 8192 case 163: 8193 return "\\xA3"; 8194 case 164: 8195 return "\\xA4"; 8196 case 165: 8197 return "\\xA5"; 8198 case 166: 8199 return "\\xA6"; 8200 case 167: 8201 return "\\xA7"; 8202 case 168: 8203 return "\\xA8"; 8204 case 169: 8205 return "\\xA9"; 8206 case 170: 8207 return "\\xAA"; 8208 case 171: 8209 return "\\xAB"; 8210 case 172: 8211 return "\\xAC"; 8212 case 173: 8213 return "\\xAD"; 8214 case 174: 8215 return "\\xAE"; 8216 case 175: 8217 return "\\xAF"; 8218 case 176: 8219 return "\\xB0"; 8220 case 177: 8221 return "\\xB1"; 8222 case 178: 8223 return "\\xB2"; 8224 case 179: 8225 return "\\xB3"; 8226 case 180: 8227 return "\\xB4"; 8228 case 181: 8229 return "\\xB5"; 8230 case 182: 8231 return "\\xB6"; 8232 case 183: 8233 return "\\xB7"; 8234 case 184: 8235 return "\\xB8"; 8236 case 185: 8237 return "\\xB9"; 8238 case 186: 8239 return "\\xBA"; 8240 case 187: 8241 return "\\xBB"; 8242 case 188: 8243 return "\\xBC"; 8244 case 189: 8245 return "\\xBD"; 8246 case 190: 8247 return "\\xBE"; 8248 case 191: 8249 return "\\xBF"; 8250 case 192: 8251 return "\\xC0"; 8252 case 193: 8253 return "\\xC1"; 8254 case 194: 8255 return "\\xC2"; 8256 case 195: 8257 return "\\xC3"; 8258 case 196: 8259 return "\\xC4"; 8260 case 197: 8261 return "\\xC5"; 8262 case 198: 8263 return "\\xC6"; 8264 case 199: 8265 return "\\xC7"; 8266 case 200: 8267 return "\\xC8"; 8268 case 201: 8269 return "\\xC9"; 8270 case 202: 8271 return "\\xCA"; 8272 case 203: 8273 return "\\xCB"; 8274 case 204: 8275 return "\\xCC"; 8276 case 205: 8277 return "\\xCD"; 8278 case 206: 8279 return "\\xCE"; 8280 case 207: 8281 return "\\xCF"; 8282 case 208: 8283 return "\\xD0"; 8284 case 209: 8285 return "\\xD1"; 8286 case 210: 8287 return "\\xD2"; 8288 case 211: 8289 return "\\xD3"; 8290 case 212: 8291 return "\\xD4"; 8292 case 213: 8293 return "\\xD5"; 8294 case 214: 8295 return "\\xD6"; 8296 case 215: 8297 return "\\xD7"; 8298 case 216: 8299 return "\\xD8"; 8300 case 217: 8301 return "\\xD9"; 8302 case 218: 8303 return "\\xDA"; 8304 case 219: 8305 return "\\xDB"; 8306 case 220: 8307 return "\\xDC"; 8308 case 221: 8309 return "\\xDD"; 8310 case 222: 8311 return "\\xDE"; 8312 case 223: 8313 return "\\xDF"; 8314 case 224: 8315 return "\\xE0"; 8316 case 225: 8317 return "\\xE1"; 8318 case 226: 8319 return "\\xE2"; 8320 case 227: 8321 return "\\xE3"; 8322 case 228: 8323 return "\\xE4"; 8324 case 229: 8325 return "\\xE5"; 8326 case 230: 8327 return "\\xE6"; 8328 case 231: 8329 return "\\xE7"; 8330 case 232: 8331 return "\\xE8"; 8332 case 233: 8333 return "\\xE9"; 8334 case 234: 8335 return "\\xEA"; 8336 case 235: 8337 return "\\xEB"; 8338 case 236: 8339 return "\\xEC"; 8340 case 237: 8341 return "\\xED"; 8342 case 238: 8343 return "\\xEE"; 8344 case 239: 8345 return "\\xEF"; 8346 case 240: 8347 return "\\xF0"; 8348 case 241: 8349 return "\\xF1"; 8350 case 242: 8351 return "\\xF2"; 8352 case 243: 8353 return "\\xF3"; 8354 case 244: 8355 return "\\xF4"; 8356 case 245: 8357 return "\\xF5"; 8358 case 246: 8359 return "\\xF6"; 8360 case 247: 8361 return "\\xF7"; 8362 case 248: 8363 return "\\xF8"; 8364 case 249: 8365 return "\\xF9"; 8366 case 250: 8367 return "\\xFA"; 8368 case 251: 8369 return "\\xFB"; 8370 case 252: 8371 return "\\xFC"; 8372 case 253: 8373 return "\\xFD"; 8374 case 254: 8375 return "\\xFE"; 8376 case 255: 8377 return "\\xFF"; 8378 default: 8379 assert(0); /* never gets here */ 8380 return "dead code"; 8381 } 8382 assert(0); /* never gets here */ 8383 } 8384 8385 #endif /* XML_DTD */ 8386 8387 static unsigned long 8388 getDebugLevel(const char *variableName, unsigned long defaultDebugLevel) { 8389 const char *const valueOrNull = getenv(variableName); 8390 if (valueOrNull == NULL) { 8391 return defaultDebugLevel; 8392 } 8393 const char *const value = valueOrNull; 8394 8395 errno = 0; 8396 char *afterValue = (char *)value; 8397 unsigned long debugLevel = strtoul(value, &afterValue, 10); 8398 if ((errno != 0) || (afterValue[0] != '\0')) { 8399 errno = 0; 8400 return defaultDebugLevel; 8401 } 8402 8403 return debugLevel; 8404 } 8405