Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) 

Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy
is most used on Windows and macOS.

Co-authored-by: Łukasz Langa <lukasz@langa.pl>
This commit is contained in:
Victor Stinner 2021-08-29 16:08:24 +02:00 committed by GitHub
parent c9227df5a9
commit 3fc5d84046
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 1388 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Doc/library/xml.rst
View File

@ -60,22 +60,26 @@ circumvent firewalls.
The following table gives an overview of the known attacks and whether The following table gives an overview of the known attacks and whether
the various modules are vulnerable to them. the various modules are vulnerable to them.
========================= ============== =============== ============== ============== ============== ========================= ================== ================== ================== ================== ==================
kind sax etree minidom pulldom xmlrpc kind sax etree minidom pulldom xmlrpc
========================= ============== =============== ============== ============== ============== ========================= ================== ================== ================== ================== ==================
billion laughs **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** billion laughs **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1)
quadratic blowup **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** quadratic blowup **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1) **Vulnerable** (1)
external entity expansion Safe (4) Safe (1) Safe (2) Safe (4) Safe (3) external entity expansion Safe (5) Safe (2) Safe (3) Safe (5) Safe (4)
`DTD`_ retrieval Safe (4) Safe Safe Safe (4) Safe `DTD`_ retrieval Safe (5) Safe Safe Safe (5) Safe
decompression bomb Safe Safe Safe Safe **Vulnerable** decompression bomb Safe Safe Safe Safe **Vulnerable**
========================= ============== =============== ============== ============== ============== ========================= ================== ================== ================== ================== ==================
1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a 1. Expat 2.4.1 and newer is not vulnerable to the "billion laughs" and
"quadratic blowup" vulnerabilities. Items still listed as vulnerable due to
potential reliance on system-provided libraries. Check
:data:`pyexpat.EXPAT_VERSION`.
2. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a
:exc:`ParserError` when an entity occurs. :exc:`ParserError` when an entity occurs.
2. :mod:`xml.dom.minidom` doesn't expand external entities and simply returns 3. :mod:`xml.dom.minidom` doesn't expand external entities and simply returns
the unexpanded entity verbatim. the unexpanded entity verbatim.
3. :mod:`xmlrpclib` doesn't expand external entities and omits them. 4. :mod:`xmlrpclib` doesn't expand external entities and omits them.
4. Since Python 3.7.1, external general entities are no longer processed by 5. Since Python 3.7.1, external general entities are no longer processed by
default. default.

3
Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst Normal file
View File

@ -0,0 +1,3 @@
Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix
for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used
on Windows and macOS.

2
Modules/expat/COPYING
View File

@ -1,5 +1,5 @@
Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper
Copyright (c) 2001-2017 Expat maintainers Copyright (c) 2001-2019 Expat maintainers
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the a copy of this software and associated documentation files (the

7
Modules/expat/ascii.h
View File

@ -6,8 +6,11 @@
\___/_/\_\ .__/ \__,_|\__| \___/_/\_\ .__/ \__,_|\__|
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1999-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2007 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2017 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

4
Modules/expat/asciitab.h
View File

@ -7,7 +7,9 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2017 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

44
Modules/expat/expat.h
View File

@ -7,7 +7,14 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2000-2005 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2001-2002 Greg Stein <gstein@users.sourceforge.net>
Copyright (c) 2002-2016 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2016-2021 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2016 Cristian Rodríguez <crrodriguez@opensuse.org>
Copyright (c) 2016 Thomas Beutlich <tc@tbeu.de>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -115,7 +122,11 @@ enum XML_Error {
XML_ERROR_RESERVED_PREFIX_XMLNS, XML_ERROR_RESERVED_PREFIX_XMLNS,
XML_ERROR_RESERVED_NAMESPACE_URI, XML_ERROR_RESERVED_NAMESPACE_URI,
/* Added in 2.2.1. */ /* Added in 2.2.1. */
XML_ERROR_INVALID_ARGUMENT XML_ERROR_INVALID_ARGUMENT,
/* Added in 2.3.0. */
XML_ERROR_NO_BUFFER,
/* Added in 2.4.0. */
XML_ERROR_AMPLIFICATION_LIMIT_BREACH
}; };
enum XML_Content_Type { enum XML_Content_Type {
@ -318,7 +329,7 @@ typedef void(XMLCALL *XML_EndDoctypeDeclHandler)(void *userData);
For internal entities (<!ENTITY foo "bar">), value will For internal entities (<!ENTITY foo "bar">), value will
be non-NULL and systemId, publicID, and notationName will be NULL. be non-NULL and systemId, publicID, and notationName will be NULL.
The value string is NOT nul-terminated; the length is provided in The value string is NOT null-terminated; the length is provided in
the value_length argument. Since it is legal to have zero-length the value_length argument. Since it is legal to have zero-length
values, do not use this argument to test for internal entities. values, do not use this argument to test for internal entities.
@ -513,7 +524,7 @@ typedef struct {
Otherwise it must return XML_STATUS_ERROR. Otherwise it must return XML_STATUS_ERROR.
If info does not describe a suitable encoding, then the parser will If info does not describe a suitable encoding, then the parser will
return an XML_UNKNOWN_ENCODING error. return an XML_ERROR_UNKNOWN_ENCODING error.
*/ */
typedef int(XMLCALL *XML_UnknownEncodingHandler)(void *encodingHandlerData, typedef int(XMLCALL *XML_UnknownEncodingHandler)(void *encodingHandlerData,
const XML_Char *name, const XML_Char *name,
@ -707,7 +718,7 @@ XML_GetBase(XML_Parser parser);
/* Returns the number of the attribute/value pairs passed in last call /* Returns the number of the attribute/value pairs passed in last call
to the XML_StartElementHandler that were specified in the start-tag to the XML_StartElementHandler that were specified in the start-tag
rather than defaulted. Each attribute/value pair counts as 2; thus rather than defaulted. Each attribute/value pair counts as 2; thus
this correspondds to an index into the atts array passed to the this corresponds to an index into the atts array passed to the
XML_StartElementHandler. Returns -1 if parser == NULL. XML_StartElementHandler. Returns -1 if parser == NULL.
*/ */
XMLPARSEAPI(int) XMLPARSEAPI(int)
@ -716,7 +727,7 @@ XML_GetSpecifiedAttributeCount(XML_Parser parser);
/* Returns the index of the ID attribute passed in the last call to /* Returns the index of the ID attribute passed in the last call to
XML_StartElementHandler, or -1 if there is no ID attribute or XML_StartElementHandler, or -1 if there is no ID attribute or
parser == NULL. Each attribute/value pair counts as 2; thus this parser == NULL. Each attribute/value pair counts as 2; thus this
correspondds to an index into the atts array passed to the corresponds to an index into the atts array passed to the
XML_StartElementHandler. XML_StartElementHandler.
*/ */
XMLPARSEAPI(int) XMLPARSEAPI(int)
@ -997,7 +1008,10 @@ enum XML_FeatureEnum {
XML_FEATURE_SIZEOF_XML_LCHAR, XML_FEATURE_SIZEOF_XML_LCHAR,
XML_FEATURE_NS, XML_FEATURE_NS,
XML_FEATURE_LARGE_SIZE, XML_FEATURE_LARGE_SIZE,
XML_FEATURE_ATTR_INFO XML_FEATURE_ATTR_INFO,
/* Added in Expat 2.4.0. */
XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT,
XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT
/* Additional features must be added to the end of this enum. */ /* Additional features must be added to the end of this enum. */
}; };
@ -1010,12 +1024,24 @@ typedef struct {
XMLPARSEAPI(const XML_Feature *) XMLPARSEAPI(const XML_Feature *)
XML_GetFeatureList(void); XML_GetFeatureList(void);
#ifdef XML_DTD
/* Added in Expat 2.4.0. */
XMLPARSEAPI(XML_Bool)
XML_SetBillionLaughsAttackProtectionMaximumAmplification(
XML_Parser parser, float maximumAmplificationFactor);
/* Added in Expat 2.4.0. */
XMLPARSEAPI(XML_Bool)
XML_SetBillionLaughsAttackProtectionActivationThreshold(
XML_Parser parser, unsigned long long activationThresholdBytes);
#endif
/* Expat follows the semantic versioning convention. /* Expat follows the semantic versioning convention.
See http://semver.org. See http://semver.org.
*/ */
#define XML_MAJOR_VERSION 2 #define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 2 #define XML_MINOR_VERSION 4
#define XML_MICRO_VERSION 8 #define XML_MICRO_VERSION 1
#ifdef __cplusplus #ifdef __cplusplus
} }

9
Modules/expat/expat_external.h
View File

@ -7,7 +7,14 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2000-2004 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2001-2002 Greg Stein <gstein@users.sourceforge.net>
Copyright (c) 2002-2006 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2016 Cristian Rodríguez <crrodriguez@opensuse.org>
Copyright (c) 2016-2019 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
Copyright (c) 2018 Yury Gribov <tetra2005@gmail.com>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

4
Modules/expat/iasciitab.h
View File

@ -7,7 +7,9 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2017 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

58
Modules/expat/internal.h
View File

@ -25,8 +25,12 @@
\___/_/\_\ .__/ \__,_|\__| \___/_/\_\ .__/ \__,_|\__|
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2000-2017 Expat development team Copyright (c) 2002-2006 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2003 Greg Stein <gstein@users.sourceforge.net>
Copyright (c) 2016-2021 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2018 Yury Gribov <tetra2005@gmail.com>
Copyright (c) 2019 David Loffredo <loffredo@steptools.com>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -101,22 +105,58 @@
# endif # endif
#endif #endif
#include <limits.h> // ULONG_MAX
#if defined(_WIN32) && ! defined(__USE_MINGW_ANSI_STDIO)
# define EXPAT_FMT_ULL(midpart) "%" midpart "I64u"
# if defined(_WIN64) // Note: modifiers "td" and "zu" do not work for MinGW
# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "I64d"
# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "I64u"
# else
# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "u"
# endif
#else
# define EXPAT_FMT_ULL(midpart) "%" midpart "llu"
# if ! defined(ULONG_MAX)
# error Compiler did not define ULONG_MAX for us
# elif ULONG_MAX == 18446744073709551615u // 2^64-1
# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld"
# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "lu"
# else
# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "u"
# endif
#endif
#ifndef UNUSED_P #ifndef UNUSED_P
# define UNUSED_P(p) (void)p # define UNUSED_P(p) (void)p
#endif #endif
/* NOTE BEGIN If you ever patch these defaults to greater values
for non-attack XML payload in your environment,
please file a bug report with libexpat. Thank you!
*/
#define EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT \
100.0f
#define EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT \
8388608 // 8 MiB, 2^23
/* NOTE END */
#include "expat.h" // so we can use type XML_Parser below
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#ifdef XML_ENABLE_VISIBILITY void _INTERNAL_trim_to_complete_utf8_characters(const char *from,
# if XML_ENABLE_VISIBILITY const char **fromLimRef);
__attribute__((visibility("default")))
# endif #if defined(XML_DTD)
unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser);
unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);
const char *unsignedCharToPrintable(unsigned char c);
#endif #endif
void
_INTERNAL_trim_to_complete_utf8_characters(const char *from,
const char **fromLimRef);
#ifdef __cplusplus #ifdef __cplusplus
} }

4
Modules/expat/latin1tab.h
View File

@ -7,7 +7,9 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2017 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

4
Modules/expat/nametab.h
View File

@ -6,8 +6,8 @@
\___/_/\_\ .__/ \__,_|\__| \___/_/\_\ .__/ \__,_|\__|
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2000-2017 Expat development team Copyright (c) 2017 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

13
Modules/expat/siphash.h
View File

@ -11,6 +11,9 @@
* -------------------------------------------------------------------------- * --------------------------------------------------------------------------
* HISTORY: * HISTORY:
* *
* 2020-10-03 (Sebastian Pipping)
* - Drop support for Visual Studio 9.0/2008 and earlier
*
* 2019-08-03 (Sebastian Pipping) * 2019-08-03 (Sebastian Pipping)
* - Mark part of sip24_valid as to be excluded from clang-format * - Mark part of sip24_valid as to be excluded from clang-format
* - Re-format code using clang-format 9 * - Re-format code using clang-format 9
@ -96,15 +99,7 @@
#define SIPHASH_H #define SIPHASH_H
#include <stddef.h> /* size_t */ #include <stddef.h> /* size_t */
#include <stdint.h> /* uint64_t uint32_t uint8_t */
#if defined(_WIN32) && defined(_MSC_VER) && (_MSC_VER < 1600)
/* For vs2003/7.1 up to vs2008/9.0; _MSC_VER 1600 is vs2010/10.0 */
typedef unsigned __int8 uint8_t;
typedef unsigned __int32 uint32_t;
typedef unsigned __int64 uint64_t;
#else
# include <stdint.h> /* uint64_t uint32_t uint8_t */
#endif
/* /*
* Workaround to not require a C++11 compiler for using ULL suffix * Workaround to not require a C++11 compiler for using ULL suffix

4
Modules/expat/utf8tab.h
View File

@ -7,7 +7,9 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2017 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

19
Modules/expat/winconfig.h
View File

@ -6,8 +6,10 @@
\___/_/\_\ .__/ \__,_|\__| \___/_/\_\ .__/ \__,_|\__|
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2000-2017 Expat development team Copyright (c) 2002 Greg Stein <gstein@users.sourceforge.net>
Copyright (c) 2005 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2017-2021 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -40,17 +42,4 @@
#include <memory.h> #include <memory.h>
#include <string.h> #include <string.h>
#if defined(HAVE_EXPAT_CONFIG_H) /* e.g. MinGW */
# include <expat_config.h>
#else /* !defined(HAVE_EXPAT_CONFIG_H) */
# define XML_NS 1
# define XML_DTD 1
# define XML_CONTEXT_BYTES 1024
/* we will assume all Windows platforms are little endian */
# define BYTEORDER 1234
#endif /* !defined(HAVE_EXPAT_CONFIG_H) */
#endif /* ndef WINCONFIG_H */ #endif /* ndef WINCONFIG_H */

1263
Modules/expat/xmlparse.c
View File

File diff suppressed because it is too large Load Diff

19
Modules/expat/xmlrole.c
View File

@ -7,7 +7,14 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Greg Stein <gstein@users.sourceforge.net>
Copyright (c) 2002-2006 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2005-2009 Steven Solie <ssolie@users.sourceforge.net>
Copyright (c) 2016-2021 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
Copyright (c) 2019 David Loffredo <loffredo@steptools.com>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -34,11 +41,9 @@
#ifdef _WIN32 #ifdef _WIN32
# include "winconfig.h" # include "winconfig.h"
#else #endif
# ifdef HAVE_EXPAT_CONFIG_H
# include <expat_config.h> #include <expat_config.h>
# endif
#endif /* ndef _WIN32 */
#include "expat_external.h" #include "expat_external.h"
#include "internal.h" #include "internal.h"
@ -1220,6 +1225,8 @@ common(PROLOG_STATE *state, int tok) {
#ifdef XML_DTD #ifdef XML_DTD
if (! state->documentEntity && tok == XML_TOK_PARAM_ENTITY_REF) if (! state->documentEntity && tok == XML_TOK_PARAM_ENTITY_REF)
return XML_ROLE_INNER_PARAM_ENTITY_REF; return XML_ROLE_INNER_PARAM_ENTITY_REF;
#else
UNUSED_P(tok);
#endif #endif
state->handler = error; state->handler = error;
return XML_ROLE_ERROR; return XML_ROLE_ERROR;

5
Modules/expat/xmlrole.h
View File

@ -7,7 +7,10 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2017 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

48
Modules/expat/xmltok.c
View File

@ -7,7 +7,19 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2001-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2002 Greg Stein <gstein@users.sourceforge.net>
Copyright (c) 2002-2016 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2005-2009 Steven Solie <ssolie@users.sourceforge.net>
Copyright (c) 2016-2021 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2016 Pascal Cuoq <cuoq@trust-in-soft.com>
Copyright (c) 2016 Don Lewis <truckman@apache.org>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
Copyright (c) 2017 Alexander Bluhm <alexander.bluhm@gmx.net>
Copyright (c) 2017 Benbuck Nason <bnason@netflix.com>
Copyright (c) 2017 José Gutiérrez de la Concha <jose@zeroc.com>
Copyright (c) 2019 David Loffredo <loffredo@steptools.com>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -30,26 +42,16 @@
USE OR OTHER DEALINGS IN THE SOFTWARE. USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
#ifdef _WIN32
# include "winconfig.h"
#else
# ifdef HAVE_EXPAT_CONFIG_H
# include <expat_config.h>
# endif
#endif /* ndef _WIN32 */
#include <stddef.h> #include <stddef.h>
#include <string.h> /* memcpy */ #include <string.h> /* memcpy */
#include <stdbool.h>
#if defined(_MSC_VER) && (_MSC_VER <= 1700) #ifdef _WIN32
/* for vs2012/11.0/1700 and earlier Visual Studio compilers */ # include "winconfig.h"
# define bool int
# define false 0
# define true 1
#else
# include <stdbool.h>
#endif #endif
#include <expat_config.h>
#include "expat_external.h" #include "expat_external.h"
#include "internal.h" #include "internal.h"
#include "xmltok.h" #include "xmltok.h"
@ -269,8 +271,14 @@ sb_byteToAscii(const ENCODING *enc, const char *p) {
#define IS_NAME_CHAR(enc, p, n) (AS_NORMAL_ENCODING(enc)->isName##n(enc, p)) #define IS_NAME_CHAR(enc, p, n) (AS_NORMAL_ENCODING(enc)->isName##n(enc, p))
#define IS_NMSTRT_CHAR(enc, p, n) (AS_NORMAL_ENCODING(enc)->isNmstrt##n(enc, p)) #define IS_NMSTRT_CHAR(enc, p, n) (AS_NORMAL_ENCODING(enc)->isNmstrt##n(enc, p))
#define IS_INVALID_CHAR(enc, p, n) \ #ifdef XML_MIN_SIZE
(AS_NORMAL_ENCODING(enc)->isInvalid##n(enc, p)) # define IS_INVALID_CHAR(enc, p, n) \
(AS_NORMAL_ENCODING(enc)->isInvalid##n \
&& AS_NORMAL_ENCODING(enc)->isInvalid##n(enc, p))
#else
# define IS_INVALID_CHAR(enc, p, n) \
(AS_NORMAL_ENCODING(enc)->isInvalid##n(enc, p))
#endif
#ifdef XML_MIN_SIZE #ifdef XML_MIN_SIZE
# define IS_NAME_CHAR_MINBPC(enc, p) \ # define IS_NAME_CHAR_MINBPC(enc, p) \
@ -589,13 +597,13 @@ static const struct normal_encoding ascii_encoding
static int PTRFASTCALL static int PTRFASTCALL
unicode_byte_type(char hi, char lo) { unicode_byte_type(char hi, char lo) {
switch ((unsigned char)hi) { switch ((unsigned char)hi) {
/* 0xD8000xDBFF first 16-bit code unit or high surrogate (W1) */ /* 0xD800-0xDBFF first 16-bit code unit or high surrogate (W1) */
case 0xD8: case 0xD8:
case 0xD9: case 0xD9:
case 0xDA: case 0xDA:
case 0xDB: case 0xDB:
return BT_LEAD4; return BT_LEAD4;
/* 0xDC000xDFFF second 16-bit code unit or low surrogate (W2) */ /* 0xDC00-0xDFFF second 16-bit code unit or low surrogate (W2) */
case 0xDC: case 0xDC:
case 0xDD: case 0xDD:
case 0xDE: case 0xDE:

6
Modules/expat/xmltok.h
View File

@ -7,7 +7,11 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2002-2005 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2016-2017 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

21
Modules/expat/xmltok_impl.c
View File

@ -1,4 +1,4 @@
/* This file is included! /* This file is included (from xmltok.c, 1-3 times depending on XML_MIN_SIZE)!
__ __ _ __ __ _
___\ \/ /_ __ __ _| |_ ___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __| / _ \\ /| '_ \ / _` | __|
@ -7,7 +7,15 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2002-2016 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2016-2021 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
Copyright (c) 2018 Benjamin Peterson <benjamin@python.org>
Copyright (c) 2018 Anton Maklakov <antmak.pub@gmail.com>
Copyright (c) 2019 David Loffredo <loffredo@steptools.com>
Copyright (c) 2020 Boris Kolpackov <boris@codesynthesis.com>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -32,7 +40,7 @@
#ifdef XML_TOK_IMPL_C #ifdef XML_TOK_IMPL_C
# ifndef IS_INVALID_CHAR # ifndef IS_INVALID_CHAR // i.e. for UTF-16 and XML_MIN_SIZE not defined
# define IS_INVALID_CHAR(enc, ptr, n) (0) # define IS_INVALID_CHAR(enc, ptr, n) (0)
# endif # endif
@ -1768,13 +1776,14 @@ PREFIX(updatePosition)(const ENCODING *enc, const char *ptr, const char *end,
# define LEAD_CASE(n) \ # define LEAD_CASE(n) \
case BT_LEAD##n: \ case BT_LEAD##n: \
ptr += n; \ ptr += n; \
pos->columnNumber++; \
break; break;
LEAD_CASE(2) LEAD_CASE(2)
LEAD_CASE(3) LEAD_CASE(3)
LEAD_CASE(4) LEAD_CASE(4)
# undef LEAD_CASE # undef LEAD_CASE
case BT_LF: case BT_LF:
pos->columnNumber = (XML_Size)-1; pos->columnNumber = 0;
pos->lineNumber++; pos->lineNumber++;
ptr += MINBPC(enc); ptr += MINBPC(enc);
break; break;
@ -1783,13 +1792,13 @@ PREFIX(updatePosition)(const ENCODING *enc, const char *ptr, const char *end,
ptr += MINBPC(enc); ptr += MINBPC(enc);
if (HAS_CHAR(enc, ptr, end) && BYTE_TYPE(enc, ptr) == BT_LF) if (HAS_CHAR(enc, ptr, end) && BYTE_TYPE(enc, ptr) == BT_LF)
ptr += MINBPC(enc); ptr += MINBPC(enc);
pos->columnNumber = (XML_Size)-1; pos->columnNumber = 0;
break; break;
default: default:
ptr += MINBPC(enc); ptr += MINBPC(enc);
pos->columnNumber++;
break; break;
} }
pos->columnNumber++;
} }
} }

3
Modules/expat/xmltok_impl.h
View File

@ -7,7 +7,8 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2017-2019 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining

8
Modules/expat/xmltok_ns.c
View File

@ -7,7 +7,11 @@
|_| XML parser |_| XML parser
Copyright (c) 1997-2000 Thai Open Source Software Center Ltd Copyright (c) 1997-2000 Thai Open Source Software Center Ltd
Copyright (c) 2000-2017 Expat development team Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net>
Copyright (c) 2002 Greg Stein <gstein@users.sourceforge.net>
Copyright (c) 2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2002-2006 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2017 Sebastian Pipping <sebastian@pipping.org>
Licensed under the MIT license: Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining Permission is hereby granted, free of charge, to any person obtaining
@ -89,7 +93,7 @@ NS(XmlInitEncoding)(INIT_ENCODING *p, const ENCODING **encPtr,
static const ENCODING * static const ENCODING *
NS(findEncoding)(const ENCODING *enc, const char *ptr, const char *end) { NS(findEncoding)(const ENCODING *enc, const char *ptr, const char *end) {
# define ENCODING_MAX 128 # define ENCODING_MAX 128
char buf[ENCODING_MAX] = {0}; char buf[ENCODING_MAX];
char *p = buf; char *p = buf;
int i; int i;
XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1); XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);