diff options
author | Elliott Hughes <enh@google.com> | 2012-09-09 14:23:38 -0700 |
---|---|---|
committer | Elliott Hughes <enh@google.com> | 2012-09-09 14:23:38 -0700 |
commit | 35e432dd3af2c56c00fc64ca340d1e615030f0a3 (patch) | |
tree | 85dcdb819a359fe558a8f9443f26156f7e08585c /doc/reference.html | |
parent | 6f6dbce408598404d701f101a684908cb951e25c (diff) | |
download | expat-35e432dd3af2c56c00fc64ca340d1e615030f0a3.tar.gz |
Upgrade to expat 2.1.0.
From http://www.libexpat.org/:
Release 2.1.0 includes security & other bug fixes, new features, and updated build support.
Security fixes
* Memory leak in poolGrow (CVE-2012-1148)
* Resource leak in readfilemap.c (CVE-2012-1147)
* Hash DOS attack (CVE-2012-0876)
* Buffer over-read and crash in big2_toUtf8 (CVE-2009-3560)
* Parser crash with special UTF-8 sequences (CVE-2009-3270)
New features
* Added function XML_SetHashSalt that allows setting an initial value (salt) for hash calculations (part of the fix for bug 3496608).
* When compiled with XML_ATTR_INFO defined, adds new API member XML_GetAttributeInfo() that allows retrieving the byte offsets for attribute names and values (patch 3446384).
* Added CMake build system (bug 2990652, patch 3312568).
* Added run-benchmark target to Makefile.in - relies on testdata module present in the same relative location as in the repository.
Bug fixes
* Harmful XML_ParserCreateNS suggestion (1742315)
* CVE-2012-1147 - Resource leak in readfilemap.c (2895533)
* Expat build fails on linux-amd64 with gcc version>=4.1 -O3 (1785430)
* Build modifications using autoreconf instead of buildconf.sh (1983953, 2517952, 2517962, 2649838)
* OBJEXT and EXEEXT support while building (2815947, 2884086)
* CVE-2009-3720 - Parser crash with special UTF-8 sequences (1990430)
* xmlwf should return non-zero exit status if not well-formed (2517938)
* Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml (2517946)
* Dangling positionPtr after error (2855609)
* CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8() (2894085)
* CVE-2012-1148 - Memory leak in poolGrow (2958794)
* UNEXPECTED_STATE with a trailing "%" in entity value (3010819)
* Unitialized memory returned from XML_Parse (3206497)
* make check fails on mingw-w64 (87849)
Change-Id: Ieb663fdfea82119918e245a714af533b58e0f7f5
Diffstat (limited to 'doc/reference.html')
-rw-r--r-- | doc/reference.html | 61 |
1 files changed, 55 insertions, 6 deletions
diff --git a/doc/reference.html b/doc/reference.html index a315870d..8811a339 100644 --- a/doc/reference.html +++ b/doc/reference.html @@ -129,8 +129,10 @@ interface.</p> <li><a href="#XML_GetBase">XML_GetBase</a></li> <li><a href="#XML_GetSpecifiedAttributeCount">XML_GetSpecifiedAttributeCount</a></li> <li><a href="#XML_GetIdAttributeIndex">XML_GetIdAttributeIndex</a></li> + <li><a href="#XML_GetAttributeInfo">XML_GetAttributeInfo</a></li> <li><a href="#XML_SetEncoding">XML_SetEncoding</a></li> <li><a href="#XML_SetParamEntityParsing">XML_SetParamEntityParsing</a></li> + <li><a href="#XML_SetHashSalt">XML_SetHashSalt</a></li> <li><a href="#XML_UseForeignDTD">XML_UseForeignDTD</a></li> <li><a href="#XML_SetReturnNSTriplet">XML_SetReturnNSTriplet</a></li> <li><a href="#XML_DefaultCurrent">XML_DefaultCurrent</a></li> @@ -369,6 +371,11 @@ footprint and can be faster.</dd> statically with the code that calls it; this is required to get all the right MSVC magic annotations correct. This is ignored on other platforms.</dd> + +<dt>XML_ATTR_INFO</dt> +<dd>If defined, makes the the additional function <code><a href= +"#XML_GetAttributeInfo" >XML_GetAttributeInfo</a></code> available +for reporting attribute byte offsets.</dd> </dl> <hr /> @@ -917,12 +924,15 @@ XML_ParserCreateNS(const XML_Char *encoding, Constructs a new parser that has namespace processing in effect. Namespace expanded element names and attribute names are returned as a concatenation of the namespace URI, <em>sep</em>, and the local part of the name. This -means that you should pick a character for <em>sep</em> that can't be -part of a legal URI. There is a special case when <em>sep</em> is the null -character <code>'\0'</code>: the namespace URI and the local part will be -concatenated without any separator - this is intended to support RDF processors. -It is a programming error to use the null separator with -<a href= "#XML_SetReturnNSTriplet">namespace triplets</a>.</div> +means that you should pick a character for <em>sep</em> that can't be part +of an URI. Since Expat does not check namespace URIs for conformance, the +only safe choice for a namespace separator is a character that is illegal +in XML. For instance, <code>'\xFF'</code> is not legal in UTF-8, and +<code>'\xFFFF'</code> is not legal in UTF-16. There is a special case when +<em>sep</em> is the null character <code>'\0'</code>: the namespace URI and +the local part will be concatenated without any separator - this is intended +to support RDF processors. It is a programming error to use the null separator +with <a href= "#XML_SetReturnNSTriplet">namespace triplets</a>.</div> <pre class="fcndec" id="XML_ParserCreate_MM"> XML_Parser XMLCALL @@ -2074,6 +2084,27 @@ attribute. If called inside a start handler, then that means the current call. </div> +<pre class="fcndec" id="XML_GetAttributeInfo"> +const XML_AttrInfo * XMLCALL +XML_GetAttributeInfo(XML_Parser parser); +</pre> +<pre class="signature"> +typedef struct { + XML_Index nameStart; /* Offset to beginning of the attribute name. */ + XML_Index nameEnd; /* Offset after the attribute name's last byte. */ + XML_Index valueStart; /* Offset to beginning of the attribute value. */ + XML_Index valueEnd; /* Offset after the attribute value's last byte. */ +} XML_AttrInfo; +</pre> +<div class="fcndef"> +Returns an array of <code>XML_AttrInfo</code> structures for the +attribute/value pairs passed in the last call to the +<code>XML_StartElementHandler</code> that were specified +in the start-tag rather than defaulted. Each attribute/value pair counts +as 1; thus the number of entries in the array is +<code>XML_GetSpecifiedAttributeCount(parser) / 2</code>. +</div> + <pre class="fcndec" id="XML_SetEncoding"> enum XML_Status XMLCALL XML_SetEncoding(XML_Parser p, @@ -2104,6 +2135,24 @@ The choices for <code>code</code> are: <li><code>XML_PARAM_ENTITY_PARSING_UNLESS_STANDALONE</code></li> <li><code>XML_PARAM_ENTITY_PARSING_ALWAYS</code></li> </ul> +<b>Note:</b> If <code>XML_SetParamEntityParsing</code> is called after +<code>XML_Parse</code> or <code>XML_ParseBuffer</code>, then it has +no effect and will always return 0. +</div> + +<pre class="fcndec" id="XML_SetHashSalt"> +int XMLCALL +XML_SetHashSalt(XML_Parser p, + unsigned long hash_salt); +</pre> +<div class="fcndef"> +Sets the hash salt to use for internal hash calculations. +Helps in preventing DoS attacks based on predicting hash +function behavior. In order to have an effect this must be called +before parsing has started. Returns 1 if successful, 0 when called +after <code>XML_Parse</code> or <code>XML_ParseBuffer</code>. +<p><b>Note:</b> This call is optional, as the parser will auto-generate a new +random salt value if no value has been set at the start of parsing.</p> </div> <pre class="fcndec" id="XML_UseForeignDTD"> |