File libxml2-2.9.1-CVE-2016-4448.patch of Package libxml2.2672
From 4472c3a5a5b516aaf59b89be602fbce52756c3e9 Mon Sep 17 00:00:00 2001
From: David Kilzer <ddkilzer@webkit.org>
Date: Fri, 13 May 2016 15:13:17 +0800
Subject: Fix some format string warnings with possible format string
vulnerability
For https://bugzilla.gnome.org/show_bug.cgi?id=761029
Decorate every method in libxml2 with the appropriate
LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups
following the reports.
---
HTMLparser.c | 4 +--
SAX2.c | 12 ++++----
catalog.c | 2 +-
configure.in | 4 +--
debugXML.c | 4 +--
encoding.c | 2 +-
entities.c | 2 +-
error.c | 2 +-
include/libxml/parserInternals.h | 2 +-
include/libxml/xmlerror.h | 2 +-
include/libxml/xmlstring.h | 8 ++---
libxml.h | 2 +-
parser.c | 37 +++++++++++-----------
parserInternals.c | 4 +--
relaxng.c | 4 +--
schematron.c | 2 +-
testModule.c | 2 +-
valid.c | 8 ++---
xinclude.c | 4 +--
xmlIO.c | 14 ++++-----
xmllint.c | 20 ++++++------
xmlreader.c | 16 +++++++---
xmlschemas.c | 66 ++++++++++++++++++++--------------------
xmlstring.c | 4 +--
xmlwriter.c | 4 +--
xpath.c | 2 +-
xpointer.c | 2 +-
27 files changed, 121 insertions(+), 114 deletions(-)
---
From 502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b Mon Sep 17 00:00:00 2001
From: David Kilzer <ddkilzer@apple.com>
Date: Mon, 23 May 2016 14:58:41 +0800
Subject: More format string warnings with possible format string vulnerability
For https://bugzilla.gnome.org/show_bug.cgi?id=761029
adds a new xmlEscapeFormatString() function to escape composed format
strings
---
libxml.h | 3 +++
relaxng.c | 3 ++-
xmlschemas.c | 39 ++++++++++++++++++++++++++-------------
xmlstring.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 86 insertions(+), 14 deletions(-)
Index: libxml2-2.9.1/HTMLparser.c
===================================================================
--- libxml2-2.9.1.orig/HTMLparser.c
+++ libxml2-2.9.1/HTMLparser.c
@@ -105,7 +105,7 @@ htmlErrMemory(xmlParserCtxtPtr ctxt, con
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
htmlParseErr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -132,7 +132,7 @@ htmlParseErr(xmlParserCtxtPtr ctxt, xmlP
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
htmlParseErrInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, int val)
{
Index: libxml2-2.9.1/SAX2.c
===================================================================
--- libxml2-2.9.1.orig/SAX2.c
+++ libxml2-2.9.1/SAX2.c
@@ -55,7 +55,7 @@
* @ctxt: an XML validation parser context
* @msg: a string to accompany the error message
*/
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlSAX2ErrMemory(xmlParserCtxtPtr ctxt, const char *msg) {
xmlStructuredErrorFunc schannel = NULL;
const char *str1 = "out of memory\n";
@@ -93,7 +93,7 @@ xmlSAX2ErrMemory(xmlParserCtxtPtr ctxt,
*
* Handle a validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlErrValid(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const char *str1, const char *str2)
{
@@ -133,7 +133,7 @@ xmlErrValid(xmlParserCtxtPtr ctxt, xmlPa
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -164,7 +164,7 @@ xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xm
*
* Handle a parser warning
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlWarnMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1)
{
@@ -189,7 +189,7 @@ xmlWarnMsg(xmlParserCtxtPtr ctxt, xmlPar
*
* Handle a namespace error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlNsErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -213,7 +213,7 @@ xmlNsErrMsg(xmlParserCtxtPtr ctxt, xmlPa
*
* Handle a namespace warning
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlNsWarnMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
Index: libxml2-2.9.1/catalog.c
===================================================================
--- libxml2-2.9.1.orig/catalog.c
+++ libxml2-2.9.1/catalog.c
@@ -238,7 +238,7 @@ xmlCatalogErrMemory(const char *extra)
*
* Handle a catalog error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlCatalogErr(xmlCatalogEntryPtr catal, xmlNodePtr node, int error,
const char *msg, const xmlChar *str1, const xmlChar *str2,
const xmlChar *str3)
Index: libxml2-2.9.1/configure.in
===================================================================
--- libxml2-2.9.1.orig/configure.in
+++ libxml2-2.9.1/configure.in
@@ -705,7 +705,7 @@ else
fi
# warnings we'd like to see
- CFLAGS="${CFLAGS} -pedantic -W -Wformat -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
+ CFLAGS="${CFLAGS} -pedantic -W -Wformat -Wno-format-extra-args -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
# warnings we'd like to supress
CFLAGS="${CFLAGS} -Wno-long-long"
case "${host}" in
@@ -920,7 +920,7 @@ if [[ "${LOGNAME}" = "veillard" -a "`pwd
fi
fi
if test "${GCC}" = "yes" ; then
- CFLAGS="-g -O -pedantic -W -Wformat -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls -Wall"
+ CFLAGS="-g -O -pedantic -W -Wformat -Wno-format-extra-args -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls -Wall"
fi
STATIC_BINARIES="-static"
dnl -Wcast-qual -ansi
Index: libxml2-2.9.1/debugXML.c
===================================================================
--- libxml2-2.9.1.orig/debugXML.c
+++ libxml2-2.9.1/debugXML.c
@@ -164,7 +164,7 @@ xmlDebugErr(xmlDebugCtxtPtr ctxt, int er
NULL, NULL, NULL, 0, 0,
"%s", msg);
}
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlDebugErr2(xmlDebugCtxtPtr ctxt, int error, const char *msg, int extra)
{
ctxt->errors++;
@@ -174,7 +174,7 @@ xmlDebugErr2(xmlDebugCtxtPtr ctxt, int e
NULL, NULL, NULL, 0, 0,
msg, extra);
}
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlDebugErr3(xmlDebugCtxtPtr ctxt, int error, const char *msg, const char *extra)
{
ctxt->errors++;
Index: libxml2-2.9.1/encoding.c
===================================================================
--- libxml2-2.9.1.orig/encoding.c
+++ libxml2-2.9.1/encoding.c
@@ -93,7 +93,7 @@ xmlEncodingErrMemory(const char *extra)
*
* n encoding error
*/
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlEncodingErr(xmlParserErrors error, const char *msg, const char *val)
{
__xmlRaiseError(NULL, NULL, NULL, NULL, NULL,
Index: libxml2-2.9.1/entities.c
===================================================================
--- libxml2-2.9.1.orig/entities.c
+++ libxml2-2.9.1/entities.c
@@ -83,7 +83,7 @@ xmlEntitiesErrMemory(const char *extra)
*
* Handle an out of memory condition
*/
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlEntitiesErr(xmlParserErrors code, const char *msg)
{
__xmlSimpleError(XML_FROM_TREE, code, NULL, msg, NULL);
Index: libxml2-2.9.1/error.c
===================================================================
--- libxml2-2.9.1.orig/error.c
+++ libxml2-2.9.1/error.c
@@ -18,7 +18,7 @@
void XMLCDECL xmlGenericErrorDefaultFunc (void *ctx ATTRIBUTE_UNUSED,
const char *msg,
- ...);
+ ...) LIBXML_ATTR_FORMAT(2,3);
#define XML_GET_VAR_STR(msg, str) { \
int size, prev_size = -1; \
Index: libxml2-2.9.1/include/libxml/parserInternals.h
===================================================================
--- libxml2-2.9.1.orig/include/libxml/parserInternals.h
+++ libxml2-2.9.1/include/libxml/parserInternals.h
@@ -351,7 +351,7 @@ XMLPUBFUN void XMLCALL
xmlParserErrors xmlerr,
const char *msg,
const xmlChar * str1,
- const xmlChar * str2);
+ const xmlChar * str2) LIBXML_ATTR_FORMAT(3,0);
#endif
/**
Index: libxml2-2.9.1/include/libxml/xmlerror.h
===================================================================
--- libxml2-2.9.1.orig/include/libxml/xmlerror.h
+++ libxml2-2.9.1/include/libxml/xmlerror.h
@@ -937,7 +937,7 @@ XMLPUBFUN void XMLCALL
int code,
xmlNodePtr node,
const char *msg,
- const char *extra);
+ const char *extra) LIBXML_ATTR_FORMAT(4,0);
#endif
#ifdef __cplusplus
}
Index: libxml2-2.9.1/include/libxml/xmlstring.h
===================================================================
--- libxml2-2.9.1.orig/include/libxml/xmlstring.h
+++ libxml2-2.9.1/include/libxml/xmlstring.h
@@ -97,13 +97,13 @@ XMLPUBFUN xmlChar * XMLCALL
XMLPUBFUN int XMLCALL
xmlStrPrintf (xmlChar *buf,
int len,
- const xmlChar *msg,
- ...);
+ const char *msg,
+ ...) LIBXML_ATTR_FORMAT(3,4);
XMLPUBFUN int XMLCALL
xmlStrVPrintf (xmlChar *buf,
int len,
- const xmlChar *msg,
- va_list ap);
+ const char *msg,
+ va_list ap) LIBXML_ATTR_FORMAT(3,0);
XMLPUBFUN int XMLCALL
xmlGetUTF8Char (const unsigned char *utf,
Index: libxml2-2.9.1/libxml.h
===================================================================
--- libxml2-2.9.1.orig/libxml.h
+++ libxml2-2.9.1/libxml.h
@@ -9,6 +9,8 @@
#ifndef __XML_LIBXML_H__
#define __XML_LIBXML_H__
+#include <libxml/xmlstring.h>
+
#ifndef NO_LARGEFILE_SOURCE
#ifndef _LARGEFILE_SOURCE
#define _LARGEFILE_SOURCE
@@ -68,7 +70,7 @@ extern int __xmlRegisterCallbacks;
* internal error reporting routines, shared but not partof the API.
*/
void __xmlIOErr(int domain, int code, const char *extra);
-void __xmlLoaderErr(void *ctx, const char *msg, const char *filename);
+void __xmlLoaderErr(void *ctx, const char *msg, const char *filename) LIBXML_ATTR_FORMAT(2,0);
#ifdef LIBXML_HTML_ENABLED
/*
* internal function of HTML parser needed for xmlParseInNodeContext
@@ -93,6 +95,7 @@ int __xmlInitializeDict(void);
int __xmlRandom(void);
#endif
+XMLPUBFUN xmlChar * XMLCALL xmlEscapeFormatString(xmlChar **msg);
int xmlNop(void);
#ifdef IN_LIBXML
Index: libxml2-2.9.1/parser.c
===================================================================
--- libxml2-2.9.1.orig/parser.c
+++ libxml2-2.9.1/parser.c
@@ -346,7 +346,6 @@ static void
xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info)
{
const char *errmsg;
- char errstr[129] = "";
if ((ctxt != NULL) && (ctxt->disableSAX != 0) &&
(ctxt->instate == XML_PARSER_EOF))
@@ -533,15 +532,17 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlPa
default:
errmsg = "Unregistered error message";
}
- if (info == NULL)
- snprintf(errstr, 128, "%s\n", errmsg);
- else
- snprintf(errstr, 128, "%s: %%s\n", errmsg);
if (ctxt != NULL)
ctxt->errNo = error;
- __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
- XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, &errstr[0],
- info);
+ if (info == NULL) {
+ __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
+ XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, "%s\n",
+ errmsg);
+ } else {
+ __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
+ XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, "%s: %s\n",
+ errmsg, info);
+ }
if (ctxt != NULL) {
ctxt->wellFormed = 0;
if (ctxt->recovery == 0)
@@ -557,7 +558,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlPa
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg)
{
@@ -585,7 +586,7 @@ xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xm
*
* Handle a warning.
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlWarningMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -623,7 +624,7 @@ xmlWarningMsg(xmlParserCtxtPtr ctxt, xml
*
* Handle a validity error.
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlValidityError(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, const xmlChar *str2)
{
@@ -663,7 +664,7 @@ xmlValidityError(xmlParserCtxtPtr ctxt,
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsgInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, int val)
{
@@ -693,7 +694,7 @@ xmlFatalErrMsgInt(xmlParserCtxtPtr ctxt,
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsgStrIntStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar *str1, int val,
const xmlChar *str2)
@@ -723,7 +724,7 @@ xmlFatalErrMsgStrIntStr(xmlParserCtxtPtr
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlFatalErrMsgStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar * val)
{
@@ -752,7 +753,7 @@ xmlFatalErrMsgStr(xmlParserCtxtPtr ctxt,
*
* Handle a non fatal parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlErrMsgStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const xmlChar * val)
{
@@ -777,7 +778,7 @@ xmlErrMsgStr(xmlParserCtxtPtr ctxt, xmlP
*
* Handle a fatal parser error, i.e. violating Well-Formedness constraints
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlNsErr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg,
const xmlChar * info1, const xmlChar * info2,
@@ -806,7 +807,7 @@ xmlNsErr(xmlParserCtxtPtr ctxt, xmlParse
*
* Handle a namespace warning error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlNsWarn(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg,
const xmlChar * info1, const xmlChar * info2,
@@ -5470,7 +5471,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt
skipped = SKIP_BLANKS;
if (skipped == 0) {
xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
- "Space required after '%'\n");
+ "Space required after '%%'\n");
}
isParameter = 1;
}
Index: libxml2-2.9.1/parserInternals.c
===================================================================
--- libxml2-2.9.1.orig/parserInternals.c
+++ libxml2-2.9.1/parserInternals.c
@@ -169,7 +169,7 @@ __xmlErrEncoding(xmlParserCtxtPtr ctxt,
*
* Handle an internal error
*/
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlErrInternal(xmlParserCtxtPtr ctxt, const char *msg, const xmlChar * str)
{
if ((ctxt != NULL) && (ctxt->disableSAX != 0) &&
@@ -197,7 +197,7 @@ xmlErrInternal(xmlParserCtxtPtr ctxt, co
*
* n encoding error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlErrEncodingInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
const char *msg, int val)
{
Index: libxml2-2.9.1/relaxng.c
===================================================================
--- libxml2-2.9.1.orig/relaxng.c
+++ libxml2-2.9.1/relaxng.c
@@ -507,7 +507,7 @@ xmlRngVErrMemory(xmlRelaxNGValidCtxtPtr
*
* Handle a Relax NG Parsing error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlRngPErr(xmlRelaxNGParserCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
{
@@ -541,7 +541,7 @@ xmlRngPErr(xmlRelaxNGParserCtxtPtr ctxt,
*
* Handle a Relax NG Validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlRngVErr(xmlRelaxNGValidCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
{
@@ -2215,7 +2215,8 @@ xmlRelaxNGGetErrorString(xmlRelaxNGValid
snprintf(msg, 1000, "Unknown error code %d\n", err);
}
msg[1000 - 1] = 0;
- return (xmlStrdup((xmlChar *) msg));
+ xmlChar *result = xmlCharStrdup(msg);
+ return (xmlEscapeFormatString(&result));
}
/**
Index: libxml2-2.9.1/schematron.c
===================================================================
--- libxml2-2.9.1.orig/schematron.c
+++ libxml2-2.9.1/schematron.c
@@ -243,7 +243,7 @@ xmlSchematronPErrMemory(xmlSchematronPar
*
* Handle a parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchematronPErr(xmlSchematronParserCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
{
Index: libxml2-2.9.1/testModule.c
===================================================================
--- libxml2-2.9.1.orig/testModule.c
+++ libxml2-2.9.1/testModule.c
@@ -47,7 +47,7 @@ int main(int argc ATTRIBUTE_UNUSED, char
/* build the module filename, and confirm the module exists */
xmlStrPrintf(filename, sizeof(filename),
- (const xmlChar*) "%s/testdso%s",
+ "%s/testdso%s",
(const xmlChar*)MODULE_PATH,
(const xmlChar*)LIBXML_MODULE_EXTENSION);
Index: libxml2-2.9.1/valid.c
===================================================================
--- libxml2-2.9.1.orig/valid.c
+++ libxml2-2.9.1/valid.c
@@ -93,7 +93,7 @@ xmlVErrMemory(xmlValidCtxtPtr ctxt, cons
*
* Handle a validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlErrValid(xmlValidCtxtPtr ctxt, xmlParserErrors error,
const char *msg, const char *extra)
{
@@ -137,7 +137,7 @@ xmlErrValid(xmlValidCtxtPtr ctxt, xmlPar
*
* Handle a validation error, provide contextual informations
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlErrValidNode(xmlValidCtxtPtr ctxt,
xmlNodePtr node, xmlParserErrors error,
const char *msg, const xmlChar * str1,
@@ -180,7 +180,7 @@ xmlErrValidNode(xmlValidCtxtPtr ctxt,
*
* Handle a validation error, provide contextual informations
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlErrValidNodeNr(xmlValidCtxtPtr ctxt,
xmlNodePtr node, xmlParserErrors error,
const char *msg, const xmlChar * str1,
@@ -221,7 +221,7 @@ xmlErrValidNodeNr(xmlValidCtxtPtr ctxt,
*
* Handle a validation error, provide contextual information
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlErrValidWarning(xmlValidCtxtPtr ctxt,
xmlNodePtr node, xmlParserErrors error,
const char *msg, const xmlChar * str1,
Index: libxml2-2.9.1/xinclude.c
===================================================================
--- libxml2-2.9.1.orig/xinclude.c
+++ libxml2-2.9.1/xinclude.c
@@ -124,7 +124,7 @@ xmlXIncludeErrMemory(xmlXIncludeCtxtPtr
*
* Handle an XInclude error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlXIncludeErr(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar *extra)
{
@@ -146,7 +146,7 @@ xmlXIncludeErr(xmlXIncludeCtxtPtr ctxt,
*
* Emit an XInclude warning.
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlXIncludeWarn(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar *extra)
{
Index: libxml2-2.9.1/xmlIO.c
===================================================================
--- libxml2-2.9.1.orig/xmlIO.c
+++ libxml2-2.9.1/xmlIO.c
@@ -1590,7 +1590,7 @@ xmlCreateZMemBuff( int compression ) {
xmlFreeZMemBuff( buff );
buff = NULL;
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlCreateZMemBuff: %s %d\n",
+ "xmlCreateZMemBuff: %s %d\n",
"Error initializing compression context. ZLIB error:",
z_err );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
@@ -1658,7 +1658,7 @@ xmlZMemBuffExtend( xmlZMemBuffPtr buff,
else {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlZMemBuffExtend: %s %lu bytes.\n",
+ "xmlZMemBuffExtend: %s %lu bytes.\n",
"Allocation failure extending output buffer to",
new_size );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
@@ -1704,7 +1704,7 @@ xmlZMemBuffAppend( xmlZMemBuffPtr buff,
if ( z_err != Z_OK ) {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlZMemBuffAppend: %s %d %s - %d",
+ "xmlZMemBuffAppend: %s %d %s - %d",
"Compression error while appending",
len, "bytes to buffer. ZLIB error", z_err );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
@@ -1777,7 +1777,7 @@ xmlZMemBuffGetContent( xmlZMemBuffPtr bu
else {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlZMemBuffGetContent: %s - %d\n",
+ "xmlZMemBuffGetContent: %s - %d\n",
"Error flushing zlib buffers. Error code", z_err );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
}
@@ -1982,7 +1982,7 @@ xmlIOHTTPWrite( void * context, const ch
if ( len < 0 ) {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlIOHTTPWrite: %s\n%s '%s'.\n",
+ "xmlIOHTTPWrite: %s\n%s '%s'.\n",
"Error appending to internal buffer.",
"Error sending document to URI",
ctxt->uri );
@@ -2054,7 +2054,7 @@ xmlIOHTTPCloseWrite( void * context, con
if ( http_content == NULL ) {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlIOHTTPCloseWrite: %s '%s' %s '%s'.\n",
+ "xmlIOHTTPCloseWrite: %s '%s' %s '%s'.\n",
"Error retrieving content.\nUnable to",
http_mthd, "data to URI", ctxt->uri );
xmlIOErr(XML_IO_WRITE, (const char *) msg);
@@ -2126,7 +2126,7 @@ xmlIOHTTPCloseWrite( void * context, con
else {
xmlChar msg[500];
xmlStrPrintf(msg, 500,
- (const xmlChar *) "xmlIOHTTPCloseWrite: HTTP '%s' of %d %s\n'%s' %s %d\n",
+ "xmlIOHTTPCloseWrite: HTTP '%s' of %d %s\n'%s' %s %d\n",
http_mthd, content_lgth,
"bytes to URI", ctxt->uri,
"failed. HTTP return code:", http_rtn );
Index: libxml2-2.9.1/xmllint.c
===================================================================
--- libxml2-2.9.1.orig/xmllint.c
+++ libxml2-2.9.1/xmllint.c
@@ -449,7 +449,7 @@ startTimer(void)
* message about the timing performed; format is a printf
* type argument
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
endTimer(const char *fmt, ...)
{
long msec;
@@ -485,7 +485,7 @@ startTimer(void)
{
begin = clock();
}
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
endTimer(const char *fmt, ...)
{
long msec;
@@ -514,7 +514,7 @@ startTimer(void)
* Do nothing
*/
}
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
endTimer(char *format, ...)
{
/*
@@ -634,7 +634,7 @@ xmlHTMLPrintFileContext(xmlParserInputPt
* Display and format an error messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlHTMLError(void *ctx, const char *msg, ...)
{
xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
@@ -671,7 +671,7 @@ xmlHTMLError(void *ctx, const char *msg,
* Display and format a warning messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlHTMLWarning(void *ctx, const char *msg, ...)
{
xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
@@ -709,7 +709,7 @@ xmlHTMLWarning(void *ctx, const char *ms
* Display and format an validity error messages, gives file,
* line, position and extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlHTMLValidityError(void *ctx, const char *msg, ...)
{
xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
@@ -746,7 +746,7 @@ xmlHTMLValidityError(void *ctx, const ch
* Display and format a validity warning messages, gives file, line,
* position and extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlHTMLValidityWarning(void *ctx, const char *msg, ...)
{
xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
@@ -1410,7 +1410,7 @@ commentDebug(void *ctx ATTRIBUTE_UNUSED,
* Display and format a warning messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
warningDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
{
va_list args;
@@ -1433,7 +1433,7 @@ warningDebug(void *ctx ATTRIBUTE_UNUSED,
* Display and format a error messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
errorDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
{
va_list args;
@@ -1456,7 +1456,7 @@ errorDebug(void *ctx ATTRIBUTE_UNUSED, c
* Display and format a fatalError messages, gives file, line, position and
* extra parameters.
*/
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
fatalErrorDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
{
va_list args;
Index: libxml2-2.9.1/xmlreader.c
===================================================================
--- libxml2-2.9.1.orig/xmlreader.c
+++ libxml2-2.9.1/xmlreader.c
@@ -4036,13 +4036,19 @@ xmlTextReaderCurrentDoc(xmlTextReaderPtr
}
#ifdef LIBXML_SCHEMAS_ENABLED
-static char *xmlTextReaderBuildMessage(const char *msg, va_list ap);
+static char *xmlTextReaderBuildMessage(const char *msg, va_list ap) LIBXML_ATTR_FORMAT(1,0);
static void XMLCDECL
-xmlTextReaderValidityError(void *ctxt, const char *msg, ...);
+xmlTextReaderValidityError(void *ctxt, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
static void XMLCDECL
-xmlTextReaderValidityWarning(void *ctxt, const char *msg, ...);
+xmlTextReaderValidityWarning(void *ctxt, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
+
+static void XMLCDECL
+xmlTextReaderValidityErrorRelay(void *ctx, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
+
+static void XMLCDECL
+xmlTextReaderValidityWarningRelay(void *ctx, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
static void XMLCDECL
xmlTextReaderValidityErrorRelay(void *ctx, const char *msg, ...)
@@ -4836,7 +4842,7 @@ xmlTextReaderStructuredError(void *ctxt,
}
}
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlTextReaderError(void *ctxt, const char *msg, ...)
{
va_list ap;
@@ -4849,7 +4855,7 @@ xmlTextReaderError(void *ctxt, const cha
}
-static void XMLCDECL
+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
xmlTextReaderWarning(void *ctxt, const char *msg, ...)
{
va_list ap;
Index: libxml2-2.9.1/xmlschemas.c
===================================================================
--- libxml2-2.9.1.orig/xmlschemas.c
+++ libxml2-2.9.1/xmlschemas.c
@@ -1085,7 +1085,7 @@ xmlSchemaGetUnionSimpleTypeMemberTypes(x
static void
xmlSchemaInternalErr(xmlSchemaAbstractCtxtPtr actxt,
const char *funcName,
- const char *message);
+ const char *message) LIBXML_ATTR_FORMAT(3,0);
static int
xmlSchemaCheckCOSSTDerivedOK(xmlSchemaAbstractCtxtPtr ctxt,
xmlSchemaTypePtr type,
@@ -1769,7 +1769,7 @@ xmlSchemaFormatItemForReport(xmlChar **b
}
FREE_AND_NULL(str)
- return (*buf);
+ return (xmlEscapeFormatString(buf));
}
/**
@@ -1889,7 +1889,7 @@ xmlSchemaPErrMemory(xmlSchemaParserCtxtP
*
* Handle a parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchemaPErr(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
{
@@ -1922,7 +1922,7 @@ xmlSchemaPErr(xmlSchemaParserCtxtPtr ctx
*
* Handle a parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaPErr2(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node,
xmlNodePtr child, int error,
const char *msg, const xmlChar * str1, const xmlChar * str2)
@@ -1951,7 +1951,7 @@ xmlSchemaPErr2(xmlSchemaParserCtxtPtr ct
*
* Handle a parser error
*/
-static void
+static void LIBXML_ATTR_FORMAT(7,0)
xmlSchemaPErrExt(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node, int error,
const xmlChar * strData1, const xmlChar * strData2,
const xmlChar * strData3, const char *msg, const xmlChar * str1,
@@ -2002,7 +2002,7 @@ xmlSchemaVErrMemory(xmlSchemaValidCtxtPt
extra);
}
-static void
+static void LIBXML_ATTR_FORMAT(2,0)
xmlSchemaPSimpleInternalErr(xmlNodePtr node,
const char *msg, const xmlChar *str)
{
@@ -2013,18 +2013,21 @@ xmlSchemaPSimpleInternalErr(xmlNodePtr n
#define WXS_ERROR_TYPE_ERROR 1
#define WXS_ERROR_TYPE_WARNING 2
/**
- * xmlSchemaErr3:
+ * xmlSchemaErr4Line:
* @ctxt: the validation context
- * @node: the context node
+ * @errorLevel: the error level
* @error: the error code
+ * @node: the context node
+ * @line: the line number
* @msg: the error message
* @str1: extra data
* @str2: extra data
* @str3: extra data
+ * @str4: extra data
*
* Handle a validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(6,0)
xmlSchemaErr4Line(xmlSchemaAbstractCtxtPtr ctxt,
xmlErrorLevel errorLevel,
int error, xmlNodePtr node, int line, const char *msg,
@@ -2137,7 +2140,7 @@ xmlSchemaErr4Line(xmlSchemaAbstractCtxtP
*
* Handle a validation error
*/
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchemaErr3(xmlSchemaAbstractCtxtPtr actxt,
int error, xmlNodePtr node, const char *msg,
const xmlChar *str1, const xmlChar *str2, const xmlChar *str3)
@@ -2146,7 +2149,7 @@ xmlSchemaErr3(xmlSchemaAbstractCtxtPtr a
msg, str1, str2, str3, NULL);
}
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchemaErr4(xmlSchemaAbstractCtxtPtr actxt,
int error, xmlNodePtr node, const char *msg,
const xmlChar *str1, const xmlChar *str2,
@@ -2156,7 +2159,7 @@ xmlSchemaErr4(xmlSchemaAbstractCtxtPtr a
msg, str1, str2, str3, str4);
}
-static void
+static void LIBXML_ATTR_FORMAT(4,0)
xmlSchemaErr(xmlSchemaAbstractCtxtPtr actxt,
int error, xmlNodePtr node, const char *msg,
const xmlChar *str1, const xmlChar *str2)
@@ -2179,7 +2182,7 @@ xmlSchemaFormatNodeForError(xmlChar ** m
/*
* Don't try to format other nodes than element and
* attribute nodes.
- * Play save and return an empty string.
+ * Play safe and return an empty string.
*/
*msg = xmlStrdup(BAD_CAST "");
return(*msg);
@@ -2244,6 +2247,13 @@ xmlSchemaFormatNodeForError(xmlChar ** m
TODO
return (NULL);
}
+
+ /*
+ * xmlSchemaFormatItemForReport() also returns an escaped format
+ * string, so do this before calling it below (in the future).
+ */
+ xmlEscapeFormatString(msg);
+
/*
* VAL TODO: The output of the given schema component is currently
* disabled.
@@ -2260,7 +2270,7 @@ xmlSchemaFormatNodeForError(xmlChar ** m
return (*msg);
}
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlSchemaInternalErr2(xmlSchemaAbstractCtxtPtr actxt,
const char *funcName,
const char *message,
@@ -2271,24 +2281,21 @@ xmlSchemaInternalErr2(xmlSchemaAbstractC
if (actxt == NULL)
return;
- msg = xmlStrdup(BAD_CAST "Internal error: ");
- msg = xmlStrcat(msg, BAD_CAST funcName);
- msg = xmlStrcat(msg, BAD_CAST ", ");
+ msg = xmlStrdup(BAD_CAST "Internal error: %s, ");
msg = xmlStrcat(msg, BAD_CAST message);
msg = xmlStrcat(msg, BAD_CAST ".\n");
if (actxt->type == XML_SCHEMA_CTXT_VALIDATOR)
- xmlSchemaErr(actxt, XML_SCHEMAV_INTERNAL, NULL,
- (const char *) msg, str1, str2);
-
+ xmlSchemaErr3(actxt, XML_SCHEMAV_INTERNAL, NULL,
+ (const char *) msg, (const xmlChar *) funcName, str1, str2);
else if (actxt->type == XML_SCHEMA_CTXT_PARSER)
- xmlSchemaErr(actxt, XML_SCHEMAP_INTERNAL, NULL,
- (const char *) msg, str1, str2);
+ xmlSchemaErr3(actxt, XML_SCHEMAP_INTERNAL, NULL,
+ (const char *) msg, (const xmlChar *) funcName, str1, str2);
FREE_AND_NULL(msg)
}
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlSchemaInternalErr(xmlSchemaAbstractCtxtPtr actxt,
const char *funcName,
const char *message)
@@ -2297,7 +2304,7 @@ xmlSchemaInternalErr(xmlSchemaAbstractCt
}
#if 0
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlSchemaPInternalErr(xmlSchemaParserCtxtPtr pctxt,
const char *funcName,
const char *message,
@@ -2309,7 +2316,7 @@ xmlSchemaPInternalErr(xmlSchemaParserCtx
}
#endif
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaCustomErr4(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2334,7 +2341,7 @@ xmlSchemaCustomErr4(xmlSchemaAbstractCtx
FREE_AND_NULL(msg)
}
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaCustomErr(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2349,7 +2356,7 @@ xmlSchemaCustomErr(xmlSchemaAbstractCtxt
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaCustomWarning(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2374,7 +2381,7 @@ xmlSchemaCustomWarning(xmlSchemaAbstract
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaKeyrefErr(xmlSchemaValidCtxtPtr vctxt,
xmlParserErrors error,
xmlSchemaPSVIIDCNodePtr idcNode,
@@ -2474,11 +2481,13 @@ xmlSchemaSimpleTypeErr(xmlSchemaAbstract
msg = xmlStrcat(msg, BAD_CAST " '");
if (type->builtInType != 0) {
msg = xmlStrcat(msg, BAD_CAST "xs:");
- msg = xmlStrcat(msg, type->name);
- } else
- msg = xmlStrcat(msg,
- xmlSchemaFormatQName(&str,
- type->targetNamespace, type->name));
+ str = xmlStrdup(type->name);
+ } else {
+ const xmlChar *qName = xmlSchemaFormatQName(&str, type->targetNamespace, type->name);
+ if (!str)
+ str = xmlStrdup(qName);
+ }
+ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
msg = xmlStrcat(msg, BAD_CAST "'");
FREE_AND_NULL(str);
}
@@ -2523,7 +2532,7 @@ xmlSchemaIllegalAttrErr(xmlSchemaAbstrac
FREE_AND_NULL(msg)
}
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaComplexTypeErr(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2615,7 +2624,7 @@ xmlSchemaComplexTypeErr(xmlSchemaAbstrac
str = xmlStrcat(str, BAD_CAST ", ");
}
str = xmlStrcat(str, BAD_CAST " ).\n");
- msg = xmlStrcat(msg, BAD_CAST str);
+ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
FREE_AND_NULL(str)
} else
msg = xmlStrcat(msg, BAD_CAST "\n");
@@ -2623,7 +2632,7 @@ xmlSchemaComplexTypeErr(xmlSchemaAbstrac
xmlFree(msg);
}
-static void
+static void LIBXML_ATTR_FORMAT(8,0)
xmlSchemaFacetErr(xmlSchemaAbstractCtxtPtr actxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -2914,7 +2923,7 @@ xmlSchemaPIllegalAttrErr(xmlSchemaParser
*
* Reports an error during parsing.
*/
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaPCustomErrExt(xmlSchemaParserCtxtPtr ctxt,
xmlParserErrors error,
xmlSchemaBasicItemPtr item,
@@ -2950,7 +2959,7 @@ xmlSchemaPCustomErrExt(xmlSchemaParserCt
*
* Reports an error during parsing.
*/
-static void
+static void LIBXML_ATTR_FORMAT(5,0)
xmlSchemaPCustomErr(xmlSchemaParserCtxtPtr ctxt,
xmlParserErrors error,
xmlSchemaBasicItemPtr item,
@@ -2975,7 +2984,7 @@ xmlSchemaPCustomErr(xmlSchemaParserCtxtP
*
* Reports an attribute use error during parsing.
*/
-static void
+static void LIBXML_ATTR_FORMAT(6,0)
xmlSchemaPAttrUseErr4(xmlSchemaParserCtxtPtr ctxt,
xmlParserErrors error,
xmlNodePtr node,
@@ -3097,7 +3106,7 @@ xmlSchemaPMutualExclAttrErr(xmlSchemaPar
* Reports a simple type validation error.
* TODO: Should this report the value of an element as well?
*/
-static void
+static void LIBXML_ATTR_FORMAT(8,0)
xmlSchemaPSimpleTypeErr(xmlSchemaParserCtxtPtr ctxt,
xmlParserErrors error,
xmlSchemaBasicItemPtr ownerItem ATTRIBUTE_UNUSED,
@@ -3139,11 +3148,13 @@ xmlSchemaPSimpleTypeErr(xmlSchemaParserC
msg = xmlStrcat(msg, BAD_CAST " '");
if (type->builtInType != 0) {
msg = xmlStrcat(msg, BAD_CAST "xs:");
- msg = xmlStrcat(msg, type->name);
- } else
- msg = xmlStrcat(msg,
- xmlSchemaFormatQName(&str,
- type->targetNamespace, type->name));
+ str = xmlStrdup(type->name);
+ } else {
+ const xmlChar *qName = xmlSchemaFormatQName(&str, type->targetNamespace, type->name);
+ if (!str)
+ str = xmlStrdup(qName);
+ }
+ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
msg = xmlStrcat(msg, BAD_CAST "'.");
FREE_AND_NULL(str);
}
@@ -3156,7 +3167,9 @@ xmlSchemaPSimpleTypeErr(xmlSchemaParserC
}
if (expected) {
msg = xmlStrcat(msg, BAD_CAST " Expected is '");
- msg = xmlStrcat(msg, BAD_CAST expected);
+ xmlChar *expectedEscaped = xmlCharStrdup(expected);
+ msg = xmlStrcat(msg, xmlEscapeFormatString(&expectedEscaped));
+ FREE_AND_NULL(expectedEscaped);
msg = xmlStrcat(msg, BAD_CAST "'.\n");
} else
msg = xmlStrcat(msg, BAD_CAST "\n");
Index: libxml2-2.9.1/xmlstring.c
===================================================================
--- libxml2-2.9.1.orig/xmlstring.c
+++ libxml2-2.9.1/xmlstring.c
@@ -545,7 +545,7 @@ xmlStrcat(xmlChar *cur, const xmlChar *a
* Returns the number of characters written to @buf or -1 if an error occurs.
*/
int XMLCDECL
-xmlStrPrintf(xmlChar *buf, int len, const xmlChar *msg, ...) {
+xmlStrPrintf(xmlChar *buf, int len, const char *msg, ...) {
va_list args;
int ret;
@@ -573,7 +573,7 @@ xmlStrPrintf(xmlChar *buf, int len, cons
* Returns the number of characters written to @buf or -1 if an error occurs.
*/
int
-xmlStrVPrintf(xmlChar *buf, int len, const xmlChar *msg, va_list ap) {
+xmlStrVPrintf(xmlChar *buf, int len, const char *msg, va_list ap) {
int ret;
if((buf == NULL) || (msg == NULL)) {
@@ -987,5 +987,60 @@ xmlUTF8Strsub(const xmlChar *utf, int st
return(xmlUTF8Strndup(utf, len));
}
+/**
+ * xmlEscapeFormatString:
+ * @msg: a pointer to the string in which to escape '%' characters.
+ * Must be a heap-allocated buffer created by libxml2 that may be
+ * returned, or that may be freed and replaced.
+ *
+ * Replaces the string pointed to by 'msg' with an escaped string.
+ * Returns the same string with all '%' characters escaped.
+ */
+xmlChar *
+xmlEscapeFormatString(xmlChar **msg)
+{
+ xmlChar *msgPtr = NULL;
+ xmlChar *result = NULL;
+ xmlChar *resultPtr = NULL;
+ size_t count = 0;
+ size_t msgLen = 0;
+ size_t resultLen = 0;
+
+ if (!msg || !*msg)
+ return(NULL);
+
+ for (msgPtr = *msg; *msgPtr != '\0'; ++msgPtr) {
+ ++msgLen;
+ if (*msgPtr == '%')
+ ++count;
+ }
+
+ if (count == 0)
+ return(*msg);
+
+ resultLen = msgLen + count + 1;
+ result = (xmlChar *) xmlMallocAtomic(resultLen * sizeof(xmlChar));
+ if (result == NULL) {
+ /* Clear *msg to prevent format string vulnerabilities in
+ out-of-memory situations. */
+ xmlFree(*msg);
+ *msg = NULL;
+ xmlErrMemory(NULL, NULL);
+ return(NULL);
+ }
+
+ for (msgPtr = *msg, resultPtr = result; *msgPtr != '\0'; ++msgPtr, ++resultPtr) {
+ *resultPtr = *msgPtr;
+ if (*msgPtr == '%')
+ *(++resultPtr) = '%';
+ }
+ result[resultLen - 1] = '\0';
+
+ xmlFree(*msg);
+ *msg = result;
+
+ return *msg;
+}
+
#define bottom_xmlstring
#include "elfgcchack.h"
Index: libxml2-2.9.1/xmlwriter.c
===================================================================
--- libxml2-2.9.1.orig/xmlwriter.c
+++ libxml2-2.9.1/xmlwriter.c
@@ -109,7 +109,7 @@ static int xmlTextWriterWriteDocCallback
const xmlChar * str, int len);
static int xmlTextWriterCloseDocCallback(void *context);
-static xmlChar *xmlTextWriterVSprintf(const char *format, va_list argptr);
+static xmlChar *xmlTextWriterVSprintf(const char *format, va_list argptr) LIBXML_ATTR_FORMAT(1,0);
static int xmlOutputBufferWriteBase64(xmlOutputBufferPtr out, int len,
const unsigned char *data);
static void xmlTextWriterStartDocumentCallback(void *ctx);
@@ -149,7 +149,7 @@ xmlWriterErrMsg(xmlTextWriterPtr ctxt, x
*
* Handle a writer error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlWriterErrMsgInt(xmlTextWriterPtr ctxt, xmlParserErrors error,
const char *msg, int val)
{
Index: libxml2-2.9.1/xpath.c
===================================================================
--- libxml2-2.9.1.orig/xpath.c
+++ libxml2-2.9.1/xpath.c
@@ -348,7 +348,7 @@ xmlXPathErrMemory(xmlXPathContextPtr ctx
xmlChar buf[200];
xmlStrPrintf(buf, 200,
- BAD_CAST "Memory allocation failed : %s\n",
+ "Memory allocation failed : %s\n",
extra);
ctxt->lastError.message = (char *) xmlStrdup(buf);
} else {
Index: libxml2-2.9.1/xpointer.c
===================================================================
--- libxml2-2.9.1.orig/xpointer.c
+++ libxml2-2.9.1/xpointer.c
@@ -85,7 +85,7 @@ xmlXPtrErrMemory(const char *extra)
*
* Handle a redefinition of attribute error
*/
-static void
+static void LIBXML_ATTR_FORMAT(3,0)
xmlXPtrErr(xmlXPathParserContextPtr ctxt, int error,
const char * msg, const xmlChar *extra)
{