summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-07-09 15:20:50 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-07-27 08:29:59 +0100
commit3b2c5409863af38d08eaa613e10ff49101fb250d (patch)
tree2a0a772d400f38b4d8cb55b20153cbaa57729bc6
parentad7cab35ffda97e753ce87958ce3de049c294f8e (diff)
downloadpoky-3b2c5409863af38d08eaa613e10ff49101fb250d.tar.gz
libxml2: Security fix for CVE-2016-4448
Affects libxml2 < 2.9.4 (From OE-Core rev: d4343f428c89c6c238cc7cd4c4732448a00003e4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2016-4448_1.patch1067
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2016-4448_2.patch208
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.2.bb2
3 files changed, 1277 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-4448_1.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-4448_1.patch
new file mode 100644
index 0000000000..1d08e57308
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-4448_1.patch
@@ -0,0 +1,1067 @@
1From 4472c3a5a5b516aaf59b89be602fbce52756c3e9 Mon Sep 17 00:00:00 2001
2From: David Kilzer <ddkilzer@webkit.org>
3Date: Fri, 13 May 2016 15:13:17 +0800
4Subject: [PATCH] Fix some format string warnings with possible format string
5 vulnerability
6
7For https://bugzilla.gnome.org/show_bug.cgi?id=761029
8
9Decorate every method in libxml2 with the appropriate
10LIBXML_ATTR_FORMAT(fmt,args) macro and add some cleanups
11following the reports.
12
13Upstream-Status: Backport
14CVE: CVE-2016-4448 patch #1
15Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17---
18 HTMLparser.c | 4 +--
19 SAX2.c | 12 ++++----
20 catalog.c | 2 +-
21 configure.ac | 4 +--
22 debugXML.c | 4 +--
23 encoding.c | 2 +-
24 entities.c | 2 +-
25 error.c | 2 +-
26 include/libxml/parserInternals.h | 2 +-
27 include/libxml/xmlerror.h | 2 +-
28 include/libxml/xmlstring.h | 8 ++---
29 libxml.h | 2 +-
30 parser.c | 37 +++++++++++-----------
31 parserInternals.c | 4 +--
32 relaxng.c | 4 +--
33 schematron.c | 2 +-
34 testModule.c | 2 +-
35 valid.c | 8 ++---
36 xinclude.c | 4 +--
37 xmlIO.c | 14 ++++-----
38 xmllint.c | 20 ++++++------
39 xmlreader.c | 16 +++++++---
40 xmlschemas.c | 66 ++++++++++++++++++++--------------------
41 xmlstring.c | 4 +--
42 xmlwriter.c | 4 +--
43 xpath.c | 2 +-
44 xpointer.c | 2 +-
45 27 files changed, 121 insertions(+), 114 deletions(-)
46
47Index: libxml2-2.9.2/HTMLparser.c
48===================================================================
49--- libxml2-2.9.2.orig/HTMLparser.c
50+++ libxml2-2.9.2/HTMLparser.c
51@@ -105,7 +105,7 @@ htmlErrMemory(xmlParserCtxtPtr ctxt, con
52 *
53 * Handle a fatal parser error, i.e. violating Well-Formedness constraints
54 */
55-static void
56+static void LIBXML_ATTR_FORMAT(3,0)
57 htmlParseErr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
58 const char *msg, const xmlChar *str1, const xmlChar *str2)
59 {
60@@ -132,7 +132,7 @@ htmlParseErr(xmlParserCtxtPtr ctxt, xmlP
61 *
62 * Handle a fatal parser error, i.e. violating Well-Formedness constraints
63 */
64-static void
65+static void LIBXML_ATTR_FORMAT(3,0)
66 htmlParseErrInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
67 const char *msg, int val)
68 {
69Index: libxml2-2.9.2/SAX2.c
70===================================================================
71--- libxml2-2.9.2.orig/SAX2.c
72+++ libxml2-2.9.2/SAX2.c
73@@ -55,7 +55,7 @@
74 * @ctxt: an XML validation parser context
75 * @msg: a string to accompany the error message
76 */
77-static void
78+static void LIBXML_ATTR_FORMAT(2,0)
79 xmlSAX2ErrMemory(xmlParserCtxtPtr ctxt, const char *msg) {
80 xmlStructuredErrorFunc schannel = NULL;
81 const char *str1 = "out of memory\n";
82@@ -93,7 +93,7 @@ xmlSAX2ErrMemory(xmlParserCtxtPtr ctxt,
83 *
84 * Handle a validation error
85 */
86-static void
87+static void LIBXML_ATTR_FORMAT(3,0)
88 xmlErrValid(xmlParserCtxtPtr ctxt, xmlParserErrors error,
89 const char *msg, const char *str1, const char *str2)
90 {
91@@ -133,7 +133,7 @@ xmlErrValid(xmlParserCtxtPtr ctxt, xmlPa
92 *
93 * Handle a fatal parser error, i.e. violating Well-Formedness constraints
94 */
95-static void
96+static void LIBXML_ATTR_FORMAT(3,0)
97 xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
98 const char *msg, const xmlChar *str1, const xmlChar *str2)
99 {
100@@ -164,7 +164,7 @@ xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xm
101 *
102 * Handle a parser warning
103 */
104-static void
105+static void LIBXML_ATTR_FORMAT(3,0)
106 xmlWarnMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
107 const char *msg, const xmlChar *str1)
108 {
109@@ -189,7 +189,7 @@ xmlWarnMsg(xmlParserCtxtPtr ctxt, xmlPar
110 *
111 * Handle a namespace error
112 */
113-static void
114+static void LIBXML_ATTR_FORMAT(3,0)
115 xmlNsErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
116 const char *msg, const xmlChar *str1, const xmlChar *str2)
117 {
118@@ -213,7 +213,7 @@ xmlNsErrMsg(xmlParserCtxtPtr ctxt, xmlPa
119 *
120 * Handle a namespace warning
121 */
122-static void
123+static void LIBXML_ATTR_FORMAT(3,0)
124 xmlNsWarnMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
125 const char *msg, const xmlChar *str1, const xmlChar *str2)
126 {
127Index: libxml2-2.9.2/catalog.c
128===================================================================
129--- libxml2-2.9.2.orig/catalog.c
130+++ libxml2-2.9.2/catalog.c
131@@ -238,7 +238,7 @@ xmlCatalogErrMemory(const char *extra)
132 *
133 * Handle a catalog error
134 */
135-static void
136+static void LIBXML_ATTR_FORMAT(4,0)
137 xmlCatalogErr(xmlCatalogEntryPtr catal, xmlNodePtr node, int error,
138 const char *msg, const xmlChar *str1, const xmlChar *str2,
139 const xmlChar *str3)
140Index: libxml2-2.9.2/configure.ac
141===================================================================
142--- libxml2-2.9.2.orig/configure.ac
143+++ libxml2-2.9.2/configure.ac
144@@ -770,7 +770,7 @@ else
145 fi
146
147 # warnings we'd like to see
148- CFLAGS="${CFLAGS} -pedantic -W -Wformat -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
149+ CFLAGS="${CFLAGS} -pedantic -W -Wformat -Wno-format-extra-args -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
150 # warnings we'd like to supress
151 CFLAGS="${CFLAGS} -Wno-long-long"
152 case "${host}" in
153@@ -990,7 +990,7 @@ if [[ "${LOGNAME}" = "veillard" -a "`pwd
154 fi
155 fi
156 if test "${GCC}" = "yes" ; then
157- CFLAGS="-g -O -pedantic -W -Wformat -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls -Wall"
158+ CFLAGS="-g -O -pedantic -W -Wformat -Wno-format-extra-args -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls -Wall"
159 fi
160 STATIC_BINARIES="-static"
161 dnl -Wcast-qual -ansi
162Index: libxml2-2.9.2/debugXML.c
163===================================================================
164--- libxml2-2.9.2.orig/debugXML.c
165+++ libxml2-2.9.2/debugXML.c
166@@ -164,7 +164,7 @@ xmlDebugErr(xmlDebugCtxtPtr ctxt, int er
167 NULL, NULL, NULL, 0, 0,
168 "%s", msg);
169 }
170-static void
171+static void LIBXML_ATTR_FORMAT(3,0)
172 xmlDebugErr2(xmlDebugCtxtPtr ctxt, int error, const char *msg, int extra)
173 {
174 ctxt->errors++;
175@@ -174,7 +174,7 @@ xmlDebugErr2(xmlDebugCtxtPtr ctxt, int e
176 NULL, NULL, NULL, 0, 0,
177 msg, extra);
178 }
179-static void
180+static void LIBXML_ATTR_FORMAT(3,0)
181 xmlDebugErr3(xmlDebugCtxtPtr ctxt, int error, const char *msg, const char *extra)
182 {
183 ctxt->errors++;
184Index: libxml2-2.9.2/encoding.c
185===================================================================
186--- libxml2-2.9.2.orig/encoding.c
187+++ libxml2-2.9.2/encoding.c
188@@ -93,7 +93,7 @@ xmlEncodingErrMemory(const char *extra)
189 *
190 * n encoding error
191 */
192-static void
193+static void LIBXML_ATTR_FORMAT(2,0)
194 xmlEncodingErr(xmlParserErrors error, const char *msg, const char *val)
195 {
196 __xmlRaiseError(NULL, NULL, NULL, NULL, NULL,
197Index: libxml2-2.9.2/entities.c
198===================================================================
199--- libxml2-2.9.2.orig/entities.c
200+++ libxml2-2.9.2/entities.c
201@@ -83,7 +83,7 @@ xmlEntitiesErrMemory(const char *extra)
202 *
203 * Handle an out of memory condition
204 */
205-static void
206+static void LIBXML_ATTR_FORMAT(2,0)
207 xmlEntitiesErr(xmlParserErrors code, const char *msg)
208 {
209 __xmlSimpleError(XML_FROM_TREE, code, NULL, msg, NULL);
210Index: libxml2-2.9.2/error.c
211===================================================================
212--- libxml2-2.9.2.orig/error.c
213+++ libxml2-2.9.2/error.c
214@@ -18,7 +18,7 @@
215
216 void XMLCDECL xmlGenericErrorDefaultFunc (void *ctx ATTRIBUTE_UNUSED,
217 const char *msg,
218- ...);
219+ ...) LIBXML_ATTR_FORMAT(2,3);
220
221 #define XML_GET_VAR_STR(msg, str) { \
222 int size, prev_size = -1; \
223Index: libxml2-2.9.2/include/libxml/parserInternals.h
224===================================================================
225--- libxml2-2.9.2.orig/include/libxml/parserInternals.h
226+++ libxml2-2.9.2/include/libxml/parserInternals.h
227@@ -351,7 +351,7 @@ XMLPUBFUN void XMLCALL
228 xmlParserErrors xmlerr,
229 const char *msg,
230 const xmlChar * str1,
231- const xmlChar * str2);
232+ const xmlChar * str2) LIBXML_ATTR_FORMAT(3,0);
233 #endif
234
235 /**
236Index: libxml2-2.9.2/include/libxml/xmlerror.h
237===================================================================
238--- libxml2-2.9.2.orig/include/libxml/xmlerror.h
239+++ libxml2-2.9.2/include/libxml/xmlerror.h
240@@ -937,7 +937,7 @@ XMLPUBFUN void XMLCALL
241 int code,
242 xmlNodePtr node,
243 const char *msg,
244- const char *extra);
245+ const char *extra) LIBXML_ATTR_FORMAT(4,0);
246 #endif
247 #ifdef __cplusplus
248 }
249Index: libxml2-2.9.2/include/libxml/xmlstring.h
250===================================================================
251--- libxml2-2.9.2.orig/include/libxml/xmlstring.h
252+++ libxml2-2.9.2/include/libxml/xmlstring.h
253@@ -97,13 +97,13 @@ XMLPUBFUN xmlChar * XMLCALL
254 XMLPUBFUN int XMLCALL
255 xmlStrPrintf (xmlChar *buf,
256 int len,
257- const xmlChar *msg,
258- ...);
259+ const char *msg,
260+ ...) LIBXML_ATTR_FORMAT(3,4);
261 XMLPUBFUN int XMLCALL
262 xmlStrVPrintf (xmlChar *buf,
263 int len,
264- const xmlChar *msg,
265- va_list ap);
266+ const char *msg,
267+ va_list ap) LIBXML_ATTR_FORMAT(3,0);
268
269 XMLPUBFUN int XMLCALL
270 xmlGetUTF8Char (const unsigned char *utf,
271Index: libxml2-2.9.2/libxml.h
272===================================================================
273--- libxml2-2.9.2.orig/libxml.h
274+++ libxml2-2.9.2/libxml.h
275@@ -71,7 +71,7 @@ extern int __xmlRegisterCallbacks;
276 * internal error reporting routines, shared but not partof the API.
277 */
278 void __xmlIOErr(int domain, int code, const char *extra);
279-void __xmlLoaderErr(void *ctx, const char *msg, const char *filename);
280+void __xmlLoaderErr(void *ctx, const char *msg, const char *filename) LIBXML_ATTR_FORMAT(2,0);
281 #ifdef LIBXML_HTML_ENABLED
282 /*
283 * internal function of HTML parser needed for xmlParseInNodeContext
284Index: libxml2-2.9.2/parser.c
285===================================================================
286--- libxml2-2.9.2.orig/parser.c
287+++ libxml2-2.9.2/parser.c
288@@ -350,7 +350,6 @@ static void
289 xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info)
290 {
291 const char *errmsg;
292- char errstr[129] = "";
293
294 if ((ctxt != NULL) && (ctxt->disableSAX != 0) &&
295 (ctxt->instate == XML_PARSER_EOF))
296@@ -537,15 +536,17 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlPa
297 default:
298 errmsg = "Unregistered error message";
299 }
300- if (info == NULL)
301- snprintf(errstr, 128, "%s\n", errmsg);
302- else
303- snprintf(errstr, 128, "%s: %%s\n", errmsg);
304 if (ctxt != NULL)
305 ctxt->errNo = error;
306- __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
307- XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, &errstr[0],
308- info);
309+ if (info == NULL) {
310+ __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
311+ XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, "%s\n",
312+ errmsg);
313+ } else {
314+ __xmlRaiseError(NULL, NULL, NULL, ctxt, NULL, XML_FROM_PARSER, error,
315+ XML_ERR_FATAL, NULL, 0, info, NULL, NULL, 0, 0, "%s: %s\n",
316+ errmsg, info);
317+ }
318 if (ctxt != NULL) {
319 ctxt->wellFormed = 0;
320 if (ctxt->recovery == 0)
321@@ -561,7 +562,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlPa
322 *
323 * Handle a fatal parser error, i.e. violating Well-Formedness constraints
324 */
325-static void
326+static void LIBXML_ATTR_FORMAT(3,0)
327 xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
328 const char *msg)
329 {
330@@ -589,7 +590,7 @@ xmlFatalErrMsg(xmlParserCtxtPtr ctxt, xm
331 *
332 * Handle a warning.
333 */
334-static void
335+static void LIBXML_ATTR_FORMAT(3,0)
336 xmlWarningMsg(xmlParserCtxtPtr ctxt, xmlParserErrors error,
337 const char *msg, const xmlChar *str1, const xmlChar *str2)
338 {
339@@ -627,7 +628,7 @@ xmlWarningMsg(xmlParserCtxtPtr ctxt, xml
340 *
341 * Handle a validity error.
342 */
343-static void
344+static void LIBXML_ATTR_FORMAT(3,0)
345 xmlValidityError(xmlParserCtxtPtr ctxt, xmlParserErrors error,
346 const char *msg, const xmlChar *str1, const xmlChar *str2)
347 {
348@@ -667,7 +668,7 @@ xmlValidityError(xmlParserCtxtPtr ctxt,
349 *
350 * Handle a fatal parser error, i.e. violating Well-Formedness constraints
351 */
352-static void
353+static void LIBXML_ATTR_FORMAT(3,0)
354 xmlFatalErrMsgInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
355 const char *msg, int val)
356 {
357@@ -697,7 +698,7 @@ xmlFatalErrMsgInt(xmlParserCtxtPtr ctxt,
358 *
359 * Handle a fatal parser error, i.e. violating Well-Formedness constraints
360 */
361-static void
362+static void LIBXML_ATTR_FORMAT(3,0)
363 xmlFatalErrMsgStrIntStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
364 const char *msg, const xmlChar *str1, int val,
365 const xmlChar *str2)
366@@ -727,7 +728,7 @@ xmlFatalErrMsgStrIntStr(xmlParserCtxtPtr
367 *
368 * Handle a fatal parser error, i.e. violating Well-Formedness constraints
369 */
370-static void
371+static void LIBXML_ATTR_FORMAT(3,0)
372 xmlFatalErrMsgStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
373 const char *msg, const xmlChar * val)
374 {
375@@ -756,7 +757,7 @@ xmlFatalErrMsgStr(xmlParserCtxtPtr ctxt,
376 *
377 * Handle a non fatal parser error
378 */
379-static void
380+static void LIBXML_ATTR_FORMAT(3,0)
381 xmlErrMsgStr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
382 const char *msg, const xmlChar * val)
383 {
384@@ -781,7 +782,7 @@ xmlErrMsgStr(xmlParserCtxtPtr ctxt, xmlP
385 *
386 * Handle a fatal parser error, i.e. violating Well-Formedness constraints
387 */
388-static void
389+static void LIBXML_ATTR_FORMAT(3,0)
390 xmlNsErr(xmlParserCtxtPtr ctxt, xmlParserErrors error,
391 const char *msg,
392 const xmlChar * info1, const xmlChar * info2,
393@@ -810,7 +811,7 @@ xmlNsErr(xmlParserCtxtPtr ctxt, xmlParse
394 *
395 * Handle a namespace warning error
396 */
397-static void
398+static void LIBXML_ATTR_FORMAT(3,0)
399 xmlNsWarn(xmlParserCtxtPtr ctxt, xmlParserErrors error,
400 const char *msg,
401 const xmlChar * info1, const xmlChar * info2,
402@@ -5538,7 +5539,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt
403 skipped = SKIP_BLANKS;
404 if (skipped == 0) {
405 xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
406- "Space required after '%'\n");
407+ "Space required after '%%'\n");
408 }
409 isParameter = 1;
410 }
411Index: libxml2-2.9.2/parserInternals.c
412===================================================================
413--- libxml2-2.9.2.orig/parserInternals.c
414+++ libxml2-2.9.2/parserInternals.c
415@@ -169,7 +169,7 @@ __xmlErrEncoding(xmlParserCtxtPtr ctxt,
416 *
417 * Handle an internal error
418 */
419-static void
420+static void LIBXML_ATTR_FORMAT(2,0)
421 xmlErrInternal(xmlParserCtxtPtr ctxt, const char *msg, const xmlChar * str)
422 {
423 if ((ctxt != NULL) && (ctxt->disableSAX != 0) &&
424@@ -197,7 +197,7 @@ xmlErrInternal(xmlParserCtxtPtr ctxt, co
425 *
426 * n encoding error
427 */
428-static void
429+static void LIBXML_ATTR_FORMAT(3,0)
430 xmlErrEncodingInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
431 const char *msg, int val)
432 {
433Index: libxml2-2.9.2/relaxng.c
434===================================================================
435--- libxml2-2.9.2.orig/relaxng.c
436+++ libxml2-2.9.2/relaxng.c
437@@ -507,7 +507,7 @@ xmlRngVErrMemory(xmlRelaxNGValidCtxtPtr
438 *
439 * Handle a Relax NG Parsing error
440 */
441-static void
442+static void LIBXML_ATTR_FORMAT(4,0)
443 xmlRngPErr(xmlRelaxNGParserCtxtPtr ctxt, xmlNodePtr node, int error,
444 const char *msg, const xmlChar * str1, const xmlChar * str2)
445 {
446@@ -541,7 +541,7 @@ xmlRngPErr(xmlRelaxNGParserCtxtPtr ctxt,
447 *
448 * Handle a Relax NG Validation error
449 */
450-static void
451+static void LIBXML_ATTR_FORMAT(4,0)
452 xmlRngVErr(xmlRelaxNGValidCtxtPtr ctxt, xmlNodePtr node, int error,
453 const char *msg, const xmlChar * str1, const xmlChar * str2)
454 {
455Index: libxml2-2.9.2/schematron.c
456===================================================================
457--- libxml2-2.9.2.orig/schematron.c
458+++ libxml2-2.9.2/schematron.c
459@@ -245,7 +245,7 @@ xmlSchematronPErrMemory(xmlSchematronPar
460 *
461 * Handle a parser error
462 */
463-static void
464+static void LIBXML_ATTR_FORMAT(4,0)
465 xmlSchematronPErr(xmlSchematronParserCtxtPtr ctxt, xmlNodePtr node, int error,
466 const char *msg, const xmlChar * str1, const xmlChar * str2)
467 {
468Index: libxml2-2.9.2/testModule.c
469===================================================================
470--- libxml2-2.9.2.orig/testModule.c
471+++ libxml2-2.9.2/testModule.c
472@@ -47,7 +47,7 @@ int main(int argc ATTRIBUTE_UNUSED, char
473
474 /* build the module filename, and confirm the module exists */
475 xmlStrPrintf(filename, sizeof(filename),
476- (const xmlChar*) "%s/testdso%s",
477+ "%s/testdso%s",
478 (const xmlChar*)MODULE_PATH,
479 (const xmlChar*)LIBXML_MODULE_EXTENSION);
480
481Index: libxml2-2.9.2/valid.c
482===================================================================
483--- libxml2-2.9.2.orig/valid.c
484+++ libxml2-2.9.2/valid.c
485@@ -93,7 +93,7 @@ xmlVErrMemory(xmlValidCtxtPtr ctxt, cons
486 *
487 * Handle a validation error
488 */
489-static void
490+static void LIBXML_ATTR_FORMAT(3,0)
491 xmlErrValid(xmlValidCtxtPtr ctxt, xmlParserErrors error,
492 const char *msg, const char *extra)
493 {
494@@ -137,7 +137,7 @@ xmlErrValid(xmlValidCtxtPtr ctxt, xmlPar
495 *
496 * Handle a validation error, provide contextual informations
497 */
498-static void
499+static void LIBXML_ATTR_FORMAT(4,0)
500 xmlErrValidNode(xmlValidCtxtPtr ctxt,
501 xmlNodePtr node, xmlParserErrors error,
502 const char *msg, const xmlChar * str1,
503@@ -180,7 +180,7 @@ xmlErrValidNode(xmlValidCtxtPtr ctxt,
504 *
505 * Handle a validation error, provide contextual informations
506 */
507-static void
508+static void LIBXML_ATTR_FORMAT(4,0)
509 xmlErrValidNodeNr(xmlValidCtxtPtr ctxt,
510 xmlNodePtr node, xmlParserErrors error,
511 const char *msg, const xmlChar * str1,
512@@ -221,7 +221,7 @@ xmlErrValidNodeNr(xmlValidCtxtPtr ctxt,
513 *
514 * Handle a validation error, provide contextual information
515 */
516-static void
517+static void LIBXML_ATTR_FORMAT(4,0)
518 xmlErrValidWarning(xmlValidCtxtPtr ctxt,
519 xmlNodePtr node, xmlParserErrors error,
520 const char *msg, const xmlChar * str1,
521Index: libxml2-2.9.2/xinclude.c
522===================================================================
523--- libxml2-2.9.2.orig/xinclude.c
524+++ libxml2-2.9.2/xinclude.c
525@@ -125,7 +125,7 @@ xmlXIncludeErrMemory(xmlXIncludeCtxtPtr
526 *
527 * Handle an XInclude error
528 */
529-static void
530+static void LIBXML_ATTR_FORMAT(4,0)
531 xmlXIncludeErr(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node, int error,
532 const char *msg, const xmlChar *extra)
533 {
534@@ -147,7 +147,7 @@ xmlXIncludeErr(xmlXIncludeCtxtPtr ctxt,
535 *
536 * Emit an XInclude warning.
537 */
538-static void
539+static void LIBXML_ATTR_FORMAT(4,0)
540 xmlXIncludeWarn(xmlXIncludeCtxtPtr ctxt, xmlNodePtr node, int error,
541 const char *msg, const xmlChar *extra)
542 {
543Index: libxml2-2.9.2/xmlIO.c
544===================================================================
545--- libxml2-2.9.2.orig/xmlIO.c
546+++ libxml2-2.9.2/xmlIO.c
547@@ -1604,7 +1604,7 @@ xmlCreateZMemBuff( int compression ) {
548 xmlFreeZMemBuff( buff );
549 buff = NULL;
550 xmlStrPrintf(msg, 500,
551- (const xmlChar *) "xmlCreateZMemBuff: %s %d\n",
552+ "xmlCreateZMemBuff: %s %d\n",
553 "Error initializing compression context. ZLIB error:",
554 z_err );
555 xmlIOErr(XML_IO_WRITE, (const char *) msg);
556@@ -1672,7 +1672,7 @@ xmlZMemBuffExtend( xmlZMemBuffPtr buff,
557 else {
558 xmlChar msg[500];
559 xmlStrPrintf(msg, 500,
560- (const xmlChar *) "xmlZMemBuffExtend: %s %lu bytes.\n",
561+ "xmlZMemBuffExtend: %s %lu bytes.\n",
562 "Allocation failure extending output buffer to",
563 new_size );
564 xmlIOErr(XML_IO_WRITE, (const char *) msg);
565@@ -1718,7 +1718,7 @@ xmlZMemBuffAppend( xmlZMemBuffPtr buff,
566 if ( z_err != Z_OK ) {
567 xmlChar msg[500];
568 xmlStrPrintf(msg, 500,
569- (const xmlChar *) "xmlZMemBuffAppend: %s %d %s - %d",
570+ "xmlZMemBuffAppend: %s %d %s - %d",
571 "Compression error while appending",
572 len, "bytes to buffer. ZLIB error", z_err );
573 xmlIOErr(XML_IO_WRITE, (const char *) msg);
574@@ -1791,7 +1791,7 @@ xmlZMemBuffGetContent( xmlZMemBuffPtr bu
575 else {
576 xmlChar msg[500];
577 xmlStrPrintf(msg, 500,
578- (const xmlChar *) "xmlZMemBuffGetContent: %s - %d\n",
579+ "xmlZMemBuffGetContent: %s - %d\n",
580 "Error flushing zlib buffers. Error code", z_err );
581 xmlIOErr(XML_IO_WRITE, (const char *) msg);
582 }
583@@ -1996,7 +1996,7 @@ xmlIOHTTPWrite( void * context, const ch
584 if ( len < 0 ) {
585 xmlChar msg[500];
586 xmlStrPrintf(msg, 500,
587- (const xmlChar *) "xmlIOHTTPWrite: %s\n%s '%s'.\n",
588+ "xmlIOHTTPWrite: %s\n%s '%s'.\n",
589 "Error appending to internal buffer.",
590 "Error sending document to URI",
591 ctxt->uri );
592@@ -2068,7 +2068,7 @@ xmlIOHTTPCloseWrite( void * context, con
593 if ( http_content == NULL ) {
594 xmlChar msg[500];
595 xmlStrPrintf(msg, 500,
596- (const xmlChar *) "xmlIOHTTPCloseWrite: %s '%s' %s '%s'.\n",
597+ "xmlIOHTTPCloseWrite: %s '%s' %s '%s'.\n",
598 "Error retrieving content.\nUnable to",
599 http_mthd, "data to URI", ctxt->uri );
600 xmlIOErr(XML_IO_WRITE, (const char *) msg);
601@@ -2140,7 +2140,7 @@ xmlIOHTTPCloseWrite( void * context, con
602 else {
603 xmlChar msg[500];
604 xmlStrPrintf(msg, 500,
605- (const xmlChar *) "xmlIOHTTPCloseWrite: HTTP '%s' of %d %s\n'%s' %s %d\n",
606+ "xmlIOHTTPCloseWrite: HTTP '%s' of %d %s\n'%s' %s %d\n",
607 http_mthd, content_lgth,
608 "bytes to URI", ctxt->uri,
609 "failed. HTTP return code:", http_rtn );
610Index: libxml2-2.9.2/xmllint.c
611===================================================================
612--- libxml2-2.9.2.orig/xmllint.c
613+++ libxml2-2.9.2/xmllint.c
614@@ -449,7 +449,7 @@ startTimer(void)
615 * message about the timing performed; format is a printf
616 * type argument
617 */
618-static void XMLCDECL
619+static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
620 endTimer(const char *fmt, ...)
621 {
622 long msec;
623@@ -485,7 +485,7 @@ startTimer(void)
624 {
625 begin = clock();
626 }
627-static void XMLCDECL
628+static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
629 endTimer(const char *fmt, ...)
630 {
631 long msec;
632@@ -514,7 +514,7 @@ startTimer(void)
633 * Do nothing
634 */
635 }
636-static void XMLCDECL
637+static void XMLCDECL LIBXML_ATTR_FORMAT(1,2)
638 endTimer(char *format, ...)
639 {
640 /*
641@@ -634,7 +634,7 @@ xmlHTMLPrintFileContext(xmlParserInputPt
642 * Display and format an error messages, gives file, line, position and
643 * extra parameters.
644 */
645-static void XMLCDECL
646+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
647 xmlHTMLError(void *ctx, const char *msg, ...)
648 {
649 xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
650@@ -671,7 +671,7 @@ xmlHTMLError(void *ctx, const char *msg,
651 * Display and format a warning messages, gives file, line, position and
652 * extra parameters.
653 */
654-static void XMLCDECL
655+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
656 xmlHTMLWarning(void *ctx, const char *msg, ...)
657 {
658 xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
659@@ -709,7 +709,7 @@ xmlHTMLWarning(void *ctx, const char *ms
660 * Display and format an validity error messages, gives file,
661 * line, position and extra parameters.
662 */
663-static void XMLCDECL
664+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
665 xmlHTMLValidityError(void *ctx, const char *msg, ...)
666 {
667 xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
668@@ -746,7 +746,7 @@ xmlHTMLValidityError(void *ctx, const ch
669 * Display and format a validity warning messages, gives file, line,
670 * position and extra parameters.
671 */
672-static void XMLCDECL
673+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
674 xmlHTMLValidityWarning(void *ctx, const char *msg, ...)
675 {
676 xmlParserCtxtPtr ctxt = (xmlParserCtxtPtr) ctx;
677@@ -1410,7 +1410,7 @@ commentDebug(void *ctx ATTRIBUTE_UNUSED,
678 * Display and format a warning messages, gives file, line, position and
679 * extra parameters.
680 */
681-static void XMLCDECL
682+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
683 warningDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
684 {
685 va_list args;
686@@ -1433,7 +1433,7 @@ warningDebug(void *ctx ATTRIBUTE_UNUSED,
687 * Display and format a error messages, gives file, line, position and
688 * extra parameters.
689 */
690-static void XMLCDECL
691+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
692 errorDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
693 {
694 va_list args;
695@@ -1456,7 +1456,7 @@ errorDebug(void *ctx ATTRIBUTE_UNUSED, c
696 * Display and format a fatalError messages, gives file, line, position and
697 * extra parameters.
698 */
699-static void XMLCDECL
700+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
701 fatalErrorDebug(void *ctx ATTRIBUTE_UNUSED, const char *msg, ...)
702 {
703 va_list args;
704Index: libxml2-2.9.2/xmlreader.c
705===================================================================
706--- libxml2-2.9.2.orig/xmlreader.c
707+++ libxml2-2.9.2/xmlreader.c
708@@ -4050,13 +4050,19 @@ xmlTextReaderCurrentDoc(xmlTextReaderPtr
709 }
710
711 #ifdef LIBXML_SCHEMAS_ENABLED
712-static char *xmlTextReaderBuildMessage(const char *msg, va_list ap);
713+static char *xmlTextReaderBuildMessage(const char *msg, va_list ap) LIBXML_ATTR_FORMAT(1,0);
714
715 static void XMLCDECL
716-xmlTextReaderValidityError(void *ctxt, const char *msg, ...);
717+xmlTextReaderValidityError(void *ctxt, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
718
719 static void XMLCDECL
720-xmlTextReaderValidityWarning(void *ctxt, const char *msg, ...);
721+xmlTextReaderValidityWarning(void *ctxt, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
722+
723+static void XMLCDECL
724+xmlTextReaderValidityErrorRelay(void *ctx, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
725+
726+static void XMLCDECL
727+xmlTextReaderValidityWarningRelay(void *ctx, const char *msg, ...) LIBXML_ATTR_FORMAT(2,3);
728
729 static void XMLCDECL
730 xmlTextReaderValidityErrorRelay(void *ctx, const char *msg, ...)
731@@ -4850,7 +4856,7 @@ xmlTextReaderStructuredError(void *ctxt,
732 }
733 }
734
735-static void XMLCDECL
736+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
737 xmlTextReaderError(void *ctxt, const char *msg, ...)
738 {
739 va_list ap;
740@@ -4863,7 +4869,7 @@ xmlTextReaderError(void *ctxt, const cha
741
742 }
743
744-static void XMLCDECL
745+static void XMLCDECL LIBXML_ATTR_FORMAT(2,3)
746 xmlTextReaderWarning(void *ctxt, const char *msg, ...)
747 {
748 va_list ap;
749Index: libxml2-2.9.2/xmlschemas.c
750===================================================================
751--- libxml2-2.9.2.orig/xmlschemas.c
752+++ libxml2-2.9.2/xmlschemas.c
753@@ -1085,7 +1085,7 @@ xmlSchemaGetUnionSimpleTypeMemberTypes(x
754 static void
755 xmlSchemaInternalErr(xmlSchemaAbstractCtxtPtr actxt,
756 const char *funcName,
757- const char *message);
758+ const char *message) LIBXML_ATTR_FORMAT(3,0);
759 static int
760 xmlSchemaCheckCOSSTDerivedOK(xmlSchemaAbstractCtxtPtr ctxt,
761 xmlSchemaTypePtr type,
762@@ -1889,7 +1889,7 @@ xmlSchemaPErrMemory(xmlSchemaParserCtxtP
763 *
764 * Handle a parser error
765 */
766-static void
767+static void LIBXML_ATTR_FORMAT(4,0)
768 xmlSchemaPErr(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node, int error,
769 const char *msg, const xmlChar * str1, const xmlChar * str2)
770 {
771@@ -1922,7 +1922,7 @@ xmlSchemaPErr(xmlSchemaParserCtxtPtr ctx
772 *
773 * Handle a parser error
774 */
775-static void
776+static void LIBXML_ATTR_FORMAT(5,0)
777 xmlSchemaPErr2(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node,
778 xmlNodePtr child, int error,
779 const char *msg, const xmlChar * str1, const xmlChar * str2)
780@@ -1951,7 +1951,7 @@ xmlSchemaPErr2(xmlSchemaParserCtxtPtr ct
781 *
782 * Handle a parser error
783 */
784-static void
785+static void LIBXML_ATTR_FORMAT(7,0)
786 xmlSchemaPErrExt(xmlSchemaParserCtxtPtr ctxt, xmlNodePtr node, int error,
787 const xmlChar * strData1, const xmlChar * strData2,
788 const xmlChar * strData3, const char *msg, const xmlChar * str1,
789@@ -2002,7 +2002,7 @@ xmlSchemaVErrMemory(xmlSchemaValidCtxtPt
790 extra);
791 }
792
793-static void
794+static void LIBXML_ATTR_FORMAT(2,0)
795 xmlSchemaPSimpleInternalErr(xmlNodePtr node,
796 const char *msg, const xmlChar *str)
797 {
798@@ -2013,18 +2013,21 @@ xmlSchemaPSimpleInternalErr(xmlNodePtr n
799 #define WXS_ERROR_TYPE_ERROR 1
800 #define WXS_ERROR_TYPE_WARNING 2
801 /**
802- * xmlSchemaErr3:
803+ * xmlSchemaErr4Line:
804 * @ctxt: the validation context
805- * @node: the context node
806+ * @errorLevel: the error level
807 * @error: the error code
808+ * @node: the context node
809+ * @line: the line number
810 * @msg: the error message
811 * @str1: extra data
812 * @str2: extra data
813 * @str3: extra data
814+ * @str4: extra data
815 *
816 * Handle a validation error
817 */
818-static void
819+static void LIBXML_ATTR_FORMAT(6,0)
820 xmlSchemaErr4Line(xmlSchemaAbstractCtxtPtr ctxt,
821 xmlErrorLevel errorLevel,
822 int error, xmlNodePtr node, int line, const char *msg,
823@@ -2139,7 +2142,7 @@ xmlSchemaErr4Line(xmlSchemaAbstractCtxtP
824 *
825 * Handle a validation error
826 */
827-static void
828+static void LIBXML_ATTR_FORMAT(4,0)
829 xmlSchemaErr3(xmlSchemaAbstractCtxtPtr actxt,
830 int error, xmlNodePtr node, const char *msg,
831 const xmlChar *str1, const xmlChar *str2, const xmlChar *str3)
832@@ -2148,7 +2151,7 @@ xmlSchemaErr3(xmlSchemaAbstractCtxtPtr a
833 msg, str1, str2, str3, NULL);
834 }
835
836-static void
837+static void LIBXML_ATTR_FORMAT(4,0)
838 xmlSchemaErr4(xmlSchemaAbstractCtxtPtr actxt,
839 int error, xmlNodePtr node, const char *msg,
840 const xmlChar *str1, const xmlChar *str2,
841@@ -2158,7 +2161,7 @@ xmlSchemaErr4(xmlSchemaAbstractCtxtPtr a
842 msg, str1, str2, str3, str4);
843 }
844
845-static void
846+static void LIBXML_ATTR_FORMAT(4,0)
847 xmlSchemaErr(xmlSchemaAbstractCtxtPtr actxt,
848 int error, xmlNodePtr node, const char *msg,
849 const xmlChar *str1, const xmlChar *str2)
850@@ -2181,7 +2184,7 @@ xmlSchemaFormatNodeForError(xmlChar ** m
851 /*
852 * Don't try to format other nodes than element and
853 * attribute nodes.
854- * Play save and return an empty string.
855+ * Play safe and return an empty string.
856 */
857 *msg = xmlStrdup(BAD_CAST "");
858 return(*msg);
859@@ -2262,7 +2265,7 @@ xmlSchemaFormatNodeForError(xmlChar ** m
860 return (*msg);
861 }
862
863-static void
864+static void LIBXML_ATTR_FORMAT(3,0)
865 xmlSchemaInternalErr2(xmlSchemaAbstractCtxtPtr actxt,
866 const char *funcName,
867 const char *message,
868@@ -2273,24 +2276,21 @@ xmlSchemaInternalErr2(xmlSchemaAbstractC
869
870 if (actxt == NULL)
871 return;
872- msg = xmlStrdup(BAD_CAST "Internal error: ");
873- msg = xmlStrcat(msg, BAD_CAST funcName);
874- msg = xmlStrcat(msg, BAD_CAST ", ");
875+ msg = xmlStrdup(BAD_CAST "Internal error: %s, ");
876 msg = xmlStrcat(msg, BAD_CAST message);
877 msg = xmlStrcat(msg, BAD_CAST ".\n");
878
879 if (actxt->type == XML_SCHEMA_CTXT_VALIDATOR)
880- xmlSchemaErr(actxt, XML_SCHEMAV_INTERNAL, NULL,
881- (const char *) msg, str1, str2);
882-
883+ xmlSchemaErr3(actxt, XML_SCHEMAV_INTERNAL, NULL,
884+ (const char *) msg, (const xmlChar *) funcName, str1, str2);
885 else if (actxt->type == XML_SCHEMA_CTXT_PARSER)
886- xmlSchemaErr(actxt, XML_SCHEMAP_INTERNAL, NULL,
887- (const char *) msg, str1, str2);
888+ xmlSchemaErr3(actxt, XML_SCHEMAP_INTERNAL, NULL,
889+ (const char *) msg, (const xmlChar *) funcName, str1, str2);
890
891 FREE_AND_NULL(msg)
892 }
893
894-static void
895+static void LIBXML_ATTR_FORMAT(3,0)
896 xmlSchemaInternalErr(xmlSchemaAbstractCtxtPtr actxt,
897 const char *funcName,
898 const char *message)
899@@ -2299,7 +2299,7 @@ xmlSchemaInternalErr(xmlSchemaAbstractCt
900 }
901
902 #if 0
903-static void
904+static void LIBXML_ATTR_FORMAT(3,0)
905 xmlSchemaPInternalErr(xmlSchemaParserCtxtPtr pctxt,
906 const char *funcName,
907 const char *message,
908@@ -2311,7 +2311,7 @@ xmlSchemaPInternalErr(xmlSchemaParserCtx
909 }
910 #endif
911
912-static void
913+static void LIBXML_ATTR_FORMAT(5,0)
914 xmlSchemaCustomErr4(xmlSchemaAbstractCtxtPtr actxt,
915 xmlParserErrors error,
916 xmlNodePtr node,
917@@ -2336,7 +2336,7 @@ xmlSchemaCustomErr4(xmlSchemaAbstractCtx
918 FREE_AND_NULL(msg)
919 }
920
921-static void
922+static void LIBXML_ATTR_FORMAT(5,0)
923 xmlSchemaCustomErr(xmlSchemaAbstractCtxtPtr actxt,
924 xmlParserErrors error,
925 xmlNodePtr node,
926@@ -2351,7 +2351,7 @@ xmlSchemaCustomErr(xmlSchemaAbstractCtxt
927
928
929
930-static void
931+static void LIBXML_ATTR_FORMAT(5,0)
932 xmlSchemaCustomWarning(xmlSchemaAbstractCtxtPtr actxt,
933 xmlParserErrors error,
934 xmlNodePtr node,
935@@ -2376,7 +2376,7 @@ xmlSchemaCustomWarning(xmlSchemaAbstract
936
937
938
939-static void
940+static void LIBXML_ATTR_FORMAT(5,0)
941 xmlSchemaKeyrefErr(xmlSchemaValidCtxtPtr vctxt,
942 xmlParserErrors error,
943 xmlSchemaPSVIIDCNodePtr idcNode,
944@@ -2525,7 +2525,7 @@ xmlSchemaIllegalAttrErr(xmlSchemaAbstrac
945 FREE_AND_NULL(msg)
946 }
947
948-static void
949+static void LIBXML_ATTR_FORMAT(5,0)
950 xmlSchemaComplexTypeErr(xmlSchemaAbstractCtxtPtr actxt,
951 xmlParserErrors error,
952 xmlNodePtr node,
953@@ -2625,7 +2625,7 @@ xmlSchemaComplexTypeErr(xmlSchemaAbstrac
954 xmlFree(msg);
955 }
956
957-static void
958+static void LIBXML_ATTR_FORMAT(8,0)
959 xmlSchemaFacetErr(xmlSchemaAbstractCtxtPtr actxt,
960 xmlParserErrors error,
961 xmlNodePtr node,
962@@ -2916,7 +2916,7 @@ xmlSchemaPIllegalAttrErr(xmlSchemaParser
963 *
964 * Reports an error during parsing.
965 */
966-static void
967+static void LIBXML_ATTR_FORMAT(5,0)
968 xmlSchemaPCustomErrExt(xmlSchemaParserCtxtPtr ctxt,
969 xmlParserErrors error,
970 xmlSchemaBasicItemPtr item,
971@@ -2952,7 +2952,7 @@ xmlSchemaPCustomErrExt(xmlSchemaParserCt
972 *
973 * Reports an error during parsing.
974 */
975-static void
976+static void LIBXML_ATTR_FORMAT(5,0)
977 xmlSchemaPCustomErr(xmlSchemaParserCtxtPtr ctxt,
978 xmlParserErrors error,
979 xmlSchemaBasicItemPtr item,
980@@ -2977,7 +2977,7 @@ xmlSchemaPCustomErr(xmlSchemaParserCtxtP
981 *
982 * Reports an attribute use error during parsing.
983 */
984-static void
985+static void LIBXML_ATTR_FORMAT(6,0)
986 xmlSchemaPAttrUseErr4(xmlSchemaParserCtxtPtr ctxt,
987 xmlParserErrors error,
988 xmlNodePtr node,
989@@ -3099,7 +3099,7 @@ xmlSchemaPMutualExclAttrErr(xmlSchemaPar
990 * Reports a simple type validation error.
991 * TODO: Should this report the value of an element as well?
992 */
993-static void
994+static void LIBXML_ATTR_FORMAT(8,0)
995 xmlSchemaPSimpleTypeErr(xmlSchemaParserCtxtPtr ctxt,
996 xmlParserErrors error,
997 xmlSchemaBasicItemPtr ownerItem ATTRIBUTE_UNUSED,
998Index: libxml2-2.9.2/xmlstring.c
999===================================================================
1000--- libxml2-2.9.2.orig/xmlstring.c
1001+++ libxml2-2.9.2/xmlstring.c
1002@@ -545,7 +545,7 @@ xmlStrcat(xmlChar *cur, const xmlChar *a
1003 * Returns the number of characters written to @buf or -1 if an error occurs.
1004 */
1005 int XMLCDECL
1006-xmlStrPrintf(xmlChar *buf, int len, const xmlChar *msg, ...) {
1007+xmlStrPrintf(xmlChar *buf, int len, const char *msg, ...) {
1008 va_list args;
1009 int ret;
1010
1011@@ -573,7 +573,7 @@ xmlStrPrintf(xmlChar *buf, int len, cons
1012 * Returns the number of characters written to @buf or -1 if an error occurs.
1013 */
1014 int
1015-xmlStrVPrintf(xmlChar *buf, int len, const xmlChar *msg, va_list ap) {
1016+xmlStrVPrintf(xmlChar *buf, int len, const char *msg, va_list ap) {
1017 int ret;
1018
1019 if((buf == NULL) || (msg == NULL)) {
1020Index: libxml2-2.9.2/xmlwriter.c
1021===================================================================
1022--- libxml2-2.9.2.orig/xmlwriter.c
1023+++ libxml2-2.9.2/xmlwriter.c
1024@@ -113,7 +113,7 @@ static int xmlTextWriterWriteDocCallback
1025 const xmlChar * str, int len);
1026 static int xmlTextWriterCloseDocCallback(void *context);
1027
1028-static xmlChar *xmlTextWriterVSprintf(const char *format, va_list argptr);
1029+static xmlChar *xmlTextWriterVSprintf(const char *format, va_list argptr) LIBXML_ATTR_FORMAT(1,0);
1030 static int xmlOutputBufferWriteBase64(xmlOutputBufferPtr out, int len,
1031 const unsigned char *data);
1032 static void xmlTextWriterStartDocumentCallback(void *ctx);
1033@@ -153,7 +153,7 @@ xmlWriterErrMsg(xmlTextWriterPtr ctxt, x
1034 *
1035 * Handle a writer error
1036 */
1037-static void
1038+static void LIBXML_ATTR_FORMAT(3,0)
1039 xmlWriterErrMsgInt(xmlTextWriterPtr ctxt, xmlParserErrors error,
1040 const char *msg, int val)
1041 {
1042Index: libxml2-2.9.2/xpath.c
1043===================================================================
1044--- libxml2-2.9.2.orig/xpath.c
1045+++ libxml2-2.9.2/xpath.c
1046@@ -639,7 +639,7 @@ xmlXPathErrMemory(xmlXPathContextPtr ctx
1047 xmlChar buf[200];
1048
1049 xmlStrPrintf(buf, 200,
1050- BAD_CAST "Memory allocation failed : %s\n",
1051+ "Memory allocation failed : %s\n",
1052 extra);
1053 ctxt->lastError.message = (char *) xmlStrdup(buf);
1054 } else {
1055Index: libxml2-2.9.2/xpointer.c
1056===================================================================
1057--- libxml2-2.9.2.orig/xpointer.c
1058+++ libxml2-2.9.2/xpointer.c
1059@@ -85,7 +85,7 @@ xmlXPtrErrMemory(const char *extra)
1060 *
1061 * Handle a redefinition of attribute error
1062 */
1063-static void
1064+static void LIBXML_ATTR_FORMAT(3,0)
1065 xmlXPtrErr(xmlXPathParserContextPtr ctxt, int error,
1066 const char * msg, const xmlChar *extra)
1067 {
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-4448_2.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-4448_2.patch
new file mode 100644
index 0000000000..bfea8fde55
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-4448_2.patch
@@ -0,0 +1,208 @@
1From 502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b Mon Sep 17 00:00:00 2001
2From: David Kilzer <ddkilzer@apple.com>
3Date: Mon, 23 May 2016 14:58:41 +0800
4Subject: [PATCH] More format string warnings with possible format string
5 vulnerability
6
7For https://bugzilla.gnome.org/show_bug.cgi?id=761029
8
9adds a new xmlEscapeFormatString() function to escape composed format
10strings
11
12Upstream-Status: Backport
13CVE: CVE-2016-4448 patch #2
14
15Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17---
18 libxml.h | 3 +++
19 relaxng.c | 3 ++-
20 xmlschemas.c | 39 ++++++++++++++++++++++++++-------------
21 xmlstring.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
22 4 files changed, 86 insertions(+), 14 deletions(-)
23
24Index: libxml2-2.9.2/libxml.h
25===================================================================
26--- libxml2-2.9.2.orig/libxml.h
27+++ libxml2-2.9.2/libxml.h
28@@ -9,6 +9,8 @@
29 #ifndef __XML_LIBXML_H__
30 #define __XML_LIBXML_H__
31
32+#include <libxml/xmlstring.h>
33+
34 #ifndef NO_LARGEFILE_SOURCE
35 #ifndef _LARGEFILE_SOURCE
36 #define _LARGEFILE_SOURCE
37@@ -96,6 +98,7 @@ int __xmlInitializeDict(void);
38 int __xmlRandom(void);
39 #endif
40
41+XMLPUBFUN xmlChar * XMLCALL xmlEscapeFormatString(xmlChar **msg);
42 int xmlNop(void);
43
44 #ifdef IN_LIBXML
45Index: libxml2-2.9.2/relaxng.c
46===================================================================
47--- libxml2-2.9.2.orig/relaxng.c
48+++ libxml2-2.9.2/relaxng.c
49@@ -2215,7 +2215,8 @@ xmlRelaxNGGetErrorString(xmlRelaxNGValid
50 snprintf(msg, 1000, "Unknown error code %d\n", err);
51 }
52 msg[1000 - 1] = 0;
53- return (xmlStrdup((xmlChar *) msg));
54+ xmlChar *result = xmlCharStrdup(msg);
55+ return (xmlEscapeFormatString(&result));
56 }
57
58 /**
59Index: libxml2-2.9.2/xmlschemas.c
60===================================================================
61--- libxml2-2.9.2.orig/xmlschemas.c
62+++ libxml2-2.9.2/xmlschemas.c
63@@ -1769,7 +1769,7 @@ xmlSchemaFormatItemForReport(xmlChar **b
64 }
65 FREE_AND_NULL(str)
66
67- return (*buf);
68+ return (xmlEscapeFormatString(buf));
69 }
70
71 /**
72@@ -2249,6 +2249,13 @@ xmlSchemaFormatNodeForError(xmlChar ** m
73 TODO
74 return (NULL);
75 }
76+
77+ /*
78+ * xmlSchemaFormatItemForReport() also returns an escaped format
79+ * string, so do this before calling it below (in the future).
80+ */
81+ xmlEscapeFormatString(msg);
82+
83 /*
84 * VAL TODO: The output of the given schema component is currently
85 * disabled.
86@@ -2476,11 +2483,13 @@ xmlSchemaSimpleTypeErr(xmlSchemaAbstract
87 msg = xmlStrcat(msg, BAD_CAST " '");
88 if (type->builtInType != 0) {
89 msg = xmlStrcat(msg, BAD_CAST "xs:");
90- msg = xmlStrcat(msg, type->name);
91- } else
92- msg = xmlStrcat(msg,
93- xmlSchemaFormatQName(&str,
94- type->targetNamespace, type->name));
95+ str = xmlStrdup(type->name);
96+ } else {
97+ const xmlChar *qName = xmlSchemaFormatQName(&str, type->targetNamespace, type->name);
98+ if (!str)
99+ str = xmlStrdup(qName);
100+ }
101+ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
102 msg = xmlStrcat(msg, BAD_CAST "'");
103 FREE_AND_NULL(str);
104 }
105@@ -2617,7 +2626,7 @@ xmlSchemaComplexTypeErr(xmlSchemaAbstrac
106 str = xmlStrcat(str, BAD_CAST ", ");
107 }
108 str = xmlStrcat(str, BAD_CAST " ).\n");
109- msg = xmlStrcat(msg, BAD_CAST str);
110+ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
111 FREE_AND_NULL(str)
112 } else
113 msg = xmlStrcat(msg, BAD_CAST "\n");
114@@ -3141,11 +3150,13 @@ xmlSchemaPSimpleTypeErr(xmlSchemaParserC
115 msg = xmlStrcat(msg, BAD_CAST " '");
116 if (type->builtInType != 0) {
117 msg = xmlStrcat(msg, BAD_CAST "xs:");
118- msg = xmlStrcat(msg, type->name);
119- } else
120- msg = xmlStrcat(msg,
121- xmlSchemaFormatQName(&str,
122- type->targetNamespace, type->name));
123+ str = xmlStrdup(type->name);
124+ } else {
125+ const xmlChar *qName = xmlSchemaFormatQName(&str, type->targetNamespace, type->name);
126+ if (!str)
127+ str = xmlStrdup(qName);
128+ }
129+ msg = xmlStrcat(msg, xmlEscapeFormatString(&str));
130 msg = xmlStrcat(msg, BAD_CAST "'.");
131 FREE_AND_NULL(str);
132 }
133@@ -3158,7 +3169,9 @@ xmlSchemaPSimpleTypeErr(xmlSchemaParserC
134 }
135 if (expected) {
136 msg = xmlStrcat(msg, BAD_CAST " Expected is '");
137- msg = xmlStrcat(msg, BAD_CAST expected);
138+ xmlChar *expectedEscaped = xmlCharStrdup(expected);
139+ msg = xmlStrcat(msg, xmlEscapeFormatString(&expectedEscaped));
140+ FREE_AND_NULL(expectedEscaped);
141 msg = xmlStrcat(msg, BAD_CAST "'.\n");
142 } else
143 msg = xmlStrcat(msg, BAD_CAST "\n");
144Index: libxml2-2.9.2/xmlstring.c
145===================================================================
146--- libxml2-2.9.2.orig/xmlstring.c
147+++ libxml2-2.9.2/xmlstring.c
148@@ -987,5 +987,60 @@ xmlUTF8Strsub(const xmlChar *utf, int st
149 return(xmlUTF8Strndup(utf, len));
150 }
151
152+/**
153+ * xmlEscapeFormatString:
154+ * @msg: a pointer to the string in which to escape '%' characters.
155+ * Must be a heap-allocated buffer created by libxml2 that may be
156+ * returned, or that may be freed and replaced.
157+ *
158+ * Replaces the string pointed to by 'msg' with an escaped string.
159+ * Returns the same string with all '%' characters escaped.
160+ */
161+xmlChar *
162+xmlEscapeFormatString(xmlChar **msg)
163+{
164+ xmlChar *msgPtr = NULL;
165+ xmlChar *result = NULL;
166+ xmlChar *resultPtr = NULL;
167+ size_t count = 0;
168+ size_t msgLen = 0;
169+ size_t resultLen = 0;
170+
171+ if (!msg || !*msg)
172+ return(NULL);
173+
174+ for (msgPtr = *msg; *msgPtr != '\0'; ++msgPtr) {
175+ ++msgLen;
176+ if (*msgPtr == '%')
177+ ++count;
178+ }
179+
180+ if (count == 0)
181+ return(*msg);
182+
183+ resultLen = msgLen + count + 1;
184+ result = (xmlChar *) xmlMallocAtomic(resultLen * sizeof(xmlChar));
185+ if (result == NULL) {
186+ /* Clear *msg to prevent format string vulnerabilities in
187+ out-of-memory situations. */
188+ xmlFree(*msg);
189+ *msg = NULL;
190+ xmlErrMemory(NULL, NULL);
191+ return(NULL);
192+ }
193+
194+ for (msgPtr = *msg, resultPtr = result; *msgPtr != '\0'; ++msgPtr, ++resultPtr) {
195+ *resultPtr = *msgPtr;
196+ if (*msgPtr == '%')
197+ *(++resultPtr) = '%';
198+ }
199+ result[resultLen - 1] = '\0';
200+
201+ xmlFree(*msg);
202+ *msg = result;
203+
204+ return *msg;
205+}
206+
207 #define bottom_xmlstring
208 #include "elfgcchack.h"
diff --git a/meta/recipes-core/libxml/libxml2_2.9.2.bb b/meta/recipes-core/libxml/libxml2_2.9.2.bb
index c7db1de14e..e221a4f702 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.2.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.2.bb
@@ -18,6 +18,8 @@ SRC_URI += "file://CVE-2016-1762.patch \
18 file://CVE-2016-1833.patch \ 18 file://CVE-2016-1833.patch \
19 file://CVE-2016-3627.patch \ 19 file://CVE-2016-3627.patch \
20 file://CVE-2016-4447.patch \ 20 file://CVE-2016-4447.patch \
21 file://CVE-2016-4448_1.patch \
22 file://CVE-2016-4448_2.patch \
21 " 23 "
22 24
23SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788" 25SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788"