Function call arguments are stored in a list which is processed
recursively during optimize(). We now limit the depth of this construct
as well to make sure optimize() doesn't run out of stack space.
The default stack on MSVC/x64/debug is sufficient for 1692 nested
invocations only, whereas on clang/linux it's ~8K...
For now set the limit to be conservative.
XPath parser and execution engine isn't stackless; the depth of the
query controls the amount of C stack space required.
This change instruments places in the parser where the control flow can
recurse, requiring too much C stack space to produce an AST, or where a
stackless parse is used to produce arbitrarily deep AST which will
create issues for downstream processing.
As a result XPath parser should now be fuzz safe for malicious inputs.
In case of USE_POSTFIX, the POSTFIX is dependent
on the CMAKE_BUILD_TYPE.
Use the correct POSTFIX also in the generated pugixml.pc file.
This results in the following contents of pugixml.pc:
- Release:
Libs: -L${libdir} -lpugixml
- RelWithDebInfo
Libs: -L${libdir} -lpugixml_r
- MinSizeRel:
Libs: -L${libdir} -lpugixml_m
- Debug:
Libs: -L${libdir} -lpugixml_d
In some MSVC versions on x64 configurations, the hashing function
triggers this failure:
Run-Time Check Failure #1 - A cast to a smaller data type has caused a
loss of data. If this was intentional, you should mask the source of
the cast with the appropriate bitmask.
This is similar to the integer sanitizer - this code is valid C++ but
MSVC decides to warn about this nonetheless. Masking the pointer's low
32 bits fixes the issue.
Fixes#357.
pugixml currently unconditionally accepts documents with multiple
top-level element nodes in absence of parse_fragment. This is an
unfortunate omission; while it can be corrected, it will result in
regressions for some users, and it's trivial to perform the validity
check after the parse is done.
Because of this, for now we're just going to amend documentation here to
both highlight this in the W3C Conformance section, but also to more
strongly push users into realizing that there's just a single document
element (normally).
We might decide to change the behavior here to prohibit such documents
by default in the future, but for now a documentation change seems like
a better tradeoff.
Fixes#337
The old logic for BUILD_SHARED_LIBS and BUILD_SHARED_AND_STATIC_LIBS
would produce two targets with the same name and different build
rules. The Makefile generator tolerated this, but the Ninja generator
raised an error. Fix the logic so that only one shared and one static
target gets built, and make the pugixml target an ALIAS of the one
dictated by BUILD_SHARED_LIBS.
The loop traverses the source tree and simultaneously builds up a copy
of it at destination. Short of race conditions, this code is safe -
however, it's not obvious that dit stays inside the destination tree.
This change adds a few assertions to help enforce/document these
invariants. One particular subtlety is that dit can actually *become*
null after we exit out of the loop, but it's guaranteed to only do so
once sit goes back to sn.
This is only possible when doing a full document copy - for some reason
we weren't using this for that (in reset(xml_document)), but we are now.
Fixes#314.
We were previously relying on non-standard comment detection that is
supported by gcc/clang to avoid warnings about implicit fallthrough.
This can be solved using attributes but using them requires a lot of
compiler-specific detection logic because not all versions of gcc/clang
support them.
We don't *really* need to rely on fallthrough here - the type conversion
block can be located *after* the AST type switch instead, which means
that any AST type that has type ambiguity can fall back to that in the
future.
Fixes#331.
Instead of performing a late null check that is redundant and only
needed to silence clang static analysis warning, we pick the context as
a root / self node. This way the code is a bit less redundant and the
static analyzer is happy.
New Features:
pugixml-shared and pugixml-static are "always" available, but not always
built. This allows downstream projects to still use them, and to make
sure our configurations are correct regardless of if they are being
built. They are not always installed however.
pugixml-shared and pugixml-static have ALIAS libraries of
pugixml::shared and pugixml::static respectively. These names are also
respected in the `find_package(pugixml CONFIG)` generated files, so its
safe to use pugixml in a CMake project regardless of whether it is
installed locally, or if its a subproject via `add_subdirectory`.
pugixml will automatically select the correct library type based on
BUILD_SHARED_LIBS. A pugixml::pugixml ALIAS is also available.
CMAKE_MSVC_RUNTIME_LIBRARY from CMake 3.15 has been backported.
CMake will now rely on generator expressions (a powerful abstraction in
large projects with many subdirectories) for most work. This offloads
work from the single-threaded configure stage to the multithreaded
generation stage.
pugixml now uses CTest as the runner.
Some settings are automatically disabled if pugixml is used as a
subdirectory. These are still able to be manually set, but are hidden
from folks who choose to use CMake GUI.
⬆️ Bump CMake minimum to 3.4
🐛 pugixml no longer requires a C compiler to be found or set to
compile correctly. This speeds up configuration and building on windows.
🚧 Begin laying groundwork to backport MSVC_RUNTIME_LIBRARY
property
This keeps src/ folder clean of auxiliary files only required for
special builds; note that CMakeLists.txt already depends on scripts/
(specifically for pkgconfig setup).
The newly added tests make sure that during node/attribute destruction
we deallocate a few memory pages; this makes sure that we don't read
node data after it's being destroyed.
Also clean up formatting/style in the remove_* implementation a bit.
According to XML spec, > sometimes needs to be escaped in PCDATA (when
it occurs as a ]]> pattern), but it doesn't need to be escaped in
attribute values.
Contributes to #272.
When using double quotes for attributes, we don't need to escape '; when
using single quotes, we don't need to escape ".
This changes behavior to match 1.9 by default (where we don't escape ').
Contributes to #272.
Note: this chang also updates PUGIXML_VERSION macro to allow for
double-digit minor versions; this preserves the continuity of versions
so PUGIXML_VERSION >= 190 will still work.
Create visual studio projects that are vs2019 compliant.
* nuget_build.ps1 :
Introduce a new argument that will define how we implement the nuget
build. For now we accept 201{9,7.5.3} as possible argument values.
* pugixml_vs2019{,_static}.vcxproj :
Add two visual studio projects that build pugi with the latest SDK and
build tools
* appveyor.yml
- Add Visual Studio 2019 to build targets
- Add Visual Studio 201{9,3,5} to build_scripts. And call
nuget_build.ps1 with a new argument.
- Add Visual Studio 2019 to the test_scripts.
appending the suffix to the build product need not be a function of
whether CMAKE_CONFIGURATION_TYPES is set. for example, having two ninja
build trees---one for debug and another for release---is a fine use-case
for USE_POSTFIX.
This change adds format_attribute_single_quote flag that uses single quotes (`'`) instead of double quotes (`"`) for formatting attribute values.
Internal quotation marks are escaped using `"` and `'`.
This change removes contrib folder since it doesn't seem very useful;
Natvis scripts can and should go to scripts/ along with project files.
foreach.hpp is supporting a severely outdated BOOST_FOREACH construct;
in C++11 ranged for loop can be used with xml_node::children/attributes,
and BOOST_FOREACH can work with these as well.
foreach.hpp was also accidentally licensed as public domain which isn't
very helpful when the actual library is MIT. We could fix the license
but it seems better to just remove it.
Fixes#264.
We now have two tests: one tests behavior when we run out of space when
appending the node set (in which case the append fails), another one
tests behavior when we run out of space when filtering the node set (in
which case the set still contains redundant data).
Given an unsorted sequence, remove_duplicates would sort it using the
pointer value of attributes/nodes and then remove consecutive
duplicates.
This was problematic because it meant that the result of XPath queries
was dependent on the memory allocation pattern. While it's technically
incorrect to rely on the order, this results in easy to miss bugs.
This is particularly common when XPath queries use union operators -
although we also will call remove_duplicates in other cases.
This change reworks the code to use a hash set instead, using the same
hash function we use for compact storage. To make sure it performs well,
we allocate enough buckets for count * 1.5 (assuming all elements are
unique); since each bucket is a single pointer unlike xpath_node which
is two pointers, we need somewhere between size * 0.75 and size * 1.5
temporary storage.
The resulting filtering is stable - we remove elements that we have seen
before but we don't change the order - and is actually significantly
faster than sorting was.
With a large union operation, before this change it took ~56 ms per 100
query invocations to remove duplicates, and after this change it takes
~20ms.
Fixes#254.
This test is very sensitive to the particular implementation of union
aggregation; for now lets disable this.
We need a more robust way to test union allocation failures.
This does not change the result of a union operation [substantially], but
it means that we now give a list to remove_duplicates that has more natural
ordering.
If remove_duplicates didn't sort the array, we'd have union operations
resulting in a consistent predictable order.
Contributes to #254.
We now have a ${LIBRARY} variable that we can either use directly or in
a foreach loop to be able to process either pugixml or pugixml-static
and pugixml-shared targets.
Also fixes incorrect shared library assignment when
BUILD_SHARED_AND_STATIC_LIBS is defined, and only links the static
library in for make check.
This may or may not make it more clear that pugixml.cpp has to be
compiled - either as one of the projects or as a standalone project via
CMake et al - for it to work by default.
Fixes#256.
This allows us to reuse this code for MinGW builds.
Additionally disable coverage step for Linux clang - it looks like
Travis has a mismatch in the version of gcov info between clang and gcov
which causes gcov to crash - somehow this crash isn't picked up as a
build error.
The behavior on Linux is very different between kernel versions, and it
triggers an unexpected OOM during sanitizer runs because somehow the
size is reported to be LONG_MAX. It's not clear that it helps us cover
any paths we don't cover otherwise - it would be nice to be able to test
failing to load a multi-gigabyte file on a 32-bit system, but we can't
do this easily atm anyway.
This commit changes sanitize configuration to fail on the first error
and ignore floating-point division and overflow "errors" that trigger
when we test the corresponding functionality. This makes it possible to
run this on all commits - if new UB or memory safety issues are introduced,
asan/ubsan will catch them.
We had a few places in test code and library source where we used an
implicit float->double cast; while it should preserve the value exactly,
gcc/clang implement this warning to make sure uses of double are intentional.
This change also adds the warning to Makefile to make sure we don't
regress on this warning.
Fixes#243.
This change modifies the table entries for ctx_special_attr to treat TAB
character as special, which makes the output code escape it.
Before this change, trying to use TAB in an attribute value would output
it verbatim; during subsequent parsing, pugixml - and other compliant
parsers - would apply attribute-value normalization, turning the TAB
into a space and losing the original value.
Using 	 fixes this; if an input document has 	 in an attribute
value, that gets unescaped into \t during parsing and escaped back into
	 during output, which means we can now roundtrip values like this.
Fixes#242.
Coverity hits a similar false positive to what clang static analyzer hit
- it assumes that since optimize() checks _right for being nullptr,
optimize_self() might hit _right=nullptr in the ast_op_equal case which
is impossible.
Contributes to #236.
The following warning is removed:
Visual Studio 14.0
1. warning C4275: non dll-interface class 'std::exception' used as
base for dll-interface class 'vtkpugixml::xpath_exception'
clang doesn't understand the invariants guaranteed for specific AST node
types and, when seeing null pointer checks in optimize(), assumes any
pointers in the node might be null. Work around this by adding explicit
- redundant - null pointer checks.
