commit | 2e02df8552fcfb0facd2d1e324b227190a73a7bb | [log] [tgz] |
---|---|---|
author | Sadaf Ebrahimi <sadafebrahimi@google.com> | Wed Nov 16 16:31:05 2022 +0000 |
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | Wed Dec 14 02:23:37 2022 +0000 |
tree | 3501dadfc8a8559645900663b74f481da07c113f | |
parent | 596fa8888fd77d61c9730be16271821ff0515d0e [diff] |
[CVE-2022-43680] Fix overeager DTD destruction (fixes #649) Bug: http://b/255449293 Test: TreeHugger Change-Id: I15ba529c07a6b868484bd5972be154c07cd97cc6 (cherry picked from commit 03836568ec3e5a4051e54bf39568656d07f5a3dd) Merged-In: I15ba529c07a6b868484bd5972be154c07cd97cc6
This is Expat, a C library for parsing XML, started by James Clark in 1997. Expat is a stream-oriented XML parser. This means that you register handlers with the parser before starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers.
Expat supports the following compilers:
${today} minus 5 years
)Windows users can use the expat-win32bin-*.*.*.{exe,zip}
download, which includes both pre-compiled libraries and executables, and source code for developers.
Expat is free software. You may copy, distribute, and modify it under the terms of the License contained in the file COPYING
distributed with this package. This license is the same as the MIT/X Consortium license.
There are two ways of using libexpat with CMake:
This approach leverages CMake's own module FindEXPAT
.
Notice the uppercase EXPAT
in the following example:
cmake_minimum_required(VERSION 3.0) # or 3.10, see below project(hello VERSION 1.0.0) find_package(EXPAT 2.2.8 MODULE REQUIRED) add_executable(hello hello.c ) # a) for CMake >=3.10 (see CMake's FindEXPAT docs) target_link_libraries(hello PUBLIC EXPAT::EXPAT) # b) for CMake >=3.0 target_include_directories(hello PRIVATE ${EXPAT_INCLUDE_DIRS}) target_link_libraries(hello PUBLIC ${EXPAT_LIBRARIES})
This approach requires files from…
Notice the lowercase expat
in the following example:
cmake_minimum_required(VERSION 3.0) project(hello VERSION 1.0.0) find_package(expat 2.2.8 CONFIG REQUIRED char dtd ns) add_executable(hello hello.c ) target_link_libraries(hello PUBLIC expat::expat)
If you are building Expat from a check-out from the Git repository, you need to run a script that generates the configure script using the GNU autoconf and libtool tools. To do this, you need to have autoconf 2.58 or newer. Run the script like this:
./buildconf.sh
Once this has been done, follow the same instructions as for building from a source distribution.
To build Expat from a source distribution, you first run the configuration shell script in the top level distribution directory:
./configure
There are many options which you may provide to configure (which you can discover by running configure with the --help
option). But the one of most interest is the one that sets the installation directory. By default, the configure script will set things up to install libexpat into /usr/local/lib
, expat.h
into /usr/local/include
, and xmlwf
into /usr/local/bin
. If, for example, you'd prefer to install into /home/me/mystuff/lib
, /home/me/mystuff/include
, and /home/me/mystuff/bin
, you can tell configure
about that with:
./configure --prefix=/home/me/mystuff
Another interesting option is to enable 64-bit integer support for line and column numbers and the over-all byte index:
./configure CPPFLAGS=-DXML_LARGE_SIZE
However, such a modification would be a breaking change to the ABI and is therefore not recommended for general use — e.g. as part of a Linux distribution — but rather for builds with special requirements.
After running the configure script, the make
command will build things and make install
will install things into their proper location. Have a look at the Makefile
to learn about additional make
options. Note that you need to have write permission into the directories into which things will be installed.
If you are interested in building Expat to provide document information in UTF-16 encoding rather than the default UTF-8, follow these instructions (after having run make distclean
). Please note that we configure with --without-xmlwf
as xmlwf does not support this mode of compilation (yet):
Mass-patch Makefile.am
files to use libexpatw.la
for a library name:
find -name Makefile.am -exec sed -e 's,libexpat\.la,libexpatw.la,' -e 's,libexpat_la,libexpatw_la,' -i {} +
Run automake
to re-write Makefile.in
files:
automake
For UTF-16 output as unsigned short (and version/error strings as char), run:
./configure CPPFLAGS=-DXML_UNICODE --without-xmlwf
For UTF-16 output as wchar_t
(incl. version/error strings), run:
./configure CFLAGS="-g -O2 -fshort-wchar" CPPFLAGS=-DXML_UNICODE_WCHAR_T --without-xmlwf
Note: The latter requires libc compiled with -fshort-wchar
, as well.
Run make
(which excludes xmlwf).
Run make install
(again, excludes xmlwf).
Using DESTDIR
is supported. It works as follows:
make install DESTDIR=/path/to/image
overrides the in-makefile set DESTDIR
, because variable-setting priority is
Note: This only applies to the Expat library itself, building UTF-16 versions of xmlwf and the tests is currently not supported.
When using Expat with a project using autoconf for configuration, you can use the probing macro in conftools/expat.m4
to determine how to include Expat. See the comments at the top of that file for more information.
A reference manual is available in the file doc/reference.html
in this distribution.
The CMake build system is still experimental and may replace the primary build system based on GNU Autotools at some point when it is ready.
For an idea of the available (non-advanced) options for building with CMake:
# rm -f CMakeCache.txt ; cmake -D_EXPAT_HELP=ON -LH . | grep -B1 ':.*=' | sed 's,^--$,,' // Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel ... CMAKE_BUILD_TYPE:STRING= // Install path prefix, prepended onto install directories. CMAKE_INSTALL_PREFIX:PATH=/usr/local // Path to a program. DOCBOOK_TO_MAN:FILEPATH=/usr/bin/docbook2x-man // build man page for xmlwf EXPAT_BUILD_DOCS:BOOL=ON // build the examples for expat library EXPAT_BUILD_EXAMPLES:BOOL=ON // build fuzzers for the expat library EXPAT_BUILD_FUZZERS:BOOL=OFF // build pkg-config file EXPAT_BUILD_PKGCONFIG:BOOL=ON // build the tests for expat library EXPAT_BUILD_TESTS:BOOL=ON // build the xmlwf tool for expat library EXPAT_BUILD_TOOLS:BOOL=ON // Character type to use (char|ushort|wchar_t) [default=char] EXPAT_CHAR_TYPE:STRING=char // install expat files in cmake install target EXPAT_ENABLE_INSTALL:BOOL=ON // Use /MT flag (static CRT) when compiling in MSVC EXPAT_MSVC_STATIC_CRT:BOOL=OFF // build fuzzers via ossfuzz for the expat library EXPAT_OSSFUZZ_BUILD:BOOL=OFF // build a shared expat library EXPAT_SHARED_LIBS:BOOL=ON // Treat all compiler warnings as errors EXPAT_WARNINGS_AS_ERRORS:BOOL=OFF // Make use of getrandom function (ON|OFF|AUTO) [default=AUTO] EXPAT_WITH_GETRANDOM:STRING=AUTO // utilize libbsd (for arc4random_buf) EXPAT_WITH_LIBBSD:BOOL=OFF // Make use of syscall SYS_getrandom (ON|OFF|AUTO) [default=AUTO] EXPAT_WITH_SYS_GETRANDOM:STRING=AUTO