| Age | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  |  | 
|  |  | 
|  | As mentioned in #142, plist_copy_node() was not correctly handling the hash
tables when cloning array or dict nodes; it incorrectly filled the hash table
with the original child node info, which effectively would lead to a
segmentation fault / UaF if the original array/dict would be freed followed
by an attempt to access an element in the new hash table. | 
|  | PLIST_DICT | 
|  | item of a #PLIST_DICT | 
|  | without relying on the index | 
|  | be found | 
|  |  | 
|  | Also fixes #126 by skipping the strlen() in the assert() if for some reason NULL is returned as data | 
|  | Similar to #PLIST_DICT, an iterator can now be used for #PLIST_ARRAY
nodes. Get an iterator with plist_array_new_iter() and use
plist_array_next_item() to iterate over the elements. | 
|  | directly
As Xiao Deng pointed out in #131, plist_dict_next_item() was very inefficient.
For each iteration, node_nth_child() was called with the iterator value, which
would walk through the child node list on EVERY iteration. If the dictionary
is large this makes things very slow. More than that, after reaching the key
node the code was calling node_nth_child() AGAIN (with iterator value + 1) to
reach the value node, which would walk through the node list once more.
This commit changes the iterator to be a node_t pointer so that the iteration
is done on the node list directly. | 
|  |  | 
|  | integer)
Credit to Wang Junjie <zhunkibatu@gmail.com> (#90)
Credit to OSS-Fuzz | 
|  | This commit adds proper debug/error messages being printed if the binary
plist parser encounters anything abnormal. To enable debug logging,
libplist must be configured with --enable-debug, and the environment
variable PLIST_BIN_DEBUG must be set to "1". | 
|  |  | 
|  |  | 
|  |  | 
|  | This removes the timeval union member from the plist_data_t structure.
Since struct timeval is 2x64bit on 64bit platforms this member unnecessarily
grew the union size to 16 bytes while a size of 8 bytes is sufficient.
Also, on 32bit platforms struct timeval is only 2x32bit of size, limiting the
range of possible time values. In addition the binary property list format
also stores PLIST_DATE nodes as double. | 
|  |  | 
|  | In node_to_xml nodes of type PLIST_UID are temporarily converted
to a PLIST_DICT for an appropriate XML output. Therefore a PLIST_KEY
and a PLIST_UINT node is created and inserted into the PLIST_DICT
node. Upon completion, the child nodes of the PLIST_DICT node are
detached from the original node and freed, however the data of the
child nodes - the key string and the uint value - are not.
This commit fixes it. | 
|  | Without this check, e.g. the values -1 and 18446744073709551615 would yield in a
match, since the comparison will just compare the uint64_t values. However, any
value >= 9223372036854775808 and <= 18446744073709551615 is stored as a 128 bit
value in binary plist format to make sure it is recognized as an unsigned value.
We store it internally as a uint64_t value, but we set the size to 16 vs. 8
accordingly; so this commit will make sure the binary plist optimization will
not re-use matching uint64_t values of actually mismatching signed/unsigned values. | 
|  | Rather than having everyone reimplement binary/XML plist detection by
looking at the first bytes of the plist content, it's better to do this
detection in libplist and hide that internal detail from library users. | 
|  | It can be useful if one needs to know what type of plist a memory buffer
contains. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | Before recursing over its children, plist_free_node started by
detaching the current GNode from its parent which means that
calling g_node_destroy on the root of the tree was freeing only
the top-level GNode while what was intended was to free the whole
tree. Don't leak memory by not detaching children GNodes from their
parents so that g_node_destroy on the toplevel GNode can clean
everything. | 
|  | The 2nd missing break was harmless since it fell through the default: case
which has a break, but it makes things more robust if we were ever to add
new cases to this switch. The 1st missing break; was causing warnings in
valgrind since we ended up calling strdup on a memory zone not containing
a \0 character. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  |