| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 15 hours | xplist: Improve robustness of XML text parsing and value conversionHEADmaster |  Nikias Bassen | 1 | -69/+152 | |
| This change adds stricter validation for numeric and date nodes, including full-input consumption, overflow/range checks, and rejection of invalid floating-point values. Whitespace handling is clarified by explicitly trimming trailing XML whitespace for value nodes. | |||||
| 4 days | xplist: Use small stack buffer instead of dynamic allocations | Nikias Bassen | 1 | -31/+16 | |
| This removes the necessity for malloc failures and reduces overhead | |||||
| 8 days | xplist: Use memcpy instead of strncpy since we know the exact size | Nikias Bassen | 1 | -3/+3 | |
| 8 days | xplist: Harden entity unescaping against malformed input | Nikias Bassen | 1 | -18/+32 | |
| - Fix numeric character reference parsing - Enforce exact entity name matching - Guard against size_t underflow and oversized entities - Reject invalid Unicode code points | |||||
| 13 days | Prevent deep nesting of plist structures in all input/output formats | Nikias Bassen | 1 | -49/+62 | |
| Thanks to @unbengable12 for reporting. Addresses #288, #289, #290, #291, and #292. | |||||
| 2026-01-14 | Add circular reference detection to all format writers | Nikias Bassen | 1 | -2/+24 | |
| Thanks to @LkkkLxy for pointing out the issue. | |||||
| 2025-11-14 | xplist: Allow empty key entry in PLIST_DICT | Nikias Bassen | 1 | -1/+9 | |
| Even though this is weird, the DTD allows it. This commit will also make the XML output write `<key/>` and `<string/>` instead of `<key></key>` and `<string></string>` in case of empty key/string node. | |||||
| 2025-10-29 | xplist: Fix possible integer overflow | Nikias Bassen | 1 | -2/+2 | |
| Thanks to @ylwango613 for reporting | |||||
| 2023-05-21 | Add explicit casts and fix return type mismatches | Nikias Bassen | 1 | -33/+33 | |
| 2023-05-13 | Add space before PRI* macros, some compilers do not like it | Nikias Bassen | 1 | -4/+4 | |
| 2023-05-13 | Move PLIST_API to the headers | Nikias Bassen | 1 | -2/+2 | |
| 2023-02-07 | Fix build without --enable-debug | Nikias Bassen | 1 | -0/+2 | |
| 2023-02-07 | Add function to interface to allow enabling/disabling error/debug output for ↵ | Nikias Bassen | 1 | -0/+5 | |
| the format parses This makes the `-d` option work in plistutil that wasn't doing anything | |||||
| 2023-02-06 | libcnary: Updated typedefs of node_t and node_list_t to contain pointer | Nikias Bassen | 1 | -6/+5 | |
| This makes the code more readable. Obviously all the code that uses it is also updated. | |||||
| 2023-01-19 | xplist: Add missing newline to debug message | Nikias Bassen | 1 | -1/+1 | |
| 2023-01-16 | Rename PLIST_UINT to PLIST_INT and add plist_new_int() and plist_get_int_val() | Nikias Bassen | 1 | -3/+3 | |
| This properly supports getting and setting signed or unsigned integer values. Also, a new helper function plist_int_val_is_negative() was added to determine if a given #PLIST_INT node has a negative value or not. The old type PLIST_UINT is defined as a macro with the value of PLIST_INT for backwards compatibility. This commit also adds int vs. uint support to the C++ interface, and the python bindings in a hopefully useful way. | |||||
| 2022-02-07 | xplist: Prevent undefined behavior by not trying to negate INT64_MIN | Nikias Bassen | 1 | -1/+1 | |
| 2021-12-23 | xplist: Add special handling for PLIST_UID parsing from XML | Nikias Bassen | 1 | -5/+14 | |
| In XML, PLIST_UID nodes are stored as a dict with a "CF$UID" key and an integer value, so we want to make it a real PLIST_UID node internally. | |||||
| 2021-12-22 | Add a return value to plist_to_* and plist_from_* functions | Nikias Bassen | 1 | -16/+45 | |
| This way it can be easier determined why an import/export operation failed instead of just having a NULL result. | |||||
| 2021-12-19 | Add support for PLIST_NULL type | Nikias Bassen | 1 | -5/+19 | |
| 2021-12-19 | Add new plist_mem_free() function | Nikias Bassen | 1 | -5/+0 | |
| Thanks to @azerg for bringing this to my attention. Instead of having multiple (internally identical) plist_*_free() functions, this commit introduces a single plist_mem_free() that can be used to free the memory allocated by plist_to_xml(), plist_to_bin(), plist_get_key_val(), plist_get_string_val(), and plist_get_data_val(). Note: This commit REMOVES plist_to_bin_free() and plist_to_xml_free(). | |||||
| 2021-11-08 | xplist: Better size estimation for PLIST_REAL nodes | Nikias Bassen | 1 | -2/+2 | |
| 2021-06-22 | [clang-tidy] Remove casts to the same type |  Rosen Penev | 1 | -1/+1 | |
| Found with google-readability-casting Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
| 2021-01-25 | Replace malloc + memset with calloc where appropriate | Rosen Penev | 1 | -2/+1 | |
| calloc is faster for big allocations. It's also simpler. Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
| 2020-11-24 | Add parentheses to macros for better readability | Rosen Penev | 1 | -1/+1 | |
| [clang-tidy] Found with bugprone-macro-parentheses Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
| 2020-11-24 | Improve code readability by using explicit != 0 compare when using strncmp | Rosen Penev | 1 | -4/+4 | |
| [clang-tidy] Found with bugprone-suspicious-string-compare Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
| 2020-06-03 | Remove pointless return in void functions | Rosen Penev | 1 | -2/+0 | |
| [clang-tidy] Found with readability-redundant-control-flow Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
| 2019-11-07 | xplist: Bail out when '.' is found while checking for ',' in double to ↵ | Nikias Bassen | 1 | -0/+2 | |
| string conversion | |||||
| 2019-11-07 | Add plist_to_bin_free() and plist_to_xml_free() functions that free memory ↵ | Nikias Bassen | 1 | -0/+5 | |
| allocated by plist_to_bin()/plist_to_xml() | |||||
| 2019-11-07 | xplist: Increase precision when converting PLIST_REAL nodes to XML | Nikias Bassen | 1 | -37/+16 | |
| 2019-01-21 | xplist: Fix dtostr() inserting ':' to output string when fractional part ↵ | Nikias Bassen | 1 | -2/+15 | |
| overflows | |||||
| 2018-12-17 | xplist: Write base64 directly to output buffer to improve memory usage | Nikias Bassen | 1 | -5/+2 | |
| Now that we grow the output buffer enough before writing XML output we can just write the base64 encoded data directly to the ouput buffer instead of using a heap buffer that will then be copied to the output buffer. This makes writing XML output more memory efficient (and slightly faster). | |||||
| 2018-12-14 | xplist: Improve memory usage by estimating output buffer size | Nikias Bassen | 1 | -2/+127 | |
| 2018-12-14 | xplist: Fix writing of empty dict and array nodes to XML | Nikias Bassen | 1 | -8/+6 | |
| 2018-12-11 | xplist: Fix segfault caused by recent changes in libcnary | Nikias Bassen | 1 | -1/+1 | |
| 2018-12-10 | xplist: Prevent unnecessary reallocations when writing XML output | Nikias Bassen | 1 | -1/+4 | |
| 2018-12-10 | Remove node_iterator and operate on node list directly to improve memory usage | Nikias Bassen | 1 | -4/+1 | |
| 2018-09-04 | xplist: Assert when number of child nodes of PLIST_DICT is not even | Nikias Bassen | 1 | -0/+3 | |
| This should only happen due to misuse of the library, e.g. when calling plist_free() on a node that is a value node in a PLIST_DICT without properly removing the dictionary entry (key/value pair) and then calling plist_to_xml() on that dictionary. | |||||
| 2018-07-25 | xplist: Fix typo in error message |  Bastien Nocera | 1 | -1/+1 | |
| 2017-04-02 | xplist: Plug another memory leak | Nikias Bassen | 1 | -0/+3 | |
| Credit to OSS-Fuzz | |||||
| 2017-03-29 | xplist: Prevent memory leak(s) when parsing fails | Nikias Bassen | 1 | -2/+2 | |
| Credit to OSS-Fuzz | |||||
| 2017-03-29 | xplist: Make XML parsing non-recursive to prevent stack overflow on ↵ | Nikias Bassen | 1 | -79/+103 | |
| deep-structured plists Credit to OSS-Fuzz | |||||
| 2017-02-15 | xplist: Improve writing of large PLIST_DATA nodes by growing buffer in advance | Nikias Bassen | 1 | -0/+1 | |
| Instead of letting the buffer grow by just the amount of bytes currently transformed to base64 - which is basically line by line - we now calculate the size of the output blob in advance and grow the buffer accordingly. This will reduce the amount of reallocs to just one, which is especially important for large data blobs. While this is a general improvement for all platforms, it is on platforms like Windows where realloc() can be REALLY slow; converting a 20mb blob to XML can easily take up to a minute (due to the several hundred thousand calls to realloc()). With this commit, it will be fast again. | |||||
| 2017-02-09 | xplist: Fix OOB heap buffer read with empty data nodes | Nikias Bassen | 1 | -2/+4 | |
| Credit to OSS-Fuzz | |||||
| 2017-02-09 | xplist: Prevent assert when parsing CF$UID dict with invalid value node | Nikias Bassen | 1 | -0/+5 | |
| Credit to OSS-Fuzz | |||||
| 2017-02-08 | xplist: Use proper variable size for integer from string parsing | Nikias Bassen | 1 | -2/+2 | |
| 2017-02-07 | xplist: Prevent some more strncmp related OOB reads | Nikias Bassen | 1 | -4/+4 | |
| 2017-02-07 | xplist: Really fix OOB read when parsing DOCTYPE | Nikias Bassen | 1 | -1/+1 | |
| 2017-02-07 | xplist: unescape_entities(): Make sure text part buffer is null terminated ↵ | Nikias Bassen | 1 | -0/+1 | |
| after strncpy | |||||
| 2017-02-07 | xplist: Fix OOB read when parsing DOCTYPE | Nikias Bassen | 1 | -1/+1 | |
 |
index : libplist | |
| Library to handle Apple Property List format files in binary or XML | ms |
| summaryrefslogtreecommitdiffstats |