GNOME Bugzilla – Bug 672539
libxml2 accepts start-tag despite missing whitespace in front of attribute
Last modified: 2014-10-06 12:36:53 UTC
Consider the following start-tag: <x xmlns=""version=""> The start-tag does not conform to the rule [40] STag ::= '<' Name (S Attribute)* S? '>' since there is no whitespace in front of the attribute "version". Thus, libxml2 should reject the start-tag. But it doesn't: $ echo '<x xmlns=""version=""/>' | xmllint - <?xml version="1.0"?> <x xmlns="" version=""/> The error seems to happen only if there is a namespace declaration in front of the attribute. A missing whitespace between other attributes is handled correctly: $ echo '<x someattr=""version=""/>' | xmllint - -:1: parser error : attributes construct error <x someattr=""version=""/> ^ [...]
I can confirm that this bug is still present in the latest CVS. I traced it down to xmlParseStartTag2() which doesn't always check if the next character is indeed a BLANK when calling SKIP_BLANKS. The attached patch fixes the behavior, but needs intensive review because I'm unfamiliar with the intricacies of the parser code.
Created attachment 277703 [details] [review] Make xmlParseStartTag2() check for a blank after parsing xmlns attributes
haha ! excellent, it's not everyday that on found a real core parser bug, good spot !!! Incredible it went so long before being noticed ! Thanks Dennis, patch looks right indeed :-) Pushed and commited to git: https://git.gnome.org/browse/libxml2/commit/?id=7e9bbdf82f5ef65e2fdd4961ee4dbb62949e1f1f thanks a lot ! Daniel