After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 737840 - Spurious warning when expanding external entities containing ID attributes
Spurious warning when expanding external entities containing ID attributes
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: general
git master
Other All
: Normal normal
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
: 749599 750628 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2014-10-03 12:31 UTC by Nick Wellnhofer
Modified: 2017-06-17 11:17 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Test case: XML file (167 bytes, text/xml)
2014-10-03 12:31 UTC, Nick Wellnhofer
Details
Test case: External entitiy (16 bytes, application/octet-stream)
2014-10-03 12:32 UTC, Nick Wellnhofer
Details

Description Nick Wellnhofer 2014-10-03 12:31:44 UTC
Created attachment 287665 [details]
Test case: XML file

The following commit introduces spurious warnings when expanding an external entity that contains an attribute marked as ID:

    https://git.gnome.org/browse/libxml2/commit/?id=a16eb968075a82ec33b2c1e77db8909a35b44620

This is because an external entity is parsed using the original document as context doc:

   https://git.gnome.org/browse/libxml2/tree/parser.c?id=33f658c969501bb246f8d4c6d21772948c7bc965#n12987

Then, when entities are replaced, the ID values have already been added to the doc.

Example output using the attached test case:

$ xmllint --valid --noent bug.xml
bug.xml:1: element elem: validity error : ID id0 already defined
<?xml version="1.0"?>
<!DOCTYPE root [
<!ELEMENT root (elem)>
<!ELEMENT elem (#PCDATA)>
<!ATTLIST elem id ID #IMPLIED>
<!ENTITY target SYSTEM "bug.ent">
]>
<root> 
  <elem id="id0"/>
</root>
Comment 1 Nick Wellnhofer 2014-10-03 12:32:16 UTC
Created attachment 287666 [details]
Test case: External entitiy
Comment 2 Daniel Veillard 2014-10-03 13:59:27 UTC
Hum that indeed looks like a genuine bug, but ... the problem doesn't
seems to be with the patch exposing it. Need to think about it,
shouldn't be too hard to fix

Daniel
Comment 3 Daniel Veillard 2014-10-27 14:11:48 UTC
Hum trying to fix it breaks ./test/valid/id3.xml

it's not gonna be simple :-(

Daniel
Comment 4 Luigi Toscano 2014-11-11 00:16:26 UTC
Just to add some reference for people looking for this, this bug affects the building process of KDE documentation (kde-l10n-xy modules). It was reported for example here:
http://lists.kde.org/?l=kde-doc-english&m=141443389212710&w=2

and two different users (ubuntu vivid and arch) told me that they were able to build the documentation again after downgrading to 2.9.1.
Comment 5 Thomas Eschenbacher 2015-01-04 09:21:45 UTC
same here on Gentoo Linux (kde-base/kdelibs-4.14.3-r1 + dev-libs/libxml2-2.9.2)
Unfortunately they do not have the option to downgrade to libxml2-2.9.1 anymore. Any solution / any patch in sight?
Comment 6 Remi Collet 2015-03-24 14:27:29 UTC
Also break atoum (PHP testing tools)
https://github.com/atoum/atoum/issues/449
Comment 7 Nick Wellnhofer 2015-08-08 18:11:37 UTC
*** Bug 750628 has been marked as a duplicate of this bug. ***
Comment 8 Vincent Lefevre 2015-09-07 09:34:07 UTC
This bug breaks various things and its a major regression, at the point that Debian had to revert to 2.9.1, with security fixes added:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766884

Since this is taking time, could you (upstream) do something similar, releasing a clean 2.9.3 based on 2.9.1 + security fixes + a non-regression test about this bug (so that it doesn't reappear in the future) + possible other patches?
Comment 9 Daniel Veillard 2015-09-10 11:52:23 UTC
Simplest was to revert part of #724903 and add the regression test to prevent
reintroducing this. This isn't completely satisfactory, but seems the simplest way to build the ID table only on referenced expanded entities,

  https://git.gnome.org/browse/libxml2/commit/?id=ef709ce2f7b792d5fb69ed142796d743fb1eb388

 thanks for the report, and sorry it took so long, I initially though this
had been introduced by the security fixes themselves <grin/>

Daniel
Comment 10 Nick Wellnhofer 2017-06-17 11:17:39 UTC
*** Bug 749599 has been marked as a duplicate of this bug. ***