Updated to latest mxml.

mxml.mod/mxml/CHANGES.md

@@ -8,6 +8,11 @@
 - Moved `mxmldoc` to a new `codedoc` project whose focus is on generating
   code documentation (Issue #235, Issue #236, Issue #237)
 - Error messages now include the line number of the error (Issue #230)
+- The `mxmlSetCDATA`, `mxmlSetElement`, `mxmlSetOpaque`, `mxmlSetOpaquef`,
+  `mxmlSetText`, and `mxmlSetTextf` functions caused a use-after-free bug if
+  the value came from the same node (Issue #241)
+- The `mxmlSetOpaquef` and `mxmlSetTextf` functions did not work (Issue #244)
+- The `_mxml_strdupf` function did not work on Windows (Issue #245)
 
 
 # Changes in Mini-XML 2.12

mxml.mod/mxml/mxml-file.c

@@ -13,9 +13,9 @@
  * Include necessary headers...
  */
 
-#ifndef WIN32
+#ifndef _WIN32
 #  include <unistd.h>
-#endif /* !WIN32 */
+#endif /* !_WIN32 */
 #include "mxml-private.h"
 
 

mxml.mod/mxml/mxml-private.c

@@ -216,7 +216,7 @@ _mxml_init(void)
 }
 
 
-#elif defined(WIN32) && defined(MXML1_EXPORTS) /**** WIN32 threading ****/
+#elif defined(_WIN32) && defined(MXML1_EXPORTS) /**** WIN32 threading ****/
 #  include <windows.h>
 
 static DWORD _mxml_tls_index;		/* Index for global storage */

mxml.mod/mxml/mxml-set.c

@@ -29,6 +29,9 @@ int					/* O - 0 on success, -1 on failure */
 mxmlSetCDATA(mxml_node_t *node,		/* I - Node to set */
              const char  *data)		/* I - New data string */
 {
+  char	*s;				/* String pointer */
+
+
  /*
   * Range check input...
   */
@@ -43,14 +46,19 @@ mxmlSetCDATA(mxml_node_t *node,		/* I - Node to set */
       strncmp(node->value.element.name, "![CDATA[", 8))
     return (-1);
 
+  if (data == (node->value.element.name + 8))
+    return (0);
+
  /*
-  * Free any old element value and set the new value...
+  * Allocate the new value, free any old element value, and set the new value...
   */
 
+  s = _mxml_strdupf("![CDATA[%s", data);
+
   if (node->value.element.name)
     free(node->value.element.name);
 
-  node->value.element.name = _mxml_strdupf("![CDATA[%s", data);
+  node->value.element.name = s;
 
   return (0);
 }
@@ -81,6 +89,12 @@ mxmlSetCustom(
   if (!node || node->type != MXML_CUSTOM)
     return (-1);
 
+  if (data == node->value.custom.data)
+  {
+    node->value.custom.destroy = destroy;
+    return (0);
+  }
+
  /*
   * Free any old element value and set the new value...
   */
@@ -112,6 +126,9 @@ mxmlSetElement(mxml_node_t *node,	/* I - Node to set */
   if (!node || node->type != MXML_ELEMENT || !name)
     return (-1);
 
+  if (name == node->value.element.name)
+    return (0);
+
  /*
   * Free any old element value and set the new value...
   */
@@ -177,6 +194,9 @@ mxmlSetOpaque(mxml_node_t *node,	/* I - Node to set */
   if (!node || node->type != MXML_OPAQUE || !opaque)
     return (-1);
 
+  if (node->value.opaque == opaque)
+    return (0);
+
  /*
   * Free any old opaque value and set the new value...
   */
@@ -204,6 +224,7 @@ mxmlSetOpaquef(mxml_node_t *node,	/* I - Node to set */
 	       ...)			/* I - Additional arguments as needed */
 {
   va_list	ap;			/* Pointer to arguments */
+  char		*s;			/* Temporary string */
 
 
  /*
@@ -218,17 +239,17 @@ mxmlSetOpaquef(mxml_node_t *node,	/* I - Node to set */
     return (-1);
 
  /*
-  * Free any old string value and set the new value...
+  * Format the new string, free any old string value, and set the new value...
   */
 
-  if (node->value.opaque)
-    free(node->value.opaque);
-
   va_start(ap, format);
+  s = _mxml_vstrdupf(format, ap);
+  va_end(ap);
 
-  node->value.opaque = _mxml_strdupf(format, ap);
+  if (node->value.opaque)
+    free(node->value.opaque);
 
-  va_end(ap);
+  node->value.opaque = s;
 
   return (0);
 }
@@ -287,6 +308,12 @@ mxmlSetText(mxml_node_t *node,		/* I - Node to set */
   if (!node || node->type != MXML_TEXT || !string)
     return (-1);
 
+  if (string == node->value.text.string)
+  {
+    node->value.text.whitespace = whitespace;
+    return (0);
+  }
+
  /*
   * Free any old string value and set the new value...
   */
@@ -314,6 +341,7 @@ mxmlSetTextf(mxml_node_t *node,		/* I - Node to set */
 	     ...)			/* I - Additional arguments as needed */
 {
   va_list	ap;			/* Pointer to arguments */
+  char		*s;			/* Temporary string */
 
 
  /*
@@ -331,15 +359,15 @@ mxmlSetTextf(mxml_node_t *node,		/* I - Node to set */
   * Free any old string value and set the new value...
   */
 
+  va_start(ap, format);
+  s = _mxml_vstrdupf(format, ap);
+  va_end(ap);
+
   if (node->value.text.string)
     free(node->value.text.string);
 
-  va_start(ap, format);
-
   node->value.text.whitespace = whitespace;
-  node->value.text.string     = _mxml_strdupf(format, ap);
-
-  va_end(ap);
+  node->value.text.string     = s;
 
   return (0);
 }

mxml.mod/mxml/mxml-string.c

@@ -526,17 +526,14 @@ _mxml_vstrdupf(const char *format,	/* I - Printf-style format string */
   * needed...
   */
 
-#  ifdef WIN32
+#  ifdef _WIN32
   bytes = _vscprintf(format, ap);
 
 #  else
   va_list	apcopy;			/* Copy of argument list */
 
   va_copy(apcopy, ap);
-  bytes = vsnprintf(temp, sizeof(temp), format, apcopy);
-#  endif /* WIN32 */
-
-  if (bytes < sizeof(temp))
+  if ((bytes = vsnprintf(temp, sizeof(temp), format, apcopy)) < sizeof(temp))
   {
    /*
     * Hey, the formatted string fits in the tiny buffer, so just dup that...
@@ -544,10 +541,10 @@ _mxml_vstrdupf(const char *format,	/* I - Printf-style format string */
 
     return (strdup(temp));
   }
+#  endif /* _WIN32 */
 
  /*
-  * Allocate memory for the whole thing and reformat to the new, larger
-  * buffer...
+  * Allocate memory for the whole thing and reformat to the new buffer...
   */
 
   if ((buffer = calloc(1, bytes + 1)) != NULL)

mxml.mod/mxml/testmxml.c

@@ -20,9 +20,9 @@
 
 #include "config.h"
 #include "mxml-private.h"
-#ifndef WIN32
+#ifndef _WIN32
 #  include <unistd.h>
-#endif /* !WIN32 */
+#endif /* !_WIN32 */
 #include <fcntl.h>
 #ifndef O_BINARY
 #  define O_BINARY 0
@@ -124,6 +124,22 @@ main(int  argc,				/* I - Number of command-line args */
                  MXML_OPAQUE_CALLBACK);
   mxmlLoadString(tree, "<foo><bar><one><two>value<two>value2</two></two></one>"
                        "</bar></foo>", MXML_OPAQUE_CALLBACK);
+  mxmlNewCDATA(tree,
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n");
+  mxmlNewCDATA(tree,
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n");
+  mxmlNewCDATA(tree,
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"
+               "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n");
 
   node = tree->child;
 
@@ -310,10 +326,10 @@ main(int  argc,				/* I - Number of command-line args */
     return (1);
   }
 
-  if (ind->num_nodes != 10)
+  if (ind->num_nodes != 13)
   {
     fprintf(stderr, "ERROR: Index of all nodes contains %d "
-                    "nodes; expected 10.\n", ind->num_nodes);
+                    "nodes; expected 13.\n", ind->num_nodes);
     mxmlIndexDelete(ind);
     mxmlDelete(tree);
     return (1);
@@ -418,7 +434,7 @@ main(int  argc,				/* I - Number of command-line args */
   * Check the mxmlDelete() works properly...
   */
 
-  for (i = 0; i < 9; i ++)
+  for (i = 0; i < 12; i ++)
   {
     if (tree->child)
       mxmlDelete(tree->child);
@@ -705,7 +721,7 @@ main(int  argc,				/* I - Number of command-line args */
     }
   }
 
-#ifndef WIN32
+#ifndef _WIN32
  /*
   * Debug hooks...
   */
@@ -722,7 +738,7 @@ main(int  argc,				/* I - Number of command-line args */
       puts("Unable to check for leaks.");
   }
 #  endif /* __APPLE__ */
-#endif /* !WIN32 */
+#endif /* !_WIN32 */
 
  /*
   * Return...