|
9f652e57
|
2024-11-25T19:41:33
|
|
fuzz: Inject IO failures
We use the same counter for injecting malloc and IO failures. This
mostly renames several functions and variables.
|
|
|
780e432a
|
2024-06-11T16:58:09
|
|
fuzz: Move to per-context error handler
|
|
|
da996c8d
|
2023-12-10T14:46:59
|
|
uri: Report malloc failures
Fix many places where malloc failures weren't reported, for example
after calling xmlStrdup.
Introduce new public API functions that return a separate error code if
a memory allocation fails:
- xmlParseURISafe
- xmlBuildURISafe
- xmlBuildRelativeURISafe
Update the fuzzer to check whether malloc failures are reported.
|
|
|
42322eba
|
2023-03-08T13:59:03
|
|
fuzz: Inject random malloc failures
Fixes #344.
|
|
|
9086988f
|
2020-12-16T15:41:52
|
|
Enforce maximum length of fuzz input
Remove the libfuzzer max_len option which doesn't apply to other
fuzzing engines. Enforce the maximum length directly in the fuzz
targets. For the xml target, lower the maximum when expanding entities
to avoid timeout and OOM errors.
|
|
|
00ed736e
|
2020-06-05T12:49:25
|
|
Add a couple of libFuzzer targets
- XML fuzzer
Currently tests the pull parser, push parser and reader, as well as
serialization. Supports splitting fuzz data into multiple documents
for things like external DTDs or entities. The seed corpus is built
from parts of the test suite.
- Regexp fuzzer
Seed corpus was statically generated from test suite.
- URI fuzzer
Tests parsing and most other functions from uri.c.
|