kmx git

Commit	Date	Message
ffc0bba9	2025-04-18T23:55:27	xmllint: Remove --htmlout option Unlike the documentation suggests, this only printed error messages as HTML which doesn't seem useful.
dc4910c7	2025-04-18T22:58:46	xmllint: Remove --testIO option
95ffa8d2	2025-04-18T22:54:40	xmllint: Remove --debugent option
094980ec	2025-04-18T18:41:25	fuzz: Make --pretty arg more likely to be valid
39c5e09d	2025-04-03T13:23:07	fuzz: Use lint.dict for XInclude fuzzer lint.dict also contains useful XPath fragments. We still need a special dictionary for XInclude.
dd4c0f62	2025-03-18T11:11:20	tree: Fix xmlTextMerge with NULL args Restore pre-2.13 behavior. Fixes #875.
54c3d428	2025-03-16T19:12:01	fuzz: Update README
b3492259	2025-03-14T00:01:11	include: Change some return types from int to enum This also affects some new functions from 2.13.
fd1b9391	2025-03-13T23:20:16	include: Convert some macros to enums
e649c972	2024-12-18T12:49:24	fuzz: Add utility scripts Add scripts to minimize a corpus and generate HTML coverage reports.
6f903d43	2024-12-13T19:15:38	fuzz: Rework fixed parser options Remove XML_PARSE_XINCLUDE. This is only honored by the XML Reader interface which is now fuzzed in reader.c. Don't validate in XInclude fuzzer. This doesn't increase coverage after moving the Reader fuzzer.
44628d45	2024-12-13T15:23:30	fuzz: Harden leak check in lint fuzzer Check for undetected memory leaks from previous iterations. This also makes sure that the maxmem limit is checked deterministically.
c6c6d8af	2024-12-11T16:24:23	fuzz: Mutate fuzz data chunks separately Implement a custom mutator that takes a list of fixed-size chunks which are mutated with a given probability. This makes sure that values like parser options or failure position are mutated regularly even as the fuzz data grows large. Values can also be adjusted temporarily to make the fuzzer focus on failure injection, for example. Thanks to David Kilzer for the idea.
f5257d92	2024-12-11T16:24:43	fuzz: Fix failure injection in schema fuzzer
fd359a7e	2024-12-10T15:54:12	fuzz: Start to fuzz XML Schema validator
9037dce9	2025-02-18T19:38:28	fuzz: Add dictionary for lint fuzzer Mostly a combination of xml.dict and xpath.dict. This should with fuzzing pattern.c.
06b39650	2025-02-17T12:19:23	fuzz: Stop testing xmllint --memory option The --memory option mmaps files directly, bypassing the resource loader. We'd need a temp file to make it work when fuzzing.
bc437868	2025-01-31T23:11:55	fuzz: Improve HTML fuzzer Verify that pull and push parser produce the same result. Fixes #849.
d2fb68ed	2025-01-31T19:02:33	fuzz: Make large chunk size more likely This now detects issues like 3eced32e in about 30 seconds.
40e423d6	2025-01-30T19:30:44	fuzz: Improve fuzzing of push parser Also serialize the result of push-parsing and compare whether pull and push parser produce the same result (differential fuzzing). We lose the ability to inject IO errors when serializing for now, but this isn't too important. Use variable chunk size for push parser. Fixes #849.
6904d4c2	2025-01-25T13:54:15	fuzz: Fix OSS-Fuzz build of lint fuzzer
9b1028c9	2025-01-23T20:37:37	fuzz: Fix comments
e95c4b07	2025-01-22T10:06:39	fuzz: Also test xmllint --repeat option
bfe6af2e	2025-01-17T17:09:04	fuzz: Remove hacks to build lint fuzzer Don't include source file directly.
255fd5f3	2025-01-17T16:52:06	xmllint: Store error stream in global state
72f84dd7	2024-12-17T18:26:24	fuzz: Inject IO failures into serialization code
8139ad2f	2024-12-12T19:19:47	fuzz: Fix IO error check in reader fuzzer
3b38f19b	2024-11-25T22:37:51	fuzz: Silence more OOM errors
9f652e57	2024-11-25T19:41:33	fuzz: Inject IO failures We use the same counter for injecting malloc and IO failures. This mostly renames several functions and variables.
754843ab	2024-11-26T02:22:35	fuzz: Remove xmlFuzzEntityLoader Unused after commit de0c7791.
de0c7791	2024-11-17T13:56:19	fuzz: Switch to xmlCtxtValidateDocument This allows to check malloc failure reports during post-validation.
bf3619c3	2024-10-10T12:14:47	fuzz: Don't unlink DTD when replacing nodes OP_XML_REPLACE_NODE needs the same check as OP_XML_UNLINK_NODE.
0c56eb82	2024-08-12T21:38:50	tree: Restore return value of xmlNodeListGetString with NULL list When passing a NULL list to xmlNodeListGetString or xmlNodeListGetRawString, return NULL instead of "" to match the old behavior. Fixes #783.
eb66d03e	2024-07-07T23:15:54	io: Deprecate a few functions
8af55c8d	2024-07-06T22:14:21	parser: Rename new input API functions These weren't made public yet.
ae6e2ee7	2024-07-10T22:11:08	fuzz: Adjust reader fuzzer
8c4cc0be	2024-07-09T13:56:49	fuzz: Improve debug output of reader fuzzer
de3221b1	2024-07-06T15:23:30	fuzz: Adjust for xmlNodeParseContent changes xmlStringGetNodeList returns NULL again for empty strings.
5d542fef	2024-06-16T20:02:45	libxml: define ATTRIBUTE_UNUSED for clang Silences warnings under Clang on Windows. Signed-off-by: Rosen Penev <rosenp@gmail.com>
208f27f9	2024-06-15T19:13:08	include: Don't define ATTRIBUTE_UNUSED in public header Stop polluting namespace with unprefixed names.
df40f64e	2024-06-13T18:00:33	fuzz: Avoid accessing internal struct members Switch to xmlNewIOInputStream.
52384043	2024-06-11T19:10:41	parser: Pass resource type to resource loader
f96dca9c	2024-06-11T18:14:43	xmllint: Switch to resource loader
780e432a	2024-06-11T16:58:09	fuzz: Move to per-context error handler
116d8c01	2024-06-11T15:48:32	fuzz: Move to per-context resource loader
b7f30bae	2024-05-28T22:26:18	fuzz: Fix aarch64 build on OSS-Fuzz
caa8bb38	2024-05-19T19:31:54	fuzz: Move back to xmlSetExternalEntityLoader xmlParserInputBufferCreateFilenameDefault can't report malloc failures.
51b5d1e3	2024-05-15T16:09:05	fuzz: Don't enable zlib and liblzma with MSan We'd need our own instrumented builds of these libraries.
f895af09	2024-05-14T16:08:37	fuzz: Remove OSS-Fuzz timeout option Custom timeouts aren't fully supported on OSS-Fuzz.
b117a912	2024-05-13T13:42:43	fuzz: Enable xmllint fuzzer on OSS-Fuzz
b3cb41be	2024-05-13T12:18:08	fuzz: Add xmllint fuzzer
5bfaab77	2024-05-06T18:03:01	fuzz: Fix reader fuzzer
d644a23e	2024-05-05T23:37:03	fuzz: Improve xml.dict - Add standalone declaration - Add doctype declaration - Expand ATTLIST matrix in xml.dict
68e440ee	2024-04-24T22:52:06	fuzz: Use all test directories for XML seed corpus It's probably better to add as many files as possible to the seed corpus even if they're less specific to a fuzzer.
0977d7a3	2024-04-23T22:39:53	fuzz: Build with compression support on OSS-Fuzz
510c7988	2024-04-23T18:43:12	fuzz: Remove reader pass from XML fuzzers The reader API is fuzzed separately now.
6641a7e8	2024-04-23T18:17:02	fuzz: Enable reader fuzzer on OSS-Fuzz
b62ccf7f	2024-04-16T13:24:12	fuzz: Add fuzzer for XML reader API
971ce404	2024-04-14T19:33:21	fuzz: Also set fuzzAllocFailed if a real allocation fails Avoid false positives in real OOM situations.
1f18d377	2024-04-02T23:19:28	fuzz: Add a few more comments
fe3cbf89	2024-03-29T14:54:39	fuzz: Check node type before xmlDocSetRootElement
ea0ee365	2024-03-28T12:38:43	tree: Align xmlAddChild with other node insertion functions Make xmlAddChild unlink the child before insertion. Originally, linked children would most likely cause tree corruption. The first fix disallowed linked nodes, but there are cases where insertion of such nodes could succeed. Don't abort if the node is already a child of parent. In this case, the node will be moved to the end of the child list.
bfb02fbc	2024-03-28T11:30:05	fuzz: Fix xmlSetProp in API fuzzer Finding the old attribute node is a bit more involved.
887ad90a	2024-03-26T14:23:51	fuzz: Restrict input size of API fuzzer
6c5248e2	2024-03-26T14:21:47	fuzz: Restrict number of copies in API fuzzer Avoid timeouts with large inputs.
52efb20a	2024-03-24T13:43:25	fuzz: Enable float-divide-by-zero on OSS-Fuzz This was recently disabled globally: https://github.com/google/oss-fuzz/pull/11567
d8741b81	2024-03-22T14:46:36	fuzz: Fix namespaces after xmlDOMWrapRemoveNode
d4d1f3f3	2024-03-20T18:45:10	fuzz: Enable API fuzzer on OSS-Fuzz
5ea29703	2024-03-20T18:41:26	fuzz: Reorder API fuzzer ops
da32c852	2024-03-20T13:45:13	fuzz: Check text nodes after merging Avoid exponential growth of text.
3f05508a	2024-03-18T14:14:00	tree: Report malloc failures in attribute setters
6a49bb77	2024-03-17T17:16:55	tree: Introduce xmlSearchNsSafe After the failed experiment with a static XML namespace, introduce versions of xmlSearchNs that report malloc failures. Optimize the no-document case by only adding the XML namespace declaration if it wasn't found in an ancestor.
c0edd792	2024-03-16T15:10:32	fuzz: Move fuzzer options to environment variable
55175f75	2024-03-15T21:48:27	fuzz: Add OSS-Fuzz build.sh Move build.sh to our repo to facilitate changes.
f14f089f	2024-03-15T21:04:04	fuzz: Add some comments in api.c
ee0c1f87	2024-02-29T14:51:49	fuzz: New tree API fuzzer
ce8f3d2c	2024-03-10T15:03:41	fuzz: Improve README
d463733f	2024-02-01T19:31:03	fuzz: Reenable malloc failure check when serializing
84e50a0c	2024-02-01T17:02:24	fuzz: Don't check for malloc failures when serializing DTD serialization doesn't report malloc failures yet.
fd801845	2024-01-07T15:19:58	fuzz: Cap URL size Cap URL size to avoid quadratic behavior when generating error messages.
83c1ae13	2024-01-07T15:40:23	fuzz: Add missing include Fix build failure.
30d83977	2024-01-04T15:18:14	fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.
54c70ed5	2023-12-18T19:31:29	parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.
4e23892c	2023-12-10T19:13:26	fuzz: Enable value profile
abd74186	2023-12-10T19:07:32	html: Report malloc failures Fix many places where malloc failures aren't reported. Stop checking for ctxt->instate.
e115194e	2023-12-10T18:32:21	fuzz: Check malloc failure reports in XML fuzzers
f19a9510	2023-12-10T17:50:22	parser: Report malloc failures Fix many places where malloc failures aren't reported. Make xmlErrMemory public. This is useful for custom external entity loaders. Introduce new API function xmlSwitchEncodingName. Change the way how we store whether the the parser is stopped. This used to be signaled by setting ctxt->instate to XML_PARSER_EOF which was misdesigned and error-prone. Set ctxt->disableSAX to 2 instead and introduce a macro PARSER_STOPPED. Also stop to remove parser inputs in xmlHaltParser. This allows to remove many checks of ctxt->instate. Introduce xmlErrParser to handle errors if a parser context is available.
1a354d5b	2023-12-10T17:09:45	regexp: Report malloc failures Fix places where malloc failures aren't reported.
e632d9f0	2023-12-10T16:56:16	xpath: Report malloc failures Fix many places where malloc failures aren't reported. Rework XPath object cache to store free objects in a linked list to avoid allocating an additional array. Remove some unneeded object pools.
da996c8d	2023-12-10T14:46:59	uri: Report malloc failures Fix many places where malloc failures weren't reported, for example after calling xmlStrdup. Introduce new public API functions that return a separate error code if a memory allocation fails: - xmlParseURISafe - xmlBuildURISafe - xmlBuildRelativeURISafe Update the fuzzer to check whether malloc failures are reported.
ec7f6506	2023-11-27T18:03:01	tests: Fix tests --with-valid --without-xinclude Fix a copy/paste error from commit 4eba9f9c. Fixes #632.
4f132bcd	2023-10-14T22:49:29	fuzz: Raise rss_limit_mb
c13a0191	2023-10-14T22:48:12	fuzz: Test xmlTextReaderRead after EOF or failure
e019d97f	2023-10-14T22:47:20	fuzz: Test XML_PARSE_XINCLUDE \| XML_PARSE_VALID
fa481873	2023-09-30T14:45:53	fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer There a no plans to fix quadratic behavior in the legacy SAX1 interface.
b7d56ef7	2023-09-22T17:03:56	malloc-fail: Report malloc failure in xmlRegEpxFromParse Also check whether malloc failures are reported when fuzzing.
f98fa863	2023-09-22T15:25:40	regexp: Fix status codes and handle invalid UTF-8 Fixes #561.
f9d717af	2023-09-21T13:05:49	fuzz: Allow to fuzz without push, reader or output modules
da274bfa	2023-09-21T01:29:40	build: Fix build when certain modules are disabled
834b8123	2023-08-08T15:21:28	parser: Stream data when reading from memory Don't create a copy of the whole input buffer. Read the data chunk by chunk to save memory. Historically, it was probably envisioned to read data from memory without additional copying. This doesn't work reliably with the current design of the XML parser which requires a terminating null byte at the end of input buffers. This lead to xmlReadMemory interfaces, which expect pointer and size arguments, being changed to make a zero-terminated copy of the input buffer. Interfaces based on xmlReadDoc, which actually expect a zero-terminated string and would make zero-copy operation work, were then simplified to rely on xmlReadMemoryi, resulting in an unnecessary copy. To avoid copying (possibly gigabytes) of memory temporarily, we now stream in-memory input just like content read from files in a chunk-by-chunk fashion (using a somewhat outdated INPUT_CHUNK size of 250 bytes). As a side effect, we also avoid another copy of the whole input when handling non-UTF-8 data which was made possible by some earlier commits. Interfaces expecting zero-terminated strings now make use of strnlen which unfortunately isn't part of the standard C library and only mandated since POSIX 2008.

ffc0bba9

2025-04-18T23:55:27

xmllint: Remove --htmlout option Unlike the documentation suggests, this only printed error messages as HTML which doesn't seem useful.

dc4910c7

2025-04-18T22:58:46

xmllint: Remove --testIO option

95ffa8d2

2025-04-18T22:54:40

xmllint: Remove --debugent option

094980ec

2025-04-18T18:41:25

fuzz: Make --pretty arg more likely to be valid

39c5e09d

2025-04-03T13:23:07

fuzz: Use lint.dict for XInclude fuzzer lint.dict also contains useful XPath fragments. We still need a special dictionary for XInclude.

dd4c0f62

2025-03-18T11:11:20

tree: Fix xmlTextMerge with NULL args Restore pre-2.13 behavior. Fixes #875.

54c3d428

2025-03-16T19:12:01

fuzz: Update README

b3492259

2025-03-14T00:01:11

include: Change some return types from int to enum This also affects some new functions from 2.13.

fd1b9391

2025-03-13T23:20:16

include: Convert some macros to enums

e649c972

2024-12-18T12:49:24

fuzz: Add utility scripts Add scripts to minimize a corpus and generate HTML coverage reports.

6f903d43

2024-12-13T19:15:38

fuzz: Rework fixed parser options Remove XML_PARSE_XINCLUDE. This is only honored by the XML Reader interface which is now fuzzed in reader.c. Don't validate in XInclude fuzzer. This doesn't increase coverage after moving the Reader fuzzer.

44628d45

2024-12-13T15:23:30

fuzz: Harden leak check in lint fuzzer Check for undetected memory leaks from previous iterations. This also makes sure that the maxmem limit is checked deterministically.

c6c6d8af

2024-12-11T16:24:23

fuzz: Mutate fuzz data chunks separately Implement a custom mutator that takes a list of fixed-size chunks which are mutated with a given probability. This makes sure that values like parser options or failure position are mutated regularly even as the fuzz data grows large. Values can also be adjusted temporarily to make the fuzzer focus on failure injection, for example. Thanks to David Kilzer for the idea.

f5257d92

2024-12-11T16:24:43

fuzz: Fix failure injection in schema fuzzer

fd359a7e

2024-12-10T15:54:12

fuzz: Start to fuzz XML Schema validator

9037dce9

2025-02-18T19:38:28

fuzz: Add dictionary for lint fuzzer Mostly a combination of xml.dict and xpath.dict. This should with fuzzing pattern.c.

06b39650

2025-02-17T12:19:23

fuzz: Stop testing xmllint --memory option The --memory option mmaps files directly, bypassing the resource loader. We'd need a temp file to make it work when fuzzing.

bc437868

2025-01-31T23:11:55

fuzz: Improve HTML fuzzer Verify that pull and push parser produce the same result. Fixes #849.

d2fb68ed

2025-01-31T19:02:33

fuzz: Make large chunk size more likely This now detects issues like 3eced32e in about 30 seconds.

40e423d6

2025-01-30T19:30:44

fuzz: Improve fuzzing of push parser Also serialize the result of push-parsing and compare whether pull and push parser produce the same result (differential fuzzing). We lose the ability to inject IO errors when serializing for now, but this isn't too important. Use variable chunk size for push parser. Fixes #849.

6904d4c2

2025-01-25T13:54:15

fuzz: Fix OSS-Fuzz build of lint fuzzer

9b1028c9

2025-01-23T20:37:37

fuzz: Fix comments

e95c4b07

2025-01-22T10:06:39

fuzz: Also test xmllint --repeat option

bfe6af2e

2025-01-17T17:09:04

fuzz: Remove hacks to build lint fuzzer Don't include source file directly.

255fd5f3

2025-01-17T16:52:06

xmllint: Store error stream in global state

72f84dd7

2024-12-17T18:26:24

fuzz: Inject IO failures into serialization code

8139ad2f

2024-12-12T19:19:47

fuzz: Fix IO error check in reader fuzzer

3b38f19b

2024-11-25T22:37:51

fuzz: Silence more OOM errors

9f652e57

2024-11-25T19:41:33

fuzz: Inject IO failures We use the same counter for injecting malloc and IO failures. This mostly renames several functions and variables.

754843ab

2024-11-26T02:22:35

fuzz: Remove xmlFuzzEntityLoader Unused after commit de0c7791.

de0c7791

2024-11-17T13:56:19

fuzz: Switch to xmlCtxtValidateDocument This allows to check malloc failure reports during post-validation.

bf3619c3

2024-10-10T12:14:47

fuzz: Don't unlink DTD when replacing nodes OP_XML_REPLACE_NODE needs the same check as OP_XML_UNLINK_NODE.

0c56eb82

2024-08-12T21:38:50

tree: Restore return value of xmlNodeListGetString with NULL list When passing a NULL list to xmlNodeListGetString or xmlNodeListGetRawString, return NULL instead of "" to match the old behavior. Fixes #783.

eb66d03e

2024-07-07T23:15:54

io: Deprecate a few functions

8af55c8d

2024-07-06T22:14:21

parser: Rename new input API functions These weren't made public yet.

ae6e2ee7

2024-07-10T22:11:08

fuzz: Adjust reader fuzzer

8c4cc0be

2024-07-09T13:56:49

fuzz: Improve debug output of reader fuzzer

de3221b1

2024-07-06T15:23:30

fuzz: Adjust for xmlNodeParseContent changes xmlStringGetNodeList returns NULL again for empty strings.

5d542fef

2024-06-16T20:02:45

libxml: define ATTRIBUTE_UNUSED for clang Silences warnings under Clang on Windows. Signed-off-by: Rosen Penev <rosenp@gmail.com>

208f27f9

2024-06-15T19:13:08

include: Don't define ATTRIBUTE_UNUSED in public header Stop polluting namespace with unprefixed names.

df40f64e

2024-06-13T18:00:33

fuzz: Avoid accessing internal struct members Switch to xmlNewIOInputStream.

52384043

2024-06-11T19:10:41

parser: Pass resource type to resource loader

f96dca9c

2024-06-11T18:14:43

xmllint: Switch to resource loader

780e432a

2024-06-11T16:58:09

fuzz: Move to per-context error handler

116d8c01

2024-06-11T15:48:32

fuzz: Move to per-context resource loader

b7f30bae

2024-05-28T22:26:18

fuzz: Fix aarch64 build on OSS-Fuzz

caa8bb38

2024-05-19T19:31:54

fuzz: Move back to xmlSetExternalEntityLoader xmlParserInputBufferCreateFilenameDefault can't report malloc failures.

51b5d1e3

2024-05-15T16:09:05

fuzz: Don't enable zlib and liblzma with MSan We'd need our own instrumented builds of these libraries.

f895af09

2024-05-14T16:08:37

fuzz: Remove OSS-Fuzz timeout option Custom timeouts aren't fully supported on OSS-Fuzz.

b117a912

2024-05-13T13:42:43

fuzz: Enable xmllint fuzzer on OSS-Fuzz

b3cb41be

2024-05-13T12:18:08

fuzz: Add xmllint fuzzer

5bfaab77

2024-05-06T18:03:01

fuzz: Fix reader fuzzer

d644a23e

2024-05-05T23:37:03

fuzz: Improve xml.dict - Add standalone declaration - Add doctype declaration - Expand ATTLIST matrix in xml.dict

68e440ee

2024-04-24T22:52:06

fuzz: Use all test directories for XML seed corpus It's probably better to add as many files as possible to the seed corpus even if they're less specific to a fuzzer.

0977d7a3

2024-04-23T22:39:53

fuzz: Build with compression support on OSS-Fuzz

510c7988

2024-04-23T18:43:12

fuzz: Remove reader pass from XML fuzzers The reader API is fuzzed separately now.

6641a7e8

2024-04-23T18:17:02

fuzz: Enable reader fuzzer on OSS-Fuzz

b62ccf7f

2024-04-16T13:24:12

fuzz: Add fuzzer for XML reader API

971ce404

2024-04-14T19:33:21

fuzz: Also set fuzzAllocFailed if a real allocation fails Avoid false positives in real OOM situations.

1f18d377

2024-04-02T23:19:28

fuzz: Add a few more comments

fe3cbf89

2024-03-29T14:54:39

fuzz: Check node type before xmlDocSetRootElement

ea0ee365

2024-03-28T12:38:43

tree: Align xmlAddChild with other node insertion functions Make xmlAddChild unlink the child before insertion. Originally, linked children would most likely cause tree corruption. The first fix disallowed linked nodes, but there are cases where insertion of such nodes could succeed. Don't abort if the node is already a child of parent. In this case, the node will be moved to the end of the child list.

bfb02fbc

2024-03-28T11:30:05

fuzz: Fix xmlSetProp in API fuzzer Finding the old attribute node is a bit more involved.

887ad90a

2024-03-26T14:23:51

fuzz: Restrict input size of API fuzzer

6c5248e2

2024-03-26T14:21:47

fuzz: Restrict number of copies in API fuzzer Avoid timeouts with large inputs.

52efb20a

2024-03-24T13:43:25

fuzz: Enable float-divide-by-zero on OSS-Fuzz This was recently disabled globally: https://github.com/google/oss-fuzz/pull/11567

d8741b81

2024-03-22T14:46:36

fuzz: Fix namespaces after xmlDOMWrapRemoveNode

d4d1f3f3

2024-03-20T18:45:10

fuzz: Enable API fuzzer on OSS-Fuzz

5ea29703

2024-03-20T18:41:26

fuzz: Reorder API fuzzer ops

da32c852

2024-03-20T13:45:13

fuzz: Check text nodes after merging Avoid exponential growth of text.

3f05508a

2024-03-18T14:14:00

tree: Report malloc failures in attribute setters

6a49bb77

2024-03-17T17:16:55

tree: Introduce xmlSearchNsSafe After the failed experiment with a static XML namespace, introduce versions of xmlSearchNs that report malloc failures. Optimize the no-document case by only adding the XML namespace declaration if it wasn't found in an ancestor.

c0edd792

2024-03-16T15:10:32

fuzz: Move fuzzer options to environment variable

55175f75

2024-03-15T21:48:27

fuzz: Add OSS-Fuzz build.sh Move build.sh to our repo to facilitate changes.

f14f089f

2024-03-15T21:04:04

fuzz: Add some comments in api.c

ee0c1f87

2024-02-29T14:51:49

fuzz: New tree API fuzzer

ce8f3d2c

2024-03-10T15:03:41

fuzz: Improve README

d463733f

2024-02-01T19:31:03

fuzz: Reenable malloc failure check when serializing

84e50a0c

2024-02-01T17:02:24

fuzz: Don't check for malloc failures when serializing DTD serialization doesn't report malloc failures yet.

fd801845

2024-01-07T15:19:58

fuzz: Cap URL size Cap URL size to avoid quadratic behavior when generating error messages.

83c1ae13

2024-01-07T15:40:23

fuzz: Add missing include Fix build failure.

30d83977

2024-01-04T15:18:14

fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.

54c70ed5

2023-12-18T19:31:29

parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.

4e23892c

2023-12-10T19:13:26

fuzz: Enable value profile

abd74186

2023-12-10T19:07:32

html: Report malloc failures Fix many places where malloc failures aren't reported. Stop checking for ctxt->instate.

e115194e

2023-12-10T18:32:21

fuzz: Check malloc failure reports in XML fuzzers

f19a9510

2023-12-10T17:50:22

parser: Report malloc failures Fix many places where malloc failures aren't reported. Make xmlErrMemory public. This is useful for custom external entity loaders. Introduce new API function xmlSwitchEncodingName. Change the way how we store whether the the parser is stopped. This used to be signaled by setting ctxt->instate to XML_PARSER_EOF which was misdesigned and error-prone. Set ctxt->disableSAX to 2 instead and introduce a macro PARSER_STOPPED. Also stop to remove parser inputs in xmlHaltParser. This allows to remove many checks of ctxt->instate. Introduce xmlErrParser to handle errors if a parser context is available.

1a354d5b

2023-12-10T17:09:45

regexp: Report malloc failures Fix places where malloc failures aren't reported.

e632d9f0

2023-12-10T16:56:16

xpath: Report malloc failures Fix many places where malloc failures aren't reported. Rework XPath object cache to store free objects in a linked list to avoid allocating an additional array. Remove some unneeded object pools.

da996c8d

2023-12-10T14:46:59

uri: Report malloc failures Fix many places where malloc failures weren't reported, for example after calling xmlStrdup. Introduce new public API functions that return a separate error code if a memory allocation fails: - xmlParseURISafe - xmlBuildURISafe - xmlBuildRelativeURISafe Update the fuzzer to check whether malloc failures are reported.

ec7f6506

2023-11-27T18:03:01

tests: Fix tests --with-valid --without-xinclude Fix a copy/paste error from commit 4eba9f9c. Fixes #632.

4f132bcd

2023-10-14T22:49:29

fuzz: Raise rss_limit_mb

c13a0191

2023-10-14T22:48:12

fuzz: Test xmlTextReaderRead after EOF or failure

e019d97f

2023-10-14T22:47:20

fuzz: Test XML_PARSE_XINCLUDE | XML_PARSE_VALID

fa481873

2023-09-30T14:45:53

fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer There a no plans to fix quadratic behavior in the legacy SAX1 interface.

b7d56ef7

2023-09-22T17:03:56

malloc-fail: Report malloc failure in xmlRegEpxFromParse Also check whether malloc failures are reported when fuzzing.

f98fa863

2023-09-22T15:25:40

regexp: Fix status codes and handle invalid UTF-8 Fixes #561.

f9d717af

2023-09-21T13:05:49

fuzz: Allow to fuzz without push, reader or output modules

da274bfa

2023-09-21T01:29:40

build: Fix build when certain modules are disabled

834b8123

2023-08-08T15:21:28

parser: Stream data when reading from memory Don't create a copy of the whole input buffer. Read the data chunk by chunk to save memory. Historically, it was probably envisioned to read data from memory without additional copying. This doesn't work reliably with the current design of the XML parser which requires a terminating null byte at the end of input buffers. This lead to xmlReadMemory interfaces, which expect pointer and size arguments, being changed to make a zero-terminated copy of the input buffer. Interfaces based on xmlReadDoc, which actually expect a zero-terminated string and would make zero-copy operation work, were then simplified to rely on xmlReadMemoryi, resulting in an unnecessary copy. To avoid copying (possibly gigabytes) of memory temporarily, we now stream in-memory input just like content read from files in a chunk-by-chunk fashion (using a somewhat outdated INPUT_CHUNK size of 250 bytes). As a side effect, we also avoid another copy of the whole input when handling non-UTF-8 data which was made possible by some earlier commits. Interfaces expecting zero-terminated strings now make use of strnlen which unfortunately isn't part of the standard C library and only mandated since POSIX 2008.

kc3-lang/libxml2/fuzz

fuzz

Log