kmx git

Commit	Date	Message
6f903d43	2024-12-13T19:15:38	fuzz: Rework fixed parser options Remove XML_PARSE_XINCLUDE. This is only honored by the XML Reader interface which is now fuzzed in reader.c. Don't validate in XInclude fuzzer. This doesn't increase coverage after moving the Reader fuzzer.
c6c6d8af	2024-12-11T16:24:23	fuzz: Mutate fuzz data chunks separately Implement a custom mutator that takes a list of fixed-size chunks which are mutated with a given probability. This makes sure that values like parser options or failure position are mutated regularly even as the fuzz data grows large. Values can also be adjusted temporarily to make the fuzzer focus on failure injection, for example. Thanks to David Kilzer for the idea.
9f652e57	2024-11-25T19:41:33	fuzz: Inject IO failures We use the same counter for injecting malloc and IO failures. This mostly renames several functions and variables.
116d8c01	2024-06-11T15:48:32	fuzz: Move to per-context resource loader
caa8bb38	2024-05-19T19:31:54	fuzz: Move back to xmlSetExternalEntityLoader xmlParserInputBufferCreateFilenameDefault can't report malloc failures.
b3cb41be	2024-05-13T12:18:08	fuzz: Add xmllint fuzzer
510c7988	2024-04-23T18:43:12	fuzz: Remove reader pass from XML fuzzers The reader API is fuzzed separately now.
ee0c1f87	2024-02-29T14:51:49	fuzz: New tree API fuzzer
30d83977	2024-01-04T15:18:14	fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.
e115194e	2023-12-10T18:32:21	fuzz: Check malloc failure reports in XML fuzzers
c13a0191	2023-10-14T22:48:12	fuzz: Test xmlTextReaderRead after EOF or failure
e019d97f	2023-10-14T22:47:20	fuzz: Test XML_PARSE_XINCLUDE \| XML_PARSE_VALID
f9d717af	2023-09-21T13:05:49	fuzz: Allow to fuzz without push, reader or output modules
4eba9f9c	2023-03-12T16:15:54	fuzz: Separate fuzzer for DTD validation
42322eba	2023-03-08T13:59:03	fuzz: Inject random malloc failures Fixes #344.
541b1e28	2023-03-08T13:59:00	fuzz: Support variable integer sizes in fuzz data Also switch to big-endian.
09dac45a	2022-12-26T17:49:27	fuzz: Add separate XInclude fuzzer XIncludes involve XPath processing which can still lead to timeouts when fuzzing. This will probably take a while to fix. The rest of the XML parsing code should hopefully run without timeouts now. OSS-Fuzz only shows a single timeout test case, so separate the XInclude from the core XML fuzzer.

6f903d43

2024-12-13T19:15:38

fuzz: Rework fixed parser options Remove XML_PARSE_XINCLUDE. This is only honored by the XML Reader interface which is now fuzzed in reader.c. Don't validate in XInclude fuzzer. This doesn't increase coverage after moving the Reader fuzzer.

c6c6d8af

2024-12-11T16:24:23

fuzz: Mutate fuzz data chunks separately Implement a custom mutator that takes a list of fixed-size chunks which are mutated with a given probability. This makes sure that values like parser options or failure position are mutated regularly even as the fuzz data grows large. Values can also be adjusted temporarily to make the fuzzer focus on failure injection, for example. Thanks to David Kilzer for the idea.

9f652e57

2024-11-25T19:41:33

fuzz: Inject IO failures We use the same counter for injecting malloc and IO failures. This mostly renames several functions and variables.

116d8c01

2024-06-11T15:48:32

fuzz: Move to per-context resource loader

caa8bb38

2024-05-19T19:31:54

fuzz: Move back to xmlSetExternalEntityLoader xmlParserInputBufferCreateFilenameDefault can't report malloc failures.

b3cb41be

2024-05-13T12:18:08

fuzz: Add xmllint fuzzer

510c7988

2024-04-23T18:43:12

fuzz: Remove reader pass from XML fuzzers The reader API is fuzzed separately now.

ee0c1f87

2024-02-29T14:51:49

fuzz: New tree API fuzzer

30d83977

2024-01-04T15:18:14

fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.

e115194e

2023-12-10T18:32:21

fuzz: Check malloc failure reports in XML fuzzers

c13a0191

2023-10-14T22:48:12

fuzz: Test xmlTextReaderRead after EOF or failure

e019d97f

2023-10-14T22:47:20

fuzz: Test XML_PARSE_XINCLUDE | XML_PARSE_VALID

f9d717af

2023-09-21T13:05:49

fuzz: Allow to fuzz without push, reader or output modules

4eba9f9c

2023-03-12T16:15:54

fuzz: Separate fuzzer for DTD validation

42322eba

2023-03-08T13:59:03

fuzz: Inject random malloc failures Fixes #344.

541b1e28

2023-03-08T13:59:00

fuzz: Support variable integer sizes in fuzz data Also switch to big-endian.

09dac45a

2022-12-26T17:49:27

fuzz: Add separate XInclude fuzzer XIncludes involve XPath processing which can still lead to timeouts when fuzzing. This will probably take a while to fix. The rest of the XML parsing code should hopefully run without timeouts now. OSS-Fuzz only shows a single timeout test case, so separate the XInclude from the core XML fuzzer.

kc3-lang/libxml2/fuzz/xinclude.c

fuzz/xinclude.c

Log