|
b7d56ef7
|
2023-09-22T17:03:56
|
|
malloc-fail: Report malloc failure in xmlRegEpxFromParse
Also check whether malloc failures are reported when fuzzing.
|
|
|
834b8123
|
2023-08-08T15:21:28
|
|
parser: Stream data when reading from memory
Don't create a copy of the whole input buffer. Read the data chunk by
chunk to save memory.
Historically, it was probably envisioned to read data from memory
without additional copying. This doesn't work reliably with the current
design of the XML parser which requires a terminating null byte at the
end of input buffers. This lead to xmlReadMemory interfaces, which
expect pointer and size arguments, being changed to make a
zero-terminated copy of the input buffer. Interfaces based on
xmlReadDoc, which actually expect a zero-terminated string and
would make zero-copy operation work, were then simplified to rely on
xmlReadMemoryi, resulting in an unnecessary copy.
To avoid copying (possibly gigabytes) of memory temporarily, we now
stream in-memory input just like content read from files in a
chunk-by-chunk fashion (using a somewhat outdated INPUT_CHUNK size of
250 bytes). As a side effect, we also avoid another copy of the whole
input when handling non-UTF-8 data which was made possible by some
earlier commits.
Interfaces expecting zero-terminated strings now make use of strnlen
which unfortunately isn't part of the standard C library and only
mandated since POSIX 2008.
|
|
|
42322eba
|
2023-03-08T13:59:03
|
|
fuzz: Inject random malloc failures
Fixes #344.
|
|
|
541b1e28
|
2023-03-08T13:59:00
|
|
fuzz: Support variable integer sizes in fuzz data
Also switch to big-endian.
|
|
|
791a1e80
|
2023-02-28T19:14:57
|
|
fuzz: Set filename in xmlFuzzEntityLoader
|
|
|
cbd9c6c5
|
2023-02-28T19:14:22
|
|
fuzz: Allow xmlFuzzReadString(NULL)
|
|
|
128c0261
|
2022-10-25T19:23:07
|
|
warnings: Fix -Wstrict-prototypes warning
|
|
|
be889b65
|
2022-01-26T16:35:18
|
|
Make xmlFuzzReadString return a zero size in error case
Avoids use of uninitialized memory.
|
|
|
e2b975c3
|
2020-12-18T00:50:34
|
|
Handle malloc failures in fuzzing code
Avoid misdiagnosis in OOM situations.
|
|
|
0d5f3710
|
2020-08-24T16:28:54
|
|
Consolidate seed corpus generation
Implement file handling in C to speed up corpus generation.
|
|
|
0d9da029
|
2020-08-24T03:16:25
|
|
Test fuzz targets with dummy driver
Run fuzz targets with files in seed corpus during test.
|
|
|
ad26a60f
|
2020-08-06T13:20:01
|
|
Add XPath and XPointer fuzzer
|
|
|
eac1c7e2
|
2020-06-21T14:42:00
|
|
Fuzz target for XML Schemas
This only tests the schema parser for now.
|
|
|
ffd31dbe
|
2020-06-21T12:14:19
|
|
Move entity recorder to fuzz.c
|
|
|
536f421d
|
2020-06-15T12:20:54
|
|
Fuzz target for HTML parser
|
|
|
00ed736e
|
2020-06-05T12:49:25
|
|
Add a couple of libFuzzer targets
- XML fuzzer
Currently tests the pull parser, push parser and reader, as well as
serialization. Supports splitting fuzz data into multiple documents
for things like external DTDs or entities. The seed corpus is built
from parts of the test suite.
- Regexp fuzzer
Seed corpus was statically generated from test suite.
- URI fuzzer
Tests parsing and most other functions from uri.c.
|