kmx git

Commit	Date	Message
9aba613b	2022-10-31T17:09:54	fuzz: Add new XInclude test directory to corpus
128c0261	2022-10-25T19:23:07	warnings: Fix -Wstrict-prototypes warning
513d65fe	2022-09-02T16:45:06	Use AM_CFLAGS and AM_LDFLAGS consistently
d0ab5c4f	2022-09-02T17:47:48	Fix compiler warnings in fuzzing code
4612ce30	2022-04-21T03:52:52	Implement xpath1() XPointer scheme See https://www.w3.org/2005/04/xpointer-schemes/
3f74e42b	2022-04-04T05:19:33	Simplify 'make check' targets
95c7f315	2022-04-03T21:39:14	Move SVG tests to runtest.c Also update the test results for the first time since 2000.
7016b0e0	2022-04-03T01:42:17	Don't overlink executables With very few exceptions, utilities and test programs don't require any external libraries. - xmllint and xmlcatalog need libreadline - runtest and testThreads need pthreads
5c71ada8	2022-03-30T16:51:17	Detect libm using libtool's macros
6117700e	2022-02-20T20:56:40	Remove special configuration for certain maintainers
d19bab68	2022-02-19T19:26:10	Fix fuzz/.gitignore after fixing VPATH build
86266487	2022-02-14T18:06:38	Fix fuzzer test with VPATH build Also fixes make distcheck.
be889b65	2022-01-26T16:35:18	Make xmlFuzzReadString return a zero size in error case Avoids use of uninitialized memory.
b48e77cf	2021-05-13T20:56:16	Release of libxml2-2.9.12 Brown paper bag release, some recently added sources were missing from the 2.9.11 tarball: - configure.ac: bump version - fuzz/Makefile.am: add fuzz.h and seed/regexp to EXTRA_DIST
8446d459	2021-03-01T20:56:40	Reduce some fuzzer timeouts OSS-Fuzz has been fuzzing the HTML parser with inputs up to 1 MB for several hundred hours without hitting the 20s timeout. It seems that most timeouts resulting from accidentally quadratic behavior in the HTML parser have been fixed. Start to gradually reduce the timeout to find new performance issues.
85c817a2	2021-02-22T21:28:21	Improve fuzzer stability - Add more calls to xmlInitializeCatalog. - Call xmlResetLastError after fuzzing each input.
f9ccb3b8	2021-02-22T21:26:13	Check for feature flags in fuzzer tests
7a90bdfa	2021-02-22T17:58:06	Another attempt at improving fuzzer stability xmlInitializeCatalog is not called from xmlInitParser.
0fb3ae58	2021-02-22T17:31:05	Revert "Improve HTML fuzzer stability" This reverts commit de1b51eddcc17fd7ed1bbcc6d5d7d529407dfbe2.
0987001c	2021-02-22T12:29:56	Add charset names to fuzzing dictionaries
de1b51ed	2021-02-22T12:25:29	Improve HTML fuzzer stability Call htmlInitAutoClose during fuzzer initialization to fix stability issue. Leave a note concerning problems with this function.
ec808a44	2021-02-07T13:57:49	Speed up HTML fuzzer htmlDocDumpMemory uses the "HTML" encoding if no other encoding was specified in the source HTML. This encoding can be extremely slow because of an inefficiency in htmlEntityValueLookup. Stop encoding the output for now.
e2b975c3	2020-12-18T00:50:34	Handle malloc failures in fuzzing code Avoid misdiagnosis in OOM situations.
9086988f	2020-12-16T15:41:52	Enforce maximum length of fuzz input Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.
8a85263f	2020-10-25T20:08:16	Add fuzzing dictionaries to EXTRA_DIST Also add static seed corpus for the URI fuzzer.
6f1470a5	2020-08-25T18:50:45	Hardcode maximum XPath recursion depth Always limit nested functions calls to 5000. This avoids call stack overflows with deeply nested expressions. The expression parser produces about 10 nested function calls when parsing a subexpression in parentheses, so the effective nesting limit is about 500 which should be more than enough. Use a lower limit when fuzzing to account for increased memory usage when using sanitizers.
8c3ef083	2020-08-24T23:17:34	Pass URL of main entity in XML fuzzer
0d5f3710	2020-08-24T16:28:54	Consolidate seed corpus generation Implement file handling in C to speed up corpus generation.
0d9da029	2020-08-24T03:16:25	Test fuzz targets with dummy driver Run fuzz targets with files in seed corpus during test.
804c5297	2020-08-17T03:37:18	Stop using maxParserDepth in xpath.c Only use a single maxDepth value.
0ff52748	2020-08-17T02:54:28	Fix autotools warnings
10a07948	2020-08-08T17:46:11	Fix XPath fuzzer
6c128fd5	2020-06-05T13:43:45	Fuzz XInclude engine
ad26a60f	2020-08-06T13:20:01	Add XPath and XPointer fuzzer
905820a4	2020-07-12T22:59:39	Update fuzzing code - Shorten timeouts - Align options from Makefile and options files - Add section headers to Makefile - Skip invalid UTF-8 in regexp fuzzer - Update regexp.dict - Generate HTML seed corpus in correct format
93ce33c2	2020-07-23T17:34:08	Fix several quadratic runtime issues in HTML push parser Fix a few remaining cases where the HTML push parser would scan more content during lookahead than being parsed later. Make sure that htmlParseDocTypeDecl consumes all content up to the final '>' in case of errors. The old comment said "We shouldn't try to resynchronize", but ignoring invalid content is also what the HTML5 spec mandates. Likewise, make htmlParseEndTag skip to the final '>' in invalid end tags even if not in recovery mode. This is probably the most visible change in practice and leads to different output for some tests but is also more in line with HTML5. Make sure that htmlParsePI and htmlParseComment don't abort if invalid characters are encountered but log an error and ignore the character. Change some other end-of-buffer checks to test for a zero byte instead of relying on IS_CHAR. Fix usage of IS_CHAR macro in htmlParseScript.
eac1c7e2	2020-06-21T14:42:00	Fuzz target for XML Schemas This only tests the schema parser for now.
ffd31dbe	2020-06-21T12:14:19	Move entity recorder to fuzz.c
536f421d	2020-06-15T12:20:54	Fuzz target for HTML parser
e98150d4	2020-06-09T13:45:31	Add options file for xml fuzzer This will be picked up OSS-Fuzz, limiting the maximum input size to 80 KB and hopefully avoiding timeouts. Some of the timeouts seem to be related to our suboptimal handling of excessive entity expansion. The new fuzzers support external entities and make this problem even more prominent.
00ed736e	2020-06-05T12:49:25	Add a couple of libFuzzer targets - XML fuzzer Currently tests the pull parser, push parser and reader, as well as serialization. Supports splitting fuzz data into multiple documents for things like external DTDs or entities. The seed corpus is built from parts of the test suite. - Regexp fuzzer Seed corpus was statically generated from test suite. - URI fuzzer Tests parsing and most other functions from uri.c.

9aba613b

2022-10-31T17:09:54

fuzz: Add new XInclude test directory to corpus

128c0261

2022-10-25T19:23:07

warnings: Fix -Wstrict-prototypes warning

513d65fe

2022-09-02T16:45:06

Use AM_CFLAGS and AM_LDFLAGS consistently

d0ab5c4f

2022-09-02T17:47:48

Fix compiler warnings in fuzzing code

4612ce30

2022-04-21T03:52:52

Implement xpath1() XPointer scheme See https://www.w3.org/2005/04/xpointer-schemes/

3f74e42b

2022-04-04T05:19:33

Simplify 'make check' targets

95c7f315

2022-04-03T21:39:14

Move SVG tests to runtest.c Also update the test results for the first time since 2000.

7016b0e0

2022-04-03T01:42:17

Don't overlink executables With very few exceptions, utilities and test programs don't require any external libraries. - xmllint and xmlcatalog need libreadline - runtest and testThreads need pthreads

5c71ada8

2022-03-30T16:51:17

Detect libm using libtool's macros

6117700e

2022-02-20T20:56:40

Remove special configuration for certain maintainers

d19bab68

2022-02-19T19:26:10

Fix fuzz/.gitignore after fixing VPATH build

86266487

2022-02-14T18:06:38

Fix fuzzer test with VPATH build Also fixes make distcheck.

be889b65

2022-01-26T16:35:18

Make xmlFuzzReadString return a zero size in error case Avoids use of uninitialized memory.

b48e77cf

2021-05-13T20:56:16

Release of libxml2-2.9.12 Brown paper bag release, some recently added sources were missing from the 2.9.11 tarball: - configure.ac: bump version - fuzz/Makefile.am: add fuzz.h and seed/regexp to EXTRA_DIST

8446d459

2021-03-01T20:56:40

Reduce some fuzzer timeouts OSS-Fuzz has been fuzzing the HTML parser with inputs up to 1 MB for several hundred hours without hitting the 20s timeout. It seems that most timeouts resulting from accidentally quadratic behavior in the HTML parser have been fixed. Start to gradually reduce the timeout to find new performance issues.

85c817a2

2021-02-22T21:28:21

Improve fuzzer stability - Add more calls to xmlInitializeCatalog. - Call xmlResetLastError after fuzzing each input.

f9ccb3b8

2021-02-22T21:26:13

Check for feature flags in fuzzer tests

7a90bdfa

2021-02-22T17:58:06

Another attempt at improving fuzzer stability xmlInitializeCatalog is not called from xmlInitParser.

0fb3ae58

2021-02-22T17:31:05

Revert "Improve HTML fuzzer stability" This reverts commit de1b51eddcc17fd7ed1bbcc6d5d7d529407dfbe2.

0987001c

2021-02-22T12:29:56

Add charset names to fuzzing dictionaries

de1b51ed

2021-02-22T12:25:29

Improve HTML fuzzer stability Call htmlInitAutoClose during fuzzer initialization to fix stability issue. Leave a note concerning problems with this function.

ec808a44

2021-02-07T13:57:49

Speed up HTML fuzzer htmlDocDumpMemory uses the "HTML" encoding if no other encoding was specified in the source HTML. This encoding can be extremely slow because of an inefficiency in htmlEntityValueLookup. Stop encoding the output for now.

e2b975c3

2020-12-18T00:50:34

Handle malloc failures in fuzzing code Avoid misdiagnosis in OOM situations.

9086988f

2020-12-16T15:41:52

Enforce maximum length of fuzz input Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.

8a85263f

2020-10-25T20:08:16

Add fuzzing dictionaries to EXTRA_DIST Also add static seed corpus for the URI fuzzer.

6f1470a5

2020-08-25T18:50:45

Hardcode maximum XPath recursion depth Always limit nested functions calls to 5000. This avoids call stack overflows with deeply nested expressions. The expression parser produces about 10 nested function calls when parsing a subexpression in parentheses, so the effective nesting limit is about 500 which should be more than enough. Use a lower limit when fuzzing to account for increased memory usage when using sanitizers.

8c3ef083

2020-08-24T23:17:34

Pass URL of main entity in XML fuzzer

0d5f3710

2020-08-24T16:28:54

Consolidate seed corpus generation Implement file handling in C to speed up corpus generation.

0d9da029

2020-08-24T03:16:25

Test fuzz targets with dummy driver Run fuzz targets with files in seed corpus during test.

804c5297

2020-08-17T03:37:18

Stop using maxParserDepth in xpath.c Only use a single maxDepth value.

0ff52748

2020-08-17T02:54:28

Fix autotools warnings

10a07948

2020-08-08T17:46:11

Fix XPath fuzzer

6c128fd5

2020-06-05T13:43:45

Fuzz XInclude engine

ad26a60f

2020-08-06T13:20:01

Add XPath and XPointer fuzzer

905820a4

2020-07-12T22:59:39

Update fuzzing code - Shorten timeouts - Align options from Makefile and options files - Add section headers to Makefile - Skip invalid UTF-8 in regexp fuzzer - Update regexp.dict - Generate HTML seed corpus in correct format

93ce33c2

2020-07-23T17:34:08

Fix several quadratic runtime issues in HTML push parser Fix a few remaining cases where the HTML push parser would scan more content during lookahead than being parsed later. Make sure that htmlParseDocTypeDecl consumes all content up to the final '>' in case of errors. The old comment said "We shouldn't try to resynchronize", but ignoring invalid content is also what the HTML5 spec mandates. Likewise, make htmlParseEndTag skip to the final '>' in invalid end tags even if not in recovery mode. This is probably the most visible change in practice and leads to different output for some tests but is also more in line with HTML5. Make sure that htmlParsePI and htmlParseComment don't abort if invalid characters are encountered but log an error and ignore the character. Change some other end-of-buffer checks to test for a zero byte instead of relying on IS_CHAR. Fix usage of IS_CHAR macro in htmlParseScript.

eac1c7e2

2020-06-21T14:42:00

Fuzz target for XML Schemas This only tests the schema parser for now.

ffd31dbe

2020-06-21T12:14:19

Move entity recorder to fuzz.c

536f421d

2020-06-15T12:20:54

Fuzz target for HTML parser

e98150d4

2020-06-09T13:45:31

Add options file for xml fuzzer This will be picked up OSS-Fuzz, limiting the maximum input size to 80 KB and hopefully avoiding timeouts. Some of the timeouts seem to be related to our suboptimal handling of excessive entity expansion. The new fuzzers support external entities and make this problem even more prominent.

00ed736e

2020-06-05T12:49:25

Add a couple of libFuzzer targets - XML fuzzer Currently tests the pull parser, push parser and reader, as well as serialization. Supports splitting fuzz data into multiple documents for things like external DTDs or entities. The seed corpus is built from parts of the test suite. - Regexp fuzzer Seed corpus was statically generated from test suite. - URI fuzzer Tests parsing and most other functions from uri.c.

kc3-lang/libxml2/fuzz

fuzz

Log