kc3-lang/libxml2/fuzz

Branch : - branch - master - tag - CVE-2013-2877 CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499-1 CVE-2015-7499-2 CVE-2015-7500 CVE-2015-7941_1 CVE-2015-7941_2 CVE-2015-7942 CVE-2015-7942-2 CVE-2015-8035 CVE-2015-8242 CVE-2015-8317 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4449 CVE-2016-4483 CVE-2021-3541 ChangeLog EAZEL-NAUTILUS-MS-AUG07 FOR_GNOME_0_99_1 GNOME_0_30 GNOME_PRINT_0_24 GNUMERIC_FIRST_PUBLIC_RELEASE LIBXML2.6.32 LIBXML2.7.0 LIBXML2.7.1 LIBXML2.7.2 LIBXML2.7.3 LIBXML2_2_4_21 LIBXML2_2_5_0 LIBXML2_2_5_10 LIBXML2_2_5_11 LIBXML2_2_5_7 LIBXML2_2_5_8 LIBXML2_2_5_9 LIBXML2_2_5_x LIBXML2_2_6_1 LIBXML2_2_6_11 LIBXML2_2_6_12 LIBXML2_2_6_13 LIBXML2_2_6_14 LIBXML2_2_6_15 LIBXML2_2_6_16 LIBXML2_2_6_18 LIBXML2_2_6_19 LIBXML2_2_6_2 LIBXML2_2_6_20 LIBXML2_2_6_21 LIBXML2_2_6_22 LIBXML2_2_6_23 LIBXML2_2_6_24 LIBXML2_2_6_26 LIBXML2_2_6_27 LIBXML2_2_6_28 LIBXML2_2_6_3 LIBXML2_2_6_4 LIBXML2_2_6_5 LIBXML2_2_6_6 LIBXML2_2_6_7 LIBXML2_2_6_8 LIBXML2_2_6_9 LIBXML2_6_0 LIBXML_0_99 LIBXML_1_5_0 LIBXML_1_8_10 LIBXML_1_8_10_REAL LIBXML_1_8_12 LIBXML_1_8_14 LIBXML_1_8_16 LIBXML_1_8_17 LIBXML_1_8_5 LIBXML_1_8_6 LIBXML_1_8_8 LIBXML_1_8_9 LIBXML_2_0_0 LIBXML_2_1_0 LIBXML_2_1_1 LIBXML_2_2_1 LIBXML_2_2_3 LIBXML_2_2_4 LIBXML_2_2_6 LIBXML_2_2_7 LIBXML_2_2_8 LIBXML_2_3_0 LIBXML_2_3_10 LIBXML_2_3_11 LIBXML_2_3_12 LIBXML_2_3_13 LIBXML_2_3_14 LIBXML_2_3_2 LIBXML_2_3_3 LIBXML_2_3_4 LIBXML_2_3_5 LIBXML_2_3_6 LIBXML_2_3_7 LIBXML_2_3_8 LIBXML_2_3_9 LIBXML_2_4_0 LIBXML_2_4_11 LIBXML_2_4_12 LIBXML_2_4_13 LIBXML_2_4_14 LIBXML_2_4_16 LIBXML_2_4_18 LIBXML_2_4_2 LIBXML_2_4_20 LIBXML_2_4_22 LIBXML_2_4_23 LIBXML_2_4_24 LIBXML_2_4_25 LIBXML_2_4_26 LIBXML_2_4_27 LIBXML_2_4_29 LIBXML_2_4_3 LIBXML_2_4_30 LIBXML_2_4_4 LIBXML_2_4_6 LIBXML_2_4_7 LIBXML_2_5_1 LIBXML_2_5_2 LIBXML_2_5_3 LIBXML_2_5_4 LIBXML_2_5_5 LIBXML_2_5_6 LIBXML_2_6_10 LIBXML_TEST_2_0_0 LIB_XML_1_1 LIB_XML_1_3 LIB_XML_1_4 LIB_XML_1_6_1 LIB_XML_1_6_2 LIB_XML_1_7_0 LIB_XML_1_7_1 LIB_XML_1_7_3 LIB_XML_1_8_3 LIB_XML_1_X PRE_MUCKUP PRE_MUCKUP2 PRE_MUCKUP3 help v2.10.0 v2.10.1 v2.10.2 v2.10.3 v2.10.4 v2.11.0 v2.11.1 v2.11.2 v2.11.3 v2.11.4 v2.11.5 v2.11.6 v2.11.7 v2.11.8 v2.11.9 v2.12.0 v2.12.1 v2.12.10 v2.12.2 v2.12.3 v2.12.4 v2.12.5 v2.12.6 v2.12.7 v2.12.8 v2.12.9 v2.13.0 v2.13.1 v2.13.2 v2.13.3 v2.13.4 v2.13.5 v2.13.6 v2.13.7 v2.13.8 v2.13.9 v2.14.0 v2.14.1 v2.14.2 v2.14.3 v2.14.4 v2.14.5 v2.14.6 v2.15.0 v2.15.1 v2.7.4 v2.7.5 v2.7.6 v2.7.7 v2.7.8 v2.8.0 v2.8.0-rc1 v2.8.0-rc2 v2.9.0 v2.9.0-rc2 v2.9.1 v2.9.10 v2.9.10-rc1 v2.9.11 v2.9.12 v2.9.13 v2.9.14 v2.9.2 v2.9.2-rc1 v2.9.2-rc2 v2.9.3 v2.9.4 v2.9.4-rc1 v2.9.4-rc2 v2.9.5 v2.9.5-rc1 v2.9.5-rc2 v2.9.6 v2.9.6-rc1 v2.9.7 v2.9.7-rc1 v2.9.8 v2.9.8-rc1 v2.9.9 v2.9.9-rc1 v2.9.9-rc2

Log

Author	Commit	Date	CI	Message
	8446d459	2021-03-01 20:56:40		Reduce some fuzzer timeouts OSS-Fuzz has been fuzzing the HTML parser with inputs up to 1 MB for several hundred hours without hitting the 20s timeout. It seems that most timeouts resulting from accidentally quadratic behavior in the HTML parser have been fixed. Start to gradually reduce the timeout to find new performance issues.
	85c817a2	2021-02-22 21:28:21		Improve fuzzer stability - Add more calls to xmlInitializeCatalog. - Call xmlResetLastError after fuzzing each input.
	f9ccb3b8	2021-02-22 21:26:13		Check for feature flags in fuzzer tests
	7a90bdfa	2021-02-22 17:58:06		Another attempt at improving fuzzer stability xmlInitializeCatalog is not called from xmlInitParser.
	0fb3ae58	2021-02-22 17:31:05		Revert "Improve HTML fuzzer stability" This reverts commit de1b51eddcc17fd7ed1bbcc6d5d7d529407dfbe2.
	0987001c	2021-02-22 12:29:56		Add charset names to fuzzing dictionaries
	de1b51ed	2021-02-22 12:25:29		Improve HTML fuzzer stability Call htmlInitAutoClose during fuzzer initialization to fix stability issue. Leave a note concerning problems with this function.
	ec808a44	2021-02-07 13:57:49		Speed up HTML fuzzer htmlDocDumpMemory uses the "HTML" encoding if no other encoding was specified in the source HTML. This encoding can be extremely slow because of an inefficiency in htmlEntityValueLookup. Stop encoding the output for now.
	e2b975c3	2020-12-18 00:50:34		Handle malloc failures in fuzzing code Avoid misdiagnosis in OOM situations.
	9086988f	2020-12-16 15:41:52		Enforce maximum length of fuzz input Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.
	8a85263f	2020-10-25 20:08:16		Add fuzzing dictionaries to EXTRA_DIST Also add static seed corpus for the URI fuzzer.
	6f1470a5	2020-08-25 18:50:45		Hardcode maximum XPath recursion depth Always limit nested functions calls to 5000. This avoids call stack overflows with deeply nested expressions. The expression parser produces about 10 nested function calls when parsing a subexpression in parentheses, so the effective nesting limit is about 500 which should be more than enough. Use a lower limit when fuzzing to account for increased memory usage when using sanitizers.
	8c3ef083	2020-08-24 23:17:34		Pass URL of main entity in XML fuzzer
	0d5f3710	2020-08-24 16:28:54		Consolidate seed corpus generation Implement file handling in C to speed up corpus generation.
	0d9da029	2020-08-24 03:16:25		Test fuzz targets with dummy driver Run fuzz targets with files in seed corpus during test.
	804c5297	2020-08-17 03:37:18		Stop using maxParserDepth in xpath.c Only use a single maxDepth value.
	0ff52748	2020-08-17 02:54:28		Fix autotools warnings
	10a07948	2020-08-08 17:46:11		Fix XPath fuzzer
	6c128fd5	2020-06-05 13:43:45		Fuzz XInclude engine
	ad26a60f	2020-08-06 13:20:01		Add XPath and XPointer fuzzer
	905820a4	2020-07-12 22:59:39		Update fuzzing code - Shorten timeouts - Align options from Makefile and options files - Add section headers to Makefile - Skip invalid UTF-8 in regexp fuzzer - Update regexp.dict - Generate HTML seed corpus in correct format
	93ce33c2	2020-07-23 17:34:08		Fix several quadratic runtime issues in HTML push parser Fix a few remaining cases where the HTML push parser would scan more content during lookahead than being parsed later. Make sure that htmlParseDocTypeDecl consumes all content up to the final '>' in case of errors. The old comment said "We shouldn't try to resynchronize", but ignoring invalid content is also what the HTML5 spec mandates. Likewise, make htmlParseEndTag skip to the final '>' in invalid end tags even if not in recovery mode. This is probably the most visible change in practice and leads to different output for some tests but is also more in line with HTML5. Make sure that htmlParsePI and htmlParseComment don't abort if invalid characters are encountered but log an error and ignore the character. Change some other end-of-buffer checks to test for a zero byte instead of relying on IS_CHAR. Fix usage of IS_CHAR macro in htmlParseScript.
	eac1c7e2	2020-06-21 14:42:00		Fuzz target for XML Schemas This only tests the schema parser for now.
	ffd31dbe	2020-06-21 12:14:19		Move entity recorder to fuzz.c
	536f421d	2020-06-15 12:20:54		Fuzz target for HTML parser
	e98150d4	2020-06-09 13:45:31		Add options file for xml fuzzer This will be picked up OSS-Fuzz, limiting the maximum input size to 80 KB and hopefully avoiding timeouts. Some of the timeouts seem to be related to our suboptimal handling of excessive entity expansion. The new fuzzers support external entities and make this problem even more prominent.
	00ed736e	2020-06-05 12:49:25		Add a couple of libFuzzer targets - XML fuzzer Currently tests the pull parser, push parser and reader, as well as serialization. Supports splitting fuzz data into multiple documents for things like external DTDs or entities. The seed corpus is built from parts of the test suite. - Regexp fuzzer Seed corpus was statically generated from test suite. - URI fuzzer Tests parsing and most other functions from uri.c.