|
d1272c2e
|
2023-02-13T11:16:57
|
|
fuzz: Add xinclude to .gitignore
|
|
|
ba910d34
|
2022-12-26T17:58:33
|
|
fuzz: Add test/recurse to seed corpus
|
|
|
09dac45a
|
2022-12-26T17:49:27
|
|
fuzz: Add separate XInclude fuzzer
XIncludes involve XPath processing which can still lead to timeouts when
fuzzing. This will probably take a while to fix. The rest of the XML
parsing code should hopefully run without timeouts now. OSS-Fuzz only
shows a single timeout test case, so separate the XInclude from the core
XML fuzzer.
|
|
|
c885bebb
|
2022-12-23T23:06:32
|
|
fuzz: Remove size limit, disable XInclude
Now that entity expansion issues should be fixed, we should get more
interesting timeout errors from OSS-Fuzz. Disable XInclude for now,
since it often timeouts in XPath computations. The XInclude tests should
be moved to a separate fuzz target.
|
|
|
9aba613b
|
2022-10-31T17:09:54
|
|
fuzz: Add new XInclude test directory to corpus
|
|
|
128c0261
|
2022-10-25T19:23:07
|
|
warnings: Fix -Wstrict-prototypes warning
|
|
|
513d65fe
|
2022-09-02T16:45:06
|
|
Use AM_CFLAGS and AM_LDFLAGS consistently
|
|
|
d0ab5c4f
|
2022-09-02T17:47:48
|
|
Fix compiler warnings in fuzzing code
|
|
|
4612ce30
|
2022-04-21T03:52:52
|
|
Implement xpath1() XPointer scheme
See https://www.w3.org/2005/04/xpointer-schemes/
|
|
|
3f74e42b
|
2022-04-04T05:19:33
|
|
Simplify 'make check' targets
|
|
|
95c7f315
|
2022-04-03T21:39:14
|
|
Move SVG tests to runtest.c
Also update the test results for the first time since 2000.
|
|
|
7016b0e0
|
2022-04-03T01:42:17
|
|
Don't overlink executables
With very few exceptions, utilities and test programs don't require any
external libraries.
- xmllint and xmlcatalog need libreadline
- runtest and testThreads need pthreads
|
|
5c71ada8
|
2022-03-30T16:51:17
|
|
Detect libm using libtool's macros
|
|
|
6117700e
|
2022-02-20T20:56:40
|
|
Remove special configuration for certain maintainers
|
|
|
d19bab68
|
2022-02-19T19:26:10
|
|
Fix fuzz/.gitignore after fixing VPATH build
|
|
|
86266487
|
2022-02-14T18:06:38
|
|
Fix fuzzer test with VPATH build
Also fixes make distcheck.
|
|
|
be889b65
|
2022-01-26T16:35:18
|
|
Make xmlFuzzReadString return a zero size in error case
Avoids use of uninitialized memory.
|
|
b48e77cf
|
2021-05-13T20:56:16
|
|
Release of libxml2-2.9.12
Brown paper bag release, some recently added sources were missing from
the 2.9.11 tarball:
- configure.ac: bump version
- fuzz/Makefile.am: add fuzz.h and seed/regexp to EXTRA_DIST
|
|
|
8446d459
|
2021-03-01T20:56:40
|
|
Reduce some fuzzer timeouts
OSS-Fuzz has been fuzzing the HTML parser with inputs up to 1 MB for
several hundred hours without hitting the 20s timeout. It seems that
most timeouts resulting from accidentally quadratic behavior in the
HTML parser have been fixed. Start to gradually reduce the timeout to
find new performance issues.
|
|
|
85c817a2
|
2021-02-22T21:28:21
|
|
Improve fuzzer stability
- Add more calls to xmlInitializeCatalog.
- Call xmlResetLastError after fuzzing each input.
|
|
|
f9ccb3b8
|
2021-02-22T21:26:13
|
|
Check for feature flags in fuzzer tests
|
|
|
7a90bdfa
|
2021-02-22T17:58:06
|
|
Another attempt at improving fuzzer stability
xmlInitializeCatalog is not called from xmlInitParser.
|
|
|
0fb3ae58
|
2021-02-22T17:31:05
|
|
Revert "Improve HTML fuzzer stability"
This reverts commit de1b51eddcc17fd7ed1bbcc6d5d7d529407dfbe2.
|
|
|
0987001c
|
2021-02-22T12:29:56
|
|
Add charset names to fuzzing dictionaries
|
|
|
de1b51ed
|
2021-02-22T12:25:29
|
|
Improve HTML fuzzer stability
Call htmlInitAutoClose during fuzzer initialization to fix stability
issue. Leave a note concerning problems with this function.
|
|
|
ec808a44
|
2021-02-07T13:57:49
|
|
Speed up HTML fuzzer
htmlDocDumpMemory uses the "HTML" encoding if no other encoding was
specified in the source HTML. This encoding can be extremely slow
because of an inefficiency in htmlEntityValueLookup. Stop encoding
the output for now.
|
|
|
e2b975c3
|
2020-12-18T00:50:34
|
|
Handle malloc failures in fuzzing code
Avoid misdiagnosis in OOM situations.
|
|
|
9086988f
|
2020-12-16T15:41:52
|
|
Enforce maximum length of fuzz input
Remove the libfuzzer max_len option which doesn't apply to other
fuzzing engines. Enforce the maximum length directly in the fuzz
targets. For the xml target, lower the maximum when expanding entities
to avoid timeout and OOM errors.
|
|
|
8a85263f
|
2020-10-25T20:08:16
|
|
Add fuzzing dictionaries to EXTRA_DIST
Also add static seed corpus for the URI fuzzer.
|
|
|
6f1470a5
|
2020-08-25T18:50:45
|
|
Hardcode maximum XPath recursion depth
Always limit nested functions calls to 5000. This avoids call stack
overflows with deeply nested expressions.
The expression parser produces about 10 nested function calls when
parsing a subexpression in parentheses, so the effective nesting limit
is about 500 which should be more than enough.
Use a lower limit when fuzzing to account for increased memory usage
when using sanitizers.
|
|
|
8c3ef083
|
2020-08-24T23:17:34
|
|
Pass URL of main entity in XML fuzzer
|
|
|
0d5f3710
|
2020-08-24T16:28:54
|
|
Consolidate seed corpus generation
Implement file handling in C to speed up corpus generation.
|
|
|
0d9da029
|
2020-08-24T03:16:25
|
|
Test fuzz targets with dummy driver
Run fuzz targets with files in seed corpus during test.
|
|
|
804c5297
|
2020-08-17T03:37:18
|
|
Stop using maxParserDepth in xpath.c
Only use a single maxDepth value.
|
|
|
0ff52748
|
2020-08-17T02:54:28
|
|
Fix autotools warnings
|
|
|
10a07948
|
2020-08-08T17:46:11
|
|
Fix XPath fuzzer
|
|
|
6c128fd5
|
2020-06-05T13:43:45
|
|
Fuzz XInclude engine
|
|
|
ad26a60f
|
2020-08-06T13:20:01
|
|
Add XPath and XPointer fuzzer
|
|
|
905820a4
|
2020-07-12T22:59:39
|
|
Update fuzzing code
- Shorten timeouts
- Align options from Makefile and options files
- Add section headers to Makefile
- Skip invalid UTF-8 in regexp fuzzer
- Update regexp.dict
- Generate HTML seed corpus in correct format
|
|
|
93ce33c2
|
2020-07-23T17:34:08
|
|
Fix several quadratic runtime issues in HTML push parser
Fix a few remaining cases where the HTML push parser would scan more
content during lookahead than being parsed later.
Make sure that htmlParseDocTypeDecl consumes all content up to the
final '>' in case of errors. The old comment said "We shouldn't try to
resynchronize", but ignoring invalid content is also what the HTML5
spec mandates.
Likewise, make htmlParseEndTag skip to the final '>' in invalid end
tags even if not in recovery mode. This is probably the most visible
change in practice and leads to different output for some tests but is
also more in line with HTML5.
Make sure that htmlParsePI and htmlParseComment don't abort if invalid
characters are encountered but log an error and ignore the character.
Change some other end-of-buffer checks to test for a zero byte instead
of relying on IS_CHAR.
Fix usage of IS_CHAR macro in htmlParseScript.
|
|
|
eac1c7e2
|
2020-06-21T14:42:00
|
|
Fuzz target for XML Schemas
This only tests the schema parser for now.
|
|
|
ffd31dbe
|
2020-06-21T12:14:19
|
|
Move entity recorder to fuzz.c
|
|
|
536f421d
|
2020-06-15T12:20:54
|
|
Fuzz target for HTML parser
|
|
|
e98150d4
|
2020-06-09T13:45:31
|
|
Add options file for xml fuzzer
This will be picked up OSS-Fuzz, limiting the maximum input size to
80 KB and hopefully avoiding timeouts. Some of the timeouts seem to be
related to our suboptimal handling of excessive entity expansion.
The new fuzzers support external entities and make this problem even
more prominent.
|
|
|
00ed736e
|
2020-06-05T12:49:25
|
|
Add a couple of libFuzzer targets
- XML fuzzer
Currently tests the pull parser, push parser and reader, as well as
serialization. Supports splitting fuzz data into multiple documents
for things like external DTDs or entities. The seed corpus is built
from parts of the test suite.
- Regexp fuzzer
Seed corpus was statically generated from test suite.
- URI fuzzer
Tests parsing and most other functions from uri.c.
|