kmx git

Commit	Date	Message
5d542fef	2024-06-16T20:02:45	libxml: define ATTRIBUTE_UNUSED for clang Silences warnings under Clang on Windows. Signed-off-by: Rosen Penev <rosenp@gmail.com>
208f27f9	2024-06-15T19:13:08	include: Don't define ATTRIBUTE_UNUSED in public header Stop polluting namespace with unprefixed names.
df40f64e	2024-06-13T18:00:33	fuzz: Avoid accessing internal struct members Switch to xmlNewIOInputStream.
52384043	2024-06-11T19:10:41	parser: Pass resource type to resource loader
f96dca9c	2024-06-11T18:14:43	xmllint: Switch to resource loader
780e432a	2024-06-11T16:58:09	fuzz: Move to per-context error handler
116d8c01	2024-06-11T15:48:32	fuzz: Move to per-context resource loader
b7f30bae	2024-05-28T22:26:18	fuzz: Fix aarch64 build on OSS-Fuzz
caa8bb38	2024-05-19T19:31:54	fuzz: Move back to xmlSetExternalEntityLoader xmlParserInputBufferCreateFilenameDefault can't report malloc failures.
51b5d1e3	2024-05-15T16:09:05	fuzz: Don't enable zlib and liblzma with MSan We'd need our own instrumented builds of these libraries.
f895af09	2024-05-14T16:08:37	fuzz: Remove OSS-Fuzz timeout option Custom timeouts aren't fully supported on OSS-Fuzz.
b117a912	2024-05-13T13:42:43	fuzz: Enable xmllint fuzzer on OSS-Fuzz
b3cb41be	2024-05-13T12:18:08	fuzz: Add xmllint fuzzer
5bfaab77	2024-05-06T18:03:01	fuzz: Fix reader fuzzer
d644a23e	2024-05-05T23:37:03	fuzz: Improve xml.dict - Add standalone declaration - Add doctype declaration - Expand ATTLIST matrix in xml.dict
68e440ee	2024-04-24T22:52:06	fuzz: Use all test directories for XML seed corpus It's probably better to add as many files as possible to the seed corpus even if they're less specific to a fuzzer.
0977d7a3	2024-04-23T22:39:53	fuzz: Build with compression support on OSS-Fuzz
510c7988	2024-04-23T18:43:12	fuzz: Remove reader pass from XML fuzzers The reader API is fuzzed separately now.
6641a7e8	2024-04-23T18:17:02	fuzz: Enable reader fuzzer on OSS-Fuzz
b62ccf7f	2024-04-16T13:24:12	fuzz: Add fuzzer for XML reader API
971ce404	2024-04-14T19:33:21	fuzz: Also set fuzzAllocFailed if a real allocation fails Avoid false positives in real OOM situations.
1f18d377	2024-04-02T23:19:28	fuzz: Add a few more comments
fe3cbf89	2024-03-29T14:54:39	fuzz: Check node type before xmlDocSetRootElement
ea0ee365	2024-03-28T12:38:43	tree: Align xmlAddChild with other node insertion functions Make xmlAddChild unlink the child before insertion. Originally, linked children would most likely cause tree corruption. The first fix disallowed linked nodes, but there are cases where insertion of such nodes could succeed. Don't abort if the node is already a child of parent. In this case, the node will be moved to the end of the child list.
bfb02fbc	2024-03-28T11:30:05	fuzz: Fix xmlSetProp in API fuzzer Finding the old attribute node is a bit more involved.
887ad90a	2024-03-26T14:23:51	fuzz: Restrict input size of API fuzzer
6c5248e2	2024-03-26T14:21:47	fuzz: Restrict number of copies in API fuzzer Avoid timeouts with large inputs.
52efb20a	2024-03-24T13:43:25	fuzz: Enable float-divide-by-zero on OSS-Fuzz This was recently disabled globally: https://github.com/google/oss-fuzz/pull/11567
d8741b81	2024-03-22T14:46:36	fuzz: Fix namespaces after xmlDOMWrapRemoveNode
d4d1f3f3	2024-03-20T18:45:10	fuzz: Enable API fuzzer on OSS-Fuzz
5ea29703	2024-03-20T18:41:26	fuzz: Reorder API fuzzer ops
da32c852	2024-03-20T13:45:13	fuzz: Check text nodes after merging Avoid exponential growth of text.
3f05508a	2024-03-18T14:14:00	tree: Report malloc failures in attribute setters
6a49bb77	2024-03-17T17:16:55	tree: Introduce xmlSearchNsSafe After the failed experiment with a static XML namespace, introduce versions of xmlSearchNs that report malloc failures. Optimize the no-document case by only adding the XML namespace declaration if it wasn't found in an ancestor.
c0edd792	2024-03-16T15:10:32	fuzz: Move fuzzer options to environment variable
55175f75	2024-03-15T21:48:27	fuzz: Add OSS-Fuzz build.sh Move build.sh to our repo to facilitate changes.
f14f089f	2024-03-15T21:04:04	fuzz: Add some comments in api.c
ee0c1f87	2024-02-29T14:51:49	fuzz: New tree API fuzzer
ce8f3d2c	2024-03-10T15:03:41	fuzz: Improve README
d463733f	2024-02-01T19:31:03	fuzz: Reenable malloc failure check when serializing
84e50a0c	2024-02-01T17:02:24	fuzz: Don't check for malloc failures when serializing DTD serialization doesn't report malloc failures yet.
fd801845	2024-01-07T15:19:58	fuzz: Cap URL size Cap URL size to avoid quadratic behavior when generating error messages.
83c1ae13	2024-01-07T15:40:23	fuzz: Add missing include Fix build failure.
30d83977	2024-01-04T15:18:14	fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.
54c70ed5	2023-12-18T19:31:29	parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.
4e23892c	2023-12-10T19:13:26	fuzz: Enable value profile
abd74186	2023-12-10T19:07:32	html: Report malloc failures Fix many places where malloc failures aren't reported. Stop checking for ctxt->instate.
e115194e	2023-12-10T18:32:21	fuzz: Check malloc failure reports in XML fuzzers
f19a9510	2023-12-10T17:50:22	parser: Report malloc failures Fix many places where malloc failures aren't reported. Make xmlErrMemory public. This is useful for custom external entity loaders. Introduce new API function xmlSwitchEncodingName. Change the way how we store whether the the parser is stopped. This used to be signaled by setting ctxt->instate to XML_PARSER_EOF which was misdesigned and error-prone. Set ctxt->disableSAX to 2 instead and introduce a macro PARSER_STOPPED. Also stop to remove parser inputs in xmlHaltParser. This allows to remove many checks of ctxt->instate. Introduce xmlErrParser to handle errors if a parser context is available.
1a354d5b	2023-12-10T17:09:45	regexp: Report malloc failures Fix places where malloc failures aren't reported.
e632d9f0	2023-12-10T16:56:16	xpath: Report malloc failures Fix many places where malloc failures aren't reported. Rework XPath object cache to store free objects in a linked list to avoid allocating an additional array. Remove some unneeded object pools.
da996c8d	2023-12-10T14:46:59	uri: Report malloc failures Fix many places where malloc failures weren't reported, for example after calling xmlStrdup. Introduce new public API functions that return a separate error code if a memory allocation fails: - xmlParseURISafe - xmlBuildURISafe - xmlBuildRelativeURISafe Update the fuzzer to check whether malloc failures are reported.
ec7f6506	2023-11-27T18:03:01	tests: Fix tests --with-valid --without-xinclude Fix a copy/paste error from commit 4eba9f9c. Fixes #632.
4f132bcd	2023-10-14T22:49:29	fuzz: Raise rss_limit_mb
c13a0191	2023-10-14T22:48:12	fuzz: Test xmlTextReaderRead after EOF or failure
e019d97f	2023-10-14T22:47:20	fuzz: Test XML_PARSE_XINCLUDE \| XML_PARSE_VALID
fa481873	2023-09-30T14:45:53	fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer There a no plans to fix quadratic behavior in the legacy SAX1 interface.
b7d56ef7	2023-09-22T17:03:56	malloc-fail: Report malloc failure in xmlRegEpxFromParse Also check whether malloc failures are reported when fuzzing.
f98fa863	2023-09-22T15:25:40	regexp: Fix status codes and handle invalid UTF-8 Fixes #561.
f9d717af	2023-09-21T13:05:49	fuzz: Allow to fuzz without push, reader or output modules
da274bfa	2023-09-21T01:29:40	build: Fix build when certain modules are disabled
834b8123	2023-08-08T15:21:28	parser: Stream data when reading from memory Don't create a copy of the whole input buffer. Read the data chunk by chunk to save memory. Historically, it was probably envisioned to read data from memory without additional copying. This doesn't work reliably with the current design of the XML parser which requires a terminating null byte at the end of input buffers. This lead to xmlReadMemory interfaces, which expect pointer and size arguments, being changed to make a zero-terminated copy of the input buffer. Interfaces based on xmlReadDoc, which actually expect a zero-terminated string and would make zero-copy operation work, were then simplified to rely on xmlReadMemoryi, resulting in an unnecessary copy. To avoid copying (possibly gigabytes) of memory temporarily, we now stream in-memory input just like content read from files in a chunk-by-chunk fashion (using a somewhat outdated INPUT_CHUNK size of 250 bytes). As a side effect, we also avoid another copy of the whole input when handling non-UTF-8 data which was made possible by some earlier commits. Interfaces expecting zero-terminated strings now make use of strnlen which unfortunately isn't part of the standard C library and only mandated since POSIX 2008.
5f4ec41b	2023-03-12T19:47:07	fuzz: Add valid.options
f6fddb78	2023-03-12T16:20:31	fuzz: Also test init function of URI fuzzer
4eba9f9c	2023-03-12T16:15:54	fuzz: Separate fuzzer for DTD validation
42322eba	2023-03-08T13:59:03	fuzz: Inject random malloc failures Fixes #344.
7cd26762	2023-03-08T14:03:44	fuzz: Add maxAlloc item to static seed corpus
541b1e28	2023-03-08T13:59:00	fuzz: Support variable integer sizes in fuzz data Also switch to big-endian.
f560065f	2023-02-28T21:16:12	fuzz: Fix duplicate detection in fuzzEntityRecorder Store a non-NULL value in the hash.
791a1e80	2023-02-28T19:14:57	fuzz: Set filename in xmlFuzzEntityLoader
cbd9c6c5	2023-02-28T19:14:22	fuzz: Allow xmlFuzzReadString(NULL)
aa6b7ed1	2023-02-17T14:54:13	fuzz: Fix Makefile dependencies
d1272c2e	2023-02-13T11:16:57	fuzz: Add xinclude to .gitignore
ba910d34	2022-12-26T17:58:33	fuzz: Add test/recurse to seed corpus
09dac45a	2022-12-26T17:49:27	fuzz: Add separate XInclude fuzzer XIncludes involve XPath processing which can still lead to timeouts when fuzzing. This will probably take a while to fix. The rest of the XML parsing code should hopefully run without timeouts now. OSS-Fuzz only shows a single timeout test case, so separate the XInclude from the core XML fuzzer.
c885bebb	2022-12-23T23:06:32	fuzz: Remove size limit, disable XInclude Now that entity expansion issues should be fixed, we should get more interesting timeout errors from OSS-Fuzz. Disable XInclude for now, since it often timeouts in XPath computations. The XInclude tests should be moved to a separate fuzz target.
9aba613b	2022-10-31T17:09:54	fuzz: Add new XInclude test directory to corpus
128c0261	2022-10-25T19:23:07	warnings: Fix -Wstrict-prototypes warning
513d65fe	2022-09-02T16:45:06	Use AM_CFLAGS and AM_LDFLAGS consistently
d0ab5c4f	2022-09-02T17:47:48	Fix compiler warnings in fuzzing code
4612ce30	2022-04-21T03:52:52	Implement xpath1() XPointer scheme See https://www.w3.org/2005/04/xpointer-schemes/
3f74e42b	2022-04-04T05:19:33	Simplify 'make check' targets
95c7f315	2022-04-03T21:39:14	Move SVG tests to runtest.c Also update the test results for the first time since 2000.
7016b0e0	2022-04-03T01:42:17	Don't overlink executables With very few exceptions, utilities and test programs don't require any external libraries. - xmllint and xmlcatalog need libreadline - runtest and testThreads need pthreads
5c71ada8	2022-03-30T16:51:17	Detect libm using libtool's macros
6117700e	2022-02-20T20:56:40	Remove special configuration for certain maintainers
d19bab68	2022-02-19T19:26:10	Fix fuzz/.gitignore after fixing VPATH build
86266487	2022-02-14T18:06:38	Fix fuzzer test with VPATH build Also fixes make distcheck.
be889b65	2022-01-26T16:35:18	Make xmlFuzzReadString return a zero size in error case Avoids use of uninitialized memory.
b48e77cf	2021-05-13T20:56:16	Release of libxml2-2.9.12 Brown paper bag release, some recently added sources were missing from the 2.9.11 tarball: - configure.ac: bump version - fuzz/Makefile.am: add fuzz.h and seed/regexp to EXTRA_DIST
8446d459	2021-03-01T20:56:40	Reduce some fuzzer timeouts OSS-Fuzz has been fuzzing the HTML parser with inputs up to 1 MB for several hundred hours without hitting the 20s timeout. It seems that most timeouts resulting from accidentally quadratic behavior in the HTML parser have been fixed. Start to gradually reduce the timeout to find new performance issues.
85c817a2	2021-02-22T21:28:21	Improve fuzzer stability - Add more calls to xmlInitializeCatalog. - Call xmlResetLastError after fuzzing each input.
f9ccb3b8	2021-02-22T21:26:13	Check for feature flags in fuzzer tests
7a90bdfa	2021-02-22T17:58:06	Another attempt at improving fuzzer stability xmlInitializeCatalog is not called from xmlInitParser.
0fb3ae58	2021-02-22T17:31:05	Revert "Improve HTML fuzzer stability" This reverts commit de1b51eddcc17fd7ed1bbcc6d5d7d529407dfbe2.
0987001c	2021-02-22T12:29:56	Add charset names to fuzzing dictionaries
de1b51ed	2021-02-22T12:25:29	Improve HTML fuzzer stability Call htmlInitAutoClose during fuzzer initialization to fix stability issue. Leave a note concerning problems with this function.
ec808a44	2021-02-07T13:57:49	Speed up HTML fuzzer htmlDocDumpMemory uses the "HTML" encoding if no other encoding was specified in the source HTML. This encoding can be extremely slow because of an inefficiency in htmlEntityValueLookup. Stop encoding the output for now.
e2b975c3	2020-12-18T00:50:34	Handle malloc failures in fuzzing code Avoid misdiagnosis in OOM situations.
9086988f	2020-12-16T15:41:52	Enforce maximum length of fuzz input Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.

5d542fef

2024-06-16T20:02:45

libxml: define ATTRIBUTE_UNUSED for clang Silences warnings under Clang on Windows. Signed-off-by: Rosen Penev <rosenp@gmail.com>

208f27f9

2024-06-15T19:13:08

include: Don't define ATTRIBUTE_UNUSED in public header Stop polluting namespace with unprefixed names.

df40f64e

2024-06-13T18:00:33

fuzz: Avoid accessing internal struct members Switch to xmlNewIOInputStream.

52384043

2024-06-11T19:10:41

parser: Pass resource type to resource loader

f96dca9c

2024-06-11T18:14:43

xmllint: Switch to resource loader

780e432a

2024-06-11T16:58:09

fuzz: Move to per-context error handler

116d8c01

2024-06-11T15:48:32

fuzz: Move to per-context resource loader

b7f30bae

2024-05-28T22:26:18

fuzz: Fix aarch64 build on OSS-Fuzz

caa8bb38

2024-05-19T19:31:54

fuzz: Move back to xmlSetExternalEntityLoader xmlParserInputBufferCreateFilenameDefault can't report malloc failures.

51b5d1e3

2024-05-15T16:09:05

fuzz: Don't enable zlib and liblzma with MSan We'd need our own instrumented builds of these libraries.

f895af09

2024-05-14T16:08:37

fuzz: Remove OSS-Fuzz timeout option Custom timeouts aren't fully supported on OSS-Fuzz.

b117a912

2024-05-13T13:42:43

fuzz: Enable xmllint fuzzer on OSS-Fuzz

b3cb41be

2024-05-13T12:18:08

fuzz: Add xmllint fuzzer

5bfaab77

2024-05-06T18:03:01

fuzz: Fix reader fuzzer

d644a23e

2024-05-05T23:37:03

fuzz: Improve xml.dict - Add standalone declaration - Add doctype declaration - Expand ATTLIST matrix in xml.dict

68e440ee

2024-04-24T22:52:06

fuzz: Use all test directories for XML seed corpus It's probably better to add as many files as possible to the seed corpus even if they're less specific to a fuzzer.

0977d7a3

2024-04-23T22:39:53

fuzz: Build with compression support on OSS-Fuzz

510c7988

2024-04-23T18:43:12

fuzz: Remove reader pass from XML fuzzers The reader API is fuzzed separately now.

6641a7e8

2024-04-23T18:17:02

fuzz: Enable reader fuzzer on OSS-Fuzz

b62ccf7f

2024-04-16T13:24:12

fuzz: Add fuzzer for XML reader API

971ce404

2024-04-14T19:33:21

fuzz: Also set fuzzAllocFailed if a real allocation fails Avoid false positives in real OOM situations.

1f18d377

2024-04-02T23:19:28

fuzz: Add a few more comments

fe3cbf89

2024-03-29T14:54:39

fuzz: Check node type before xmlDocSetRootElement

ea0ee365

2024-03-28T12:38:43

tree: Align xmlAddChild with other node insertion functions Make xmlAddChild unlink the child before insertion. Originally, linked children would most likely cause tree corruption. The first fix disallowed linked nodes, but there are cases where insertion of such nodes could succeed. Don't abort if the node is already a child of parent. In this case, the node will be moved to the end of the child list.

bfb02fbc

2024-03-28T11:30:05

fuzz: Fix xmlSetProp in API fuzzer Finding the old attribute node is a bit more involved.

887ad90a

2024-03-26T14:23:51

fuzz: Restrict input size of API fuzzer

6c5248e2

2024-03-26T14:21:47

fuzz: Restrict number of copies in API fuzzer Avoid timeouts with large inputs.

52efb20a

2024-03-24T13:43:25

fuzz: Enable float-divide-by-zero on OSS-Fuzz This was recently disabled globally: https://github.com/google/oss-fuzz/pull/11567

d8741b81

2024-03-22T14:46:36

fuzz: Fix namespaces after xmlDOMWrapRemoveNode

d4d1f3f3

2024-03-20T18:45:10

fuzz: Enable API fuzzer on OSS-Fuzz

5ea29703

2024-03-20T18:41:26

fuzz: Reorder API fuzzer ops

da32c852

2024-03-20T13:45:13

fuzz: Check text nodes after merging Avoid exponential growth of text.

3f05508a

2024-03-18T14:14:00

tree: Report malloc failures in attribute setters

6a49bb77

2024-03-17T17:16:55

tree: Introduce xmlSearchNsSafe After the failed experiment with a static XML namespace, introduce versions of xmlSearchNs that report malloc failures. Optimize the no-document case by only adding the XML namespace declaration if it wasn't found in an ancestor.

c0edd792

2024-03-16T15:10:32

fuzz: Move fuzzer options to environment variable

55175f75

2024-03-15T21:48:27

fuzz: Add OSS-Fuzz build.sh Move build.sh to our repo to facilitate changes.

f14f089f

2024-03-15T21:04:04

fuzz: Add some comments in api.c

ee0c1f87

2024-02-29T14:51:49

fuzz: New tree API fuzzer

ce8f3d2c

2024-03-10T15:03:41

fuzz: Improve README

d463733f

2024-02-01T19:31:03

fuzz: Reenable malloc failure check when serializing

84e50a0c

2024-02-01T17:02:24

fuzz: Don't check for malloc failures when serializing DTD serialization doesn't report malloc failures yet.

fd801845

2024-01-07T15:19:58

fuzz: Cap URL size Cap URL size to avoid quadratic behavior when generating error messages.

83c1ae13

2024-01-07T15:40:23

fuzz: Add missing include Fix build failure.

30d83977

2024-01-04T15:18:14

fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.

54c70ed5

2023-12-18T19:31:29

parser: Improve error handling Introduce xmlCtxtSetErrorHandler allowing to set a structured error for a parser context. There already was the "serror" SAX handler but this always receives the parser context as argument. Start to use xmlRaiseMemoryError. Remove useless arguments from memory error functions. Rename xmlErrMemory to xmlCtxtErrMemory. Remove a few calls to xmlGenericError. Remove support for runtime entity debugging.

4e23892c

2023-12-10T19:13:26

fuzz: Enable value profile

abd74186

2023-12-10T19:07:32

html: Report malloc failures Fix many places where malloc failures aren't reported. Stop checking for ctxt->instate.

e115194e

2023-12-10T18:32:21

fuzz: Check malloc failure reports in XML fuzzers

f19a9510

2023-12-10T17:50:22

parser: Report malloc failures Fix many places where malloc failures aren't reported. Make xmlErrMemory public. This is useful for custom external entity loaders. Introduce new API function xmlSwitchEncodingName. Change the way how we store whether the the parser is stopped. This used to be signaled by setting ctxt->instate to XML_PARSER_EOF which was misdesigned and error-prone. Set ctxt->disableSAX to 2 instead and introduce a macro PARSER_STOPPED. Also stop to remove parser inputs in xmlHaltParser. This allows to remove many checks of ctxt->instate. Introduce xmlErrParser to handle errors if a parser context is available.

1a354d5b

2023-12-10T17:09:45

regexp: Report malloc failures Fix places where malloc failures aren't reported.

e632d9f0

2023-12-10T16:56:16

xpath: Report malloc failures Fix many places where malloc failures aren't reported. Rework XPath object cache to store free objects in a linked list to avoid allocating an additional array. Remove some unneeded object pools.

da996c8d

2023-12-10T14:46:59

uri: Report malloc failures Fix many places where malloc failures weren't reported, for example after calling xmlStrdup. Introduce new public API functions that return a separate error code if a memory allocation fails: - xmlParseURISafe - xmlBuildURISafe - xmlBuildRelativeURISafe Update the fuzzer to check whether malloc failures are reported.

ec7f6506

2023-11-27T18:03:01

tests: Fix tests --with-valid --without-xinclude Fix a copy/paste error from commit 4eba9f9c. Fixes #632.

4f132bcd

2023-10-14T22:49:29

fuzz: Raise rss_limit_mb

c13a0191

2023-10-14T22:48:12

fuzz: Test xmlTextReaderRead after EOF or failure

e019d97f

2023-10-14T22:47:20

fuzz: Test XML_PARSE_XINCLUDE | XML_PARSE_VALID

fa481873

2023-09-30T14:45:53

fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer There a no plans to fix quadratic behavior in the legacy SAX1 interface.

b7d56ef7

2023-09-22T17:03:56

malloc-fail: Report malloc failure in xmlRegEpxFromParse Also check whether malloc failures are reported when fuzzing.

f98fa863

2023-09-22T15:25:40

regexp: Fix status codes and handle invalid UTF-8 Fixes #561.

f9d717af

2023-09-21T13:05:49

fuzz: Allow to fuzz without push, reader or output modules

da274bfa

2023-09-21T01:29:40

build: Fix build when certain modules are disabled

834b8123

2023-08-08T15:21:28

parser: Stream data when reading from memory Don't create a copy of the whole input buffer. Read the data chunk by chunk to save memory. Historically, it was probably envisioned to read data from memory without additional copying. This doesn't work reliably with the current design of the XML parser which requires a terminating null byte at the end of input buffers. This lead to xmlReadMemory interfaces, which expect pointer and size arguments, being changed to make a zero-terminated copy of the input buffer. Interfaces based on xmlReadDoc, which actually expect a zero-terminated string and would make zero-copy operation work, were then simplified to rely on xmlReadMemoryi, resulting in an unnecessary copy. To avoid copying (possibly gigabytes) of memory temporarily, we now stream in-memory input just like content read from files in a chunk-by-chunk fashion (using a somewhat outdated INPUT_CHUNK size of 250 bytes). As a side effect, we also avoid another copy of the whole input when handling non-UTF-8 data which was made possible by some earlier commits. Interfaces expecting zero-terminated strings now make use of strnlen which unfortunately isn't part of the standard C library and only mandated since POSIX 2008.

5f4ec41b

2023-03-12T19:47:07

fuzz: Add valid.options

f6fddb78

2023-03-12T16:20:31

fuzz: Also test init function of URI fuzzer

4eba9f9c

2023-03-12T16:15:54

fuzz: Separate fuzzer for DTD validation

42322eba

2023-03-08T13:59:03

fuzz: Inject random malloc failures Fixes #344.

7cd26762

2023-03-08T14:03:44

fuzz: Add maxAlloc item to static seed corpus

541b1e28

2023-03-08T13:59:00

fuzz: Support variable integer sizes in fuzz data Also switch to big-endian.

f560065f

2023-02-28T21:16:12

fuzz: Fix duplicate detection in fuzzEntityRecorder Store a non-NULL value in the hash.

791a1e80

2023-02-28T19:14:57

fuzz: Set filename in xmlFuzzEntityLoader

cbd9c6c5

2023-02-28T19:14:22

fuzz: Allow xmlFuzzReadString(NULL)

aa6b7ed1

2023-02-17T14:54:13

fuzz: Fix Makefile dependencies

d1272c2e

2023-02-13T11:16:57

fuzz: Add xinclude to .gitignore

ba910d34

2022-12-26T17:58:33

fuzz: Add test/recurse to seed corpus

09dac45a

2022-12-26T17:49:27

fuzz: Add separate XInclude fuzzer XIncludes involve XPath processing which can still lead to timeouts when fuzzing. This will probably take a while to fix. The rest of the XML parsing code should hopefully run without timeouts now. OSS-Fuzz only shows a single timeout test case, so separate the XInclude from the core XML fuzzer.

c885bebb

2022-12-23T23:06:32

fuzz: Remove size limit, disable XInclude Now that entity expansion issues should be fixed, we should get more interesting timeout errors from OSS-Fuzz. Disable XInclude for now, since it often timeouts in XPath computations. The XInclude tests should be moved to a separate fuzz target.

9aba613b

2022-10-31T17:09:54

fuzz: Add new XInclude test directory to corpus

128c0261

2022-10-25T19:23:07

warnings: Fix -Wstrict-prototypes warning

513d65fe

2022-09-02T16:45:06

Use AM_CFLAGS and AM_LDFLAGS consistently

d0ab5c4f

2022-09-02T17:47:48

Fix compiler warnings in fuzzing code

4612ce30

2022-04-21T03:52:52

Implement xpath1() XPointer scheme See https://www.w3.org/2005/04/xpointer-schemes/

3f74e42b

2022-04-04T05:19:33

Simplify 'make check' targets

95c7f315

2022-04-03T21:39:14

Move SVG tests to runtest.c Also update the test results for the first time since 2000.

7016b0e0

2022-04-03T01:42:17

Don't overlink executables With very few exceptions, utilities and test programs don't require any external libraries. - xmllint and xmlcatalog need libreadline - runtest and testThreads need pthreads

5c71ada8

2022-03-30T16:51:17

Detect libm using libtool's macros

6117700e

2022-02-20T20:56:40

Remove special configuration for certain maintainers

d19bab68

2022-02-19T19:26:10

Fix fuzz/.gitignore after fixing VPATH build

86266487

2022-02-14T18:06:38

Fix fuzzer test with VPATH build Also fixes make distcheck.

be889b65

2022-01-26T16:35:18

Make xmlFuzzReadString return a zero size in error case Avoids use of uninitialized memory.

b48e77cf

2021-05-13T20:56:16

Release of libxml2-2.9.12 Brown paper bag release, some recently added sources were missing from the 2.9.11 tarball: - configure.ac: bump version - fuzz/Makefile.am: add fuzz.h and seed/regexp to EXTRA_DIST

8446d459

2021-03-01T20:56:40

Reduce some fuzzer timeouts OSS-Fuzz has been fuzzing the HTML parser with inputs up to 1 MB for several hundred hours without hitting the 20s timeout. It seems that most timeouts resulting from accidentally quadratic behavior in the HTML parser have been fixed. Start to gradually reduce the timeout to find new performance issues.

85c817a2

2021-02-22T21:28:21

Improve fuzzer stability - Add more calls to xmlInitializeCatalog. - Call xmlResetLastError after fuzzing each input.

f9ccb3b8

2021-02-22T21:26:13

Check for feature flags in fuzzer tests

7a90bdfa

2021-02-22T17:58:06

Another attempt at improving fuzzer stability xmlInitializeCatalog is not called from xmlInitParser.

0fb3ae58

2021-02-22T17:31:05

Revert "Improve HTML fuzzer stability" This reverts commit de1b51eddcc17fd7ed1bbcc6d5d7d529407dfbe2.

0987001c

2021-02-22T12:29:56

Add charset names to fuzzing dictionaries

de1b51ed

2021-02-22T12:25:29

Improve HTML fuzzer stability Call htmlInitAutoClose during fuzzer initialization to fix stability issue. Leave a note concerning problems with this function.

ec808a44

2021-02-07T13:57:49

Speed up HTML fuzzer htmlDocDumpMemory uses the "HTML" encoding if no other encoding was specified in the source HTML. This encoding can be extremely slow because of an inefficiency in htmlEntityValueLookup. Stop encoding the output for now.

e2b975c3

2020-12-18T00:50:34

Handle malloc failures in fuzzing code Avoid misdiagnosis in OOM situations.

9086988f

2020-12-16T15:41:52

Enforce maximum length of fuzz input Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.

kc3-lang/libxml2/fuzz

fuzz

Log