|
c6c6d8af
|
2024-12-11T16:24:23
|
|
fuzz: Mutate fuzz data chunks separately
Implement a custom mutator that takes a list of fixed-size chunks which
are mutated with a given probability. This makes sure that values like
parser options or failure position are mutated regularly even as the
fuzz data grows large. Values can also be adjusted temporarily to make
the fuzzer focus on failure injection, for example.
Thanks to David Kilzer for the idea.
|
|
|
9f652e57
|
2024-11-25T19:41:33
|
|
fuzz: Inject IO failures
We use the same counter for injecting malloc and IO failures. This
mostly renames several functions and variables.
|
|
|
780e432a
|
2024-06-11T16:58:09
|
|
fuzz: Move to per-context error handler
|
|
|
da996c8d
|
2023-12-10T14:46:59
|
|
uri: Report malloc failures
Fix many places where malloc failures weren't reported, for example
after calling xmlStrdup.
Introduce new public API functions that return a separate error code if
a memory allocation fails:
- xmlParseURISafe
- xmlBuildURISafe
- xmlBuildRelativeURISafe
Update the fuzzer to check whether malloc failures are reported.
|
|
|
42322eba
|
2023-03-08T13:59:03
|
|
fuzz: Inject random malloc failures
Fixes #344.
|
|
|
9086988f
|
2020-12-16T15:41:52
|
|
Enforce maximum length of fuzz input
Remove the libfuzzer max_len option which doesn't apply to other
fuzzing engines. Enforce the maximum length directly in the fuzz
targets. For the xml target, lower the maximum when expanding entities
to avoid timeout and OOM errors.
|
|
|
00ed736e
|
2020-06-05T12:49:25
|
|
Add a couple of libFuzzer targets
- XML fuzzer
Currently tests the pull parser, push parser and reader, as well as
serialization. Supports splitting fuzz data into multiple documents
for things like external DTDs or entities. The seed corpus is built
from parts of the test suite.
- Regexp fuzzer
Seed corpus was statically generated from test suite.
- URI fuzzer
Tests parsing and most other functions from uri.c.
|