kmx git

Commit	Date	Message
de1b51ed	2021-02-22T12:25:29	Improve HTML fuzzer stability Call htmlInitAutoClose during fuzzer initialization to fix stability issue. Leave a note concerning problems with this function.
ec808a44	2021-02-07T13:57:49	Speed up HTML fuzzer htmlDocDumpMemory uses the "HTML" encoding if no other encoding was specified in the source HTML. This encoding can be extremely slow because of an inefficiency in htmlEntityValueLookup. Stop encoding the output for now.
e2b975c3	2020-12-18T00:50:34	Handle malloc failures in fuzzing code Avoid misdiagnosis in OOM situations.
9086988f	2020-12-16T15:41:52	Enforce maximum length of fuzz input Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.
8a85263f	2020-10-25T20:08:16	Add fuzzing dictionaries to EXTRA_DIST Also add static seed corpus for the URI fuzzer.
6f1470a5	2020-08-25T18:50:45	Hardcode maximum XPath recursion depth Always limit nested functions calls to 5000. This avoids call stack overflows with deeply nested expressions. The expression parser produces about 10 nested function calls when parsing a subexpression in parentheses, so the effective nesting limit is about 500 which should be more than enough. Use a lower limit when fuzzing to account for increased memory usage when using sanitizers.
8c3ef083	2020-08-24T23:17:34	Pass URL of main entity in XML fuzzer
0d5f3710	2020-08-24T16:28:54	Consolidate seed corpus generation Implement file handling in C to speed up corpus generation.
0d9da029	2020-08-24T03:16:25	Test fuzz targets with dummy driver Run fuzz targets with files in seed corpus during test.
804c5297	2020-08-17T03:37:18	Stop using maxParserDepth in xpath.c Only use a single maxDepth value.
0ff52748	2020-08-17T02:54:28	Fix autotools warnings
10a07948	2020-08-08T17:46:11	Fix XPath fuzzer
6c128fd5	2020-06-05T13:43:45	Fuzz XInclude engine
ad26a60f	2020-08-06T13:20:01	Add XPath and XPointer fuzzer
905820a4	2020-07-12T22:59:39	Update fuzzing code - Shorten timeouts - Align options from Makefile and options files - Add section headers to Makefile - Skip invalid UTF-8 in regexp fuzzer - Update regexp.dict - Generate HTML seed corpus in correct format
93ce33c2	2020-07-23T17:34:08	Fix several quadratic runtime issues in HTML push parser Fix a few remaining cases where the HTML push parser would scan more content during lookahead than being parsed later. Make sure that htmlParseDocTypeDecl consumes all content up to the final '>' in case of errors. The old comment said "We shouldn't try to resynchronize", but ignoring invalid content is also what the HTML5 spec mandates. Likewise, make htmlParseEndTag skip to the final '>' in invalid end tags even if not in recovery mode. This is probably the most visible change in practice and leads to different output for some tests but is also more in line with HTML5. Make sure that htmlParsePI and htmlParseComment don't abort if invalid characters are encountered but log an error and ignore the character. Change some other end-of-buffer checks to test for a zero byte instead of relying on IS_CHAR. Fix usage of IS_CHAR macro in htmlParseScript.
eac1c7e2	2020-06-21T14:42:00	Fuzz target for XML Schemas This only tests the schema parser for now.
ffd31dbe	2020-06-21T12:14:19	Move entity recorder to fuzz.c
536f421d	2020-06-15T12:20:54	Fuzz target for HTML parser
e98150d4	2020-06-09T13:45:31	Add options file for xml fuzzer This will be picked up OSS-Fuzz, limiting the maximum input size to 80 KB and hopefully avoiding timeouts. Some of the timeouts seem to be related to our suboptimal handling of excessive entity expansion. The new fuzzers support external entities and make this problem even more prominent.
00ed736e	2020-06-05T12:49:25	Add a couple of libFuzzer targets - XML fuzzer Currently tests the pull parser, push parser and reader, as well as serialization. Supports splitting fuzz data into multiple documents for things like external DTDs or entities. The seed corpus is built from parts of the test suite. - Regexp fuzzer Seed corpus was statically generated from test suite. - URI fuzzer Tests parsing and most other functions from uri.c.

de1b51ed

2021-02-22T12:25:29

Improve HTML fuzzer stability Call htmlInitAutoClose during fuzzer initialization to fix stability issue. Leave a note concerning problems with this function.

ec808a44

2021-02-07T13:57:49

Speed up HTML fuzzer htmlDocDumpMemory uses the "HTML" encoding if no other encoding was specified in the source HTML. This encoding can be extremely slow because of an inefficiency in htmlEntityValueLookup. Stop encoding the output for now.

e2b975c3

2020-12-18T00:50:34

Handle malloc failures in fuzzing code Avoid misdiagnosis in OOM situations.

9086988f

2020-12-16T15:41:52

Enforce maximum length of fuzz input Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.

8a85263f

2020-10-25T20:08:16

Add fuzzing dictionaries to EXTRA_DIST Also add static seed corpus for the URI fuzzer.

6f1470a5

2020-08-25T18:50:45

Hardcode maximum XPath recursion depth Always limit nested functions calls to 5000. This avoids call stack overflows with deeply nested expressions. The expression parser produces about 10 nested function calls when parsing a subexpression in parentheses, so the effective nesting limit is about 500 which should be more than enough. Use a lower limit when fuzzing to account for increased memory usage when using sanitizers.

8c3ef083

2020-08-24T23:17:34

Pass URL of main entity in XML fuzzer

0d5f3710

2020-08-24T16:28:54

Consolidate seed corpus generation Implement file handling in C to speed up corpus generation.

0d9da029

2020-08-24T03:16:25

Test fuzz targets with dummy driver Run fuzz targets with files in seed corpus during test.

804c5297

2020-08-17T03:37:18

Stop using maxParserDepth in xpath.c Only use a single maxDepth value.

0ff52748

2020-08-17T02:54:28

Fix autotools warnings

10a07948

2020-08-08T17:46:11

Fix XPath fuzzer

6c128fd5

2020-06-05T13:43:45

Fuzz XInclude engine

ad26a60f

2020-08-06T13:20:01

Add XPath and XPointer fuzzer

905820a4

2020-07-12T22:59:39

Update fuzzing code - Shorten timeouts - Align options from Makefile and options files - Add section headers to Makefile - Skip invalid UTF-8 in regexp fuzzer - Update regexp.dict - Generate HTML seed corpus in correct format

93ce33c2

2020-07-23T17:34:08

Fix several quadratic runtime issues in HTML push parser Fix a few remaining cases where the HTML push parser would scan more content during lookahead than being parsed later. Make sure that htmlParseDocTypeDecl consumes all content up to the final '>' in case of errors. The old comment said "We shouldn't try to resynchronize", but ignoring invalid content is also what the HTML5 spec mandates. Likewise, make htmlParseEndTag skip to the final '>' in invalid end tags even if not in recovery mode. This is probably the most visible change in practice and leads to different output for some tests but is also more in line with HTML5. Make sure that htmlParsePI and htmlParseComment don't abort if invalid characters are encountered but log an error and ignore the character. Change some other end-of-buffer checks to test for a zero byte instead of relying on IS_CHAR. Fix usage of IS_CHAR macro in htmlParseScript.

eac1c7e2

2020-06-21T14:42:00

Fuzz target for XML Schemas This only tests the schema parser for now.

ffd31dbe

2020-06-21T12:14:19

Move entity recorder to fuzz.c

536f421d

2020-06-15T12:20:54

Fuzz target for HTML parser

e98150d4

2020-06-09T13:45:31

Add options file for xml fuzzer This will be picked up OSS-Fuzz, limiting the maximum input size to 80 KB and hopefully avoiding timeouts. Some of the timeouts seem to be related to our suboptimal handling of excessive entity expansion. The new fuzzers support external entities and make this problem even more prominent.

00ed736e

2020-06-05T12:49:25

Add a couple of libFuzzer targets - XML fuzzer Currently tests the pull parser, push parser and reader, as well as serialization. Supports splitting fuzz data into multiple documents for things like external DTDs or entities. The seed corpus is built from parts of the test suite. - Regexp fuzzer Seed corpus was statically generated from test suite. - URI fuzzer Tests parsing and most other functions from uri.c.

kc3-lang/libxml2/fuzz

fuzz

Log