kmx git

Commit	Date	Message
c6c6d8af	2024-12-11T16:24:23	fuzz: Mutate fuzz data chunks separately Implement a custom mutator that takes a list of fixed-size chunks which are mutated with a given probability. This makes sure that values like parser options or failure position are mutated regularly even as the fuzz data grows large. Values can also be adjusted temporarily to make the fuzzer focus on failure injection, for example. Thanks to David Kilzer for the idea.
9f652e57	2024-11-25T19:41:33	fuzz: Inject IO failures We use the same counter for injecting malloc and IO failures. This mostly renames several functions and variables.
83c1ae13	2024-01-07T15:40:23	fuzz: Add missing include Fix build failure.
30d83977	2024-01-04T15:18:14	fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.
e632d9f0	2023-12-10T16:56:16	xpath: Report malloc failures Fix many places where malloc failures aren't reported. Rework XPath object cache to store free objects in a linked list to avoid allocating an additional array. Remove some unneeded object pools.
42322eba	2023-03-08T13:59:03	fuzz: Inject random malloc failures Fixes #344.
85c817a2	2021-02-22T21:28:21	Improve fuzzer stability - Add more calls to xmlInitializeCatalog. - Call xmlResetLastError after fuzzing each input.
9086988f	2020-12-16T15:41:52	Enforce maximum length of fuzz input Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.
6f1470a5	2020-08-25T18:50:45	Hardcode maximum XPath recursion depth Always limit nested functions calls to 5000. This avoids call stack overflows with deeply nested expressions. The expression parser produces about 10 nested function calls when parsing a subexpression in parentheses, so the effective nesting limit is about 500 which should be more than enough. Use a lower limit when fuzzing to account for increased memory usage when using sanitizers.
804c5297	2020-08-17T03:37:18	Stop using maxParserDepth in xpath.c Only use a single maxDepth value.
10a07948	2020-08-08T17:46:11	Fix XPath fuzzer
ad26a60f	2020-08-06T13:20:01	Add XPath and XPointer fuzzer

c6c6d8af

2024-12-11T16:24:23

fuzz: Mutate fuzz data chunks separately Implement a custom mutator that takes a list of fixed-size chunks which are mutated with a given probability. This makes sure that values like parser options or failure position are mutated regularly even as the fuzz data grows large. Values can also be adjusted temporarily to make the fuzzer focus on failure injection, for example. Thanks to David Kilzer for the idea.

9f652e57

2024-11-25T19:41:33

fuzz: Inject IO failures We use the same counter for injecting malloc and IO failures. This mostly renames several functions and variables.

83c1ae13

2024-01-07T15:40:23

fuzz: Add missing include Fix build failure.

30d83977

2024-01-04T15:18:14

fuzz: Disable catalogs The catalogs API doesn't report OOM errors. It's basically impossible to use it safely in its current form.

e632d9f0

2023-12-10T16:56:16

xpath: Report malloc failures Fix many places where malloc failures aren't reported. Rework XPath object cache to store free objects in a linked list to avoid allocating an additional array. Remove some unneeded object pools.

42322eba

2023-03-08T13:59:03

fuzz: Inject random malloc failures Fixes #344.

85c817a2

2021-02-22T21:28:21

Improve fuzzer stability - Add more calls to xmlInitializeCatalog. - Call xmlResetLastError after fuzzing each input.

9086988f

2020-12-16T15:41:52

Enforce maximum length of fuzz input Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.

6f1470a5

2020-08-25T18:50:45

Hardcode maximum XPath recursion depth Always limit nested functions calls to 5000. This avoids call stack overflows with deeply nested expressions. The expression parser produces about 10 nested function calls when parsing a subexpression in parentheses, so the effective nesting limit is about 500 which should be more than enough. Use a lower limit when fuzzing to account for increased memory usage when using sanitizers.

804c5297

2020-08-17T03:37:18

Stop using maxParserDepth in xpath.c Only use a single maxDepth value.

10a07948

2020-08-08T17:46:11

Fix XPath fuzzer

ad26a60f

2020-08-06T13:20:01

Add XPath and XPointer fuzzer

kc3-lang/libxml2/fuzz/xpath.c

fuzz/xpath.c

Log