1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-12-23 17:33:50 +03:00

fuzz: Disable catalogs

The catalogs API doesn't report OOM errors. It's basically impossible
to use it safely in its current form.
This commit is contained in:
Nick Wellnhofer 2024-01-04 15:18:14 +01:00
parent ca5965d594
commit 30d839776a
7 changed files with 15 additions and 0 deletions

View File

@ -16,6 +16,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
xmlInitParser();
#ifdef LIBXML_CATALOG_ENABLED
xmlInitializeCatalog();
xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
#endif
xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);

View File

@ -15,6 +15,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
xmlInitParser();
#ifdef LIBXML_CATALOG_ENABLED
xmlInitializeCatalog();
xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
#endif
xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
xmlSetExternalEntityLoader(xmlFuzzEntityLoader);

View File

@ -18,6 +18,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
xmlInitParser();
#ifdef LIBXML_CATALOG_ENABLED
xmlInitializeCatalog();
xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
#endif
xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
xmlSetExternalEntityLoader(xmlFuzzEntityLoader);

View File

@ -19,6 +19,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
xmlInitParser();
#ifdef LIBXML_CATALOG_ENABLED
xmlInitializeCatalog();
xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
#endif
xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
xmlSetExternalEntityLoader(xmlFuzzEntityLoader);

View File

@ -19,6 +19,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
xmlInitParser();
#ifdef LIBXML_CATALOG_ENABLED
xmlInitializeCatalog();
xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
#endif
xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
xmlSetExternalEntityLoader(xmlFuzzEntityLoader);

View File

@ -13,6 +13,10 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
char ***argv ATTRIBUTE_UNUSED) {
xmlFuzzMemSetup();
xmlInitParser();
#ifdef LIBXML_CATALOG_ENABLED
xmlInitializeCatalog();
xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
#endif
xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
return 0;

View File

@ -5382,6 +5382,12 @@ xmlParseCatalogPI(xmlParserCtxtPtr ctxt, const xmlChar *catalog) {
goto error;
if (URL != NULL) {
/*
* Unfortunately, the catalog API doesn't report OOM errors.
* xmlGetLastError isn't very helpful since we don't know
* where the last error came from. We'd have to reset it
* before this call and restore it afterwards.
*/
ctxt->catalogs = xmlCatalogAddLocal(ctxt->catalogs, URL);
xmlFree(URL);
}