1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-12-24 21:33:51 +03:00
Commit Graph

28 Commits

Author SHA1 Message Date
Nick Wellnhofer
df40f64edf fuzz: Avoid accessing internal struct members
Switch to xmlNewIOInputStream.
2024-06-13 18:01:23 +02:00
Nick Wellnhofer
5238404325 parser: Pass resource type to resource loader 2024-06-12 16:36:12 +02:00
Nick Wellnhofer
780e432a5c fuzz: Move to per-context error handler 2024-06-12 16:36:12 +02:00
Nick Wellnhofer
116d8c0166 fuzz: Move to per-context resource loader 2024-06-12 16:36:12 +02:00
Nick Wellnhofer
caa8bb3848 fuzz: Move back to xmlSetExternalEntityLoader
xmlParserInputBufferCreateFilenameDefault can't report malloc failures.
2024-05-19 19:39:22 +02:00
Nick Wellnhofer
b3cb41be8b fuzz: Add xmllint fuzzer 2024-05-13 12:50:08 +02:00
Nick Wellnhofer
971ce40409 fuzz: Also set fuzzAllocFailed if a real allocation fails
Avoid false positives in real OOM situations.
2024-04-14 19:40:22 +02:00
Nick Wellnhofer
ee0c1f87c0 fuzz: New tree API fuzzer 2024-03-15 19:54:27 +01:00
Nick Wellnhofer
fd801845c8 fuzz: Cap URL size
Cap URL size to avoid quadratic behavior when generating error messages.
2024-01-07 16:33:30 +01:00
Nick Wellnhofer
54c70ed57f parser: Improve error handling
Introduce xmlCtxtSetErrorHandler allowing to set a structured error for
a parser context. There already was the "serror" SAX handler but this
always receives the parser context as argument.

Start to use xmlRaiseMemoryError.

Remove useless arguments from memory error functions. Rename
xmlErrMemory to xmlCtxtErrMemory.

Remove a few calls to xmlGenericError.

Remove support for runtime entity debugging.
2023-12-21 02:46:27 +01:00
Nick Wellnhofer
f19a95108a parser: Report malloc failures
Fix many places where malloc failures aren't reported.

Make xmlErrMemory public. This is useful for custom external entity
loaders.

Introduce new API function xmlSwitchEncodingName.

Change the way how we store whether the the parser is stopped. This used
to be signaled by setting ctxt->instate to XML_PARSER_EOF which was
misdesigned and error-prone. Set ctxt->disableSAX to 2 instead and
introduce a macro PARSER_STOPPED. Also stop to remove parser inputs in
xmlHaltParser. This allows to remove many checks of ctxt->instate.

Introduce xmlErrParser to handle errors if a parser context is
available.
2023-12-11 22:13:05 +01:00
Nick Wellnhofer
da996c8d0f uri: Report malloc failures
Fix many places where malloc failures weren't reported, for example
after calling xmlStrdup.

Introduce new public API functions that return a separate error code if
a memory allocation fails:

- xmlParseURISafe
- xmlBuildURISafe
- xmlBuildRelativeURISafe

Update the fuzzer to check whether malloc failures are reported.
2023-12-11 22:05:47 +01:00
Nick Wellnhofer
b7d56ef7f1 malloc-fail: Report malloc failure in xmlRegEpxFromParse
Also check whether malloc failures are reported when fuzzing.
2023-09-22 19:53:11 +02:00
Nick Wellnhofer
834b8123ef parser: Stream data when reading from memory
Don't create a copy of the whole input buffer. Read the data chunk by
chunk to save memory.

Historically, it was probably envisioned to read data from memory
without additional copying. This doesn't work reliably with the current
design of the XML parser which requires a terminating null byte at the
end of input buffers. This lead to xmlReadMemory interfaces, which
expect pointer and size arguments, being changed to make a
zero-terminated copy of the input buffer. Interfaces based on
xmlReadDoc, which actually expect a zero-terminated string and
would make zero-copy operation work, were then simplified to rely on
xmlReadMemoryi, resulting in an unnecessary copy.

To avoid copying (possibly gigabytes) of memory temporarily, we now
stream in-memory input just like content read from files in a
chunk-by-chunk fashion (using a somewhat outdated INPUT_CHUNK size of
250 bytes). As a side effect, we also avoid another copy of the whole
input when handling non-UTF-8 data which was made possible by some
earlier commits.

Interfaces expecting zero-terminated strings now make use of strnlen
which unfortunately isn't part of the standard C library and only
mandated since POSIX 2008.
2023-08-08 15:21:28 +02:00
Nick Wellnhofer
42322eba82 fuzz: Inject random malloc failures
Fixes #344.
2023-03-08 14:14:22 +01:00
Nick Wellnhofer
541b1e2850 fuzz: Support variable integer sizes in fuzz data
Also switch to big-endian.
2023-03-08 13:59:00 +01:00
Nick Wellnhofer
791a1e80b9 fuzz: Set filename in xmlFuzzEntityLoader 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
cbd9c6c5af fuzz: Allow xmlFuzzReadString(NULL) 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
128c0261c6 warnings: Fix -Wstrict-prototypes warning 2022-10-25 19:34:38 +02:00
Nick Wellnhofer
be889b6581 Make xmlFuzzReadString return a zero size in error case
Avoids use of uninitialized memory.
2022-02-12 15:54:54 +01:00
Nick Wellnhofer
e2b975c317 Handle malloc failures in fuzzing code
Avoid misdiagnosis in OOM situations.
2020-12-18 14:10:13 +01:00
Nick Wellnhofer
0d5f3710fb Consolidate seed corpus generation
Implement file handling in C to speed up corpus generation.
2020-08-24 21:14:55 +02:00
Nick Wellnhofer
0d9da0290c Test fuzz targets with dummy driver
Run fuzz targets with files in seed corpus during test.
2020-08-24 03:57:03 +02:00
Nick Wellnhofer
ad26a60f95 Add XPath and XPointer fuzzer 2020-08-06 14:12:32 +02:00
Nick Wellnhofer
eac1c7e2e5 Fuzz target for XML Schemas
This only tests the schema parser for now.
2020-06-23 16:20:27 +02:00
Nick Wellnhofer
ffd31dbefd Move entity recorder to fuzz.c 2020-06-21 12:15:46 +02:00
Nick Wellnhofer
536f421d37 Fuzz target for HTML parser 2020-06-15 15:23:38 +02:00
Nick Wellnhofer
00ed736eec Add a couple of libFuzzer targets
- XML fuzzer
  Currently tests the pull parser, push parser and reader, as well as
  serialization. Supports splitting fuzz data into multiple documents
  for things like external DTDs or entities. The seed corpus is built
  from parts of the test suite.

- Regexp fuzzer
  Seed corpus was statically generated from test suite.

- URI fuzzer
  Tests parsing and most other functions from uri.c.
2020-06-05 13:53:11 +02:00