shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-12-27 03:21:26 +03:00
Code
5,838 Commits 8 Branches 224 Tags 33 MiB
42322eba82
Commit Graph

5838 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Wellnhofer
42322eba82 fuzz: Inject random malloc failures 
Fixes #344.
 2023-03-08 14:14:22 +01:00
Nick Wellnhofer
7cd2676277 fuzz: Add maxAlloc item to static seed corpus 2023-03-08 14:07:15 +01:00
Nick Wellnhofer
541b1e2850 fuzz: Support variable integer sizes in fuzz data 
Also switch to big-endian.
 2023-03-08 13:59:00 +01:00
Nick Wellnhofer
3f69fc805c parser: Tighten expansion limits 
- Lower the amount of expansion which is always allowed from
  10MB to 1MB.
- Lower the maximum amplification factor from 10 to 5.
- Lower the "fixed cost" from 50 to 20.
 2023-03-08 13:58:49 +01:00
Nick Wellnhofer
73bd5d52ae malloc-fail: Fix type confusion after xmlSchemaFixupTypeAttributeUses 
Found with libFuzzer, see #344.
 2023-03-08 13:17:49 +01:00
Nick Wellnhofer
767ae50bc9 malloc-fail: Fix null deref after xmlSchemaItemList{Add,Insert} 
Found with libFuzzer, see #344.
 2023-03-08 13:17:49 +01:00
Nick Wellnhofer
19b197b616 malloc-fail: Fix null deref after xmlSchemaCompareDates 
Found with libFuzzer, see #344.
 2023-03-08 13:17:49 +01:00
Nick Wellnhofer
961a4f35bf malloc-fail: Fix memory leak in xmlSchemaParseUnion 
Also report malloc failure from xmlStrndup.

Found with libFuzzer, see #344.
 2023-03-08 13:17:49 +01:00
Nick Wellnhofer
260d6b8d77 malloc-fail: Fix another memory leak in xmlSchemaBucketCreate 
Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
31844c74df malloc-fail: Fix null deref in xmlSchemaParseUnion 
Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
9afb6c5fb8 malloc-fail: Fix memory leak in WXS_ADD_{LOCAL,GLOBAL} 
It's somewhat dangerous to add the cleanup code to a macro, but
otherwise we'd have to fix all the call sites.

Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
a5787229e5 malloc-fail: Fix memory leak in xmlSchemaBucketCreate 
Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
e15838ab54 malloc-fail: Fix null deref in xmlSchemaParseWildcardNs 
Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
ba290a8663 malloc-fail: Fix memory leak in xmlSchemaItemListAddSize 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
0263b35756 malloc-fail: Fix null deref in xmlGet{Min,Max}Occurs 
Also report memory error in xmlSchemaGetNodeContent.

Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
7762e8eda1 malloc-fail: Fix null deref in xmlSchemaValAtomicType 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
112340c6c0 malloc-fail: Fix null deref in xmlSchemaInitTypes 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
cfbc1f48ee malloc-fail: Fix memory leak in xmlSchemaParse 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
dbc893f588 malloc-fail: Fix memory leak in xmlCopyNamespaceList 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
282b75f110 malloc-fail: Fix memory leak in xmlXPathNameFunction 
Found with libFuzzer, see #344.
 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
f560065f4d fuzz: Fix duplicate detection in fuzzEntityRecorder 
Store a non-NULL value in the hash.
 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
791a1e80b9 fuzz: Set filename in xmlFuzzEntityLoader 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
cbd9c6c5af fuzz: Allow xmlFuzzReadString(NULL) 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
aa6b7ed1ed fuzz: Fix Makefile dependencies 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
524654ed3c xpath: Fix harmless integer overflow in xmlXPathTranslateFunction 2023-02-27 17:18:11 +01:00
Nick Wellnhofer
8608b71fbc Revert "xpath: Fix popping of values in xmlXPathPopNodeset" 
This reverts commit 47b0e0a620.
 2023-02-27 17:18:11 +01:00
Nick Wellnhofer
bc9f372c10 malloc-fail: Fix memory leak in xmlXPathDistinctSorted 
Found with libFuzzer, see #344.
 2023-02-27 17:18:08 +01:00
Nick Wellnhofer
6f9604f0e3 malloc-fail: Fix memory leak in xmlXPathCacheNewNodeSet 
Found with libFuzzer, see #344.
 2023-02-27 17:18:06 +01:00
Nick Wellnhofer
4499143a87 malloc-fail: Check for malloc failure in xmlHashAddEntry 
Found with libFuzzer, see #344.
 2023-02-27 17:18:05 +01:00
Nick Wellnhofer
a442d16a5f malloc-fail: Fix memory leak in xmlGetNsList 
Found with libFuzzer, see #344.
 2023-02-27 17:18:02 +01:00
Nick Wellnhofer
44947afba0 malloc-fail: Fix null deref after xmlPointerListAddSize 
Found with libFuzzer, see #344.
 2023-02-27 17:17:50 +01:00
Nick Wellnhofer
70b21c9f2a malloc-fail: Fix null deref in xmlXPathCompiledEvalInternal 
Found with libFuzzer, see #344.
 2023-02-27 17:14:25 +01:00
Nick Wellnhofer
0f112d0289 malloc-fail: Fix use-after-free related to xmlXPathNodeSetFilter 
Found with libFuzzer, see #344.
 2023-02-26 13:25:01 +01:00
Nick Wellnhofer
a3e11b385c malloc-fail: Fix memory leak in xmlXPathEqualNodeSetFloat 
Found with libFuzzer, see #344.
 2023-02-26 13:24:55 +01:00
Nick Wellnhofer
b51478dc95 Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" 
This reverts commit 6a12be77c6.

There's too much code reading ctxt->value directly and making the wrong
assumptions.
 2023-02-26 13:23:47 +01:00
Alexander Kutelev
f931178e5f cmake: Link against dl and dld only when LIBXML2_WITH_MODULES is enabled 2023-02-24 12:45:01 +00:00
Nick Wellnhofer
47b0e0a620 xpath: Fix popping of values in xmlXPathPopNodeset 
After 6a12be77, valuePop can fail even if ctxt->value is non-NULL.

If it turns out that too much code relies on this assumption, a better
fix is needed.
 2023-02-23 15:43:15 +01:00
Nick Wellnhofer
359313c1a7 threads: Really fix crash with weak pthread symbols 
Fix more regressions from 7010d877 and 71931233.

Fixes #488.
 2023-02-23 14:30:45 +01:00
Nick Wellnhofer
ae8a12f175 schematron: Use logical and 2023-02-22 14:25:29 +01:00
Nick Wellnhofer
4f0a0fb7a2 xinclude: Fix include guard 2023-02-22 14:24:24 +01:00
Nick Wellnhofer
1eb2ca9f47 relaxng: Remove useless if statement 
ctxt and define are non-NULL at this point.

Fixes #482.
 2023-02-21 15:46:06 +01:00
Nick Wellnhofer
0ce1f8427b schemas: Remove useless if statement 
bucket->origTargetNamespace is always NULL in this branch.

Fixes #481.
 2023-02-21 15:46:06 +01:00
Nick Wellnhofer
a509694c17 pattern: Merge identical branches 
Fixes #479.
 2023-02-21 15:46:06 +01:00
Nick Wellnhofer
85057e5131 regexp: Add sanity check in xmlRegCalloc2 
These arguments should be non-zero, but add a sanity check to avoid
division by zero.

Fixes #450.
 2023-02-21 15:43:32 +01:00
Nick Wellnhofer
c9e4c6d416 catalog: Fix memory leaks 
Fixes #377.
 2023-02-21 15:22:01 +01:00
Nick Wellnhofer
7bd77873db threads: Fix crash with weak pthread symbols 
Regressed in 7010d877. Should fix #488.
 2023-02-20 10:56:03 +01:00
Nick Wellnhofer
5d55315e32 parser: Fix OOB read when formatting error message 
Don't try to print characters beyond the end of the buffer.

Found by OSS-Fuzz.
 2023-02-18 17:29:07 +01:00
Nick Wellnhofer
1743c4c3fc malloc-fail: Fix OOB read after xmlRegGetCounter 
Found with libFuzzer, see #344.
 2023-02-17 17:18:59 +01:00
Nick Wellnhofer
40bc1c699a malloc-fail: Fix memory leak in xmlFAParseCharProp 
Found with libFuzzer, see #344.
 2023-02-17 17:18:55 +01:00
Nick Wellnhofer
e64653c0e7 malloc-fail: Fix leak of xmlRegAtom 
Found with libFuzzer, see #344.
 2023-02-17 17:18:55 +01:00