1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-12-24 21:33:51 +03:00
Commit Graph

75 Commits

Author SHA1 Message Date
Nick Wellnhofer
83c1ae13d8 fuzz: Add missing include
Fix build failure.
2024-01-07 15:42:46 +01:00
Nick Wellnhofer
30d839776a fuzz: Disable catalogs
The catalogs API doesn't report OOM errors. It's basically impossible
to use it safely in its current form.
2024-01-04 15:18:14 +01:00
Nick Wellnhofer
54c70ed57f parser: Improve error handling
Introduce xmlCtxtSetErrorHandler allowing to set a structured error for
a parser context. There already was the "serror" SAX handler but this
always receives the parser context as argument.

Start to use xmlRaiseMemoryError.

Remove useless arguments from memory error functions. Rename
xmlErrMemory to xmlCtxtErrMemory.

Remove a few calls to xmlGenericError.

Remove support for runtime entity debugging.
2023-12-21 02:46:27 +01:00
Nick Wellnhofer
4e23892cf0 fuzz: Enable value profile 2023-12-11 22:13:06 +01:00
Nick Wellnhofer
abd74186f9 html: Report malloc failures
Fix many places where malloc failures aren't reported.

Stop checking for ctxt->instate.
2023-12-11 22:13:06 +01:00
Nick Wellnhofer
e115194e6f fuzz: Check malloc failure reports in XML fuzzers 2023-12-11 22:13:06 +01:00
Nick Wellnhofer
f19a95108a parser: Report malloc failures
Fix many places where malloc failures aren't reported.

Make xmlErrMemory public. This is useful for custom external entity
loaders.

Introduce new API function xmlSwitchEncodingName.

Change the way how we store whether the the parser is stopped. This used
to be signaled by setting ctxt->instate to XML_PARSER_EOF which was
misdesigned and error-prone. Set ctxt->disableSAX to 2 instead and
introduce a macro PARSER_STOPPED. Also stop to remove parser inputs in
xmlHaltParser. This allows to remove many checks of ctxt->instate.

Introduce xmlErrParser to handle errors if a parser context is
available.
2023-12-11 22:13:05 +01:00
Nick Wellnhofer
1a354d5b30 regexp: Report malloc failures
Fix places where malloc failures aren't reported.
2023-12-11 22:13:05 +01:00
Nick Wellnhofer
e632d9f02e xpath: Report malloc failures
Fix many places where malloc failures aren't reported.

Rework XPath object cache to store free objects in a linked list to
avoid allocating an additional array. Remove some unneeded object pools.
2023-12-11 22:13:05 +01:00
Nick Wellnhofer
da996c8d0f uri: Report malloc failures
Fix many places where malloc failures weren't reported, for example
after calling xmlStrdup.

Introduce new public API functions that return a separate error code if
a memory allocation fails:

- xmlParseURISafe
- xmlBuildURISafe
- xmlBuildRelativeURISafe

Update the fuzzer to check whether malloc failures are reported.
2023-12-11 22:05:47 +01:00
Nick Wellnhofer
ec7f65069a tests: Fix tests --with-valid --without-xinclude
Fix a copy/paste error from commit 4eba9f9c.

Fixes #632.
2023-11-27 18:03:01 +01:00
Nick Wellnhofer
4f132bcdb3 fuzz: Raise rss_limit_mb 2023-10-15 13:04:54 +02:00
Nick Wellnhofer
c13a019134 fuzz: Test xmlTextReaderRead after EOF or failure 2023-10-15 13:04:54 +02:00
Nick Wellnhofer
e019d97fd0 fuzz: Test XML_PARSE_XINCLUDE | XML_PARSE_VALID 2023-10-15 13:04:54 +02:00
Nick Wellnhofer
fa48187304 fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer
There a no plans to fix quadratic behavior in the legacy SAX1 interface.
2023-09-30 14:45:53 +02:00
Nick Wellnhofer
b7d56ef7f1 malloc-fail: Report malloc failure in xmlRegEpxFromParse
Also check whether malloc failures are reported when fuzzing.
2023-09-22 19:53:11 +02:00
Nick Wellnhofer
f98fa86318 regexp: Fix status codes and handle invalid UTF-8
Fixes #561.
2023-09-22 19:01:11 +02:00
Nick Wellnhofer
f9d717af97 fuzz: Allow to fuzz without push, reader or output modules 2023-09-21 13:05:49 +02:00
Nick Wellnhofer
da274bfa55 build: Fix build when certain modules are disabled 2023-09-21 02:26:43 +02:00
Nick Wellnhofer
834b8123ef parser: Stream data when reading from memory
Don't create a copy of the whole input buffer. Read the data chunk by
chunk to save memory.

Historically, it was probably envisioned to read data from memory
without additional copying. This doesn't work reliably with the current
design of the XML parser which requires a terminating null byte at the
end of input buffers. This lead to xmlReadMemory interfaces, which
expect pointer and size arguments, being changed to make a
zero-terminated copy of the input buffer. Interfaces based on
xmlReadDoc, which actually expect a zero-terminated string and
would make zero-copy operation work, were then simplified to rely on
xmlReadMemoryi, resulting in an unnecessary copy.

To avoid copying (possibly gigabytes) of memory temporarily, we now
stream in-memory input just like content read from files in a
chunk-by-chunk fashion (using a somewhat outdated INPUT_CHUNK size of
250 bytes). As a side effect, we also avoid another copy of the whole
input when handling non-UTF-8 data which was made possible by some
earlier commits.

Interfaces expecting zero-terminated strings now make use of strnlen
which unfortunately isn't part of the standard C library and only
mandated since POSIX 2008.
2023-08-08 15:21:28 +02:00
Nick Wellnhofer
5f4ec41bae fuzz: Add valid.options 2023-03-12 19:47:07 +01:00
Nick Wellnhofer
f6fddb78a5 fuzz: Also test init function of URI fuzzer 2023-03-12 16:20:31 +01:00
Nick Wellnhofer
4eba9f9cfc fuzz: Separate fuzzer for DTD validation 2023-03-12 16:19:33 +01:00
Nick Wellnhofer
42322eba82 fuzz: Inject random malloc failures
Fixes #344.
2023-03-08 14:14:22 +01:00
Nick Wellnhofer
7cd2676277 fuzz: Add maxAlloc item to static seed corpus 2023-03-08 14:07:15 +01:00
Nick Wellnhofer
541b1e2850 fuzz: Support variable integer sizes in fuzz data
Also switch to big-endian.
2023-03-08 13:59:00 +01:00
Nick Wellnhofer
f560065f4d fuzz: Fix duplicate detection in fuzzEntityRecorder
Store a non-NULL value in the hash.
2023-02-28 21:23:11 +01:00
Nick Wellnhofer
791a1e80b9 fuzz: Set filename in xmlFuzzEntityLoader 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
cbd9c6c5af fuzz: Allow xmlFuzzReadString(NULL) 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
aa6b7ed1ed fuzz: Fix Makefile dependencies 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
d1272c2ed6 fuzz: Add xinclude to .gitignore 2023-02-13 11:16:57 +01:00
Nick Wellnhofer
ba910d344f fuzz: Add test/recurse to seed corpus 2022-12-26 18:12:26 +01:00
Nick Wellnhofer
09dac45ab9 fuzz: Add separate XInclude fuzzer
XIncludes involve XPath processing which can still lead to timeouts when
fuzzing. This will probably take a while to fix. The rest of the XML
parsing code should hopefully run without timeouts now. OSS-Fuzz only
shows a single timeout test case, so separate the XInclude from the core
XML fuzzer.
2022-12-26 18:12:26 +01:00
Nick Wellnhofer
c885bebb5d fuzz: Remove size limit, disable XInclude
Now that entity expansion issues should be fixed, we should get more
interesting timeout errors from OSS-Fuzz. Disable XInclude for now,
since it often timeouts in XPath computations. The XInclude tests should
be moved to a separate fuzz target.
2022-12-23 23:12:52 +01:00
Nick Wellnhofer
9aba613b14 fuzz: Add new XInclude test directory to corpus 2022-10-31 17:09:54 +01:00
Nick Wellnhofer
128c0261c6 warnings: Fix -Wstrict-prototypes warning 2022-10-25 19:34:38 +02:00
Nick Wellnhofer
513d65fee8 Use AM_CFLAGS and AM_LDFLAGS consistently 2022-09-02 18:33:36 +02:00
Nick Wellnhofer
d0ab5c4fe6 Fix compiler warnings in fuzzing code 2022-09-02 18:33:36 +02:00
Nick Wellnhofer
4612ce3031 Implement xpath1() XPointer scheme
See https://www.w3.org/2005/04/xpointer-schemes/
2022-04-21 04:26:52 +02:00
Nick Wellnhofer
3f74e42bae Simplify 'make check' targets 2022-04-04 05:41:51 +02:00
Nick Wellnhofer
95c7f315ab Move SVG tests to runtest.c
Also update the test results for the first time since 2000.
2022-04-04 04:18:07 +02:00
Nick Wellnhofer
7016b0e099 Don't overlink executables
With very few exceptions, utilities and test programs don't require any
external libraries.

- xmllint and xmlcatalog need libreadline
- runtest and testThreads need pthreads
2022-04-03 14:08:43 +02:00
David Seifert
5c71ada83a
Detect libm using libtool's macros 2022-03-30 16:51:17 +02:00
Nick Wellnhofer
6117700e2c Remove special configuration for certain maintainers 2022-02-20 21:49:05 +01:00
Nick Wellnhofer
d19bab68f4 Fix fuzz/.gitignore after fixing VPATH build 2022-02-19 19:26:42 +01:00
Nick Wellnhofer
8626648790 Fix fuzzer test with VPATH build
Also fixes make distcheck.
2022-02-14 18:06:38 +01:00
Nick Wellnhofer
be889b6581 Make xmlFuzzReadString return a zero size in error case
Avoids use of uninitialized memory.
2022-02-12 15:54:54 +01:00
Daniel Veillard
b48e77cf4f Release of libxml2-2.9.12
Brown paper bag release, some recently added sources were missing from
the 2.9.11 tarball:
- configure.ac: bump version
- fuzz/Makefile.am: add fuzz.h and seed/regexp to EXTRA_DIST
2021-05-13 20:56:16 +02:00
Nick Wellnhofer
8446d4593e Reduce some fuzzer timeouts
OSS-Fuzz has been fuzzing the HTML parser with inputs up to 1 MB for
several hundred hours without hitting the 20s timeout. It seems that
most timeouts resulting from accidentally quadratic behavior in the
HTML parser have been fixed. Start to gradually reduce the timeout to
find new performance issues.
2021-03-01 20:56:40 +01:00
Nick Wellnhofer
85c817a200 Improve fuzzer stability
- Add more calls to xmlInitializeCatalog.
- Call xmlResetLastError after fuzzing each input.
2021-02-22 22:29:28 +01:00