shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-10-26 12:25:09 +03:00
Code Releases Activity
507f11edf0
libxml2/fuzz
History
Nick Wellnhofer 834b8123ef parser: Stream data when reading from memory 
Don't create a copy of the whole input buffer. Read the data chunk by
chunk to save memory.

Historically, it was probably envisioned to read data from memory
without additional copying. This doesn't work reliably with the current
design of the XML parser which requires a terminating null byte at the
end of input buffers. This lead to xmlReadMemory interfaces, which
expect pointer and size arguments, being changed to make a
zero-terminated copy of the input buffer. Interfaces based on
xmlReadDoc, which actually expect a zero-terminated string and
would make zero-copy operation work, were then simplified to rely on
xmlReadMemoryi, resulting in an unnecessary copy.

To avoid copying (possibly gigabytes) of memory temporarily, we now
stream in-memory input just like content read from files in a
chunk-by-chunk fashion (using a somewhat outdated INPUT_CHUNK size of
250 bytes). As a side effect, we also avoid another copy of the whole
input when handling non-UTF-8 data which was made possible by some
earlier commits.

Interfaces expecting zero-terminated strings now make use of strnlen
which unfortunately isn't part of the standard C library and only
mandated since POSIX 2008.
2023-08-08 15:21:28 +02:00
..
static_seed fuzz: Add maxAlloc item to static seed corpus 2023-03-08 14:07:15 +01:00
.gitignore fuzz: Separate fuzzer for DTD validation 2023-03-12 16:19:33 +01:00
fuzz.c parser: Stream data when reading from memory 2023-08-08 15:21:28 +02:00
fuzz.h fuzz: Separate fuzzer for DTD validation 2023-03-12 16:19:33 +01:00
genSeed.c fuzz: Separate fuzzer for DTD validation 2023-03-12 16:19:33 +01:00
html.c fuzz: Inject random malloc failures 2023-03-08 14:14:22 +01:00
html.dict Add charset names to fuzzing dictionaries 2021-02-22 13:21:38 +01:00
html.options Reduce some fuzzer timeouts 2021-03-01 20:56:40 +01:00
Makefile.am fuzz: Separate fuzzer for DTD validation 2023-03-12 16:19:33 +01:00
README Add a couple of libFuzzer targets 2020-06-05 13:53:11 +02:00
regexp.c fuzz: Inject random malloc failures 2023-03-08 14:14:22 +01:00
regexp.dict Update fuzzing code 2020-07-31 11:55:13 +02:00
regexp.options Enforce maximum length of fuzz input 2020-12-16 16:12:07 +01:00
schema.c fuzz: Inject random malloc failures 2023-03-08 14:14:22 +01:00
schema.dict Fuzz target for XML Schemas 2020-06-23 16:20:27 +02:00
schema.options Enforce maximum length of fuzz input 2020-12-16 16:12:07 +01:00
testFuzzer.c fuzz: Also test init function of URI fuzzer 2023-03-12 16:20:31 +01:00
uri.c fuzz: Inject random malloc failures 2023-03-08 14:14:22 +01:00
uri.options Reduce some fuzzer timeouts 2021-03-01 20:56:40 +01:00
valid.c fuzz: Separate fuzzer for DTD validation 2023-03-12 16:19:33 +01:00
valid.options fuzz: Add valid.options 2023-03-12 19:47:07 +01:00
xinclude.c fuzz: Separate fuzzer for DTD validation 2023-03-12 16:19:33 +01:00
xinclude.options fuzz: Add separate XInclude fuzzer 2022-12-26 18:12:26 +01:00
xml.c fuzz: Separate fuzzer for DTD validation 2023-03-12 16:19:33 +01:00
xml.dict Add charset names to fuzzing dictionaries 2021-02-22 13:21:38 +01:00
xml.options Enforce maximum length of fuzz input 2020-12-16 16:12:07 +01:00
xpath.c fuzz: Inject random malloc failures 2023-03-08 14:14:22 +01:00
xpath.dict Add XPath and XPointer fuzzer 2020-08-06 14:12:32 +02:00
xpath.options Enforce maximum length of fuzz input 2020-12-16 16:12:07 +01:00

README 

libFuzzer instructions for libxml2
==================================

Set compiler and options:

    export CC=clang
    export CFLAGS="-g -fsanitize=fuzzer-no-link,address,undefined \
        -fno-sanitize-recover=all \
        -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"

Build libxml2 with instrumentation:

    ./configure --without-python
    make

Run fuzzers:

    make -C fuzz fuzz-xml