lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Code Activity

fuzz: Add separate XInclude fuzzer

Browse Source 
XIncludes involve XPath processing which can still lead to timeouts when
fuzzing. This will probably take a while to fix. The rest of the XML
parsing code should hopefully run without timeouts now. OSS-Fuzz only
shows a single timeout test case, so separate the XInclude from the core
XML fuzzer.
This commit is contained in:
Nick Wellnhofer
2022-12-26 17:49:27 +01:00
parent 66e9fd66e8
commit 09dac45ab9
7 changed files with 122 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
fuzz/xml.c
View File

@@ -8,7 +8,6 @@
#include <libxml/parser.h>
#include <libxml/tree.h>
#include <libxml/xmlerror.h>
#include <libxml/xinclude.h>
#include <libxml/xmlreader.h>
#include "fuzz.h"
@@ -49,8 +48,6 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
/* Pull parser */
doc = xmlReadMemory(docBuffer, docSize, docUrl, NULL, opts);
if (opts & XML_PARSE_XINCLUDE)
xmlXIncludeProcessFlags(doc, opts);
/* Also test the serializer. */
xmlDocDumpMemory(doc, &out, &outSize);
xmlFree(out);
@@ -71,8 +68,6 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
}
xmlParseChunk(ctxt, NULL, 0, 1);
if (opts & XML_PARSE_XINCLUDE)
xmlXIncludeProcessFlags(ctxt->myDoc, opts);
xmlFreeDoc(ctxt->myDoc);
xmlFreeParserCtxt(ctxt);