lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Code Activity

Enforce maximum length of fuzz input

Browse Source 
Remove the libfuzzer max_len option which doesn't apply to other
fuzzing engines. Enforce the maximum length directly in the fuzz
targets. For the xml target, lower the maximum when expanding entities
to avoid timeout and OOM errors.
This commit is contained in:
Nick Wellnhofer
2020-12-16 15:41:52 +01:00
parent 1fe385304f
commit 9086988ffa
11 changed files with 20 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
fuzz/xml.c
View File

@@ -29,13 +29,18 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
xmlTextReaderPtr reader;
xmlChar *out;
const char *docBuffer, *docUrl;
size_t docSize, consumed, chunkSize;
size_t maxSize, docSize, consumed, chunkSize;
int opts, outSize;
xmlFuzzDataInit(data, size);
opts = xmlFuzzReadInt();
/* XML_PARSE_HUGE still causes timeouts. */
opts &= ~XML_PARSE_HUGE;
/* Lower maximum size when processing entities for now. */
maxSize = opts & XML_PARSE_NOENT ? 50000 : 500000;
if (size > maxSize) {
xmlFuzzDataCleanup();
return(0);
}
xmlFuzzReadEntities();
docBuffer = xmlFuzzMainEntity(&docSize);