fuzz: Move back to xmlSetExternalEntityLoader

xmlParserInputBufferCreateFilenameDefault can't report malloc failures.
2025-10-24 13:33:01 +03:00 · 2024-05-19 19:31:54 +02:00
parent 4fefba4cf6
commit caa8bb3848
11 changed files with 36 additions and 13 deletions
--- a/fuzz/api.c
+++ b/fuzz/api.c
@@ -964,7 +964,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
    xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
 #endif
    xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
-    xmlParserInputBufferCreateFilenameDefault(xmlFuzzEntityLoader);
+    xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
    return 0;
 }
--- a/fuzz/fuzz.c
+++ b/fuzz/fuzz.c
@@ -391,8 +391,10 @@ xmlFuzzMainEntity(size_t *size) {
 *
 * The entity loader for fuzz data.
 */
-xmlParserInputBufferPtr
+xmlParserInputPtr
-xmlFuzzEntityLoader(const char *URL, xmlCharEncoding enc) {
+xmlFuzzEntityLoader(const char *URL, const char *ID ATTRIBUTE_UNUSED,
                    xmlParserCtxtPtr ctxt) {
    xmlParserInputPtr input;
    xmlFuzzEntityInfo *entity;
    if (URL == NULL)
@@ -401,7 +403,26 @@ xmlFuzzEntityLoader(const char *URL, xmlCharEncoding enc) {
    if (entity == NULL)
        return(NULL);
-    return(xmlParserInputBufferCreateMem(entity->data, entity->size, enc));
+    input = xmlNewInputStream(ctxt);
    if (input == NULL)
        return(NULL);
    input->filename = (char *) xmlCharStrdup(URL);
    if (input->filename == NULL) {
        xmlCtxtErrMemory(ctxt);
        xmlFreeInputStream(input);
        return(NULL);
    }
    input->buf = xmlParserInputBufferCreateMem(entity->data, entity->size,
                                               XML_CHAR_ENCODING_NONE);
    if (input->buf == NULL) {
        xmlCtxtErrMemory(ctxt);
        xmlFreeInputStream(input);
        return(NULL);
    }
    input->base = input->cur = xmlBufContent(input->buf->buffer);
    input->end = input->base + xmlBufUse(input->buf->buffer);
    return input;
 }
 char *
--- a/fuzz/fuzz.h
+++ b/fuzz/fuzz.h
@@ -104,8 +104,8 @@ xmlFuzzMainUrl(void);
 const char *
 xmlFuzzMainEntity(size_t *size);
-xmlParserInputBufferPtr
+xmlParserInputPtr
-xmlFuzzEntityLoader(const char *URL, xmlCharEncoding enc);
+xmlFuzzEntityLoader(const char *URL, const char *ID, xmlParserCtxtPtr ctxt);
 char *
 xmlSlurpFile(const char *path, size_t *size);
--- a/fuzz/lint.c
+++ b/fuzz/lint.c
@@ -198,7 +198,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
    pushArg(NULL);
    xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
-    xmlParserInputBufferCreateFilenameDefault(xmlFuzzEntityLoader);
+    xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
 #ifdef LIBXML_CATALOG_ENABLED
    xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
 #endif
--- a/fuzz/reader.c
+++ b/fuzz/reader.c
@@ -102,7 +102,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
    xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
 #endif
    xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
-    xmlParserInputBufferCreateFilenameDefault(xmlFuzzEntityLoader);
+    xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
    return 0;
 }
--- a/fuzz/schema.c
+++ b/fuzz/schema.c
@@ -18,7 +18,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
    xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
 #endif
    xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
-    xmlParserInputBufferCreateFilenameDefault(xmlFuzzEntityLoader);
+    xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
    return 0;
 }
--- a/fuzz/testFuzzer.c
+++ b/fuzz/testFuzzer.c
@@ -162,7 +162,7 @@ testEntityLoader(void) {
    xmlDocPtr doc;
    int ret = 0;
-    xmlParserInputBufferCreateFilenameDefault(xmlFuzzEntityLoader);
+    xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
    xmlFuzzDataInit(data, sizeof(data) - 1);
    xmlFuzzReadEntities();
--- a/fuzz/valid.c
+++ b/fuzz/valid.c
@@ -20,7 +20,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
    xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
 #endif
    xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
-    xmlParserInputBufferCreateFilenameDefault(xmlFuzzEntityLoader);
+    xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
    return 0;
 }
--- a/fuzz/xinclude.c
+++ b/fuzz/xinclude.c
@@ -21,7 +21,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
    xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
 #endif
    xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
-    xmlParserInputBufferCreateFilenameDefault(xmlFuzzEntityLoader);
+    xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
    return 0;
 }
--- a/fuzz/xml.c
+++ b/fuzz/xml.c
@@ -21,7 +21,7 @@ LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
    xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
 #endif
    xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
-    xmlParserInputBufferCreateFilenameDefault(xmlFuzzEntityLoader);
+    xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
    return 0;
 }
--- a/xmllint.c
+++ b/xmllint.c
@@ -3506,7 +3506,9 @@ xmllintMain(int argc, const char **argv) {
        else if ((!strcmp(argv[i], "-nonet")) ||
                   (!strcmp(argv[i], "--nonet"))) {
 	    options |= XML_PARSE_NONET;
 #ifndef XMLLINT_FUZZ
 	    xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
 #endif
        } else if ((!strcmp(argv[i], "-nocompact")) ||
                   (!strcmp(argv[i], "--nocompact"))) {
 	    options &= ~XML_PARSE_COMPACT;