lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2026-01-26 21:41:34 +03:00
Code Activity

fuzz: Switch to xmlCtxtValidateDocument

Browse Source 
This allows to check malloc failure reports during post-validation.
This commit is contained in:
Nick Wellnhofer
2024-11-17 13:56:19 +01:00
parent 5a51f08517
commit de0c779116
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
fuzz/valid.c
View File

@@ -27,7 +27,6 @@ int
LLVMFuzzerTestOneInput(const char *data, size_t size) { LLVMFuzzerTestOneInput(const char *data, size_t size) {
xmlParserCtxtPtr ctxt; xmlParserCtxtPtr ctxt;
xmlDocPtr doc; xmlDocPtr doc;
xmlValidCtxtPtr vctxt;
const char *docBuffer, *docUrl; const char *docBuffer, *docUrl;
size_t maxAlloc, docSize; size_t maxAlloc, docSize;
int opts; int opts;
@@ -67,17 +66,15 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
xmlCtxtSetResourceLoader(ctxt, xmlFuzzResourceLoader, NULL); xmlCtxtSetResourceLoader(ctxt, xmlFuzzResourceLoader, NULL);
doc = xmlCtxtReadMemory(ctxt, docBuffer, docSize, docUrl, NULL, doc = xmlCtxtReadMemory(ctxt, docBuffer, docSize, docUrl, NULL,
opts & ~XML_PARSE_DTDVALID); opts & ~XML_PARSE_DTDVALID);
xmlFreeParserCtxt(ctxt); xmlFuzzCheckMallocFailure("xmlCtxtReadMemory",
ctxt->errNo == XML_ERR_NO_MEMORY);
/* Post validation requires global callbacks */ if (doc != NULL) {
xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc); xmlCtxtValidateDocument(ctxt, doc);
xmlSetExternalEntityLoader(xmlFuzzEntityLoader); xmlFuzzCheckMallocFailure("xmlCtxtValidateDocument",
vctxt = xmlNewValidCtxt(); ctxt->errNo == XML_ERR_NO_MEMORY);
xmlValidateDocument(vctxt, doc); }
xmlFreeValidCtxt(vctxt);
xmlFreeDoc(doc); xmlFreeDoc(doc);
xmlSetGenericErrorFunc(NULL, NULL); xmlFreeParserCtxt(ctxt);
xmlSetExternalEntityLoader(NULL);
} }
/* Push parser */ /* Push parser */
@@ -88,7 +85,13 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
size_t consumed, chunkSize; size_t consumed, chunkSize;
xmlFuzzMemSetLimit(maxAlloc); xmlFuzzMemSetLimit(maxAlloc);
/*
* FIXME: xmlCreatePushParserCtxt can still report OOM errors
* to stderr.
*/
xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, docUrl); ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, docUrl);
xmlSetGenericErrorFunc(NULL, NULL);
if (ctxt != NULL) { if (ctxt != NULL) {
xmlCtxtSetErrorHandler(ctxt, xmlFuzzSErrorFunc, NULL); xmlCtxtSetErrorHandler(ctxt, xmlFuzzSErrorFunc, NULL);
xmlCtxtSetResourceLoader(ctxt, xmlFuzzResourceLoader, NULL); xmlCtxtSetResourceLoader(ctxt, xmlFuzzResourceLoader, NULL);