lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Code Activity

Handle malloc failures in fuzzing code

Browse Source 
Avoid misdiagnosis in OOM situations.
This commit is contained in:
Nick Wellnhofer
2020-12-18 00:50:34 +01:00
parent a67b63d183
commit e2b975c317
2 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
fuzz/xml.c
View File

@@ -37,18 +37,14 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
/* Lower maximum size when processing entities for now. */
maxSize = opts & XML_PARSE_NOENT ? 50000 : 500000;
if (size > maxSize) {
xmlFuzzDataCleanup();
return(0);
}
if (size > maxSize)
goto exit;
xmlFuzzReadEntities();
docBuffer = xmlFuzzMainEntity(&docSize);
docUrl = xmlFuzzMainUrl();
if (docBuffer == NULL) {
xmlFuzzDataCleanup();
return(0);
}
if (docBuffer == NULL)
goto exit;
/* Pull parser */
@@ -63,6 +59,8 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
/* Push parser */
ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, docUrl);
if (ctxt == NULL)
goto exit;
xmlCtxtUseOptions(ctxt, opts);
for (consumed = 0; consumed < docSize; consumed += chunkSize) {
@@ -81,6 +79,8 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
/* Reader */
reader = xmlReaderForMemory(docBuffer, docSize, NULL, NULL, opts);
if (reader == NULL)
goto exit;
while (xmlTextReaderRead(reader) == 1) {
if (xmlTextReaderNodeType(reader) == XML_ELEMENT_NODE) {
int i, n = xmlTextReaderAttributeCount(reader);
@@ -92,10 +92,8 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
}
xmlFreeTextReader(reader);
/* Cleanup */
exit:
xmlFuzzDataCleanup();
return(0);
}