lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2026-01-26 21:41:34 +03:00
Code Activity
5,853 Commits 24 Branches 238 Tags
5f4ec41baee40819beefe0c52eaa06ec144938bd
Commit Graph

5853 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Wellnhofer
5f4ec41bae fuzz: Add valid.options 2023-03-12 19:47:07 +01:00
Nick Wellnhofer
cabde70f8b parser: Simplify calculation of available buffer space 2023-03-12 19:07:23 +01:00
Nick Wellnhofer
b75976e029 parser: Use size_t when subtracting input buffer pointers 
Avoid integer overflows.
 2023-03-12 19:06:19 +01:00
Nick Wellnhofer
9a6ca81612 parser: Check for integer overflow when updating checkIndex 
Unfortunately, checkIndex is a long, not a size_t. Check for integer
overflow before updating the value.
 2023-03-12 19:03:11 +01:00
Nick Wellnhofer
bd63d730b8 html: Impose some length limits 
Impose length limits on names, attribute values, PIs and comments,
similar to the XML parser.
 2023-03-12 17:40:55 +01:00
Nick Wellnhofer
3eb6bf0386 parser: Stop calling xmlParserInputGrow 
Introduce xmlParserGrow which takes a parser context to simplify error
handling.
 2023-03-12 17:05:51 +01:00
Nick Wellnhofer
f6fddb78a5 fuzz: Also test init function of URI fuzzer 2023-03-12 16:20:31 +01:00
Nick Wellnhofer
4eba9f9cfc fuzz: Separate fuzzer for DTD validation 2023-03-12 16:19:33 +01:00
Nick Wellnhofer
a57a7549fa valid: Allow xmlFreeValidCtxt(NULL) 2023-03-12 16:06:19 +01:00
Nick Wellnhofer
21cec82bea win32: Remove broken libxml2.def.src 
Fixes #472.
 2023-03-12 16:04:17 +01:00
Nick Wellnhofer
8c2e508b5e gitlab-ci: Enable all "integer" sanitizers 2023-03-12 14:45:14 +01:00
Nick Wellnhofer
207ebdfd2a malloc-fail: Fix out-of-bounds read in xmlGROW 
Short-lived regression from 56cc2211.
 2023-03-12 14:43:01 +01:00
Nick Wellnhofer
bd6fa2c1d5 malloc-fail: Fix memory leak in xmlXPathRegisterNs 
Found by OSS-Fuzz.
 2023-03-09 22:33:19 +01:00
Nick Wellnhofer
56cc2211bc parser: Merge xmlParserInputGrow into xmlGROW 
Simplifies the code and makes error handling easier.
 2023-03-09 22:27:58 +01:00
Nick Wellnhofer
14604a446e malloc-fail: Fix out-of-bounds read in xmlCurrentChar 
Found by OSS-Fuzz.
 2023-03-09 22:10:44 +01:00
Nick Wellnhofer
42322eba82 fuzz: Inject random malloc failures 
Fixes #344.
 2023-03-08 14:14:22 +01:00
Nick Wellnhofer
7cd2676277 fuzz: Add maxAlloc item to static seed corpus 2023-03-08 14:07:15 +01:00
Nick Wellnhofer
541b1e2850 fuzz: Support variable integer sizes in fuzz data 
Also switch to big-endian.
 2023-03-08 13:59:00 +01:00
Nick Wellnhofer
3f69fc805c parser: Tighten expansion limits 
- Lower the amount of expansion which is always allowed from
  10MB to 1MB.
- Lower the maximum amplification factor from 10 to 5.
- Lower the "fixed cost" from 50 to 20.
 2023-03-08 13:58:49 +01:00
Nick Wellnhofer
73bd5d52ae malloc-fail: Fix type confusion after xmlSchemaFixupTypeAttributeUses 
Found with libFuzzer, see #344.
 2023-03-08 13:17:49 +01:00
Nick Wellnhofer
767ae50bc9 malloc-fail: Fix null deref after xmlSchemaItemList{Add,Insert} 
Found with libFuzzer, see #344.
 2023-03-08 13:17:49 +01:00
Nick Wellnhofer
19b197b616 malloc-fail: Fix null deref after xmlSchemaCompareDates 
Found with libFuzzer, see #344.
 2023-03-08 13:17:49 +01:00
Nick Wellnhofer
961a4f35bf malloc-fail: Fix memory leak in xmlSchemaParseUnion 
Also report malloc failure from xmlStrndup.

Found with libFuzzer, see #344.
 2023-03-08 13:17:49 +01:00
Nick Wellnhofer
260d6b8d77 malloc-fail: Fix another memory leak in xmlSchemaBucketCreate 
Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
31844c74df malloc-fail: Fix null deref in xmlSchemaParseUnion 
Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
9afb6c5fb8 malloc-fail: Fix memory leak in WXS_ADD_{LOCAL,GLOBAL} 
It's somewhat dangerous to add the cleanup code to a macro, but
otherwise we'd have to fix all the call sites.

Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
a5787229e5 malloc-fail: Fix memory leak in xmlSchemaBucketCreate 
Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
e15838ab54 malloc-fail: Fix null deref in xmlSchemaParseWildcardNs 
Found with libFuzzer, see #344.
 2023-03-08 13:17:48 +01:00
Nick Wellnhofer
ba290a8663 malloc-fail: Fix memory leak in xmlSchemaItemListAddSize 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
0263b35756 malloc-fail: Fix null deref in xmlGet{Min,Max}Occurs 
Also report memory error in xmlSchemaGetNodeContent.

Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
7762e8eda1 malloc-fail: Fix null deref in xmlSchemaValAtomicType 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
112340c6c0 malloc-fail: Fix null deref in xmlSchemaInitTypes 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
cfbc1f48ee malloc-fail: Fix memory leak in xmlSchemaParse 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
dbc893f588 malloc-fail: Fix memory leak in xmlCopyNamespaceList 
Found with libFuzzer, see #344.
 2023-03-08 13:17:47 +01:00
Nick Wellnhofer
282b75f110 malloc-fail: Fix memory leak in xmlXPathNameFunction 
Found with libFuzzer, see #344.
 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
f560065f4d fuzz: Fix duplicate detection in fuzzEntityRecorder 
Store a non-NULL value in the hash.
 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
791a1e80b9 fuzz: Set filename in xmlFuzzEntityLoader 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
cbd9c6c5af fuzz: Allow xmlFuzzReadString(NULL) 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
aa6b7ed1ed fuzz: Fix Makefile dependencies 2023-02-28 21:23:11 +01:00
Nick Wellnhofer
524654ed3c xpath: Fix harmless integer overflow in xmlXPathTranslateFunction 2023-02-27 17:18:11 +01:00
Nick Wellnhofer
8608b71fbc Revert "xpath: Fix popping of values in xmlXPathPopNodeset" 
This reverts commit 47b0e0a620.
 2023-02-27 17:18:11 +01:00
Nick Wellnhofer
bc9f372c10 malloc-fail: Fix memory leak in xmlXPathDistinctSorted 
Found with libFuzzer, see #344.
 2023-02-27 17:18:08 +01:00
Nick Wellnhofer
6f9604f0e3 malloc-fail: Fix memory leak in xmlXPathCacheNewNodeSet 
Found with libFuzzer, see #344.
 2023-02-27 17:18:06 +01:00
Nick Wellnhofer
4499143a87 malloc-fail: Check for malloc failure in xmlHashAddEntry 
Found with libFuzzer, see #344.
 2023-02-27 17:18:05 +01:00
Nick Wellnhofer
a442d16a5f malloc-fail: Fix memory leak in xmlGetNsList 
Found with libFuzzer, see #344.
 2023-02-27 17:18:02 +01:00
Nick Wellnhofer
44947afba0 malloc-fail: Fix null deref after xmlPointerListAddSize 
Found with libFuzzer, see #344.
 2023-02-27 17:17:50 +01:00
Nick Wellnhofer
70b21c9f2a malloc-fail: Fix null deref in xmlXPathCompiledEvalInternal 
Found with libFuzzer, see #344.
 2023-02-27 17:14:25 +01:00
Nick Wellnhofer
0f112d0289 malloc-fail: Fix use-after-free related to xmlXPathNodeSetFilter 
Found with libFuzzer, see #344.
 2023-02-26 13:25:01 +01:00
Nick Wellnhofer
a3e11b385c malloc-fail: Fix memory leak in xmlXPathEqualNodeSetFloat 
Found with libFuzzer, see #344.
 2023-02-26 13:24:55 +01:00
Nick Wellnhofer
b51478dc95 Revert "malloc-fail: Avoid use-after-free after unsuccessful valuePush" 
This reverts commit 6a12be77c6.

There's too much code reading ctxt->value directly and making the wrong
assumptions.
 2023-02-26 13:23:47 +01:00