Nick Wellnhofer
77c583e0f7
valid: Readd argument check in xmlAddElementDecl
...
Fix crashes with API fuzzer.
2025-05-27 19:55:36 +02:00
Nick Wellnhofer
dd4c0f62fa
tree: Fix xmlTextMerge with NULL args
...
Restore pre-2.13 behavior. Fixes #875 .
2025-03-18 11:11:20 +01:00
Nick Wellnhofer
c6c6d8afef
fuzz: Mutate fuzz data chunks separately
...
Implement a custom mutator that takes a list of fixed-size chunks which
are mutated with a given probability. This makes sure that values like
parser options or failure position are mutated regularly even as the
fuzz data grows large. Values can also be adjusted temporarily to make
the fuzzer focus on failure injection, for example.
Thanks to David Kilzer for the idea.
2025-02-20 12:22:12 +01:00
Nick Wellnhofer
f5257d92bf
fuzz: Fix failure injection in schema fuzzer
2025-02-20 12:10:50 +01:00
Nick Wellnhofer
72f84dd739
fuzz: Inject IO failures into serialization code
2024-12-17 22:21:34 +01:00
Nick Wellnhofer
9f652e57c1
fuzz: Inject IO failures
...
We use the same counter for injecting malloc and IO failures. This
mostly renames several functions and variables.
2024-11-26 14:30:54 +01:00
Nick Wellnhofer
bf3619c328
fuzz: Don't unlink DTD when replacing nodes
...
OP_XML_REPLACE_NODE needs the same check as OP_XML_UNLINK_NODE.
2024-10-10 12:14:47 +02:00
Nick Wellnhofer
0c56eb8215
tree: Restore return value of xmlNodeListGetString with NULL list
...
When passing a NULL list to xmlNodeListGetString or
xmlNodeListGetRawString, return NULL instead of "" to match the old
behavior.
Fixes #783 .
2024-08-12 21:38:50 +02:00
Nick Wellnhofer
de3221b179
fuzz: Adjust for xmlNodeParseContent changes
...
xmlStringGetNodeList returns NULL again for empty strings.
2024-07-06 15:33:06 +02:00
Nick Wellnhofer
116d8c0166
fuzz: Move to per-context resource loader
2024-06-12 16:36:12 +02:00
Nick Wellnhofer
caa8bb3848
fuzz: Move back to xmlSetExternalEntityLoader
...
xmlParserInputBufferCreateFilenameDefault can't report malloc failures.
2024-05-19 19:39:22 +02:00
Nick Wellnhofer
b3cb41be8b
fuzz: Add xmllint fuzzer
2024-05-13 12:50:08 +02:00
Nick Wellnhofer
1f18d37798
fuzz: Add a few more comments
2024-04-09 13:04:50 +02:00
Nick Wellnhofer
fe3cbf897e
fuzz: Check node type before xmlDocSetRootElement
2024-03-29 15:29:53 +01:00
Nick Wellnhofer
ea0ee36546
tree: Align xmlAddChild with other node insertion functions
...
Make xmlAddChild unlink the child before insertion. Originally, linked
children would most likely cause tree corruption. The first fix
disallowed linked nodes, but there are cases where insertion of such
nodes could succeed.
Don't abort if the node is already a child of parent. In this case,
the node will be moved to the end of the child list.
2024-03-29 12:57:20 +01:00
Nick Wellnhofer
bfb02fbca9
fuzz: Fix xmlSetProp in API fuzzer
...
Finding the old attribute node is a bit more involved.
2024-03-28 11:30:05 +01:00
Nick Wellnhofer
887ad90a1a
fuzz: Restrict input size of API fuzzer
2024-03-26 14:23:51 +01:00
Nick Wellnhofer
6c5248e2a9
fuzz: Restrict number of copies in API fuzzer
...
Avoid timeouts with large inputs.
2024-03-26 14:21:47 +01:00
Nick Wellnhofer
d8741b8196
fuzz: Fix namespaces after xmlDOMWrapRemoveNode
2024-03-22 14:55:22 +01:00
Nick Wellnhofer
5ea2970357
fuzz: Reorder API fuzzer ops
2024-03-20 18:41:26 +01:00
Nick Wellnhofer
da32c852a4
fuzz: Check text nodes after merging
...
Avoid exponential growth of text.
2024-03-20 18:33:40 +01:00
Nick Wellnhofer
3f05508a53
tree: Report malloc failures in attribute setters
2024-03-18 15:14:43 +01:00
Nick Wellnhofer
6a49bb777c
tree: Introduce xmlSearchNsSafe
...
After the failed experiment with a static XML namespace, introduce
versions of xmlSearchNs that report malloc failures.
Optimize the no-document case by only adding the XML namespace
declaration if it wasn't found in an ancestor.
2024-03-17 21:07:46 +01:00
Nick Wellnhofer
f14f089fe3
fuzz: Add some comments in api.c
2024-03-15 22:07:23 +01:00
Nick Wellnhofer
ee0c1f87c0
fuzz: New tree API fuzzer
2024-03-15 19:54:27 +01:00
