lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2026-01-26 21:41:34 +03:00
Code Activity
7,327 Commits 24 Branches 238 Tags
v2.14.0
Commit Graph

14 Commits

Author SHA1 Message Date
Nick Wellnhofer
c6c6d8afef fuzz: Mutate fuzz data chunks separately 
Implement a custom mutator that takes a list of fixed-size chunks which
are mutated with a given probability. This makes sure that values like
parser options or failure position are mutated regularly even as the
fuzz data grows large. Values can also be adjusted temporarily to make
the fuzzer focus on failure injection, for example.

Thanks to David Kilzer for the idea.
 2025-02-20 12:22:12 +01:00
Nick Wellnhofer
f5257d92bf fuzz: Fix failure injection in schema fuzzer 2025-02-20 12:10:50 +01:00
Nick Wellnhofer
fd359a7e49 fuzz: Start to fuzz XML Schema validator 2025-02-20 11:35:47 +01:00
Nick Wellnhofer
9f652e57c1 fuzz: Inject IO failures 
We use the same counter for injecting malloc and IO failures. This
mostly renames several functions and variables.
 2024-11-26 14:30:54 +01:00
Nick Wellnhofer
780e432a5c fuzz: Move to per-context error handler 2024-06-12 16:36:12 +02:00
Nick Wellnhofer
116d8c0166 fuzz: Move to per-context resource loader 2024-06-12 16:36:12 +02:00
Nick Wellnhofer
caa8bb3848 fuzz: Move back to xmlSetExternalEntityLoader 
xmlParserInputBufferCreateFilenameDefault can't report malloc failures.
 2024-05-19 19:39:22 +02:00
Nick Wellnhofer
b3cb41be8b fuzz: Add xmllint fuzzer 2024-05-13 12:50:08 +02:00
Nick Wellnhofer
30d839776a fuzz: Disable catalogs 
The catalogs API doesn't report OOM errors. It's basically impossible
to use it safely in its current form.
 2024-01-04 15:18:14 +01:00
Nick Wellnhofer
e115194e6f fuzz: Check malloc failure reports in XML fuzzers 2023-12-11 22:13:06 +01:00
Nick Wellnhofer
42322eba82 fuzz: Inject random malloc failures 
Fixes #344.
 2023-03-08 14:14:22 +01:00
Nick Wellnhofer
85c817a200 Improve fuzzer stability 
- Add more calls to xmlInitializeCatalog.
- Call xmlResetLastError after fuzzing each input.
 2021-02-22 22:29:28 +01:00
Nick Wellnhofer
9086988ffa Enforce maximum length of fuzz input 
Remove the libfuzzer max_len option which doesn't apply to other
fuzzing engines. Enforce the maximum length directly in the fuzz
targets. For the xml target, lower the maximum when expanding entities
to avoid timeout and OOM errors.
 2020-12-16 16:12:07 +01:00
Nick Wellnhofer
eac1c7e2e5 Fuzz target for XML Schemas 
This only tests the schema parser for now.
 2020-06-23 16:20:27 +02:00