c/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2 synced 2025-03-28 21:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

fuzz: Reduce initial array size

Browse Source
This commit is contained in:
Nick Wellnhofer 2024-12-16 01:34:29 +01:00
parent 6f903d434f
commit 63dfcca670
4 changed files with 42 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
HTMLparser.c
View File

@ -4550,6 +4550,12 @@ static int
htmlInitParserCtxt(htmlParserCtxtPtr ctxt, const htmlSAXHandler *sax, htmlInitParserCtxt(htmlParserCtxtPtr ctxt, const htmlSAXHandler *sax,
void *userData) void *userData)
{ {
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
size_t initialNodeTabSize = 1;
#else
size_t initialNodeTabSize = 10;
#endif
if (ctxt == NULL) return(-1); if (ctxt == NULL) return(-1);
memset(ctxt, 0, sizeof(htmlParserCtxt)); memset(ctxt, 0, sizeof(htmlParserCtxt));
@ -4572,11 +4578,11 @@ htmlInitParserCtxt(htmlParserCtxtPtr ctxt, const htmlSAXHandler *sax,
/* Allocate the Input stack */ /* Allocate the Input stack */
ctxt->inputTab = (htmlParserInputPtr *) ctxt->inputTab = (htmlParserInputPtr *)
xmlMalloc(5 * sizeof(htmlParserInputPtr)); xmlMalloc(sizeof(htmlParserInputPtr));
if (ctxt->inputTab == NULL) if (ctxt->inputTab == NULL)
return(-1); return(-1);
ctxt->inputNr = 0; ctxt->inputNr = 0;
ctxt->inputMax = 5; ctxt->inputMax = 1;
ctxt->input = NULL; ctxt->input = NULL;
ctxt->version = NULL; ctxt->version = NULL;
ctxt->encoding = NULL; ctxt->encoding = NULL;
@ -4584,19 +4590,19 @@ htmlInitParserCtxt(htmlParserCtxtPtr ctxt, const htmlSAXHandler *sax,
ctxt->instate = XML_PARSER_START; ctxt->instate = XML_PARSER_START;
/* Allocate the Node stack */ /* Allocate the Node stack */
ctxt->nodeTab = (htmlNodePtr *) xmlMalloc(10 * sizeof(htmlNodePtr)); ctxt->nodeTab = xmlMalloc(initialNodeTabSize * sizeof(htmlNodePtr));
if (ctxt->nodeTab == NULL) if (ctxt->nodeTab == NULL)
return(-1); return(-1);
ctxt->nodeNr = 0; ctxt->nodeNr = 0;
ctxt->nodeMax = 10; ctxt->nodeMax = initialNodeTabSize;
ctxt->node = NULL; ctxt->node = NULL;
/* Allocate the Name stack */ /* Allocate the Name stack */
ctxt->nameTab = (const xmlChar **) xmlMalloc(10 * sizeof(xmlChar *)); ctxt->nameTab = xmlMalloc(initialNodeTabSize * sizeof(xmlChar *));
if (ctxt->nameTab == NULL) if (ctxt->nameTab == NULL)
return(-1); return(-1);
ctxt->nameNr = 0; ctxt->nameNr = 0;
ctxt->nameMax = 10; ctxt->nameMax = initialNodeTabSize;
ctxt->name = NULL; ctxt->name = NULL;
ctxt->nodeInfoTab = NULL; ctxt->nodeInfoTab = NULL;

10
SAX2.c
View File

@ -289,6 +289,11 @@ xmlSAX2ExternalSubset(void *ctx, const xmlChar *name,
const xmlChar *oldencoding; const xmlChar *oldencoding;
unsigned long consumed; unsigned long consumed;
size_t buffered; size_t buffered;
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
int inputMax = 1;
#else
int inputMax = 5;
#endif
/* /*
* Ask the Entity resolver to load the damn thing * Ask the Entity resolver to load the damn thing
@ -316,14 +321,13 @@ xmlSAX2ExternalSubset(void *ctx, const xmlChar *name,
oldencoding = ctxt->encoding; oldencoding = ctxt->encoding;
ctxt->encoding = NULL; ctxt->encoding = NULL;
ctxt->inputTab = (xmlParserInputPtr *) ctxt->inputTab = xmlMalloc(inputMax * sizeof(xmlParserInputPtr));
xmlMalloc(5 * sizeof(xmlParserInputPtr));
if (ctxt->inputTab == NULL) { if (ctxt->inputTab == NULL) {
xmlSAX2ErrMemory(ctxt); xmlSAX2ErrMemory(ctxt);
goto error; goto error;
} }
ctxt->inputNr = 0; ctxt->inputNr = 0;
ctxt->inputMax = 5; ctxt->inputMax = inputMax;
ctxt->input = NULL; ctxt->input = NULL;
if (xmlCtxtPushInput(ctxt, input) < 0) if (xmlCtxtPushInput(ctxt, input) < 0)
goto error; goto error;

7
valid.c
View File

@ -5175,9 +5175,12 @@ fail:
/* /*
* Allocate the stack * Allocate the stack
*/ */
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
ctxt->vstateMax = 8; ctxt->vstateMax = 8;
ctxt->vstateTab = (xmlValidState *) xmlMalloc( #else
ctxt->vstateMax * sizeof(ctxt->vstateTab[0])); ctxt->vstateMax = 1;
#endif
ctxt->vstateTab = xmlMalloc(ctxt->vstateMax * sizeof(ctxt->vstateTab[0]));
if (ctxt->vstateTab == NULL) { if (ctxt->vstateTab == NULL) {
xmlVErrMemory(ctxt); xmlVErrMemory(ctxt);
return(-1); return(-1);

24
xpath.c
View File

@ -957,7 +957,11 @@ xmlXPathNewCompExpr(void) {
if (cur == NULL) if (cur == NULL)
return(NULL); return(NULL);
memset(cur, 0, sizeof(xmlXPathCompExpr)); memset(cur, 0, sizeof(xmlXPathCompExpr));
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
cur->maxStep = 1;
#else
cur->maxStep = 10; cur->maxStep = 10;
#endif
cur->nbStep = 0; cur->nbStep = 0;
cur->steps = (xmlXPathStepOp *) xmlMalloc(cur->maxStep * cur->steps = (xmlXPathStepOp *) xmlMalloc(cur->maxStep *
sizeof(xmlXPathStepOp)); sizeof(xmlXPathStepOp));
@ -5057,15 +5061,18 @@ xmlXPathCompParserContext(xmlXPathCompExprPtr comp, xmlXPathContextPtr ctxt) {
memset(ret, 0 , sizeof(xmlXPathParserContext)); memset(ret, 0 , sizeof(xmlXPathParserContext));
/* Allocate the value stack */ /* Allocate the value stack */
ret->valueTab = (xmlXPathObjectPtr *) #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
xmlMalloc(10 * sizeof(xmlXPathObjectPtr)); ret->valueMax = 1;
#else
ret->valueMax = 10;
#endif
ret->valueTab = xmlMalloc(ret->valueMax * sizeof(xmlXPathObjectPtr));
if (ret->valueTab == NULL) { if (ret->valueTab == NULL) {
xmlFree(ret); xmlFree(ret);
xmlXPathErrMemory(ctxt); xmlXPathErrMemory(ctxt);
return(NULL); return(NULL);
} }
ret->valueNr = 0; ret->valueNr = 0;
ret->valueMax = 10;
ret->value = NULL; ret->value = NULL;
ret->context = ctxt; ret->context = ctxt;
@ -12044,15 +12051,20 @@ xmlXPathRunEval(xmlXPathParserContextPtr ctxt, int toBool)
return(-1); return(-1);
if (ctxt->valueTab == NULL) { if (ctxt->valueTab == NULL) {
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
int valueMax = 1;
#else
int valueMax = 10;
#endif
/* Allocate the value stack */ /* Allocate the value stack */
ctxt->valueTab = (xmlXPathObjectPtr *) ctxt->valueTab = xmlMalloc(valueMax * sizeof(xmlXPathObjectPtr));
xmlMalloc(10 * sizeof(xmlXPathObjectPtr));
if (ctxt->valueTab == NULL) { if (ctxt->valueTab == NULL) {
xmlXPathPErrMemory(ctxt); xmlXPathPErrMemory(ctxt);
return(-1); return(-1);
} }
ctxt->valueNr = 0; ctxt->valueNr = 0;
ctxt->valueMax = 10; ctxt->valueMax = valueMax;
ctxt->value = NULL; ctxt->value = NULL;
} }
#ifdef XPATH_STREAMING #ifdef XPATH_STREAMING