Name Date Size #Lines LOC

..--

static_seed/H25-Apr-2025-

.gitignoreH A D25-Apr-202597 1615

Makefile.amH A D25-Apr-20255.7 KiB240173

README.mdH A D25-Apr-20251.5 KiB4835

api.cH A D25-Apr-2025107.5 KiB3,5922,943

fuzz.cH A D25-Apr-202510.3 KiB482297

fuzz.hH A D25-Apr-20252.3 KiB13194

genSeed.cH A D25-Apr-202513 KiB515411

html.cH A D25-Apr-20253.4 KiB12485

html.dictH A D25-Apr-20252.8 KiB125118

lint.cH A D25-Apr-20254.3 KiB214173

oss-fuzz-build.shH A D25-Apr-20251.3 KiB5940

reader.cH A D25-Apr-202514.9 KiB556451

reader.optionsH A D25-Apr-202528 32

regexp.cH A D25-Apr-20251.1 KiB5235

regexp.dictH A D25-Apr-20256.5 KiB156151

schema.cH A D25-Apr-20251.1 KiB5134

schema.dictH A D25-Apr-20252 KiB5648

testFuzzer.cH A D25-Apr-20256.2 KiB250213

uri.cH A D25-Apr-20252.7 KiB10474

valid.cH A D25-Apr-20253.5 KiB12092

valid.optionsH A D25-Apr-202528 32

xinclude.cH A D25-Apr-20252.3 KiB8967

xinclude.optionsH A D25-Apr-202528 32

xml.cH A D25-Apr-20253.4 KiB12493

xml.dictH A D25-Apr-20253.9 KiB122104

xpath.cH A D25-Apr-20251.9 KiB7651

xpath.dictH A D25-Apr-20251.6 KiB9579

README.md

1libFuzzer instructions for libxml2
2==================================
3
4Set compiler and options. Make sure to enable at least basic optimizations
5to avoid excessive stack usage. Also enable some debug output to get
6meaningful stack traces.
7
8    export CC=clang
9    export CFLAGS=" \
10        -O1 -gline-tables-only \
11        -fsanitize=fuzzer-no-link,address,undefined \
12        -fno-sanitize-recover=all \
13        -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"
14
15Other options that can improve stack traces:
16
17    -fno-omit-frame-pointer
18    -fno-inline
19    -fno-optimize-sibling-calls (disables tail call optimization)
20
21Build libxml2 with instrumentation:
22
23    ./configure --without-python
24    make
25
26Run fuzzers:
27
28    make -C fuzz fuzz-xml
29
30The environment variable XML_FUZZ_OPTIONS can be used to pass additional
31flags to the fuzzer.
32
33Malloc failure injection
34------------------------
35
36Most fuzzers inject malloc failures to cover code paths handling these
37errors. This can lead to surprises when debugging crashes. You can set
38the macro XML_FUZZ_MALLOC_ABORT in fuzz/fuzz.c to make the fuzz target
39abort at the malloc invocation which would fail. This tells you if
40and where a malloc failure was injected.
41
42Some fuzzers also test whether malloc failures are reported. To debug
43failures which aren't reported, it's helpful to enable
44XML_FUZZ_MALLOC_ABORT to see which allocation failed. Debugging
45failures which are erroneously reported can be harder. If the report
46goes through xmlRaiseMemoryError, you can abort() there to get a
47stack trace.
48