• Home
Name Date Size #Lines LOC

..--

static_seed/04-Jul-2025-

.gitignoreD04-Jul-202597 1615

Makefile.amD04-Jul-20255.7 KiB240173

README.mdD04-Jul-20251.5 KiB4835

api.cD04-Jul-2025107.6 KiB3,5952,946

fuzz.cD04-Jul-202510.5 KiB501315

fuzz.hD04-Jul-20252.3 KiB13496

genSeed.cD04-Jul-202513.3 KiB523417

html.cD04-Jul-20256.5 KiB224162

html.dictD04-Jul-20252.8 KiB125118

lint.cD04-Jul-20254.7 KiB234173

oss-fuzz-build.shD04-Jul-20251.4 KiB6344

reader.cD04-Jul-202514.9 KiB556451

reader.optionsD04-Jul-202528 32

regexp.cD04-Jul-20251.1 KiB5235

regexp.dictD04-Jul-20256.5 KiB156151

schema.cD04-Jul-20251.1 KiB5134

schema.dictD04-Jul-20252 KiB5648

testFuzzer.cD04-Jul-20256.2 KiB250213

uri.cD04-Jul-20252.7 KiB10575

valid.cD04-Jul-20253.9 KiB12897

valid.optionsD04-Jul-202528 32

xinclude.cD04-Jul-20252.5 KiB9270

xinclude.optionsD04-Jul-202528 32

xml.cD04-Jul-20257.2 KiB251186

xml.dictD04-Jul-20253.9 KiB122104

xpath.cD04-Jul-20251.8 KiB7550

xpath.dictD04-Jul-20251.6 KiB9579

README.md

1libFuzzer instructions for libxml2
2==================================
3
4Set compiler and options. Make sure to enable at least basic optimizations
5to avoid excessive stack usage. Also enable some debug output to get
6meaningful stack traces.
7
8    export CC=clang
9    export CFLAGS=" \
10        -O1 -gline-tables-only \
11        -fsanitize=fuzzer-no-link,address,undefined \
12        -fno-sanitize-recover=all \
13        -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"
14
15Other options that can improve stack traces:
16
17    -fno-omit-frame-pointer
18    -fno-inline
19    -fno-optimize-sibling-calls (disables tail call optimization)
20
21Build libxml2 with instrumentation:
22
23    ./configure --without-python
24    make
25
26Run fuzzers:
27
28    make -C fuzz fuzz-xml
29
30The environment variable XML_FUZZ_OPTIONS can be used to pass additional
31flags to the fuzzer.
32
33Malloc failure injection
34------------------------
35
36Most fuzzers inject malloc failures to cover code paths handling these
37errors. This can lead to surprises when debugging crashes. You can set
38the macro XML_FUZZ_MALLOC_ABORT in fuzz/fuzz.c to make the fuzz target
39abort at the malloc invocation which would fail. This tells you if
40and where a malloc failure was injected.
41
42Some fuzzers also test whether malloc failures are reported. To debug
43failures which aren't reported, it's helpful to enable
44XML_FUZZ_MALLOC_ABORT to see which allocation failed. Debugging
45failures which are erroneously reported can be harder. If the report
46goes through xmlRaiseMemoryError, you can abort() there to get a
47stack trace.
48