diff options
| author | Max Moroz <mmoroz@chromium.org> | 2017-10-17 08:19:38 -0700 |
|---|---|---|
| committer | Max Moroz <mmoroz@chromium.org> | 2017-10-17 08:23:25 -0700 |
| commit | 30797e783a31e51fbaee99210be7eb7eac545282 (patch) | |
| tree | ba55ccb7cc0ff38a208c88dcdcc0a800d38598f2 /projects/libxml2 | |
| parent | fffae2ee8f8531e790d0b0e6adac1e15c2cbc06a (diff) | |
| download | oss-fuzz-30797e783a31e51fbaee99210be7eb7eac545282.tar.gz | |
[libxml2] Disable XML_PARSE_HUGE to avoid stack overflow.
Mirror the change from Chromium version:
https://chromium-review.googlesource.com/c/chromium/src/+/720537
This should fix the following bugs:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2336
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2731
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2779
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3245
Diffstat (limited to 'projects/libxml2')
| -rw-r--r-- | projects/libxml2/libxml2_xml_read_memory_fuzzer.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc b/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc index 4ae6035b7..6ef325764 100644 --- a/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc +++ b/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc @@ -25,6 +25,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { const std::size_t data_hash = std::hash<std::string>()(data_string); const int max_option_value = std::numeric_limits<int>::max(); const int random_option_value = data_hash % max_option_value; + + // Disable XML_PARSE_HUGE to avoid stack overflow. + random_option_value &= ~XML_PARSE_HUGE; const int options[] = {0, random_option_value}; for (const auto option_value : options) { |