Missing -maxmem Sanity Check on parseAndPrintFile
Hello,
We are currently working on a new fuzz testing feature, and we found a crash in xmllint.
Step to Reproduce
We configured and built zlib using CFLAGS="-g -O0 -fPIC" ./configure --static and make
and configured xmllint using CFLAGS="-g -O0" ./configure --with-zlib=${ZLIB_PATH} and built using make,
and run it with:
./xmllint -maxmem 0 --push --nofixup-base-uris <attached_file> --insert --repeat --memoryAttachment: poc_0003.txt
Environment
- OS: Ubuntu 18.04.4 LTS
- Compiler: gcc 7.5.0
- libxml2 version: 2.9.10 (ftp://xmlsoft.org/libxml2/libxml2-sources-2.9.10.tar.gz)
- zlib version: 1.2.11 (https://www.zlib.net/zlib-1.2.11.tar.xz)
Additional context
It seems that the current behavior of xmllint does not sanity check the -maxmem 0 flag.
Here's the stack trace: stack_trace_0003.txt
Program received signal SIGSEGV, Segmentation fault.
0x0000000000409765 in parseAndPrintFile ()
#0 0x0000000000409765 in parseAndPrintFile ()
#1 0x0000000000412531 in main ()Thank you.