1. 25 Oct, 2020 4 commits
  2. 17 Oct, 2020 1 commit
  3. 02 Oct, 2020 1 commit
  4. 29 Sep, 2020 1 commit
  5. 28 Sep, 2020 1 commit
  6. 21 Sep, 2020 4 commits
  7. 18 Sep, 2020 1 commit
  8. 13 Sep, 2020 1 commit
  9. 25 Aug, 2020 3 commits
    • Nick Wellnhofer's avatar
      Limit size of free lists in XML reader when fuzzing · f0fd1b67
      Nick Wellnhofer authored
      Keeping objects on a free list can hide memory errors. Only allow a
      single node on free lists used by the XML reader when fuzzing. This
      should hide fewer errors while still exercising the free list logic.
      f0fd1b67
    • Nick Wellnhofer's avatar
      Fix double free in XML reader with XIncludes · ba589adc
      Nick Wellnhofer authored
      An XInclude with empty fallback could lead to a double free in
      xmlTextReaderRead.
      
      Found by OSS-Fuzz.
      ba589adc
    • Nick Wellnhofer's avatar
      Hardcode maximum XPath recursion depth · 6f1470a5
      Nick Wellnhofer authored
      Always limit nested functions calls to 5000. This avoids call stack
      overflows with deeply nested expressions.
      
      The expression parser produces about 10 nested function calls when
      parsing a subexpression in parentheses, so the effective nesting limit
      is about 500 which should be more than enough.
      
      Use a lower limit when fuzzing to account for increased memory usage
      when using sanitizers.
      6f1470a5
  10. 24 Aug, 2020 3 commits
  11. 21 Aug, 2020 1 commit
  12. 19 Aug, 2020 3 commits
  13. 17 Aug, 2020 4 commits
  14. 16 Aug, 2020 8 commits
  15. 15 Aug, 2020 1 commit
  16. 09 Aug, 2020 3 commits