diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-05-08 17:05:13 +0200 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-05-11 13:27:52 +0200 |
commit | 687a2b719e1252a9ca438460e727a4ca616b6c31 (patch) | |
tree | d9006ef63205a4ce391c1a6c561b240efd0a0e22 | |
parent | c40cbf07a30c264846ad1135a3670535942441f6 (diff) | |
download | libxml2-687a2b719e1252a9ca438460e727a4ca616b6c31.tar.gz |
We don't have test cases with many documents, so set the initial table
size to 1 when fuzzing, so there is a chance to detect reallocation
issues.
-rw-r--r-- | xinclude.c | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -266,7 +266,11 @@ xmlXIncludeNewRef(xmlXIncludeCtxtPtr ctxt, const xmlChar *URI, ret->inc = NULL; if (ctxt->incNr >= ctxt->incMax) { xmlXIncludeRefPtr *tmp; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + size_t newSize = ctxt->incMax ? ctxt->incMax * 2 : 1; +#else size_t newSize = ctxt->incMax ? ctxt->incMax * 2 : 4; +#endif tmp = (xmlXIncludeRefPtr *) xmlRealloc(ctxt->incTab, newSize * sizeof(ctxt->incTab[0])); @@ -1344,7 +1348,11 @@ xmlXIncludeLoadDoc(xmlXIncludeCtxtPtr ctxt, const xmlChar *url, /* Also cache NULL docs */ if (ctxt->urlNr >= ctxt->urlMax) { xmlXIncludeDoc *tmp; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + size_t newSize = ctxt->urlMax ? ctxt->urlMax * 2 : 1; +#else size_t newSize = ctxt->urlMax ? ctxt->urlMax * 2 : 8; +#endif tmp = xmlRealloc(ctxt->urlTab, sizeof(xmlXIncludeDoc) * newSize); if (tmp == NULL) { @@ -1752,7 +1760,11 @@ xmlXIncludeLoadTxt(xmlXIncludeCtxtPtr ctxt, const xmlChar *url, if (ctxt->txtNr >= ctxt->txtMax) { xmlXIncludeTxt *tmp; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + size_t newSize = ctxt->txtMax ? ctxt->txtMax * 2 : 1; +#else size_t newSize = ctxt->txtMax ? ctxt->txtMax * 2 : 8; +#endif tmp = xmlRealloc(ctxt->txtTab, sizeof(xmlXIncludeTxt) * newSize); if (tmp == NULL) { |