On Mon, Jun 27, 2022 at 6:14 AM Nick Wellnhofer <wellnho...@aevum.de> wrote:
> On 24/06/2022 21:48, enh via xml wrote: > > did anyone report > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43743 > > <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43743> to > libxml2 directly? > > No, this wasn't reported. For now, these issues should be reported to the > libxml2 bug tracker. That said, I will resubscribe to OSS-Fuzz soon and > handle > new issues directly. > (sorry, your reply got stuck in gmail's spam filter :-( ) heh, the reason i found this in my spam filter is that i was hassling our oss-fuzz people and asking why they were only sending these bugs to a bunch of browser vendors rather than to you, who might actually be able to do something about them, and they wanted me to ask you whether you wanted to be in the config. sounds like you're already on top of things and they'll get their pull request when you have time anyway :-) > > sadly, it looks like there are actually a bunch of fuzzer-found bugs > that may > > never have been reported upstream? (i haven't checked; i'm just > guessing.) see > > https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libxml2&can=2 > > <https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libxml2&can=2> for > example. > > Most of the timeout and OOM issues are hard to fix. I'll try to address > some > of them in the next months. > yeah, the ones that get me (with Android non-third-party code where i have to _fix_ things rather than just cherrypick other people's fixes) are the stack overflows on large inputs. i really need to find out how to tell the _fuzzer_ i don't care rather than having to close bugs manually all the time! > Nick >
_______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml
