On 24/06/2022 21:48, enh via xml wrote:
did anyone report https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43743 <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43743> to libxml2 directly?
No, this wasn't reported. For now, these issues should be reported to the libxml2 bug tracker. That said, I will resubscribe to OSS-Fuzz soon and handle new issues directly.
sadly, it looks like there are actually a bunch of fuzzer-found bugs that may never have been reported upstream? (i haven't checked; i'm just guessing.) see https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libxml2&can=2 <https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libxml2&can=2> for example.
Most of the timeout and OOM issues are hard to fix. I'll try to address some of them in the next months.
Nick _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml