Closed schwehr closed 4 years ago
#1 0x55c93e9e2bd5 in coda_mem_record_new third_party/stcorp_coda/libcoda/coda-mem-type.c:438:31 -- | #2 0x55c93e9e3d6a in create_attributes_record third_party/stcorp_coda/libcoda/coda-mem-type.c:255:49 | #3 0x55c93e9e51f9 in coda_mem_data_new third_party/stcorp_coda/libcoda/coda-mem-type.c:834:13 | #4 0x55c93e9e2a8d in coda_mem_string_new third_party/stcorp_coda/libcoda/coda-mem-type.c:936:12 | #5 0x55c93e9e1214 in coda_mem_type_update third_party/stcorp_coda/libcoda/coda-mem-type.c:145:41 | #6 0x55c93e9e1426 in coda_mem_type_update third_party/stcorp_coda/libcoda/coda-mem-type.c:212:25 | #7 0x55c93e9e1960 in coda_mem_type_update third_party/stcorp_coda/libcoda/coda-mem-type.c:199:29 | #8 0x55c93ea47086 in start_element_handler third_party/stcorp_coda/libcoda/coda-xml-parser.c:388:17 | #9 0x55c93ea6e145 in doContent third_party/expat/lib/xmlparse.c:2755:9 | #10 0x55c93ea65c18 in contentProcessor third_party/expat/lib/xmlparse.c:2445:9 | #11 0x55c93ea618fb in doProlog third_party/expat/lib/xmlparse.c:4371:14 | #12 0x55c93ea5b0aa in prologProcessor third_party/expat/lib/xmlparse.c:4094:10 | #13 0x55c93ea5ad8e in prologInitProcessor third_party/expat/lib/xmlparse.c:3920:10 | #14 0x55c93ea58e94 in XML_ParseBuffer third_party/expat/lib/xmlparse.c:1893:25 | #15 0x55c93ea57ae2 in XML_Parse third_party/expat/lib/xmlparse.c:1857:14 | #16 0x55c93ea45b7f in coda_xml_parse third_party/stcorp_coda/libcoda/coda-xml-parser.c:840:18 | #17 0x55c93ea44d65 in coda_xml_reopen third_party/stcorp_coda/libcoda/coda-xml.c:77:9 | #18 0x55c93e9f00db in reopen_with_backend third_party/stcorp_coda/libcoda/coda-product.c:368:17 | #19 0x55c93e9ecef8 in open_file third_party/stcorp_coda/libcoda/coda-product.c:552:9 | #20 0x55c93e9ec83a in coda_recognize_file third_party/stcorp_coda/libcoda/coda-product.c:596:9 | #21 0x55c93e902791 in LLVMFuzzerTestOneInput third_party/stcorp_coda/fuzz/coda_recognize_file_fuzzer.cc:19:3
testcase:
<?xmll?><N><NDF N=''/><NDF>></NDF><O>
Adding a print here:
static void XMLCALL start_element_handler(void *data, const char *el, const char **attr) { fprintf(stderr, "el: '%s'\n", el);
gives:
el: 'N' el: 'NDF' el: 'NDF' el: 'O' el: 'N' el: 'NDF' el: 'NDF' el: 'O'
testcase-minimized-6188710974717952.zip
Fixed in 196c6a5715b93c62bab3e0081087de84fe03153d
Verified
testcase:
Adding a print here:
gives:
testcase-minimized-6188710974717952.zip