Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[22843]+[22844] Solve fuzz XMLParser Null-dereference #5668

Merged
merged 2 commits into from
Mar 5, 2025
Merged

[22843]+[22844] Solve fuzz XMLParser Null-dereference #5668

merged 2 commits into from
Mar 5, 2025

Conversation

juanjo4936
Copy link
Contributor

@juanjo4936 juanjo4936 commented Feb 27, 2025
edited
Loading

Description

This PR solves two Null-dereference issues from the XMLParser found in oss-fuzz. Added regression test, and fixed by adding an error message preventing an empty map to be built.

@Mergifyio backport 3.1.x 2.14.x 2.10.x

Contributor Checklist

  • Commit messages follow the project guidelines.
  • The code follows the style guidelines of this project.
  • Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
  • N/A Any new/modified methods have been properly documented using Doxygen.
  • N/A Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
  • Changes are backport compatible: they do NOT break ABI nor change library core behavior.
  • Changes are API compatible.
  • N/A New feature has been added to the versions.md file (if applicable).
  • N/A New feature has been documented/Current behavior is correctly described in the documentation.
  • Applicable backports have been included in the description.

Reviewer Checklist

  • The PR has a milestone assigned.
  • The title and description correctly express the PR's purpose.
  • Check contributor checklist is correct.
  • If this is a critical bug fix, backports to the critical-only supported branches have been requested.
  • Check CI results: changes do not issue any warning.
  • Check CI results: failing tests are unrelated with the changes.

@github-actions github-actions bot added the ci-pending PR which CI is running label Feb 27, 2025
@juanjo4936
Refs 22843+22844: Fix
d9ee40e 
Signed-off-by: Juanjo Garcia <[email protected]>
@juanjo4936 juanjo4936 marked this pull request as ready for review March 3, 2025 09:48
@juanjo4936 juanjo4936 modified the milestones: v3.2.0, v3.3.0 Mar 3, 2025
@juanjo4936 juanjo4936 requested review from richiprosima and removed request for richiprosima March 3, 2025 09:51
@juanjo4936 juanjo4936 merged commit dc26c40 into master Mar 5, 2025
17 checks passed
@juanjo4936 juanjo4936 deleted the fix/fuzz_39 branch March 5, 2025 07:26
@juanjo4936
Copy link
Contributor Author

https://github.com/Mergifyio backport 3.1.x 2.14.x 2.10.x

@mergify Mergify
Copy link
Contributor

mergify bot commented Mar 5, 2025
edited
Loading

backport 3.1.x 2.14.x 2.10.x

✅ Backports have been created

mergify bot pushed a commit that referenced this pull request Mar 5, 2025
@juanjo4936 @mergify
Solve fuzz XMLParser Null-dereference (#5668)
5b3df97 
* Refs 22843+22844: Regression test

Signed-off-by: Juanjo Garcia <[email protected]>

* Refs 22843+22844: Fix

Signed-off-by: Juanjo Garcia <[email protected]>

---------

Signed-off-by: Juanjo Garcia <[email protected]>
(cherry picked from commit dc26c40)
@mergify mergify bot mentioned this pull request Mar 5, 2025
Merged
12 tasks
mergify bot pushed a commit that referenced this pull request Mar 5, 2025
@juanjo4936 @mergify
Solve fuzz XMLParser Null-dereference (#5668)
b497dfe 
* Refs 22843+22844: Regression test

Signed-off-by: Juanjo Garcia <[email protected]>

* Refs 22843+22844: Fix

Signed-off-by: Juanjo Garcia <[email protected]>

---------

Signed-off-by: Juanjo Garcia <[email protected]>
(cherry picked from commit dc26c40)

# Conflicts:
#	src/cpp/xmlparser/XMLDynamicParser.cpp
#	test/unittest/xmlparser/XMLParserTests.cpp
mergify bot pushed a commit that referenced this pull request Mar 5, 2025
@juanjo4936 @mergify
Solve fuzz XMLParser Null-dereference (#5668)
9c8d43e 
* Refs 22843+22844: Regression test

Signed-off-by: Juanjo Garcia <[email protected]>

* Refs 22843+22844: Fix

Signed-off-by: Juanjo Garcia <[email protected]>

---------

Signed-off-by: Juanjo Garcia <[email protected]>
(cherry picked from commit dc26c40)

# Conflicts:
#	src/cpp/xmlparser/XMLDynamicParser.cpp
#	test/unittest/xmlparser/XMLParserTests.cpp
This was referenced Mar 5, 2025
Open
Open
juanjo4936 added a commit that referenced this pull request Mar 6, 2025
@mergify @juanjo4936
Solve fuzz XMLParser Null-dereference (#5668) (#5683)
735a643 
* Refs 22843+22844: Regression test

Signed-off-by: Juanjo Garcia <[email protected]>

* Refs 22843+22844: Fix

Signed-off-by: Juanjo Garcia <[email protected]>

---------

Signed-off-by: Juanjo Garcia <[email protected]>
(cherry picked from commit dc26c40)

Co-authored-by: juanjo4936 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Carlosespicur Carlosespicur Carlosespicur approved these changes

@richiprosima richiprosima Awaiting requested review from richiprosima

Assignees
No one assigned
Labels
ci-pending PR which CI is running
Projects
None yet
Milestone
v3.2.0
Development

Successfully merging this pull request may close these issues.
2 participants
@juanjo4936 @Carlosespicur