summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-05-30fuzz: Move known crash/leak samples to per-fuzzer directoriesGravatar Nikias Bassen18-2/+2
2017-05-29fuzz: Add appropriate -max_len to fuzzers for testingGravatar Nikias Bassen1-2/+2
2017-05-29Prefer clang/clang++ over gcc/g++ (if installed)Gravatar Nikias Bassen1-0/+9
2017-05-29Integrate fuzzers into build systemGravatar Nikias Bassen6-1/+175
2017-05-29fuzz: Add some known previously crashing test casesGravatar Nikias Bassen17-0/+164
2017-05-29bplist: Work around misaligned reads reported by AddressSanitizerGravatar Nikias Bassen1-3/+3
These misaligned reads reported by ASAN might lead to undefined behavior.
2017-04-25Add fuzzing targets for libFuzzer used by Google's OSS-FuzzGravatar Nikias Bassen6-0/+122
2017-04-20Updated NEWS for release2.0.0Gravatar Nikias Bassen1-0/+30
2017-04-20Updated AUTHORS from commit historyGravatar Nikias Bassen1-1/+6
2017-04-20Bump version to 2.0.0 for releaseGravatar Nikias Bassen1-1/+1
2017-04-20Bump so version due to added functions to interfaceGravatar Nikias Bassen1-1/+1
2017-04-20build: Fix check for previously installed cython bindingsGravatar Nikias Bassen1-0/+1
Due to the removal of pkg-config check for libxml2, $PKG_CONFIG was not defined and a check for libplist's include dir via pkg-config failed. By invoking PKG_PROG_PKG_CONFIG $PKG_CONFIG will be defined and the check works again.
2017-04-20build: Make sure plist.pxd is included in tarballsGravatar Christophe Fergeau1-3/+2
When generating a tarball on a system without cython installed, plist.pxd was missing, causing build failures later on when trying to use cython. This seems to be caused by EXTRA_DIST being inside a if HAVE_CYTHON block rather than being outside of it.
2017-04-20autofoo: Ensure that 'make distcheck' doesn't fail when cython is not installedGravatar Christophe Fergeau2-6/+5
2017-04-20test: Rename dates.test output files so the get removed upon 'make distclean'Gravatar Christophe Fergeau1-2/+2
2017-04-20test: Add missing test files to Makefile.am/EXTRA_DISTGravatar Christophe Fergeau1-1/+42
2017-04-20bplist: Fix missing break in switch statement in plist_to_bin()Gravatar Nikias Bassen1-0/+1
Credit to Christophe Fergeau
2017-04-20bplist: Suppress compiler warnings with proper castsGravatar Nikias Bassen1-3/+3
2017-04-20cython: Remove references to libxml2 flags from Makefile.amGravatar Nikias Bassen1-2/+2
2017-04-20test: Fix wrong filename in EXTRA_DIST entry of Makefile.amGravatar Nikias Bassen1-1/+1
2017-04-19bplist: Fix integer overflow check (offset table size)Gravatar Nikias Bassen1-3/+17
2017-04-14Initialize safe_year in time64.cGravatar Greg Dennis1-2/+2
Clang fails with stricter compilation options, because it thinks safe_year may be uninitialized at the return statement. The logic prevents it from being uninitialized, but probably worth the initialization to avoid the compiler error. The rest of libimobiledevice compiles successfully under the same options.
2017-04-06Update time64_limits.hGravatar Greg Dennis1-0/+2
This depends on the 'tm' type being declared, which is defined in time.h.
2017-04-02xplist: Plug another memory leakGravatar Nikias Bassen1-0/+3
Credit to OSS-Fuzz
2017-03-29xplist: Prevent memory leak(s) when parsing failsGravatar Nikias Bassen1-2/+2
Credit to OSS-Fuzz
2017-03-29xplist: Make XML parsing non-recursive to prevent stack overflow on ↵Gravatar Nikias Bassen1-79/+103
deep-structured plists Credit to OSS-Fuzz
2017-03-28libcnary: Remove unused 'node' parameter from node_list_create()Gravatar Nikias Bassen3-3/+3
2017-03-26bplist: Make sure sanity checks work on 32bit platformsGravatar Nikias Bassen1-10/+14
Because on 32-bit platforms 32-bit pointers and 64-bit sizes have been used for the sanity checks of the offset table and object references, the range checks would fail in certain interger-overflowish situations, causing heap buffer overflows or other unwanted behavior. Fixed by wideing the operands in question to 64-bit.
2017-03-18autocconf: Add android exception for pthread detectionGravatar Nikias Bassen1-2/+2
2017-02-18base64: Prevent undefined shift when parsing invalid base64 encoded dataGravatar Nikias Bassen1-3/+3
Credit to OSS-Fuzz
2017-02-15xplist: Improve writing of large PLIST_DATA nodes by growing buffer in advanceGravatar Nikias Bassen4-3/+11
Instead of letting the buffer grow by just the amount of bytes currently transformed to base64 - which is basically line by line - we now calculate the size of the output blob in advance and grow the buffer accordingly. This will reduce the amount of reallocs to just one, which is especially important for large data blobs. While this is a general improvement for all platforms, it is on platforms like Windows where realloc() can be REALLY slow; converting a 20mb blob to XML can easily take up to a minute (due to the several hundred thousand calls to realloc()). With this commit, it will be fast again.
2017-02-10bplist: Fix data range check for string/data/dict/array nodesGravatar Nikias Bassen1-6/+6
Passing a size of 0xFFFFFFFFFFFFFFFF to parse_string_node() might result in a memcpy with a size of -1, leading to undefined behavior. This commit makes sure that the actual node data (which depends on the size) is in the range start_of_object..start_of_object+size. Credit to OSS-Fuzz
2017-02-10bplist: Fix integer overflow resulting in OOB heap buffer readGravatar Nikias Bassen1-0/+5
Credit to OSS-Fuzz
2017-02-09xplist: Fix OOB heap buffer read with empty data nodesGravatar Nikias Bassen1-2/+4
Credit to OSS-Fuzz
2017-02-09bplist: Make sure to detect integer overflow when handling unicode node sizeGravatar Nikias Bassen1-0/+4
Credit to OSS-Fuzz
2017-02-09xplist: Prevent assert when parsing CF$UID dict with invalid value nodeGravatar Nikias Bassen1-0/+5
Credit to OSS-Fuzz
2017-02-08xplist: Use proper variable size for integer from string parsingGravatar Nikias Bassen1-2/+2
2017-02-07plist: Fix assert() to allow 16 or 8 byte integer sizes (16 bytes = unsigned ↵Gravatar Nikias Bassen1-1/+1
integer) Credit to Wang Junjie <zhunkibatu@gmail.com> (#90) Credit to OSS-Fuzz
2017-02-07bplist: Properly handle some more malloc() failure situationsGravatar Nikias Bassen1-3/+18
2017-02-07bplist: Make sure to bail out if malloc() fails in parse_unicode_node()Gravatar Nikias Bassen1-0/+5
Credit to OSS-Fuzz
2017-02-07bplist: Make sure to bail out if malloc() fails in parse_data_node()Gravatar Nikias Bassen1-0/+5
Credit to OSS-Fuzz
2017-02-07bplist: Make sure to bail out if malloc() fails in parse_string_node()Gravatar Nikias Bassen1-0/+5
Credit to Wang Junjie <zhunkibatu@gmail.com> (#93)
2017-02-07xplist: Prevent some more strncmp related OOB readsGravatar Nikias Bassen1-4/+4
2017-02-07xplist: Really fix OOB read when parsing DOCTYPEGravatar Nikias Bassen1-1/+1
2017-02-07xplist: unescape_entities(): Make sure text part buffer is null terminated ↵Gravatar Nikias Bassen1-0/+1
after strncpy
2017-02-07xplist: Fix OOB read when parsing DOCTYPEGravatar Nikias Bassen1-1/+1
2017-02-07xplist: Also fix OOB read in find_char() and find_str() functionsGravatar Nikias Bassen1-0/+8
2017-02-07xplist: Prevent OOB read in two more casesGravatar Nikias Bassen1-0/+10
2017-02-07xplist: Fix OOB read when parsing double quotesGravatar Nikias Bassen1-0/+4
2017-02-07xplist: Fix OOB read when parsing node text contentGravatar Nikias Bassen1-1/+1