Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2018-07-25 | xplist: Fix typo in error message | Bastien Nocera | 1 | -1/+1 | |
2018-07-24 | libcnary: Fix memleak in node_debug() | Bastien Nocera | 1 | -0/+1 | |
An iter was created but never destroyed. | |||||
2017-06-08 | configure: Allow building with sanitizers (without fuzzers) | Nikias Bassen | 1 | -10/+35 | |
Passing --with-sanitizers will enable building with available sanitizers. Passing --with-fuzzers will enable building fuzzers which will also imply --with-sanitizers. | |||||
2017-05-31 | bplist: Prevent store to misaligned address when writing real/date nodes | Nikias Bassen | 1 | -9/+9 | |
ASAN reported possible undefined behaviour when writing float/double values to misaligned addresses. | |||||
2017-05-31 | fuzz: Add some more crash samples reported via github issues. | Nikias Bassen | 15 | -0/+0 | |
2017-05-30 | fuzz: Add crash/leak samples from OSS-Fuzz | Nikias Bassen | 16 | -0/+10299 | |
2017-05-30 | fuzz: Move known crash/leak samples to per-fuzzer directories | Nikias Bassen | 18 | -2/+2 | |
2017-05-29 | fuzz: Add appropriate -max_len to fuzzers for testing | Nikias Bassen | 1 | -2/+2 | |
2017-05-29 | Prefer clang/clang++ over gcc/g++ (if installed) | Nikias Bassen | 1 | -0/+9 | |
2017-05-29 | Integrate fuzzers into build system | Nikias Bassen | 6 | -1/+175 | |
2017-05-29 | fuzz: Add some known previously crashing test cases | Nikias Bassen | 17 | -0/+164 | |
2017-05-29 | bplist: Work around misaligned reads reported by AddressSanitizer | Nikias Bassen | 1 | -3/+3 | |
These misaligned reads reported by ASAN might lead to undefined behavior. | |||||
2017-04-25 | Add fuzzing targets for libFuzzer used by Google's OSS-Fuzz | Nikias Bassen | 6 | -0/+122 | |
2017-04-20 | Updated NEWS for release2.0.0 | Nikias Bassen | 1 | -0/+30 | |
2017-04-20 | Updated AUTHORS from commit history | Nikias Bassen | 1 | -1/+6 | |
2017-04-20 | Bump version to 2.0.0 for release | Nikias Bassen | 1 | -1/+1 | |
2017-04-20 | Bump so version due to added functions to interface | Nikias Bassen | 1 | -1/+1 | |
2017-04-20 | build: Fix check for previously installed cython bindings | Nikias Bassen | 1 | -0/+1 | |
Due to the removal of pkg-config check for libxml2, $PKG_CONFIG was not defined and a check for libplist's include dir via pkg-config failed. By invoking PKG_PROG_PKG_CONFIG $PKG_CONFIG will be defined and the check works again. | |||||
2017-04-20 | build: Make sure plist.pxd is included in tarballs | Christophe Fergeau | 1 | -3/+2 | |
When generating a tarball on a system without cython installed, plist.pxd was missing, causing build failures later on when trying to use cython. This seems to be caused by EXTRA_DIST being inside a if HAVE_CYTHON block rather than being outside of it. | |||||
2017-04-20 | autofoo: Ensure that 'make distcheck' doesn't fail when cython is not installed | Christophe Fergeau | 2 | -6/+5 | |
2017-04-20 | test: Rename dates.test output files so the get removed upon 'make distclean' | Christophe Fergeau | 1 | -2/+2 | |
2017-04-20 | test: Add missing test files to Makefile.am/EXTRA_DIST | Christophe Fergeau | 1 | -1/+42 | |
2017-04-20 | bplist: Fix missing break in switch statement in plist_to_bin() | Nikias Bassen | 1 | -0/+1 | |
Credit to Christophe Fergeau | |||||
2017-04-20 | bplist: Suppress compiler warnings with proper casts | Nikias Bassen | 1 | -3/+3 | |
2017-04-20 | cython: Remove references to libxml2 flags from Makefile.am | Nikias Bassen | 1 | -2/+2 | |
2017-04-20 | test: Fix wrong filename in EXTRA_DIST entry of Makefile.am | Nikias Bassen | 1 | -1/+1 | |
2017-04-19 | bplist: Fix integer overflow check (offset table size) | Nikias Bassen | 1 | -3/+17 | |
2017-04-14 | Initialize safe_year in time64.c | Greg Dennis | 1 | -2/+2 | |
Clang fails with stricter compilation options, because it thinks safe_year may be uninitialized at the return statement. The logic prevents it from being uninitialized, but probably worth the initialization to avoid the compiler error. The rest of libimobiledevice compiles successfully under the same options. | |||||
2017-04-06 | Update time64_limits.h | Greg Dennis | 1 | -0/+2 | |
This depends on the 'tm' type being declared, which is defined in time.h. | |||||
2017-04-02 | xplist: Plug another memory leak | Nikias Bassen | 1 | -0/+3 | |
Credit to OSS-Fuzz | |||||
2017-03-29 | xplist: Prevent memory leak(s) when parsing fails | Nikias Bassen | 1 | -2/+2 | |
Credit to OSS-Fuzz | |||||
2017-03-29 | xplist: Make XML parsing non-recursive to prevent stack overflow on ↵ | Nikias Bassen | 1 | -79/+103 | |
deep-structured plists Credit to OSS-Fuzz | |||||
2017-03-28 | libcnary: Remove unused 'node' parameter from node_list_create() | Nikias Bassen | 3 | -3/+3 | |
2017-03-26 | bplist: Make sure sanity checks work on 32bit platforms | Nikias Bassen | 1 | -10/+14 | |
Because on 32-bit platforms 32-bit pointers and 64-bit sizes have been used for the sanity checks of the offset table and object references, the range checks would fail in certain interger-overflowish situations, causing heap buffer overflows or other unwanted behavior. Fixed by wideing the operands in question to 64-bit. | |||||
2017-03-18 | autocconf: Add android exception for pthread detection | Nikias Bassen | 1 | -2/+2 | |
2017-02-18 | base64: Prevent undefined shift when parsing invalid base64 encoded data | Nikias Bassen | 1 | -3/+3 | |
Credit to OSS-Fuzz | |||||
2017-02-15 | xplist: Improve writing of large PLIST_DATA nodes by growing buffer in advance | Nikias Bassen | 4 | -3/+11 | |
Instead of letting the buffer grow by just the amount of bytes currently transformed to base64 - which is basically line by line - we now calculate the size of the output blob in advance and grow the buffer accordingly. This will reduce the amount of reallocs to just one, which is especially important for large data blobs. While this is a general improvement for all platforms, it is on platforms like Windows where realloc() can be REALLY slow; converting a 20mb blob to XML can easily take up to a minute (due to the several hundred thousand calls to realloc()). With this commit, it will be fast again. | |||||
2017-02-10 | bplist: Fix data range check for string/data/dict/array nodes | Nikias Bassen | 1 | -6/+6 | |
Passing a size of 0xFFFFFFFFFFFFFFFF to parse_string_node() might result in a memcpy with a size of -1, leading to undefined behavior. This commit makes sure that the actual node data (which depends on the size) is in the range start_of_object..start_of_object+size. Credit to OSS-Fuzz | |||||
2017-02-10 | bplist: Fix integer overflow resulting in OOB heap buffer read | Nikias Bassen | 1 | -0/+5 | |
Credit to OSS-Fuzz | |||||
2017-02-09 | xplist: Fix OOB heap buffer read with empty data nodes | Nikias Bassen | 1 | -2/+4 | |
Credit to OSS-Fuzz | |||||
2017-02-09 | bplist: Make sure to detect integer overflow when handling unicode node size | Nikias Bassen | 1 | -0/+4 | |
Credit to OSS-Fuzz | |||||
2017-02-09 | xplist: Prevent assert when parsing CF$UID dict with invalid value node | Nikias Bassen | 1 | -0/+5 | |
Credit to OSS-Fuzz | |||||
2017-02-08 | xplist: Use proper variable size for integer from string parsing | Nikias Bassen | 1 | -2/+2 | |
2017-02-07 | plist: Fix assert() to allow 16 or 8 byte integer sizes (16 bytes = unsigned ↵ | Nikias Bassen | 1 | -1/+1 | |
integer) Credit to Wang Junjie <zhunkibatu@gmail.com> (#90) Credit to OSS-Fuzz | |||||
2017-02-07 | bplist: Properly handle some more malloc() failure situations | Nikias Bassen | 1 | -3/+18 | |
2017-02-07 | bplist: Make sure to bail out if malloc() fails in parse_unicode_node() | Nikias Bassen | 1 | -0/+5 | |
Credit to OSS-Fuzz | |||||
2017-02-07 | bplist: Make sure to bail out if malloc() fails in parse_data_node() | Nikias Bassen | 1 | -0/+5 | |
Credit to OSS-Fuzz | |||||
2017-02-07 | bplist: Make sure to bail out if malloc() fails in parse_string_node() | Nikias Bassen | 1 | -0/+5 | |
Credit to Wang Junjie <zhunkibatu@gmail.com> (#93) | |||||
2017-02-07 | xplist: Prevent some more strncmp related OOB reads | Nikias Bassen | 1 | -4/+4 | |
2017-02-07 | xplist: Really fix OOB read when parsing DOCTYPE | Nikias Bassen | 1 | -1/+1 | |