Age | Commit message (Collapse) | Author |
|
Add VS2017 to AppVeyor test run
|
|
This requires moving the list of VS versions out of
autotest-appveyor.ps1 and into appveyor.yml.
|
|
Correctly check for error codes and don't run .bat file since it doesn't
work anyway (the variables it sets aren't accessible in PowerShell, and
the path to the script doesn't seem to be the same in VS2017).
|
|
VS2017 project + NuGet support
|
|
Add memory allocation failure test for concact with a very large list
and make sure we have every single axis covered with and without a
predicate, with and without a previous step.
|
|
Apparently only narrow character streams had out of memory coverage -
fix that and also split this into a separate test.
|
|
Cover both char and wchar_t stream loading in a single run instead of
using pugi::char_t.
|
|
Cover more failure cases and simplify the streambuf implementation a
bit.
|
|
Rename partition to partition3 to resolve conflicts with std::partition.
|
|
Add more memory allocation failure tests.
|
|
Adjust the buffer size to be right on the edge of the overflow, make
sure we actually output " instead of ".
|
|
This test triggers flush() condition for each optimized write() method.
|
|
Instead of branching code at each invocation site, use variadic macros
to create a wrapping macro that use snprintf for the buffer of a
statically known size.
Variadic macros are supported by all C++11 compilers, as is snprintf;
on MSVC 2005+ we don't necessarily have snprintf, but we can use
_snprintf_s with _TRUNCATE to get the same behavior. In all other cases
we fall back to sprintf, that (theoretically) can lead to a stack buffer
overflow.
In practice all snprintfs used in pugixml use buffers that should be
large enough to never be overflown but snprintf is safe even if this is
not the case.
|
|
We use references to arrays elsewhere in the codebase and there's just
one caller for this function so it's easier to fix the size.
This will simplify snprintf refactoring.
|
|
use snprintf instead of sprintf
|
|
Improve code coverage
|
|
codecov.io does not seem to support lcov regex customization;
additionally, we can't just replace unreachable with LCOV_LINE_EXCL
in gcov file - so we have to patch the ##### indicator (which suggests
the line hasn't been hit) with 1.
See also https://github.com/codecov/support/issues/144
|
|
Now we can exclude these from code coverage since it's logically
impossible to hit them in tests.
|
|
New tests try to load a folder as an XML document, and a device. Both
are intended to exercise some otherwise non-hittable error paths in
load_file implementation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This adds tests that complete branch coverage in compact pointer
encoding/decoding code (previously first_attribute was always encoded
using compact encoding in the entire test suite).
|
|
This is a followup to 198900eff403982f080958459f1ccb45cdefe9a4.
target_include_directories was introduced in 2.8.12, thus CMake 2.6 no
longer works.
|
|
|
|
|
|
|
|
Integer sanitizer is flagging unsigned integer overflow in several
functions in pugixml; unsigned integer overflow is well defined but it
may not necessarily be intended.
Apart from hash functions, both string_to_integer and integer_to_string
use unsigned overflow - string_to_integer uses it to perform
two-complement negation so that the bulk of the operation can run using
unsigned integers. This makes it possible to simplify overflow checking.
Similarly integer_to_string negates the number before generating a
decimal representation, but negating is impossible without unsigned
overflow or special-casing certain integer limits.
For now just silence the integer overflow using a special attribute;
also move unsigned overflow into string_to_integer from get_value_* so
that we have fewer functions marked with the attribute.
Fixes #133.
|
|
Now the only thing fuzz_setup.sh does is installing new clang; if system
clang supports -fsanitize-coverage then fuzz_setup.sh is not required.
|
|
The script only worked if clang folder was already created.
|
|
|
|
This reverts commit 79109a8546f963d17522d75112cffcfd8cbe35fc.
This warning does not happen on gcc-4.8.4; the workaround introduces an
unsigned integer overflow which results in a runtime error when compiled
with integer sanitizer.
|
|
This triggers a runtime error under integer sanitizer
|
|
This was triggering an buffer read overflow with asan.
|
|
|
|
Silence g++ 7.0.1 -Wimplicit-fallthrough warnings
|
|
This is accomplished by putting a // fallthrough
comment at the right place.
This seems to be more portable than an attribute-based
solution like [[fallthrough]] or __attribute__((fallthrough)).
|
|
Instead of a separate implementation for find/insert, use just one that
can do both. This reduces the code size and simplifies code coverage;
the resulting code is close to what we had in terms of performance and
since hash table is a fall back should not affect any real workloads.
|
|
Improve fuzzing support
|
|
Make the file executable, fix Windows newlines and fix clang setup.
|
|
Hopefully this will allow for better fuzzing coverage
|
|
Only fuzz the parser for now.
|
|
This downloads a clang build that has support for instrumentation, and also
downloads and compiles libFuzzer.a.
|
|
This allows us to have faster fuzz cycles since the fuzzer is in-process.
|
|
This should make the test fail on a 32-bit target.
|
|
|