mirror of
https://github.com/xroche/httrack.git
synced 2026-07-16 22:00:45 +03:00
Adds fuzz-htsparse, a libFuzzer harness driving the real htsparse() over a mocked engine: the tag/attribute/JS-inscript scanner, the link rewriter, and the accept -> url_savename -> hts_record_link path that runs on every crawled page, previously reached only by slow full-crawl tests. The parser's coupling is state, not network, so the harness builds the minimal crawl state httpmirror() sets up (opt, cache, hash, filters, robots, backing, a seeded link heap with ptr=1) and walks a NUL-terminated page through the parser, then discards it. Four seeds cover links, srcset, base/meta/usemap, a document.write body, and malformed tags. Clean under ASan+UBSan+LeakSanitizer. Bundles the src/coucal bump to ab59c6a (coucal#13): this harness is the first fuzzer to hash keys through coucal under UBSan, which tripped a pre-existing getblock32 pointer-overflow. Merged past a transient arm64 apt-mirror outage; every code-exercising check (fuzz, sanitize, msan, distcheck, all non-arm64 builds) passed. Signed-off-by: Xavier Roche <roche@httrack.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
14 lines
459 B
HTML
14 lines
459 B
HTML
<html><body>
|
|
<script type="text/javascript">
|
|
var a = "http://x/1.html", b = 'q\'uote', c = "/*not*/comment";
|
|
// line "with" quotes and http://y/2.html
|
|
/* block 'with' <a href="notparsed"> */
|
|
var re = /a\/b\//g;
|
|
document.write('<img src="w1.png">');
|
|
document.writeln("<a href='w2.html'>k</a>");
|
|
element.onclick = "location='onh.html'";
|
|
</script>
|
|
<a href="after.html" onmouseover="go('ev.html')">x</a>
|
|
<div style="background:url(bg.png)">z</div>
|
|
</body></html>
|