The symptom was:
> [..]/expat/fuzz/xml_parse_fuzzer.c:68:40: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 68 | XML_Parse(p, (const XML_Char *)data, size, 0);
> | ^
> [..]/expat/fuzz/xml_parse_fuzzer.c:69:44: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 69 | if (XML_Parse(p, (const XML_Char *)data, size, 1) == XML_STATUS_ERROR) {
> | ^
> [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:69:32: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 69 | void *buf = XML_GetBuffer(p, size);
> | ^
> [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:72:22: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 72 | XML_ParseBuffer(p, size, 0);
> | ^
> [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:73:26: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 73 | buf = XML_GetBuffer(p, size);
> | ^
> [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:78:26: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 78 | if (XML_ParseBuffer(p, size, 1) == XML_STATUS_ERROR) {
> | ^
.. so that they fail single allocations, not all
allocations after a certain point. Previously
fail_allocations of [6, 2, 20] worked the same way
fail_allocations of [2], likely by accidently.
Symptom was:
> [..]/expat/fuzz/xml_lpm_fuzzer.cpp:157:25: error: comparison of integers of different signs: 'int' and 'unsigned int' [-Werror,-Wsign-compare]
> 157 | for (int i = 0; i < content->numchildren; ++i) {
> | ~ ^ ~~~~~~~~~~~~~~~~~~~~
> [..]/expat/fuzz/xml_lpm_fuzzer.cpp:183:25: error: comparison of integers of different signs: 'int' and 'unsigned int' [-Werror,-Wsign-compare]
> 183 | for (int i = 0; i < content->numchildren; ++i) {
> | ~ ^ ~~~~~~~~~~~~~~~~~~~~
> [..]/expat/fuzz/xml_lpm_fuzzer.cpp:413:24: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
> 413 | for (size_t i = 0; i < testcase.fail_allocations_size(); ++i) {
> | ~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> [..]/expat/fuzz/xml_lpm_fuzzer.cpp:421:24: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
> 421 | for (size_t i = 0; i < testcase.actions_size(); ++i) {
> | ~ ^ ~~~~~~~~~~~~~~~~~~~~~~~
This fuzzer provides significantly higher coverage of the library, as
it implements more handlers and supports parser suspend/resume/reset
and external entity parsing.
