VirtualBox

source: vbox/trunk/src/libs/libxml2-2.13.2/fuzz/xml.c@ 106180

Last change on this file since 106180 was 105420, checked in by vboxsync, 5 months ago

libxml2-2.12.6: Applied and adjusted our libxml2 changes to 2.12.6. bugref:10730
  • Property svn:eol-style set to native
File size: 3.2 KB
Line 
1/*
2 * xml.c: a libFuzzer target to test several XML parser interfaces.
3 *
4 * See Copyright for the status of this software.
5 */
6
7#include <libxml/catalog.h>
8#include <libxml/parser.h>
9#include <libxml/tree.h>
10#include <libxml/xmlerror.h>
11#include <libxml/xmlsave.h>
12#include "fuzz.h"
13
14int
15LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
16 char ***argv ATTRIBUTE_UNUSED) {
17 xmlFuzzMemSetup();
18 xmlInitParser();
19#ifdef LIBXML_CATALOG_ENABLED
20 xmlInitializeCatalog();
21 xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
22#endif
23 xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
24 xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
25
26 return 0;
27}
28
29int
30LLVMFuzzerTestOneInput(const char *data, size_t size) {
31 xmlParserCtxtPtr ctxt;
32 xmlDocPtr doc;
33 const char *docBuffer, *docUrl;
34 size_t maxAlloc, docSize;
35 int opts;
36
37 xmlFuzzDataInit(data, size);
38 opts = (int) xmlFuzzReadInt(4);
39 /*
40 * Disable options that are known to cause timeouts
41 */
42 opts &= ~XML_PARSE_XINCLUDE &
43 ~XML_PARSE_DTDVALID &
44 ~XML_PARSE_SAX1;
45 maxAlloc = xmlFuzzReadInt(4) % (size + 100);
46
47 xmlFuzzReadEntities();
48 docBuffer = xmlFuzzMainEntity(&docSize);
49 docUrl = xmlFuzzMainUrl();
50 if (docBuffer == NULL)
51 goto exit;
52
53 /* Pull parser */
54
55 xmlFuzzMemSetLimit(maxAlloc);
56 ctxt = xmlNewParserCtxt();
57 if (ctxt != NULL) {
58 doc = xmlCtxtReadMemory(ctxt, docBuffer, docSize, docUrl, NULL, opts);
59 xmlFuzzCheckMallocFailure("xmlCtxtReadMemory",
60 doc == NULL &&
61 ctxt->errNo == XML_ERR_NO_MEMORY);
62
63 if (doc != NULL) {
64#ifdef LIBXML_OUTPUT_ENABLED
65 xmlBufferPtr buffer;
66 xmlSaveCtxtPtr save;
67
68 /* Also test the serializer. */
69 buffer = xmlBufferCreate();
70 save = xmlSaveToBuffer(buffer, NULL, 0);
71 if (save != NULL) {
72 int errNo;
73
74 xmlSaveDoc(save, doc);
75 errNo = xmlSaveFinish(save);
76 xmlFuzzCheckMallocFailure("xmlSaveDoc",
77 errNo == XML_ERR_NO_MEMORY);
78 }
79 xmlBufferFree(buffer);
80#endif
81 xmlFreeDoc(doc);
82 }
83
84 xmlFreeParserCtxt(ctxt);
85 }
86
87 /* Push parser */
88
89#ifdef LIBXML_PUSH_ENABLED
90 {
91 static const size_t maxChunkSize = 128;
92 size_t consumed, chunkSize;
93
94 xmlFuzzMemSetLimit(maxAlloc);
95 ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, docUrl);
96 if (ctxt != NULL) {
97 xmlCtxtUseOptions(ctxt, opts);
98
99 for (consumed = 0; consumed < docSize; consumed += chunkSize) {
100 chunkSize = docSize - consumed;
101 if (chunkSize > maxChunkSize)
102 chunkSize = maxChunkSize;
103 xmlParseChunk(ctxt, docBuffer + consumed, chunkSize, 0);
104 }
105
106 xmlParseChunk(ctxt, NULL, 0, 1);
107 xmlFuzzCheckMallocFailure("xmlParseChunk",
108 ctxt->errNo == XML_ERR_NO_MEMORY);
109 xmlFreeDoc(ctxt->myDoc);
110 xmlFreeParserCtxt(ctxt);
111 }
112 }
113#endif
114
115exit:
116 xmlFuzzMemSetLimit(0);
117 xmlFuzzDataCleanup();
118 xmlResetLastError();
119 return(0);
120}
121
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette