VirtualBox

source: vbox/trunk/src/libs/libxml2-2.13.2/fuzz/xpath.c@ 106180

Last change on this file since 106180 was 105420, checked in by vboxsync, 5 months ago

libxml2-2.12.6: Applied and adjusted our libxml2 changes to 2.12.6. bugref:10730

  • Property svn:eol-style set to native
File size: 1.9 KB
Line 
1/*
2 * xpath.c: a libFuzzer target to test XPath and XPointer expressions.
3 *
4 * See Copyright for the status of this software.
5 */
6
7#include <libxml/catalog.h>
8#include <libxml/parser.h>
9#include <libxml/xpointer.h>
10#include "fuzz.h"
11
12int
13LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
14 char ***argv ATTRIBUTE_UNUSED) {
15 xmlFuzzMemSetup();
16 xmlInitParser();
17#ifdef LIBXML_CATALOG_ENABLED
18 xmlInitializeCatalog();
19 xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
20#endif
21 xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
22
23 return 0;
24}
25
26int
27LLVMFuzzerTestOneInput(const char *data, size_t size) {
28 xmlDocPtr doc;
29 const char *expr, *xml;
30 size_t maxAlloc, exprSize, xmlSize;
31
32 if (size > 10000)
33 return(0);
34
35 xmlFuzzDataInit(data, size);
36
37 maxAlloc = xmlFuzzReadInt(4) % (size + 100);
38 expr = xmlFuzzReadString(&exprSize);
39 xml = xmlFuzzReadString(&xmlSize);
40
41 /* Recovery mode allows more input to be fuzzed. */
42 doc = xmlReadMemory(xml, xmlSize, NULL, NULL, XML_PARSE_RECOVER);
43 if (doc != NULL) {
44 xmlXPathContextPtr xpctxt;
45
46 xmlFuzzMemSetLimit(maxAlloc);
47
48 xpctxt = xmlXPathNewContext(doc);
49 if (xpctxt != NULL) {
50 int res;
51
52 /* Operation limit to avoid timeout */
53 xpctxt->opLimit = 500000;
54
55 res = xmlXPathContextSetCache(xpctxt, 1, 4, 0);
56 xmlFuzzCheckMallocFailure("xmlXPathContextSetCache", res == -1);
57
58 xmlFuzzResetMallocFailed();
59 xmlXPathFreeObject(xmlXPtrEval(BAD_CAST expr, xpctxt));
60 xmlFuzzCheckMallocFailure("xmlXPtrEval",
61 xpctxt->lastError.code ==
62 XML_ERR_NO_MEMORY);
63 xmlXPathFreeContext(xpctxt);
64 }
65
66 xmlFuzzMemSetLimit(0);
67 xmlFreeDoc(doc);
68 }
69
70 xmlFuzzDataCleanup();
71 xmlResetLastError();
72
73 return(0);
74}
75
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette