(root)/
libxml2-2.12.3/
fuzz/
html.c
       1  /*
       2   * html.c: a libFuzzer target to test several HTML parser interfaces.
       3   *
       4   * See Copyright for the status of this software.
       5   */
       6  
       7  #include <libxml/HTMLparser.h>
       8  #include <libxml/HTMLtree.h>
       9  #include <libxml/catalog.h>
      10  #include "fuzz.h"
      11  
      12  int
      13  LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
      14                       char ***argv ATTRIBUTE_UNUSED) {
      15      xmlFuzzMemSetup();
      16      xmlInitParser();
      17  #ifdef LIBXML_CATALOG_ENABLED
      18      xmlInitializeCatalog();
      19  #endif
      20      xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
      21  
      22      return 0;
      23  }
      24  
      25  int
      26  LLVMFuzzerTestOneInput(const char *data, size_t size) {
      27      htmlDocPtr doc;
      28      const char *docBuffer;
      29      size_t maxAlloc, docSize;
      30      int opts;
      31  
      32      xmlFuzzDataInit(data, size);
      33      opts = (int) xmlFuzzReadInt(4);
      34      maxAlloc = xmlFuzzReadInt(4) % (size + 1);
      35  
      36      docBuffer = xmlFuzzReadRemaining(&docSize);
      37      if (docBuffer == NULL) {
      38          xmlFuzzDataCleanup();
      39          return(0);
      40      }
      41  
      42      /* Pull parser */
      43  
      44      xmlFuzzMemSetLimit(maxAlloc);
      45      doc = htmlReadMemory(docBuffer, docSize, NULL, NULL, opts);
      46  
      47  #ifdef LIBXML_OUTPUT_ENABLED
      48      {
      49          xmlOutputBufferPtr out;
      50  
      51          /*
      52           * Also test the serializer. Call htmlDocContentDumpOutput with our
      53           * own buffer to avoid encoding the output. The HTML encoding is
      54           * excruciatingly slow (see htmlEntityValueLookup).
      55           */
      56          out = xmlAllocOutputBuffer(NULL);
      57          htmlDocContentDumpOutput(out, doc, NULL);
      58          xmlOutputBufferClose(out);
      59      }
      60  #endif
      61  
      62      xmlFreeDoc(doc);
      63  
      64      /* Push parser */
      65  
      66  #ifdef LIBXML_PUSH_ENABLED
      67      {
      68          static const size_t maxChunkSize = 128;
      69          xmlParserCtxtPtr ctxt;
      70          size_t consumed, chunkSize;
      71  
      72          xmlFuzzMemSetLimit(maxAlloc);
      73          ctxt = htmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL,
      74                                          XML_CHAR_ENCODING_NONE);
      75  
      76          if (ctxt != NULL) {
      77              htmlCtxtUseOptions(ctxt, opts);
      78  
      79              for (consumed = 0; consumed < docSize; consumed += chunkSize) {
      80                  chunkSize = docSize - consumed;
      81                  if (chunkSize > maxChunkSize)
      82                      chunkSize = maxChunkSize;
      83                  htmlParseChunk(ctxt, docBuffer + consumed, chunkSize, 0);
      84              }
      85  
      86              htmlParseChunk(ctxt, NULL, 0, 1);
      87              xmlFreeDoc(ctxt->myDoc);
      88              htmlFreeParserCtxt(ctxt);
      89          }
      90      }
      91  #endif
      92  
      93      /* Cleanup */
      94  
      95      xmlFuzzMemSetLimit(0);
      96      xmlFuzzDataCleanup();
      97      xmlResetLastError();
      98  
      99      return(0);
     100  }
     101