1  /*
       2   * regexp.c: a libFuzzer target to test the regexp module.
       3   *
       4   * See Copyright for the status of this software.
       5   */
       6  
       7  #include <stdio.h>
       8  #include <stdlib.h>
       9  #include <libxml/xmlregexp.h>
      10  #include "fuzz.h"
      11  
      12  int
      13  LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
      14                       char ***argv ATTRIBUTE_UNUSED) {
      15      xmlFuzzMemSetup();
      16      xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
      17  
      18      return 0;
      19  }
      20  
      21  int
      22  LLVMFuzzerTestOneInput(const char *data, size_t size) {
      23      xmlRegexpPtr regexp;
      24      size_t maxAlloc;
      25      const char *str1;
      26  
      27      if (size > 200)
      28          return(0);
      29  
      30      xmlFuzzDataInit(data, size);
      31      maxAlloc = xmlFuzzReadInt(4) % (size * 8 + 1);
      32      str1 = xmlFuzzReadString(NULL);
      33  
      34      xmlFuzzMemSetLimit(maxAlloc);
      35      regexp = xmlRegexpCompile(BAD_CAST str1);
      36      if (xmlFuzzMallocFailed() && regexp != NULL) {
      37          fprintf(stderr, "malloc failure not reported\n");
      38          abort();
      39      }
      40      /* xmlRegexpExec has pathological performance in too many cases. */
      41  #if 0
      42      xmlRegexpExec(regexp, BAD_CAST str2);
      43  #endif
      44      xmlRegFreeRegexp(regexp);
      45  
      46      xmlFuzzMemSetLimit(0);
      47      xmlFuzzDataCleanup();
      48      xmlResetLastError();
      49  
      50      return 0;
      51  }
      52