1  /*
       2   * schema.c: a libFuzzer target to test the XML Schema processor.
       3   *
       4   * See Copyright for the status of this software.
       5   */
       6  
       7  #include <libxml/catalog.h>
       8  #include <libxml/xmlschemas.h>
       9  #include "fuzz.h"
      10  
      11  int
      12  LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
      13                       char ***argv ATTRIBUTE_UNUSED) {
      14      xmlFuzzMemSetup();
      15      xmlInitParser();
      16  #ifdef LIBXML_CATALOG_ENABLED
      17      xmlInitializeCatalog();
      18  #endif
      19      xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
      20      xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
      21  
      22      return 0;
      23  }
      24  
      25  int
      26  LLVMFuzzerTestOneInput(const char *data, size_t size) {
      27      xmlSchemaParserCtxtPtr pctxt;
      28      size_t maxAlloc;
      29  
      30      if (size > 50000)
      31          return(0);
      32  
      33      maxAlloc = xmlFuzzReadInt(4) % (size + 1);
      34  
      35      xmlFuzzDataInit(data, size);
      36      xmlFuzzReadEntities();
      37  
      38      xmlFuzzMemSetLimit(maxAlloc);
      39      pctxt = xmlSchemaNewParserCtxt(xmlFuzzMainUrl());
      40      xmlSchemaSetParserErrors(pctxt, xmlFuzzErrorFunc, xmlFuzzErrorFunc, NULL);
      41      xmlSchemaFree(xmlSchemaParse(pctxt));
      42      xmlSchemaFreeParserCtxt(pctxt);
      43  
      44      xmlFuzzMemSetLimit(0);
      45      xmlFuzzDataCleanup();
      46      xmlResetLastError();
      47  
      48      return(0);
      49  }
      50