1 /*
2 * uri.c: a libFuzzer target to test the URI module.
3 *
4 * See Copyright for the status of this software.
5 */
6
7 #include <libxml/uri.h>
8 #include "fuzz.h"
9
10 int
11 LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
12 char ***argv ATTRIBUTE_UNUSED) {
13 xmlFuzzMemSetup();
14 xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
15
16 return 0;
17 }
18
19 int
20 LLVMFuzzerTestOneInput(const char *data, size_t size) {
21 xmlURIPtr uri;
22 size_t maxAlloc;
23 const char *str1, *str2;
24 char *copy;
25
26 if (size > 10000)
27 return(0);
28
29 xmlFuzzDataInit(data, size);
30 maxAlloc = xmlFuzzReadInt(4) % (size * 8 + 1);
31 str1 = xmlFuzzReadString(NULL);
32 str2 = xmlFuzzReadString(NULL);
33
34 xmlFuzzMemSetLimit(maxAlloc);
35
36 uri = xmlParseURI(str1);
37 xmlFree(xmlSaveUri(uri));
38 xmlFreeURI(uri);
39
40 uri = xmlParseURIRaw(str1, 1);
41 xmlFree(xmlSaveUri(uri));
42 xmlFreeURI(uri);
43
44 xmlFree(xmlURIUnescapeString(str1, -1, NULL));
45 xmlFree(xmlURIEscape(BAD_CAST str1));
46 xmlFree(xmlCanonicPath(BAD_CAST str1));
47 xmlFree(xmlPathToURI(BAD_CAST str1));
48
49 xmlFree(xmlBuildURI(BAD_CAST str2, BAD_CAST str1));
50 xmlFree(xmlBuildRelativeURI(BAD_CAST str2, BAD_CAST str1));
51 xmlFree(xmlURIEscapeStr(BAD_CAST str1, BAD_CAST str2));
52
53 copy = (char *) xmlCharStrdup(str1);
54 xmlNormalizeURIPath(copy);
55 xmlFree(copy);
56
57 xmlFuzzMemSetLimit(0);
58 xmlFuzzDataCleanup();
59
60 return 0;
61 }
62