(root)/
libxml2-2.12.3/
fuzz/
xinclude.c
       1  /*
       2   * xinclude.c: a libFuzzer target to test the XInclude engine.
       3   *
       4   * See Copyright for the status of this software.
       5   */
       6  
       7  #include <libxml/catalog.h>
       8  #include <libxml/parser.h>
       9  #include <libxml/tree.h>
      10  #include <libxml/xmlerror.h>
      11  #include <libxml/xinclude.h>
      12  #include <libxml/xmlreader.h>
      13  #include "fuzz.h"
      14  
      15  int
      16  LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
      17                       char ***argv ATTRIBUTE_UNUSED) {
      18      xmlFuzzMemSetup();
      19      xmlInitParser();
      20  #ifdef LIBXML_CATALOG_ENABLED
      21      xmlInitializeCatalog();
      22  #endif
      23      xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
      24      xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
      25  
      26      return 0;
      27  }
      28  
      29  int
      30  LLVMFuzzerTestOneInput(const char *data, size_t size) {
      31      xmlDocPtr doc;
      32      const char *docBuffer, *docUrl;
      33      size_t maxAlloc, docSize;
      34      int opts;
      35  
      36      xmlFuzzDataInit(data, size);
      37      opts = (int) xmlFuzzReadInt(4);
      38      opts |= XML_PARSE_XINCLUDE;
      39      maxAlloc = xmlFuzzReadInt(4) % (size + 1);
      40  
      41      xmlFuzzReadEntities();
      42      docBuffer = xmlFuzzMainEntity(&docSize);
      43      docUrl = xmlFuzzMainUrl();
      44      if (docBuffer == NULL)
      45          goto exit;
      46  
      47      /* Pull parser */
      48  
      49      xmlFuzzMemSetLimit(maxAlloc);
      50      doc = xmlReadMemory(docBuffer, docSize, docUrl, NULL, opts);
      51      xmlXIncludeProcessFlags(doc, opts);
      52      xmlFreeDoc(doc);
      53  
      54      /* Reader */
      55  
      56  #ifdef LIBXML_READER_ENABLED
      57      {
      58          xmlTextReaderPtr reader;
      59          int j;
      60  
      61          xmlFuzzMemSetLimit(maxAlloc);
      62          reader = xmlReaderForMemory(docBuffer, docSize, NULL, NULL, opts);
      63          if (reader == NULL)
      64              goto exit;
      65          while (xmlTextReaderRead(reader) == 1) {
      66              if (xmlTextReaderNodeType(reader) == XML_ELEMENT_NODE) {
      67                  int i, n = xmlTextReaderAttributeCount(reader);
      68                  for (i=0; i<n; i++) {
      69                      xmlTextReaderMoveToAttributeNo(reader, i);
      70                      while (xmlTextReaderReadAttributeValue(reader) == 1);
      71                  }
      72              }
      73          }
      74          for (j = 0; j < 10; j++)
      75              xmlTextReaderRead(reader);
      76          xmlFreeTextReader(reader);
      77      }
      78  #endif
      79  
      80  exit:
      81      xmlFuzzMemSetLimit(0);
      82      xmlFuzzDataCleanup();
      83      xmlResetLastError();
      84      return(0);
      85  }
      86