Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[libxml2] Fix std::string use in the fuzz targets: avoid it when possible.

This commit is contained in:
Max Moroz 2018-12-28 14:25:13 -08:00
parent 9316b4180e
commit 3df3b90ebb
3 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
projects/libxml2/byte_stream.h
View File

@ -32,6 +32,11 @@ class ByteStream {
ByteStream(const ByteStream&) = delete;
ByteStream& operator=(const ByteStream&) = delete;
// Returns a pointer to the chunk of data of |size| bytes, where |size| is
// either a requested value or all the bytes that are available. If the
// requested |size| is 0, return all the bytes that are available.
const uint8_t* GetNextChunk(size_t* size);
// Returns a string. Strings are obtained from the byte stream by reading a
// size_t N followed by N char elements. If there are fewer than N bytes left
// in the stream, this returns as many bytes as are available.
@ -94,6 +99,15 @@ class ByteStream {
size_t position_;
};
inline const uint8_t* ByteStream::GetNextChunk(size_t* size) {
if (*size)
*size = std::min(*size, capacity());
else
*size = capacity();
return UncheckedConsume(*size);
}
inline std::string ByteStream::GetNextString() {
const size_t requested_size = GetNextSizeT();
const size_t consumed_size = std::min(requested_size, capacity());

3
projects/libxml2/libxml2_xml_read_memory_fuzzer.cc
View File

@ -31,7 +31,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
const int options[] = {0, random_option_value};
for (const auto option_value : options) {
if (auto doc = xmlReadMemory(data_string.c_str(), data_string.length(),
// Intentionally pass raw data as the API does not require trailing \0.
if (auto doc = xmlReadMemory(reinterpret_cast<const char*>(data), size,
"noname.xml", NULL, option_value)) {
auto buf = xmlBufferCreate();
assert(buf);

9
projects/libxml2/libxml2_xml_reader_for_file_fuzzer.cc
View File

@ -31,10 +31,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
ByteStream stream(data, size);
const int options = stream.GetNextInt();
const std::string encoding = stream.GetNextString();
const std::string file_contents = stream.GetNextString();
FuzzerTemporaryFile file(
reinterpret_cast<const uint8_t*>(file_contents.c_str()),
file_contents.size());
size_t file_contents_size = 0;
const uint8_t* file_contents = stream.GetNextChunk(&file_contents_size);
// Intentionally pass raw data as the API does not require trailing \0.
FuzzerTemporaryFile file(file_contents, file_contents_size);
xmlTextReaderPtr xmlReader =
xmlReaderForFile(file.filename(), encoding.c_str(), options);