oss-fuzz/projects/libxml2/libxml2_xml_read_memory_fuz...

49 lines
1.5 KiB
C++

// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <cassert>
#include <cstddef>
#include <cstdint>
#include <functional>
#include <limits>
#include <string>
#include "libxml/parser.h"
#include "libxml/xmlsave.h"
void ignore (void* ctx, const char* msg, ...) {
// Error handler to avoid spam of error messages from libxml parser.
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
xmlSetGenericErrorFunc(NULL, &ignore);
// Test default empty options value and some random combination.
std::string data_string(reinterpret_cast<const char*>(data), size);
const std::size_t data_hash = std::hash<std::string>()(data_string);
const int max_option_value = std::numeric_limits<int>::max();
int random_option_value = data_hash % max_option_value;
// Disable XML_PARSE_HUGE to avoid stack overflow.
random_option_value &= ~XML_PARSE_HUGE;
const int options[] = {0, random_option_value};
for (const auto option_value : options) {
// Intentionally pass raw data as the API does not require trailing \0.
if (auto doc = xmlReadMemory(reinterpret_cast<const char*>(data), size,
"noname.xml", NULL, option_value)) {
auto buf = xmlBufferCreate();
assert(buf);
auto ctxt = xmlSaveToBuffer(buf, NULL, 0);
xmlSaveDoc(ctxt, doc);
xmlSaveClose(ctxt);
xmlFreeDoc(doc);
xmlBufferFree(buf);
}
}
return 0;
}