1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-12-24 21:33:51 +03:00
libxml2/fuzz/uri.c
Nick Wellnhofer 9086988ffa Enforce maximum length of fuzz input
Remove the libfuzzer max_len option which doesn't apply to other
fuzzing engines. Enforce the maximum length directly in the fuzz
targets. For the xml target, lower the maximum when expanding entities
to avoid timeout and OOM errors.
2020-12-16 16:12:07 +01:00

49 lines
1.1 KiB
C

/*
* uri.c: a libFuzzer target to test the URI module.
*
* See Copyright for the status of this software.
*/
#include <libxml/uri.h>
#include "fuzz.h"
int
LLVMFuzzerTestOneInput(const char *data, size_t size) {
xmlURIPtr uri;
char *str[2] = { NULL, NULL };
size_t numStrings;
if (size > 10000)
return(0);
numStrings = xmlFuzzExtractStrings(data, size, str, 2);
uri = xmlParseURI(str[0]);
xmlFree(xmlSaveUri(uri));
xmlFreeURI(uri);
uri = xmlParseURIRaw(str[0], 1);
xmlFree(xmlSaveUri(uri));
xmlFreeURI(uri);
xmlFree(xmlURIUnescapeString(str[0], -1, NULL));
xmlFree(xmlURIEscape(BAD_CAST str[0]));
xmlFree(xmlCanonicPath(BAD_CAST str[0]));
xmlFree(xmlPathToURI(BAD_CAST str[0]));
if (numStrings >= 2) {
xmlFree(xmlBuildURI(BAD_CAST str[1], BAD_CAST str[0]));
xmlFree(xmlBuildRelativeURI(BAD_CAST str[1], BAD_CAST str[0]));
xmlFree(xmlURIEscapeStr(BAD_CAST str[0], BAD_CAST str[1]));
}
/* Modifies string, so must come last. */
xmlNormalizeURIPath(str[0]);
xmlFree(str[0]);
xmlFree(str[1]);
return 0;
}