mirror of
https://gitlab.gnome.org/GNOME/libxml2.git
synced 2024-12-28 07:21:26 +03:00
9086988ffa
Remove the libfuzzer max_len option which doesn't apply to other fuzzing engines. Enforce the maximum length directly in the fuzz targets. For the xml target, lower the maximum when expanding entities to avoid timeout and OOM errors.
52 lines
1.1 KiB
C
52 lines
1.1 KiB
C
/*
|
|
* xpath.c: a libFuzzer target to test XPath and XPointer expressions.
|
|
*
|
|
* See Copyright for the status of this software.
|
|
*/
|
|
|
|
#include <libxml/parser.h>
|
|
#include <libxml/xpointer.h>
|
|
#include "fuzz.h"
|
|
|
|
int
|
|
LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
|
|
char ***argv ATTRIBUTE_UNUSED) {
|
|
xmlInitParser();
|
|
xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
LLVMFuzzerTestOneInput(const char *data, size_t size) {
|
|
xmlDocPtr doc;
|
|
const char *expr, *xml;
|
|
size_t exprSize, xmlSize;
|
|
|
|
if (size > 10000)
|
|
return(0);
|
|
|
|
xmlFuzzDataInit(data, size);
|
|
|
|
expr = xmlFuzzReadString(&exprSize);
|
|
xml = xmlFuzzReadString(&xmlSize);
|
|
|
|
/* Recovery mode allows more input to be fuzzed. */
|
|
doc = xmlReadMemory(xml, xmlSize, NULL, NULL, XML_PARSE_RECOVER);
|
|
if (doc != NULL) {
|
|
xmlXPathContextPtr xpctxt = xmlXPathNewContext(doc);
|
|
|
|
/* Operation limit to avoid timeout */
|
|
xpctxt->opLimit = 500000;
|
|
|
|
xmlXPathFreeObject(xmlXPtrEval(BAD_CAST expr, xpctxt));
|
|
xmlXPathFreeContext(xpctxt);
|
|
}
|
|
xmlFreeDoc(doc);
|
|
|
|
xmlFuzzDataCleanup();
|
|
|
|
return(0);
|
|
}
|
|
|