lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Code Activity

fuzz: Support variable integer sizes in fuzz data

Browse Source 
Also switch to big-endian.
This commit is contained in:
Nick Wellnhofer
2023-03-08 13:59:00 +01:00
parent 3f69fc805c
commit 541b1e2850
6 changed files with 46 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
fuzz/fuzz.c
View File

@@ -83,21 +83,46 @@ xmlFuzzDataCleanup(void) {
xmlHashFree(fuzzData.entities, xmlHashDefaultDeallocator); xmlHashFree(fuzzData.entities, xmlHashDefaultDeallocator);
} }
/**
* xmlFuzzWriteInt:
* @out: output file
* @v: integer to write
* @size: size of integer in bytes
*
* Write an integer to the fuzz data.
*/
void
xmlFuzzWriteInt(FILE *out, size_t v, int size) {
int shift;
while (size > (int) sizeof(size_t)) {
putc(0, out);
size--;
}
shift = size * 8;
while (shift > 0) {
shift -= 8;
putc((v >> shift) & 255, out);
}
}
/** /**
* xmlFuzzReadInt: * xmlFuzzReadInt:
* @size: size of string in bytes * @size: size of integer in bytes
* *
* Read an integer from the fuzz data. * Read an integer from the fuzz data.
*/ */
int size_t
xmlFuzzReadInt(void) { xmlFuzzReadInt(int size) {
int ret; size_t ret = 0;
if (fuzzData.remaining < sizeof(int)) while ((size > 0) && (fuzzData.remaining > 0)) {
return(0); unsigned char c = (unsigned char) *fuzzData.ptr++;
memcpy(&ret, fuzzData.ptr, sizeof(int)); fuzzData.remaining--;
fuzzData.ptr += sizeof(int); ret = (ret << 8) | c;
fuzzData.remaining -= sizeof(int); size--;
}
return ret; return ret;
} }

7
fuzz/fuzz.h
View File

@@ -55,8 +55,11 @@ xmlFuzzDataInit(const char *data, size_t size);
void void
xmlFuzzDataCleanup(void); xmlFuzzDataCleanup(void);
int void
xmlFuzzReadInt(void); xmlFuzzWriteInt(FILE *out, size_t v, int size);
size_t
xmlFuzzReadInt(int size);
const char * const char *
xmlFuzzReadRemaining(size_t *size); xmlFuzzReadRemaining(size_t *size);

7
fuzz/genSeed.c
View File

@@ -112,7 +112,8 @@ processXml(const char *docFile, FILE *out) {
int opts = XML_PARSE_NOENT | XML_PARSE_DTDLOAD; int opts = XML_PARSE_NOENT | XML_PARSE_DTDLOAD;
xmlDocPtr doc; xmlDocPtr doc;
fwrite(&opts, sizeof(opts), 1, out); /* Parser options. */
xmlFuzzWriteInt(out, opts, 4);
fuzzRecorderInit(out); fuzzRecorderInit(out);
@@ -132,9 +133,9 @@ processHtml(const char *docFile, FILE *out) {
char buf[SEED_BUF_SIZE]; char buf[SEED_BUF_SIZE];
FILE *file; FILE *file;
size_t size; size_t size;
int opts = 0;
fwrite(&opts, sizeof(opts), 1, out); /* Parser options. */
xmlFuzzWriteInt(out, 0, 4);
/* Copy file */ /* Copy file */
file = fopen(docFile, "rb"); file = fopen(docFile, "rb");

2
fuzz/html.c
View File

@@ -32,7 +32,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
int opts; int opts;
xmlFuzzDataInit(data, size); xmlFuzzDataInit(data, size);
opts = xmlFuzzReadInt(); opts = (int) xmlFuzzReadInt(4);
docBuffer = xmlFuzzReadRemaining(&docSize); docBuffer = xmlFuzzReadRemaining(&docSize);
if (docBuffer == NULL) { if (docBuffer == NULL) {

2
fuzz/xinclude.c
View File

@@ -34,7 +34,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
int opts; int opts;
xmlFuzzDataInit(data, size); xmlFuzzDataInit(data, size);
opts = xmlFuzzReadInt(); opts = (int) xmlFuzzReadInt(4);
opts |= XML_PARSE_XINCLUDE; opts |= XML_PARSE_XINCLUDE;
xmlFuzzReadEntities(); xmlFuzzReadEntities();

2
fuzz/xml.c
View File

@@ -36,7 +36,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
int opts, outSize; int opts, outSize;
xmlFuzzDataInit(data, size); xmlFuzzDataInit(data, size);
opts = xmlFuzzReadInt(); opts = (int) xmlFuzzReadInt(4);
opts &= ~XML_PARSE_XINCLUDE; opts &= ~XML_PARSE_XINCLUDE;
xmlFuzzReadEntities(); xmlFuzzReadEntities();