mirror of
				https://gitlab.gnome.org/GNOME/libxml2.git
				synced 2025-10-24 13:33:01 +03:00 
			
		
		
		
	- Add more calls to xmlInitializeCatalog. - Call xmlResetLastError after fuzzing each input.
		
			
				
	
	
		
			48 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			48 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * regexp.c: a libFuzzer target to test the regexp module.
 | |
|  *
 | |
|  * See Copyright for the status of this software.
 | |
|  */
 | |
| 
 | |
| #include <libxml/xmlregexp.h>
 | |
| #include "fuzz.h"
 | |
| 
 | |
| int
 | |
| LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
 | |
|                      char ***argv ATTRIBUTE_UNUSED) {
 | |
|     xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
 | |
| 
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| int
 | |
| LLVMFuzzerTestOneInput(const char *data, size_t size) {
 | |
|     xmlRegexpPtr regexp;
 | |
|     char *str[2] = { NULL, NULL };
 | |
|     size_t numStrings;
 | |
| 
 | |
|     if (size > 200)
 | |
|         return(0);
 | |
| 
 | |
|     numStrings = xmlFuzzExtractStrings(data, size, str, 2);
 | |
| 
 | |
|     /* CUR_SCHAR doesn't handle invalid UTF-8 and may cause infinite loops. */
 | |
|     if (xmlCheckUTF8(BAD_CAST str[0]) != 0) {
 | |
|         regexp = xmlRegexpCompile(BAD_CAST str[0]);
 | |
|         /* xmlRegexpExec has pathological performance in too many cases. */
 | |
| #if 0
 | |
|         if ((regexp != NULL) && (numStrings >= 2)) {
 | |
|             xmlRegexpExec(regexp, BAD_CAST str[1]);
 | |
|         }
 | |
| #endif
 | |
|         xmlRegFreeRegexp(regexp);
 | |
|     }
 | |
| 
 | |
|     xmlFree(str[0]);
 | |
|     xmlFree(str[1]);
 | |
|     xmlResetLastError();
 | |
| 
 | |
|     return 0;
 | |
| }
 | |
| 
 |