mirror of
https://github.com/libexpat/libexpat.git
synced 2025-04-14 16:20:45 +00:00
Merge pull request #797 from catenacyber/fuzzcov
fuzz: improve coverage
This commit is contained in:
Sebastian Pipping
GitHub
commit
716fd10bd4
2 changed files with 81 additions and 18 deletions
|
|
@ -47,18 +47,48 @@ end(void *userData, const XML_Char *name) {
|
|||
(void)name;
|
||||
}
|
||||
|
||||
int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||
XML_Parser p = XML_ParserCreate(xstr(ENCODING_FOR_FUZZING));
|
||||
assert(p);
|
||||
|
||||
static void
|
||||
ParseOneInput(XML_Parser p, const uint8_t *data, size_t size) {
|
||||
// Set the hash salt using siphash to generate a deterministic hash.
|
||||
struct sipkey *key = sip_keyof(hash_key);
|
||||
XML_SetHashSalt(p, (unsigned long)siphash24(data, size, key));
|
||||
|
||||
XML_SetElementHandler(p, start, end);
|
||||
XML_Parse(p, (const XML_Char *)data, size, 0);
|
||||
XML_Parse(p, (const XML_Char *)data, size, 1);
|
||||
XML_ParserFree(p);
|
||||
if (XML_Parse(p, (const XML_Char *)data, size, 1) == XML_STATUS_ERROR) {
|
||||
XML_ErrorString(XML_GetErrorCode(p));
|
||||
}
|
||||
XML_GetCurrentLineNumber(p);
|
||||
if (size % 2) {
|
||||
XML_ParserReset(p, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||
XML_Parser parentParser = XML_ParserCreate(xstr(ENCODING_FOR_FUZZING));
|
||||
assert(parentParser);
|
||||
ParseOneInput(parentParser, data, size);
|
||||
// not freed yet, but used later and freed then
|
||||
|
||||
XML_Parser namespaceParser = XML_ParserCreateNS(NULL, '!');
|
||||
assert(namespaceParser);
|
||||
ParseOneInput(namespaceParser, data, size);
|
||||
XML_ParserFree(namespaceParser);
|
||||
|
||||
XML_Parser externalEntityParser
|
||||
= XML_ExternalEntityParserCreate(parentParser, "e1", NULL);
|
||||
assert(externalEntityParser);
|
||||
ParseOneInput(externalEntityParser, data, size);
|
||||
XML_ParserFree(externalEntityParser);
|
||||
|
||||
XML_Parser externalDtdParser
|
||||
= XML_ExternalEntityParserCreate(parentParser, NULL, NULL);
|
||||
assert(externalDtdParser);
|
||||
ParseOneInput(externalDtdParser, data, size);
|
||||
XML_ParserFree(externalDtdParser);
|
||||
|
||||
// finally frees this parser which served as parent
|
||||
XML_ParserFree(parentParser);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,24 +48,57 @@ end(void *userData, const XML_Char *name) {
|
|||
(void)name;
|
||||
}
|
||||
|
||||
static void
|
||||
ParseOneInput(XML_Parser p, const uint8_t *data, size_t size) {
|
||||
// Set the hash salt using siphash to generate a deterministic hash.
|
||||
struct sipkey *key = sip_keyof(hash_key);
|
||||
XML_SetHashSalt(p, (unsigned long)siphash24(data, size, key));
|
||||
|
||||
XML_SetElementHandler(p, start, end);
|
||||
void *buf = XML_GetBuffer(p, size);
|
||||
assert(buf);
|
||||
memcpy(buf, data, size);
|
||||
XML_ParseBuffer(p, size, 0);
|
||||
buf = XML_GetBuffer(p, size);
|
||||
assert(buf);
|
||||
memcpy(buf, data, size);
|
||||
if (XML_ParseBuffer(p, size, 1) == XML_STATUS_ERROR) {
|
||||
XML_ErrorString(XML_GetErrorCode(p));
|
||||
}
|
||||
XML_GetCurrentLineNumber(p);
|
||||
if (size % 2) {
|
||||
XML_ParserReset(p, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||
if (size == 0)
|
||||
return 0;
|
||||
|
||||
XML_Parser p = XML_ParserCreate(xstr(ENCODING_FOR_FUZZING));
|
||||
assert(p);
|
||||
XML_SetElementHandler(p, start, end);
|
||||
XML_Parser parentParser = XML_ParserCreate(xstr(ENCODING_FOR_FUZZING));
|
||||
assert(parentParser);
|
||||
ParseOneInput(parentParser, data, size);
|
||||
// not freed yet, but used later and freed then
|
||||
|
||||
// Set the hash salt using siphash to generate a deterministic hash.
|
||||
struct sipkey *key = sip_keyof(hash_key);
|
||||
XML_SetHashSalt(p, (unsigned long)siphash24(data, size, key));
|
||||
XML_Parser namespaceParser = XML_ParserCreateNS(NULL, '!');
|
||||
assert(namespaceParser);
|
||||
ParseOneInput(namespaceParser, data, size);
|
||||
XML_ParserFree(namespaceParser);
|
||||
|
||||
void *buf = XML_GetBuffer(p, size);
|
||||
assert(buf);
|
||||
XML_Parser externalEntityParser
|
||||
= XML_ExternalEntityParserCreate(parentParser, "e1", NULL);
|
||||
assert(externalEntityParser);
|
||||
ParseOneInput(externalEntityParser, data, size);
|
||||
XML_ParserFree(externalEntityParser);
|
||||
|
||||
memcpy(buf, data, size);
|
||||
XML_ParseBuffer(p, size, size == 0);
|
||||
XML_ParserFree(p);
|
||||
XML_Parser externalDtdParser
|
||||
= XML_ExternalEntityParserCreate(parentParser, NULL, NULL);
|
||||
assert(externalDtdParser);
|
||||
ParseOneInput(externalDtdParser, data, size);
|
||||
XML_ParserFree(externalDtdParser);
|
||||
|
||||
// finally frees this parser which served as parent
|
||||
XML_ParserFree(parentParser);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue