/src/boost_ptree_xmlread_fuzzer.cc
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Fuzzing of boost property tree parsers. |
3 | | * by Paul Dreik 20180818 |
4 | | * |
5 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
6 | | * you may not use this file except in compliance with the License. |
7 | | * You may obtain a copy of the License at |
8 | | * |
9 | | * http://www.apache.org/licenses/LICENSE-2.0 |
10 | | * |
11 | | * Unless required by applicable law or agreed to in writing, software |
12 | | * distributed under the License is distributed on an "AS IS" BASIS, |
13 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
14 | | * See the License for the specific language governing permissions and |
15 | | * limitations under the License. |
16 | | */ |
17 | | |
18 | | #include <boost/property_tree/xml_parser.hpp> |
19 | | #include <sstream> |
20 | | |
21 | | int |
22 | | readXml(const char* Data, size_t Size) |
23 | 9.42k | { |
24 | | |
25 | 9.42k | namespace pt = boost::property_tree; |
26 | | |
27 | 9.42k | if (Size < 1) { |
28 | | // no data to use for flags - skip. |
29 | 0 | return 0; |
30 | 0 | } |
31 | | |
32 | 9.42k | std::stringstream ss; |
33 | 9.42k | const auto firstbyte = Data[0]; |
34 | | |
35 | 9.42k | ss.write(Data + 1, Size - 1); |
36 | | |
37 | 9.42k | pt::ptree tree; |
38 | | |
39 | 9.42k | try { |
40 | | // set the parse flags based on the first byte |
41 | 9.42k | int flags = 0; |
42 | 9.42k | if (firstbyte & 0x1) { |
43 | 4.62k | flags |= pt::xml_parser::no_concat_text; |
44 | 4.62k | } |
45 | 9.42k | if (firstbyte & 0x2) { |
46 | 4.74k | flags |= pt::xml_parser::no_comments; |
47 | 4.74k | } |
48 | 9.42k | if (firstbyte & 0x4) { |
49 | 5.02k | flags |= pt::xml_parser::trim_whitespace; |
50 | 5.02k | } |
51 | 9.42k | pt::read_xml(ss, tree, flags); |
52 | | |
53 | 9.42k | return tree.size() ? 1 : 0; |
54 | 9.42k | } catch (...) { |
55 | 8.36k | return 0; |
56 | 8.36k | } |
57 | 9.42k | } |
58 | | |
59 | | extern "C" int |
60 | | LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) |
61 | 10.3k | { |
62 | 10.3k | readXml(reinterpret_cast<const char*>(Data), Size); |
63 | 10.3k | return 0; |
64 | 10.3k | } |