/src/cmark/fuzz/cmark-fuzz.c

Source (jump to first uncovered line)
/* for fmemopen */
#define _POSIX_C_SOURCE 200809L

#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "cmark.h"

int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  struct __attribute__((packed)) {
    int options;
    int width;
  } fuzz_config;

  if (size >= sizeof(fuzz_config)) {
    /* The beginning of `data` is treated as fuzzer configuration */
    memcpy(&fuzz_config, data, sizeof(fuzz_config));
    int options = fuzz_config.options;

    /* Mask off valid option bits */
    options &= (CMARK_OPT_SOURCEPOS | CMARK_OPT_HARDBREAKS | CMARK_OPT_UNSAFE | CMARK_OPT_NOBREAKS | CMARK_OPT_NORMALIZE | CMARK_OPT_VALIDATE_UTF8 | CMARK_OPT_SMART);

    /* Remainder of input is the markdown */
    const char *markdown = (const char *)(data + sizeof(fuzz_config));
    size_t markdown_size = size - sizeof(fuzz_config);
    cmark_node *doc = NULL;

    /* Use upper bits of options to select parsing mode */
    switch (((unsigned) fuzz_config.options >> 30) & 3) {
      case 0:
        doc = cmark_parse_document(markdown, markdown_size, options);
        break;

      case 1:
        if (markdown_size > 0) {
          FILE *file = fmemopen((void *) markdown, markdown_size, "r");
          doc = cmark_parse_file(file, options);
          fclose(file);
        }
        break;

      case 2: {
        size_t block_max = 20;
        cmark_parser *parser = cmark_parser_new(options);

        while (markdown_size > 0) {
          size_t block_size = markdown_size > block_max ? block_max : markdown_size;
          cmark_parser_feed(parser, markdown, block_size);
          markdown += block_size;
          markdown_size -= block_size;
        }

        doc = cmark_parser_finish(parser);
        cmark_parser_free(parser);
        break;
      }

      case 3:
        free(cmark_markdown_to_html(markdown, markdown_size, options));
        break;
    }

    if (doc != NULL) {
      free(cmark_render_commonmark(doc, options, fuzz_config.width));
      free(cmark_render_html(doc, options));
      free(cmark_render_latex(doc, options, fuzz_config.width));
      free(cmark_render_man(doc, options, fuzz_config.width));
      free(cmark_render_xml(doc, options));

      cmark_node_free(doc);
    }
  }
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* for fmemopen */
2		#define _POSIX_C_SOURCE 200809L
3
4		#include <stdint.h>
5		#include <stdio.h>
6		#include <stdlib.h>
7		#include <string.h>
8		#include "cmark.h"
9
10	30.5k	int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
11	30.5k	struct __attribute__((packed)) {
12	30.5k	int options;
13	30.5k	int width;
14	30.5k	} fuzz_config;
15
16	30.5k	if (size >= sizeof(fuzz_config)) {
17		/* The beginning of `data` is treated as fuzzer configuration */
18	30.5k	memcpy(&fuzz_config, data, sizeof(fuzz_config));
19	30.5k	int options = fuzz_config.options;
20
21		/* Mask off valid option bits */
22	30.5k	options &= (CMARK_OPT_SOURCEPOS \| CMARK_OPT_HARDBREAKS \| CMARK_OPT_UNSAFE \| CMARK_OPT_NOBREAKS \| CMARK_OPT_NORMALIZE \| CMARK_OPT_VALIDATE_UTF8 \| CMARK_OPT_SMART);
23
24		/* Remainder of input is the markdown */
25	30.5k	const char markdown = (const char )(data + sizeof(fuzz_config));
26	30.5k	size_t markdown_size = size - sizeof(fuzz_config);
27	30.5k	cmark_node *doc = NULL;
28
29		/* Use upper bits of options to select parsing mode */
30	30.5k	switch (((unsigned) fuzz_config.options >> 30) & 3) {
31	15.8k	case 0:
32	15.8k	doc = cmark_parse_document(markdown, markdown_size, options);
33	15.8k	break;
34
35	8.65k	case 1:
36	8.65k	if (markdown_size > 0) {
37	8.65k	FILE file = fmemopen((void ) markdown, markdown_size, "r");
38	8.65k	doc = cmark_parse_file(file, options);
39	8.65k	fclose(file);
40	8.65k	}
41	8.65k	break;
42
43	3.42k	case 2: {
44	3.42k	size_t block_max = 20;
45	3.42k	cmark_parser *parser = cmark_parser_new(options);
46
47	1.60M	while (markdown_size > 0) {
48	1.60M	size_t block_size = markdown_size > block_max ? block_max : markdown_size;
49	1.60M	cmark_parser_feed(parser, markdown, block_size);
50	1.60M	markdown += block_size;
51	1.60M	markdown_size -= block_size;
52	1.60M	}
53
54	3.42k	doc = cmark_parser_finish(parser);
55	3.42k	cmark_parser_free(parser);
56	3.42k	break;
57	0	}
58
59	2.64k	case 3:
60	2.64k	free(cmark_markdown_to_html(markdown, markdown_size, options));
61	2.64k	break;
62	30.5k	}
63
64	30.5k	if (doc != NULL) {
65	27.8k	free(cmark_render_commonmark(doc, options, fuzz_config.width));
66	27.8k	free(cmark_render_html(doc, options));
67	27.8k	free(cmark_render_latex(doc, options, fuzz_config.width));
68	27.8k	free(cmark_render_man(doc, options, fuzz_config.width));
69	27.8k	free(cmark_render_xml(doc, options));
70
71	27.8k	cmark_node_free(doc);
72	27.8k	}
73	30.5k	}
74	30.5k	return 0;
75	30.5k	}

Coverage Report

Created: 2025-07-12 06:52