Coverage Report

Created: 2025-08-29 06:58

/src/libidn2/fuzz/libidn2_to_unicode_8z8z_fuzzer.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright(c) 2017 Tim Ruehsen
3
 *
4
 * This program is free software: you can redistribute it and/or modify
5
 * it under the terms of the GNU General Public License as published by
6
 * the Free Software Foundation, either version 3 of the License, or
7
 * (at your option) any later version.
8
 *
9
 * This program is distributed in the hope that it will be useful,
10
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12
 * GNU General Public License for more details.
13
 *
14
 * You should have received a copy of the GNU General Public License
15
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
16
 */
17
18
#include <config.h>
19
20
#include <assert.h>   /* assert */
21
#include <stdint.h>   /* uint8_t, uint32_t */
22
#include <stdlib.h>   /* malloc, free */
23
#include <string.h>   /* memcpy */
24
25
#include "idn2.h"
26
#include "fuzzer.h"
27
28
#pragma GCC optimize ("O0")
29
30
int
31
LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
32
893
{
33
893
  char *domain;
34
893
  char *out;
35
893
  const char *x = "";
36
37
893
  if (size > 1024)
38
12
    return 0;
39
40
881
  domain = (char *) malloc (size + 1);
41
881
  assert (domain != NULL);
42
43
  // 0 terminate
44
881
  memcpy (domain, data, size);
45
881
  domain[size] = 0;
46
47
881
  if (size == 0)
48
0
    {
49
0
      x = idn2_check_version (NULL);
50
51
0
      for (int err = -500; err <= 0; err++)
52
0
  {
53
0
    if (idn2_strerror_name (err))
54
0
      x = NULL;
55
0
    if (idn2_strerror (err))
56
0
      x = NULL;
57
0
  }
58
59
    /*** test NULL input/output combinations ***/
60
61
0
      if (idn2_to_unicode_lzlz (NULL, &out, 0) == IDN2_OK)
62
0
  idn2_free (out);
63
0
      idn2_to_unicode_lzlz (NULL, NULL, 0);
64
0
      idn2_to_unicode_lzlz (domain, NULL, 0);
65
66
0
      {
67
0
  uint32_t *in32 = (uint32_t *) malloc (4);
68
0
  uint32_t *out32;
69
0
  in32[0] = 0;
70
0
  if (idn2_to_unicode_4z4z (NULL, &out32, 0) == IDN2_OK)
71
0
    idn2_free (out32);
72
0
  idn2_to_unicode_4z4z (NULL, NULL, 0);
73
0
  idn2_to_unicode_4z4z (in32, NULL, 0);
74
0
  free (in32);
75
0
      }
76
77
0
      {
78
0
  uint32_t *out32;
79
0
  if (idn2_to_unicode_8z4z (NULL, &out32, 0) == IDN2_OK)
80
0
    idn2_free (out32);
81
0
  idn2_to_unicode_8z4z (NULL, NULL, 0);
82
0
  idn2_to_unicode_8z4z (domain, NULL, 0);
83
0
      }
84
85
0
      {
86
0
  uint32_t *u32 = (uint32_t *) malloc (0);
87
0
  size_t u32len = 0;
88
0
  idn2_to_unicode_44i (NULL, 1, u32, &u32len, 0);
89
0
  u32len = 0;
90
0
  idn2_to_unicode_44i (NULL, 0, NULL, &u32len, 0);
91
0
  free (u32);
92
0
      }
93
0
    }
94
95
  // let's fuzz gnulib's strverscmp()
96
881
  if (idn2_check_version (domain))
97
143
    x = NULL;
98
99
881
  if (x)
100
738
    free (malloc (1));   // prevent compiler from optimizing out idn2_check_version()
101
102
  // internally calls idn2_to_unicode_8zlz(), idn2_to_unicode_8z8z(), idn2_to_unicode_8z4z()
103
881
  if (idn2_to_unicode_lzlz (domain, &out, 0) == IDN2_OK)
104
272
    idn2_free (out);
105
106
881
  if ((size & 3) == 0)
107
466
    {
108
466
      uint32_t *u32 = (uint32_t *) malloc (size);
109
466
      size_t u32len;
110
111
466
      assert (u32 != NULL);
112
113
      // internally calls idn2_to_unicode_4z4z(), idn2_to_unicode_8z4z()
114
466
      u32len = size / 4;
115
466
      idn2_to_unicode_44i ((uint32_t *) data, size / 4, u32, &u32len, 0);
116
117
466
      free (u32);
118
466
    }
119
120
881
  free (domain);
121
881
  return 0;
122
881
}