/src/libxml2/fuzz/regexp.c
Line | Count | Source |
1 | | /* |
2 | | * regexp.c: a libFuzzer target to test the regexp module. |
3 | | * |
4 | | * See Copyright for the status of this software. |
5 | | */ |
6 | | |
7 | | #include <libxml/xmlregexp.h> |
8 | | #include "fuzz.h" |
9 | | |
10 | | int |
11 | | LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED, |
12 | 2 | char ***argv ATTRIBUTE_UNUSED) { |
13 | 2 | xmlFuzzMemSetup(); |
14 | 2 | xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc); |
15 | | |
16 | 2 | return 0; |
17 | 2 | } |
18 | | |
19 | | int |
20 | 9.76k | LLVMFuzzerTestOneInput(const char *data, size_t size) { |
21 | 9.76k | xmlRegexpPtr regexp; |
22 | 9.76k | size_t maxAlloc; |
23 | 9.76k | const char *str1; |
24 | | |
25 | 9.76k | if (size > 200) |
26 | 13 | return(0); |
27 | | |
28 | 9.75k | xmlFuzzDataInit(data, size); |
29 | 9.75k | maxAlloc = xmlFuzzReadInt(4) % (size * 8 + 1); |
30 | 9.75k | str1 = xmlFuzzReadString(NULL); |
31 | | |
32 | | /* CUR_SCHAR doesn't handle invalid UTF-8 and may cause infinite loops. */ |
33 | 9.75k | if (xmlCheckUTF8(BAD_CAST str1) != 0) { |
34 | 9.72k | xmlFuzzMemSetLimit(maxAlloc); |
35 | 9.72k | regexp = xmlRegexpCompile(BAD_CAST str1); |
36 | | /* xmlRegexpExec has pathological performance in too many cases. */ |
37 | | #if 0 |
38 | | xmlRegexpExec(regexp, BAD_CAST str2); |
39 | | #endif |
40 | 9.72k | xmlRegFreeRegexp(regexp); |
41 | 9.72k | } |
42 | | |
43 | 9.75k | xmlFuzzMemSetLimit(0); |
44 | 9.75k | xmlFuzzDataCleanup(); |
45 | 9.75k | xmlResetLastError(); |
46 | | |
47 | 9.75k | return 0; |
48 | 9.76k | } |
49 | | |