/src/libyaml_dumper_fuzzer.c
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright 2020 Google LLC |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // http://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include "yaml.h" |
16 | | #include "yaml_write_handler.h" |
17 | | #include <assert.h> |
18 | | #include <stdbool.h> |
19 | | #include <stdint.h> |
20 | | #include <stdio.h> |
21 | | #include <stdlib.h> |
22 | | #include <string.h> |
23 | | |
24 | | #ifdef NDEBUG |
25 | | #undef NDEBUG |
26 | | #endif |
27 | | |
28 | 2.58k | #define MAX_DOCUMENTS 16 |
29 | | |
30 | | bool nodes_equal(yaml_document_t *document1, int index1, |
31 | 7.37M | yaml_document_t *document2, int index2, int level) { |
32 | 7.37M | const bool equal = true; |
33 | | |
34 | 7.37M | if (level++ > 1000) |
35 | 2 | return !equal; |
36 | 7.37M | yaml_node_t *node1 = yaml_document_get_node(document1, index1); |
37 | | |
38 | 7.37M | if (!node1) |
39 | 0 | return !equal; |
40 | | |
41 | 7.37M | yaml_node_t *node2 = yaml_document_get_node(document2, index2); |
42 | | |
43 | 7.37M | if (!node2) |
44 | 0 | return !equal; |
45 | | |
46 | 7.37M | if (node1->type != node2->type) |
47 | 0 | return !equal; |
48 | | |
49 | 7.37M | if (strcmp((char *)node1->tag, (char *)node2->tag) != 0) |
50 | 0 | return !equal; |
51 | | |
52 | 7.37M | switch (node1->type) { |
53 | 5.53M | case YAML_SCALAR_NODE: |
54 | 5.53M | if (node1->data.scalar.length != node2->data.scalar.length) |
55 | 12 | return !equal; |
56 | 5.53M | if (strncmp((char *)node1->data.scalar.value, |
57 | 5.53M | (char *)node2->data.scalar.value, |
58 | 5.53M | node1->data.scalar.length) != 0) |
59 | 1 | return !equal; |
60 | 5.53M | break; |
61 | 5.53M | case YAML_SEQUENCE_NODE: |
62 | 84.6k | if ((node1->data.sequence.items.top - node1->data.sequence.items.start) != |
63 | 84.6k | (node2->data.sequence.items.top - node2->data.sequence.items.start)) |
64 | 0 | return !equal; |
65 | 666k | for (int k = 0; k < (node1->data.sequence.items.top - |
66 | 666k | node1->data.sequence.items.start); |
67 | 581k | k++) { |
68 | 581k | if (!nodes_equal(document1, node1->data.sequence.items.start[k], |
69 | 581k | document2, node2->data.sequence.items.start[k], level)) |
70 | 0 | return !equal; |
71 | 581k | } |
72 | 84.6k | break; |
73 | 1.76M | case YAML_MAPPING_NODE: |
74 | 1.76M | if ((node1->data.mapping.pairs.top - node1->data.mapping.pairs.start) != |
75 | 1.76M | (node2->data.mapping.pairs.top - node2->data.mapping.pairs.start)) |
76 | 0 | return !equal; |
77 | 1.76M | for (int k = 0; |
78 | 5.15M | k < (node1->data.mapping.pairs.top - node1->data.mapping.pairs.start); |
79 | 3.39M | k++) { |
80 | 3.39M | if (!nodes_equal(document1, node1->data.mapping.pairs.start[k].key, |
81 | 3.39M | document2, node2->data.mapping.pairs.start[k].key, |
82 | 3.39M | level)) |
83 | 1.50k | return !equal; |
84 | 3.39M | if (!nodes_equal(document1, node1->data.mapping.pairs.start[k].value, |
85 | 3.39M | document2, node2->data.mapping.pairs.start[k].value, |
86 | 3.39M | level)) |
87 | 498 | return !equal; |
88 | 3.39M | } |
89 | 1.75M | break; |
90 | 1.75M | default: |
91 | 0 | return !equal; |
92 | 7.37M | } |
93 | 7.37M | return equal; |
94 | 7.37M | } |
95 | | |
96 | 1.96k | bool documents_equal(yaml_document_t *document1, yaml_document_t *document2) { |
97 | | |
98 | 1.96k | const bool equal = true; |
99 | | |
100 | 1.96k | if ((document1->version_directive && !document2->version_directive) || |
101 | 1.96k | (!document1->version_directive && document2->version_directive) || |
102 | 1.96k | (document1->version_directive && document2->version_directive && |
103 | 1.96k | (document1->version_directive->major != |
104 | 26 | document2->version_directive->major || |
105 | 26 | document1->version_directive->minor != |
106 | 26 | document2->version_directive->minor))) |
107 | 0 | return !equal; |
108 | | |
109 | 1.96k | if ((document1->tag_directives.end - document1->tag_directives.start) != |
110 | 1.96k | (document2->tag_directives.end - document2->tag_directives.start)) |
111 | 0 | return !equal; |
112 | 1.96k | for (int k = 0; |
113 | 3.43k | k < (document1->tag_directives.end - document1->tag_directives.start); |
114 | 1.96k | k++) { |
115 | 1.47k | if ((strcmp((char *)document1->tag_directives.start[k].handle, |
116 | 1.47k | (char *)document2->tag_directives.start[k].handle) != 0) || |
117 | 1.47k | (strcmp((char *)document1->tag_directives.start[k].prefix, |
118 | 1.47k | (char *)document2->tag_directives.start[k].prefix) != 0)) |
119 | 0 | return !equal; |
120 | 1.47k | } |
121 | | |
122 | 1.96k | if ((document1->nodes.top - document1->nodes.start) != |
123 | 1.96k | (document2->nodes.top - document2->nodes.start)) |
124 | 0 | return !equal; |
125 | | |
126 | 1.96k | if (document1->nodes.top != document1->nodes.start) { |
127 | 1.96k | if (!nodes_equal(document1, 1, document2, 1, 0)) |
128 | 15 | return !equal; |
129 | 1.96k | } |
130 | | |
131 | 1.94k | return equal; |
132 | 1.96k | } |
133 | | |
134 | | bool copy_document(yaml_document_t *document_to, |
135 | 2.57k | yaml_document_t *document_from) { |
136 | 2.57k | bool error = true; |
137 | | |
138 | 2.57k | yaml_node_t *node; |
139 | 2.57k | yaml_node_item_t *item; |
140 | 2.57k | yaml_node_pair_t *pair; |
141 | | |
142 | 2.57k | if (!yaml_document_initialize(document_to, document_from->version_directive, |
143 | 2.57k | document_from->tag_directives.start, |
144 | 2.57k | document_from->tag_directives.end, |
145 | 2.57k | document_from->start_implicit, |
146 | 2.57k | document_from->end_implicit)) |
147 | 0 | return !error; |
148 | | |
149 | 8.06M | for (node = document_from->nodes.start; node < document_from->nodes.top; |
150 | 8.06M | node++) { |
151 | 8.06M | switch (node->type) { |
152 | 6.08M | case YAML_SCALAR_NODE: |
153 | 6.08M | if (!yaml_document_add_scalar( |
154 | 6.08M | document_to, node->tag, node->data.scalar.value, |
155 | 6.08M | node->data.scalar.length, node->data.scalar.style)) |
156 | 0 | goto out; |
157 | 6.08M | break; |
158 | 6.08M | case YAML_SEQUENCE_NODE: |
159 | 89.8k | if (!yaml_document_add_sequence(document_to, node->tag, |
160 | 89.8k | node->data.sequence.style)) |
161 | 0 | goto out; |
162 | 89.8k | break; |
163 | 1.88M | case YAML_MAPPING_NODE: |
164 | 1.88M | if (!yaml_document_add_mapping(document_to, node->tag, |
165 | 1.88M | node->data.mapping.style)) |
166 | 0 | goto out; |
167 | 1.88M | break; |
168 | 1.88M | default: |
169 | 0 | goto out; |
170 | 8.06M | } |
171 | 8.06M | } |
172 | | |
173 | 8.06M | for (node = document_from->nodes.start; node < document_from->nodes.top; |
174 | 8.06M | node++) { |
175 | 8.06M | switch (node->type) { |
176 | 89.8k | case YAML_SEQUENCE_NODE: |
177 | 89.8k | for (item = node->data.sequence.items.start; |
178 | 1.62M | item < node->data.sequence.items.top; item++) { |
179 | 1.53M | if (!yaml_document_append_sequence_item( |
180 | 1.53M | document_to, node - document_from->nodes.start + 1, *item)) |
181 | 0 | goto out; |
182 | 1.53M | } |
183 | 89.8k | break; |
184 | 1.88M | case YAML_MAPPING_NODE: |
185 | 1.88M | for (pair = node->data.mapping.pairs.start; |
186 | 5.49M | pair < node->data.mapping.pairs.top; pair++) { |
187 | 3.61M | if (!yaml_document_append_mapping_pair( |
188 | 3.61M | document_to, node - document_from->nodes.start + 1, pair->key, |
189 | 3.61M | pair->value)) |
190 | 0 | goto out; |
191 | 3.61M | } |
192 | 1.88M | break; |
193 | 6.08M | default: |
194 | 6.08M | break; |
195 | 8.06M | } |
196 | 8.06M | } |
197 | 2.57k | return error; |
198 | | |
199 | 0 | out: |
200 | 0 | yaml_document_delete(document_to); |
201 | 0 | return !error; |
202 | 2.57k | } |
203 | | |
204 | 1.51k | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
205 | 1.51k | if (size < 2) |
206 | 0 | return 0; |
207 | | |
208 | 1.51k | yaml_parser_t parser; |
209 | 1.51k | yaml_emitter_t emitter; |
210 | | |
211 | 1.51k | yaml_document_t document; |
212 | 1.51k | yaml_document_t documents[MAX_DOCUMENTS]; |
213 | 1.51k | size_t document_number = 0; |
214 | 1.51k | int count = 0; |
215 | 1.51k | bool done = false; |
216 | 1.51k | bool equal = false; |
217 | 1.51k | bool is_canonical = data[0] & 1; |
218 | 1.51k | bool is_unicode = data[1] & 1; |
219 | 1.51k | data += 2; |
220 | 1.51k | size -= 2; |
221 | | |
222 | 1.51k | if (!yaml_parser_initialize(&parser)) |
223 | 0 | return 0; |
224 | | |
225 | 1.51k | yaml_parser_set_input_string(&parser, data, size); |
226 | 1.51k | if (!yaml_emitter_initialize(&emitter)) |
227 | 0 | return 0; |
228 | | |
229 | 1.51k | yaml_emitter_set_canonical(&emitter, is_canonical); |
230 | 1.51k | yaml_emitter_set_unicode(&emitter, is_unicode); |
231 | | |
232 | 1.51k | yaml_output_buffer_t out = {/*buf=*/NULL, /*size=*/0, /*capacity=*/1000}; |
233 | 1.51k | yaml_emitter_set_output(&emitter, yaml_write_handler, &out); |
234 | 1.51k | yaml_emitter_open(&emitter); |
235 | | |
236 | 4.87k | while (!done) { |
237 | 3.93k | if (!yaml_parser_load(&parser, &document)) { |
238 | 411 | equal = 1; |
239 | 411 | break; |
240 | 411 | } |
241 | | |
242 | 3.52k | done = (!yaml_document_get_root_node(&document)); |
243 | 3.52k | if (!done) { |
244 | 2.58k | if (document_number >= MAX_DOCUMENTS) { |
245 | 1 | yaml_document_delete(&document); |
246 | 1 | equal = true; |
247 | 1 | break; |
248 | 1 | } |
249 | | |
250 | 2.57k | if (!copy_document(&documents[document_number++], &document)) { |
251 | 0 | yaml_document_delete(&document); |
252 | 0 | equal = true; |
253 | 0 | break; |
254 | 0 | } |
255 | 2.57k | if (!(yaml_emitter_dump(&emitter, &document) || |
256 | 2.57k | (yaml_emitter_flush(&emitter) && 0))) { |
257 | 160 | equal = true; |
258 | 160 | break; |
259 | 160 | } |
260 | | |
261 | 2.41k | count++; |
262 | 2.41k | } else { |
263 | 941 | yaml_document_delete(&document); |
264 | 941 | } |
265 | 3.52k | } |
266 | | |
267 | 1.51k | yaml_parser_delete(&parser); |
268 | 1.51k | yaml_emitter_close(&emitter); |
269 | 1.51k | yaml_emitter_delete(&emitter); |
270 | | |
271 | 1.51k | if (!equal) { |
272 | 941 | count = 0; |
273 | 941 | done = false; |
274 | 941 | if (!yaml_parser_initialize(&parser)) |
275 | 0 | goto error; |
276 | | |
277 | 941 | if (!out.buf) { |
278 | 2 | yaml_parser_delete(&parser); |
279 | 2 | goto error; |
280 | 2 | } |
281 | | |
282 | 939 | yaml_parser_set_input_string(&parser, out.buf, out.size); |
283 | | |
284 | 3.80k | while (!done) { |
285 | 2.88k | if (!yaml_parser_load(&parser, &document)) { |
286 | 12 | yaml_parser_delete(&parser); |
287 | 12 | goto error; |
288 | 12 | } |
289 | | |
290 | 2.87k | done = (!yaml_document_get_root_node(&document)); |
291 | 2.87k | if (!done) { |
292 | 1.96k | if (!documents_equal(documents + count, &document)) { |
293 | 15 | yaml_parser_delete(&parser); |
294 | 15 | yaml_document_delete(&document); |
295 | 15 | goto error; |
296 | 15 | } |
297 | 1.94k | count++; |
298 | 1.94k | } |
299 | 2.86k | yaml_document_delete(&document); |
300 | 2.86k | } |
301 | 912 | yaml_parser_delete(&parser); |
302 | 912 | } |
303 | | |
304 | | |
305 | 1.51k | error: |
306 | | |
307 | 4.09k | for (int k = 0; k < document_number; k++) { |
308 | 2.57k | yaml_document_delete(documents + k); |
309 | 2.57k | } |
310 | 1.51k | free(out.buf); |
311 | 1.51k | return 0; |
312 | 1.51k | } |