/src/libyaml_dumper_fuzzer.c
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright 2020 Google LLC |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // http://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include "yaml.h" |
16 | | #include "yaml_write_handler.h" |
17 | | #include <assert.h> |
18 | | #include <stdbool.h> |
19 | | #include <stdint.h> |
20 | | #include <stdio.h> |
21 | | #include <stdlib.h> |
22 | | #include <string.h> |
23 | | |
24 | | #ifdef NDEBUG |
25 | | #undef NDEBUG |
26 | | #endif |
27 | | |
28 | 6.10k | #define MAX_DOCUMENTS 16 |
29 | | |
30 | | bool nodes_equal(yaml_document_t *document1, int index1, |
31 | 0 | yaml_document_t *document2, int index2, int level) { |
32 | 0 | const bool equal = true; |
33 | |
|
34 | 0 | if (level++ > 1000) |
35 | 0 | return !equal; |
36 | 0 | yaml_node_t *node1 = yaml_document_get_node(document1, index1); |
37 | |
|
38 | 0 | if (!node1) |
39 | 0 | return !equal; |
40 | | |
41 | 0 | yaml_node_t *node2 = yaml_document_get_node(document2, index2); |
42 | |
|
43 | 0 | if (!node2) |
44 | 0 | return !equal; |
45 | | |
46 | 0 | if (node1->type != node2->type) |
47 | 0 | return !equal; |
48 | | |
49 | 0 | if (strcmp((char *)node1->tag, (char *)node2->tag) != 0) |
50 | 0 | return !equal; |
51 | | |
52 | 0 | switch (node1->type) { |
53 | 0 | case YAML_SCALAR_NODE: |
54 | 0 | if (node1->data.scalar.length != node2->data.scalar.length) |
55 | 0 | return !equal; |
56 | 0 | if (strncmp((char *)node1->data.scalar.value, |
57 | 0 | (char *)node2->data.scalar.value, |
58 | 0 | node1->data.scalar.length) != 0) |
59 | 0 | return !equal; |
60 | 0 | break; |
61 | 0 | case YAML_SEQUENCE_NODE: |
62 | 0 | if ((node1->data.sequence.items.top - node1->data.sequence.items.start) != |
63 | 0 | (node2->data.sequence.items.top - node2->data.sequence.items.start)) |
64 | 0 | return !equal; |
65 | 0 | for (int k = 0; k < (node1->data.sequence.items.top - |
66 | 0 | node1->data.sequence.items.start); |
67 | 0 | k++) { |
68 | 0 | if (!nodes_equal(document1, node1->data.sequence.items.start[k], |
69 | 0 | document2, node2->data.sequence.items.start[k], level)) |
70 | 0 | return !equal; |
71 | 0 | } |
72 | 0 | break; |
73 | 0 | case YAML_MAPPING_NODE: |
74 | 0 | if ((node1->data.mapping.pairs.top - node1->data.mapping.pairs.start) != |
75 | 0 | (node2->data.mapping.pairs.top - node2->data.mapping.pairs.start)) |
76 | 0 | return !equal; |
77 | 0 | for (int k = 0; |
78 | 0 | k < (node1->data.mapping.pairs.top - node1->data.mapping.pairs.start); |
79 | 0 | k++) { |
80 | 0 | if (!nodes_equal(document1, node1->data.mapping.pairs.start[k].key, |
81 | 0 | document2, node2->data.mapping.pairs.start[k].key, |
82 | 0 | level)) |
83 | 0 | return !equal; |
84 | 0 | if (!nodes_equal(document1, node1->data.mapping.pairs.start[k].value, |
85 | 0 | document2, node2->data.mapping.pairs.start[k].value, |
86 | 0 | level)) |
87 | 0 | return !equal; |
88 | 0 | } |
89 | 0 | break; |
90 | 0 | default: |
91 | 0 | return !equal; |
92 | 0 | } |
93 | 0 | return equal; |
94 | 0 | } |
95 | | |
96 | 0 | bool documents_equal(yaml_document_t *document1, yaml_document_t *document2) { |
97 | |
|
98 | 0 | const bool equal = true; |
99 | |
|
100 | 0 | if ((document1->version_directive && !document2->version_directive) || |
101 | 0 | (!document1->version_directive && document2->version_directive) || |
102 | 0 | (document1->version_directive && document2->version_directive && |
103 | 0 | (document1->version_directive->major != |
104 | 0 | document2->version_directive->major || |
105 | 0 | document1->version_directive->minor != |
106 | 0 | document2->version_directive->minor))) |
107 | 0 | return !equal; |
108 | | |
109 | 0 | if ((document1->tag_directives.end - document1->tag_directives.start) != |
110 | 0 | (document2->tag_directives.end - document2->tag_directives.start)) |
111 | 0 | return !equal; |
112 | 0 | for (int k = 0; |
113 | 0 | k < (document1->tag_directives.end - document1->tag_directives.start); |
114 | 0 | k++) { |
115 | 0 | if ((strcmp((char *)document1->tag_directives.start[k].handle, |
116 | 0 | (char *)document2->tag_directives.start[k].handle) != 0) || |
117 | 0 | (strcmp((char *)document1->tag_directives.start[k].prefix, |
118 | 0 | (char *)document2->tag_directives.start[k].prefix) != 0)) |
119 | 0 | return !equal; |
120 | 0 | } |
121 | | |
122 | 0 | if ((document1->nodes.top - document1->nodes.start) != |
123 | 0 | (document2->nodes.top - document2->nodes.start)) |
124 | 0 | return !equal; |
125 | | |
126 | 0 | if (document1->nodes.top != document1->nodes.start) { |
127 | 0 | if (!nodes_equal(document1, 1, document2, 1, 0)) |
128 | 0 | return !equal; |
129 | 0 | } |
130 | | |
131 | 0 | return equal; |
132 | 0 | } |
133 | | |
134 | | bool copy_document(yaml_document_t *document_to, |
135 | 6.10k | yaml_document_t *document_from) { |
136 | 6.10k | bool error = true; |
137 | | |
138 | 6.10k | yaml_node_t *node; |
139 | 6.10k | yaml_node_item_t *item; |
140 | 6.10k | yaml_node_pair_t *pair; |
141 | | |
142 | 6.10k | if (!yaml_document_initialize(document_to, document_from->version_directive, |
143 | 6.10k | document_from->tag_directives.start, |
144 | 6.10k | document_from->tag_directives.end, |
145 | 6.10k | document_from->start_implicit, |
146 | 6.10k | document_from->end_implicit)) |
147 | 7 | return !error; |
148 | | |
149 | 9.32M | for (node = document_from->nodes.start; node < document_from->nodes.top; |
150 | 9.32M | node++) { |
151 | 9.32M | switch (node->type) { |
152 | 5.76M | case YAML_SCALAR_NODE: |
153 | 5.76M | if (!yaml_document_add_scalar( |
154 | 5.76M | document_to, node->tag, node->data.scalar.value, |
155 | 5.76M | node->data.scalar.length, node->data.scalar.style)) |
156 | 24 | goto out; |
157 | 5.76M | break; |
158 | 5.76M | case YAML_SEQUENCE_NODE: |
159 | 1.20M | if (!yaml_document_add_sequence(document_to, node->tag, |
160 | 1.20M | node->data.sequence.style)) |
161 | 1 | goto out; |
162 | 1.20M | break; |
163 | 2.35M | case YAML_MAPPING_NODE: |
164 | 2.35M | if (!yaml_document_add_mapping(document_to, node->tag, |
165 | 2.35M | node->data.mapping.style)) |
166 | 1 | goto out; |
167 | 2.35M | break; |
168 | 2.35M | default: |
169 | 0 | goto out; |
170 | 9.32M | } |
171 | 9.32M | } |
172 | | |
173 | 9.32M | for (node = document_from->nodes.start; node < document_from->nodes.top; |
174 | 9.32M | node++) { |
175 | 9.32M | switch (node->type) { |
176 | 1.20M | case YAML_SEQUENCE_NODE: |
177 | 1.20M | for (item = node->data.sequence.items.start; |
178 | 3.55M | item < node->data.sequence.items.top; item++) { |
179 | 2.35M | if (!yaml_document_append_sequence_item( |
180 | 2.35M | document_to, node - document_from->nodes.start + 1, *item)) |
181 | 0 | goto out; |
182 | 2.35M | } |
183 | 1.20M | break; |
184 | 2.35M | case YAML_MAPPING_NODE: |
185 | 2.35M | for (pair = node->data.mapping.pairs.start; |
186 | 5.90M | pair < node->data.mapping.pairs.top; pair++) { |
187 | 3.54M | if (!yaml_document_append_mapping_pair( |
188 | 3.54M | document_to, node - document_from->nodes.start + 1, pair->key, |
189 | 3.54M | pair->value)) |
190 | 0 | goto out; |
191 | 3.54M | } |
192 | 2.35M | break; |
193 | 5.76M | default: |
194 | 5.76M | break; |
195 | 9.32M | } |
196 | 9.32M | } |
197 | 6.07k | return error; |
198 | | |
199 | 26 | out: |
200 | 26 | yaml_document_delete(document_to); |
201 | 26 | return !error; |
202 | 6.07k | } |
203 | | |
204 | 10.2k | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
205 | 10.2k | if (size < 2) |
206 | 1 | return 0; |
207 | | |
208 | 10.2k | yaml_parser_t parser; |
209 | 10.2k | yaml_emitter_t emitter; |
210 | | |
211 | 10.2k | yaml_document_t document; |
212 | 10.2k | yaml_document_t documents[MAX_DOCUMENTS]; |
213 | 10.2k | size_t document_number = 0; |
214 | 10.2k | int count = 0; |
215 | 10.2k | bool done = false; |
216 | 10.2k | bool equal = false; |
217 | 10.2k | bool is_canonical = data[0] & 1; |
218 | 10.2k | bool is_unicode = data[1] & 1; |
219 | 10.2k | data += 2; |
220 | 10.2k | size -= 2; |
221 | | |
222 | 10.2k | if (!yaml_parser_initialize(&parser)) |
223 | 0 | return 0; |
224 | | |
225 | 10.2k | yaml_parser_set_input_string(&parser, data, size); |
226 | 10.2k | if (!yaml_emitter_initialize(&emitter)) |
227 | 0 | return 0; |
228 | | |
229 | 10.2k | yaml_emitter_set_canonical(&emitter, is_canonical); |
230 | 10.2k | yaml_emitter_set_unicode(&emitter, is_unicode); |
231 | | |
232 | 10.2k | yaml_output_buffer_t out = {/*buf=*/NULL, /*size=*/0}; |
233 | 10.2k | yaml_emitter_set_output(&emitter, yaml_write_handler, &out); |
234 | 10.2k | yaml_emitter_open(&emitter); |
235 | | |
236 | 10.4k | while (!done) { |
237 | 10.2k | if (!yaml_parser_load(&parser, &document)) { |
238 | 3.96k | equal = 1; |
239 | 3.96k | break; |
240 | 3.96k | } |
241 | | |
242 | 6.29k | done = (!yaml_document_get_root_node(&document)); |
243 | 6.29k | if (!done) { |
244 | 6.10k | if (document_number >= MAX_DOCUMENTS) { |
245 | 0 | yaml_document_delete(&document); |
246 | 0 | equal = true; |
247 | 0 | break; |
248 | 0 | } |
249 | | |
250 | 6.10k | if (!copy_document(&documents[document_number++], &document)) { |
251 | 33 | yaml_document_delete(&document); |
252 | 33 | equal = true; |
253 | 33 | break; |
254 | 33 | } |
255 | 6.07k | if (!(yaml_emitter_dump(&emitter, &document) || |
256 | 6.07k | (yaml_emitter_flush(&emitter) && 0))) { |
257 | 6.07k | equal = true; |
258 | 6.07k | break; |
259 | 6.07k | } |
260 | | |
261 | 0 | count++; |
262 | 184 | } else { |
263 | 184 | yaml_document_delete(&document); |
264 | 184 | } |
265 | 6.29k | } |
266 | | |
267 | 10.2k | yaml_parser_delete(&parser); |
268 | 10.2k | yaml_emitter_close(&emitter); |
269 | 10.2k | yaml_emitter_delete(&emitter); |
270 | | |
271 | 10.2k | if (!equal) { |
272 | 184 | count = 0; |
273 | 184 | done = false; |
274 | 184 | if (!yaml_parser_initialize(&parser)) |
275 | 0 | goto error; |
276 | | |
277 | 184 | if (!out.buf) { |
278 | 184 | yaml_parser_delete(&parser); |
279 | 184 | goto error; |
280 | 184 | } |
281 | | |
282 | 0 | yaml_parser_set_input_string(&parser, out.buf, out.size); |
283 | |
|
284 | 0 | while (!done) { |
285 | 0 | if (!yaml_parser_load(&parser, &document)) { |
286 | 0 | yaml_parser_delete(&parser); |
287 | 0 | goto error; |
288 | 0 | } |
289 | | |
290 | 0 | done = (!yaml_document_get_root_node(&document)); |
291 | 0 | if (!done) { |
292 | 0 | if (!documents_equal(documents + count, &document)) { |
293 | 0 | yaml_parser_delete(&parser); |
294 | 0 | goto error; |
295 | 0 | } |
296 | 0 | count++; |
297 | 0 | } |
298 | 0 | yaml_document_delete(&document); |
299 | 0 | } |
300 | 0 | yaml_parser_delete(&parser); |
301 | 0 | } |
302 | | |
303 | 16.1k | for (int k = 0; k < document_number; k++) { |
304 | 6.10k | yaml_document_delete(documents + k); |
305 | 6.10k | } |
306 | | |
307 | 10.2k | error: |
308 | | |
309 | 10.2k | free(out.buf); |
310 | 10.2k | return 0; |
311 | 10.0k | } |