/src/libyaml_dumper_fuzzer.c
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright 2020 Google LLC |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // http://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include "yaml.h" |
16 | | #include "yaml_write_handler.h" |
17 | | #include <assert.h> |
18 | | #include <stdbool.h> |
19 | | #include <stdint.h> |
20 | | #include <stdio.h> |
21 | | #include <stdlib.h> |
22 | | #include <string.h> |
23 | | |
24 | | #ifdef NDEBUG |
25 | | #undef NDEBUG |
26 | | #endif |
27 | | |
28 | 8.53k | #define MAX_DOCUMENTS 16 |
29 | | |
30 | | bool nodes_equal(yaml_document_t *document1, int index1, |
31 | 12.2M | yaml_document_t *document2, int index2, int level) { |
32 | 12.2M | const bool equal = true; |
33 | | |
34 | 12.2M | if (level++ > 1000) |
35 | 92 | return !equal; |
36 | 12.2M | yaml_node_t *node1 = yaml_document_get_node(document1, index1); |
37 | | |
38 | 12.2M | if (!node1) |
39 | 0 | return !equal; |
40 | | |
41 | 12.2M | yaml_node_t *node2 = yaml_document_get_node(document2, index2); |
42 | | |
43 | 12.2M | if (!node2) |
44 | 0 | return !equal; |
45 | | |
46 | 12.2M | if (node1->type != node2->type) |
47 | 0 | return !equal; |
48 | | |
49 | 12.2M | if (strcmp((char *)node1->tag, (char *)node2->tag) != 0) |
50 | 0 | return !equal; |
51 | | |
52 | 12.2M | switch (node1->type) { |
53 | 7.47M | case YAML_SCALAR_NODE: |
54 | 7.47M | if (node1->data.scalar.length != node2->data.scalar.length) |
55 | 1 | return !equal; |
56 | 7.47M | if (strncmp((char *)node1->data.scalar.value, |
57 | 7.47M | (char *)node2->data.scalar.value, |
58 | 7.47M | node1->data.scalar.length) != 0) |
59 | 19 | return !equal; |
60 | 7.47M | break; |
61 | 7.47M | case YAML_SEQUENCE_NODE: |
62 | 587k | if ((node1->data.sequence.items.top - node1->data.sequence.items.start) != |
63 | 587k | (node2->data.sequence.items.top - node2->data.sequence.items.start)) |
64 | 0 | return !equal; |
65 | 1.89M | for (int k = 0; k < (node1->data.sequence.items.top - |
66 | 1.89M | node1->data.sequence.items.start); |
67 | 1.32M | k++) { |
68 | 1.32M | if (!nodes_equal(document1, node1->data.sequence.items.start[k], |
69 | 1.32M | document2, node2->data.sequence.items.start[k], level)) |
70 | 16.6k | return !equal; |
71 | 1.32M | } |
72 | 571k | break; |
73 | 4.23M | case YAML_MAPPING_NODE: |
74 | 4.23M | if ((node1->data.mapping.pairs.top - node1->data.mapping.pairs.start) != |
75 | 4.23M | (node2->data.mapping.pairs.top - node2->data.mapping.pairs.start)) |
76 | 0 | return !equal; |
77 | 4.23M | for (int k = 0; |
78 | 9.67M | k < (node1->data.mapping.pairs.top - node1->data.mapping.pairs.start); |
79 | 5.51M | k++) { |
80 | 5.51M | if (!nodes_equal(document1, node1->data.mapping.pairs.start[k].key, |
81 | 5.51M | document2, node2->data.mapping.pairs.start[k].key, |
82 | 5.51M | level)) |
83 | 67.8k | return !equal; |
84 | 5.44M | if (!nodes_equal(document1, node1->data.mapping.pairs.start[k].value, |
85 | 5.44M | document2, node2->data.mapping.pairs.start[k].value, |
86 | 5.44M | level)) |
87 | 8.28k | return !equal; |
88 | 5.44M | } |
89 | 4.15M | break; |
90 | 4.15M | default: |
91 | 0 | return !equal; |
92 | 12.2M | } |
93 | 12.2M | return equal; |
94 | 12.2M | } |
95 | | |
96 | 2.92k | bool documents_equal(yaml_document_t *document1, yaml_document_t *document2) { |
97 | | |
98 | 2.92k | const bool equal = true; |
99 | | |
100 | 2.92k | if ((document1->version_directive && !document2->version_directive) || |
101 | 2.92k | (!document1->version_directive && document2->version_directive) || |
102 | 2.92k | (document1->version_directive && document2->version_directive && |
103 | 2.92k | (document1->version_directive->major != |
104 | 107 | document2->version_directive->major || |
105 | 107 | document1->version_directive->minor != |
106 | 107 | document2->version_directive->minor))) |
107 | 0 | return !equal; |
108 | | |
109 | 2.92k | if ((document1->tag_directives.end - document1->tag_directives.start) != |
110 | 2.92k | (document2->tag_directives.end - document2->tag_directives.start)) |
111 | 0 | return !equal; |
112 | 2.92k | for (int k = 0; |
113 | 4.03k | k < (document1->tag_directives.end - document1->tag_directives.start); |
114 | 2.92k | k++) { |
115 | 1.11k | if ((strcmp((char *)document1->tag_directives.start[k].handle, |
116 | 1.11k | (char *)document2->tag_directives.start[k].handle) != 0) || |
117 | 1.11k | (strcmp((char *)document1->tag_directives.start[k].prefix, |
118 | 1.11k | (char *)document2->tag_directives.start[k].prefix) != 0)) |
119 | 0 | return !equal; |
120 | 1.11k | } |
121 | | |
122 | 2.92k | if ((document1->nodes.top - document1->nodes.start) != |
123 | 2.92k | (document2->nodes.top - document2->nodes.start)) |
124 | 1 | return !equal; |
125 | | |
126 | 2.91k | if (document1->nodes.top != document1->nodes.start) { |
127 | 2.91k | if (!nodes_equal(document1, 1, document2, 1, 0)) |
128 | 112 | return !equal; |
129 | 2.91k | } |
130 | | |
131 | 2.80k | return equal; |
132 | 2.91k | } |
133 | | |
134 | | bool copy_document(yaml_document_t *document_to, |
135 | 8.51k | yaml_document_t *document_from) { |
136 | 8.51k | bool error = true; |
137 | | |
138 | 8.51k | yaml_node_t *node; |
139 | 8.51k | yaml_node_item_t *item; |
140 | 8.51k | yaml_node_pair_t *pair; |
141 | | |
142 | 8.51k | if (!yaml_document_initialize(document_to, document_from->version_directive, |
143 | 8.51k | document_from->tag_directives.start, |
144 | 8.51k | document_from->tag_directives.end, |
145 | 8.51k | document_from->start_implicit, |
146 | 8.51k | document_from->end_implicit)) |
147 | 7 | return !error; |
148 | | |
149 | 9.27M | for (node = document_from->nodes.start; node < document_from->nodes.top; |
150 | 9.26M | node++) { |
151 | 9.26M | switch (node->type) { |
152 | 6.32M | case YAML_SCALAR_NODE: |
153 | 6.32M | if (!yaml_document_add_scalar( |
154 | 6.32M | document_to, node->tag, node->data.scalar.value, |
155 | 6.32M | node->data.scalar.length, node->data.scalar.style)) |
156 | 15 | goto out; |
157 | 6.32M | break; |
158 | 6.32M | case YAML_SEQUENCE_NODE: |
159 | 90.4k | if (!yaml_document_add_sequence(document_to, node->tag, |
160 | 90.4k | node->data.sequence.style)) |
161 | 1 | goto out; |
162 | 90.4k | break; |
163 | 2.85M | case YAML_MAPPING_NODE: |
164 | 2.85M | if (!yaml_document_add_mapping(document_to, node->tag, |
165 | 2.85M | node->data.mapping.style)) |
166 | 1 | goto out; |
167 | 2.85M | break; |
168 | 2.85M | default: |
169 | 0 | goto out; |
170 | 9.26M | } |
171 | 9.26M | } |
172 | | |
173 | 9.27M | for (node = document_from->nodes.start; node < document_from->nodes.top; |
174 | 9.26M | node++) { |
175 | 9.26M | switch (node->type) { |
176 | 90.4k | case YAML_SEQUENCE_NODE: |
177 | 90.4k | for (item = node->data.sequence.items.start; |
178 | 1.62M | item < node->data.sequence.items.top; item++) { |
179 | 1.53M | if (!yaml_document_append_sequence_item( |
180 | 1.53M | document_to, node - document_from->nodes.start + 1, *item)) |
181 | 0 | goto out; |
182 | 1.53M | } |
183 | 90.4k | break; |
184 | 2.85M | case YAML_MAPPING_NODE: |
185 | 2.85M | for (pair = node->data.mapping.pairs.start; |
186 | 6.96M | pair < node->data.mapping.pairs.top; pair++) { |
187 | 4.11M | if (!yaml_document_append_mapping_pair( |
188 | 4.11M | document_to, node - document_from->nodes.start + 1, pair->key, |
189 | 4.11M | pair->value)) |
190 | 0 | goto out; |
191 | 4.11M | } |
192 | 2.85M | break; |
193 | 6.32M | default: |
194 | 6.32M | break; |
195 | 9.26M | } |
196 | 9.26M | } |
197 | 8.49k | return error; |
198 | | |
199 | 17 | out: |
200 | 17 | yaml_document_delete(document_to); |
201 | 17 | return !error; |
202 | 8.49k | } |
203 | | |
204 | 10.1k | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
205 | 10.1k | if (size < 2) |
206 | 1 | return 0; |
207 | | |
208 | 10.1k | yaml_parser_t parser; |
209 | 10.1k | yaml_emitter_t emitter; |
210 | | |
211 | 10.1k | yaml_document_t document; |
212 | 10.1k | yaml_document_t documents[MAX_DOCUMENTS]; |
213 | 10.1k | size_t document_number = 0; |
214 | 10.1k | int count = 0; |
215 | 10.1k | bool done = false; |
216 | 10.1k | bool equal = false; |
217 | 10.1k | bool is_canonical = data[0] & 1; |
218 | 10.1k | bool is_unicode = data[1] & 1; |
219 | 10.1k | data += 2; |
220 | 10.1k | size -= 2; |
221 | | |
222 | 10.1k | if (!yaml_parser_initialize(&parser)) |
223 | 0 | return 0; |
224 | | |
225 | 10.1k | yaml_parser_set_input_string(&parser, data, size); |
226 | 10.1k | if (!yaml_emitter_initialize(&emitter)) |
227 | 0 | return 0; |
228 | | |
229 | 10.1k | yaml_emitter_set_canonical(&emitter, is_canonical); |
230 | 10.1k | yaml_emitter_set_unicode(&emitter, is_unicode); |
231 | | |
232 | 10.1k | yaml_output_buffer_t out = {/*buf=*/NULL, /*size=*/0, /*capacity=*/1000}; |
233 | 10.1k | yaml_emitter_set_output(&emitter, yaml_write_handler, &out); |
234 | 10.1k | yaml_emitter_open(&emitter); |
235 | | |
236 | 15.8k | while (!done) { |
237 | 14.0k | if (!yaml_parser_load(&parser, &document)) { |
238 | 3.61k | equal = 1; |
239 | 3.61k | break; |
240 | 3.61k | } |
241 | | |
242 | 10.3k | done = (!yaml_document_get_root_node(&document)); |
243 | 10.3k | if (!done) { |
244 | 8.53k | if (document_number >= MAX_DOCUMENTS) { |
245 | 22 | yaml_document_delete(&document); |
246 | 22 | equal = true; |
247 | 22 | break; |
248 | 22 | } |
249 | | |
250 | 8.51k | if (!copy_document(&documents[document_number++], &document)) { |
251 | 24 | yaml_document_delete(&document); |
252 | 24 | equal = true; |
253 | 24 | break; |
254 | 24 | } |
255 | 8.49k | if (!(yaml_emitter_dump(&emitter, &document) || |
256 | 8.49k | (yaml_emitter_flush(&emitter) && 0))) { |
257 | 4.65k | equal = true; |
258 | 4.65k | break; |
259 | 4.65k | } |
260 | | |
261 | 3.83k | count++; |
262 | 3.83k | } else { |
263 | 1.86k | yaml_document_delete(&document); |
264 | 1.86k | } |
265 | 10.3k | } |
266 | | |
267 | 10.1k | yaml_parser_delete(&parser); |
268 | 10.1k | yaml_emitter_close(&emitter); |
269 | 10.1k | yaml_emitter_delete(&emitter); |
270 | | |
271 | 10.1k | if (!equal) { |
272 | 1.86k | count = 0; |
273 | 1.86k | done = false; |
274 | 1.86k | if (!yaml_parser_initialize(&parser)) |
275 | 0 | goto error; |
276 | | |
277 | 1.86k | if (!out.buf) { |
278 | 168 | yaml_parser_delete(&parser); |
279 | 168 | goto error; |
280 | 168 | } |
281 | | |
282 | 1.69k | yaml_parser_set_input_string(&parser, out.buf, out.size); |
283 | | |
284 | 6.06k | while (!done) { |
285 | 4.49k | if (!yaml_parser_load(&parser, &document)) { |
286 | 10 | yaml_parser_delete(&parser); |
287 | 10 | goto error; |
288 | 10 | } |
289 | | |
290 | 4.48k | done = (!yaml_document_get_root_node(&document)); |
291 | 4.48k | if (!done) { |
292 | 2.92k | if (!documents_equal(documents + count, &document)) { |
293 | 113 | yaml_parser_delete(&parser); |
294 | 113 | yaml_document_delete(&document); |
295 | 113 | goto error; |
296 | 113 | } |
297 | 2.80k | count++; |
298 | 2.80k | } |
299 | 4.37k | yaml_document_delete(&document); |
300 | 4.37k | } |
301 | 1.56k | yaml_parser_delete(&parser); |
302 | 1.56k | } |
303 | | |
304 | | |
305 | 10.1k | error: |
306 | | |
307 | 18.6k | for (int k = 0; k < document_number; k++) { |
308 | 8.51k | yaml_document_delete(documents + k); |
309 | 8.51k | } |
310 | 10.1k | free(out.buf); |
311 | 10.1k | return 0; |
312 | 10.1k | } |