/src/libyaml_dumper_fuzzer.c
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright 2020 Google LLC |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // http://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include "yaml.h" |
16 | | #include "yaml_write_handler.h" |
17 | | #include <assert.h> |
18 | | #include <stdbool.h> |
19 | | #include <stdint.h> |
20 | | #include <stdio.h> |
21 | | #include <stdlib.h> |
22 | | #include <string.h> |
23 | | |
24 | | #ifdef NDEBUG |
25 | | #undef NDEBUG |
26 | | #endif |
27 | | |
28 | 10.4k | #define MAX_DOCUMENTS 16 |
29 | | |
30 | | bool nodes_equal(yaml_document_t *document1, int index1, |
31 | 9.85M | yaml_document_t *document2, int index2, int level) { |
32 | 9.85M | const bool equal = true; |
33 | | |
34 | 9.85M | if (level++ > 1000) |
35 | 77 | return !equal; |
36 | 9.85M | yaml_node_t *node1 = yaml_document_get_node(document1, index1); |
37 | | |
38 | 9.85M | if (!node1) |
39 | 0 | return !equal; |
40 | | |
41 | 9.85M | yaml_node_t *node2 = yaml_document_get_node(document2, index2); |
42 | | |
43 | 9.85M | if (!node2) |
44 | 0 | return !equal; |
45 | | |
46 | 9.85M | if (node1->type != node2->type) |
47 | 0 | return !equal; |
48 | | |
49 | 9.85M | if (strcmp((char *)node1->tag, (char *)node2->tag) != 0) |
50 | 0 | return !equal; |
51 | | |
52 | 9.85M | switch (node1->type) { |
53 | 6.83M | case YAML_SCALAR_NODE: |
54 | 6.83M | if (node1->data.scalar.length != node2->data.scalar.length) |
55 | 13 | return !equal; |
56 | 6.83M | if (strncmp((char *)node1->data.scalar.value, |
57 | 6.83M | (char *)node2->data.scalar.value, |
58 | 6.83M | node1->data.scalar.length) != 0) |
59 | 19 | return !equal; |
60 | 6.83M | break; |
61 | 6.83M | case YAML_SEQUENCE_NODE: |
62 | 569k | if ((node1->data.sequence.items.top - node1->data.sequence.items.start) != |
63 | 569k | (node2->data.sequence.items.top - node2->data.sequence.items.start)) |
64 | 0 | return !equal; |
65 | 1.63M | for (int k = 0; k < (node1->data.sequence.items.top - |
66 | 1.63M | node1->data.sequence.items.start); |
67 | 1.07M | k++) { |
68 | 1.07M | if (!nodes_equal(document1, node1->data.sequence.items.start[k], |
69 | 1.07M | document2, node2->data.sequence.items.start[k], level)) |
70 | 14.1k | return !equal; |
71 | 1.07M | } |
72 | 555k | break; |
73 | 2.45M | case YAML_MAPPING_NODE: |
74 | 2.45M | if ((node1->data.mapping.pairs.top - node1->data.mapping.pairs.start) != |
75 | 2.45M | (node2->data.mapping.pairs.top - node2->data.mapping.pairs.start)) |
76 | 0 | return !equal; |
77 | 2.45M | for (int k = 0; |
78 | 6.80M | k < (node1->data.mapping.pairs.top - node1->data.mapping.pairs.start); |
79 | 4.41M | k++) { |
80 | 4.41M | if (!nodes_equal(document1, node1->data.mapping.pairs.start[k].key, |
81 | 4.41M | document2, node2->data.mapping.pairs.start[k].key, |
82 | 4.41M | level)) |
83 | 55.0k | return !equal; |
84 | 4.36M | if (!nodes_equal(document1, node1->data.mapping.pairs.start[k].value, |
85 | 4.36M | document2, node2->data.mapping.pairs.start[k].value, |
86 | 4.36M | level)) |
87 | 8.30k | return !equal; |
88 | 4.36M | } |
89 | 2.38M | break; |
90 | 2.38M | default: |
91 | 0 | return !equal; |
92 | 9.85M | } |
93 | 9.78M | return equal; |
94 | 9.85M | } |
95 | | |
96 | 4.24k | bool documents_equal(yaml_document_t *document1, yaml_document_t *document2) { |
97 | | |
98 | 4.24k | const bool equal = true; |
99 | | |
100 | 4.24k | if ((document1->version_directive && !document2->version_directive) || |
101 | 4.24k | (!document1->version_directive && document2->version_directive) || |
102 | 4.24k | (document1->version_directive && document2->version_directive && |
103 | 4.24k | (document1->version_directive->major != |
104 | 119 | document2->version_directive->major || |
105 | 119 | document1->version_directive->minor != |
106 | 119 | document2->version_directive->minor))) |
107 | 0 | return !equal; |
108 | | |
109 | 4.24k | if ((document1->tag_directives.end - document1->tag_directives.start) != |
110 | 4.24k | (document2->tag_directives.end - document2->tag_directives.start)) |
111 | 0 | return !equal; |
112 | 4.24k | for (int k = 0; |
113 | 6.20k | k < (document1->tag_directives.end - document1->tag_directives.start); |
114 | 4.24k | k++) { |
115 | 1.96k | if ((strcmp((char *)document1->tag_directives.start[k].handle, |
116 | 1.96k | (char *)document2->tag_directives.start[k].handle) != 0) || |
117 | 1.96k | (strcmp((char *)document1->tag_directives.start[k].prefix, |
118 | 1.96k | (char *)document2->tag_directives.start[k].prefix) != 0)) |
119 | 0 | return !equal; |
120 | 1.96k | } |
121 | | |
122 | 4.24k | if ((document1->nodes.top - document1->nodes.start) != |
123 | 4.24k | (document2->nodes.top - document2->nodes.start)) |
124 | 2 | return !equal; |
125 | | |
126 | 4.23k | if (document1->nodes.top != document1->nodes.start) { |
127 | 4.23k | if (!nodes_equal(document1, 1, document2, 1, 0)) |
128 | 109 | return !equal; |
129 | 4.23k | } |
130 | | |
131 | 4.12k | return equal; |
132 | 4.23k | } |
133 | | |
134 | | bool copy_document(yaml_document_t *document_to, |
135 | 10.4k | yaml_document_t *document_from) { |
136 | 10.4k | bool error = true; |
137 | | |
138 | 10.4k | yaml_node_t *node; |
139 | 10.4k | yaml_node_item_t *item; |
140 | 10.4k | yaml_node_pair_t *pair; |
141 | | |
142 | 10.4k | if (!yaml_document_initialize(document_to, document_from->version_directive, |
143 | 10.4k | document_from->tag_directives.start, |
144 | 10.4k | document_from->tag_directives.end, |
145 | 10.4k | document_from->start_implicit, |
146 | 10.4k | document_from->end_implicit)) |
147 | 7 | return !error; |
148 | | |
149 | 9.53M | for (node = document_from->nodes.start; node < document_from->nodes.top; |
150 | 9.52M | node++) { |
151 | 9.52M | switch (node->type) { |
152 | 7.15M | case YAML_SCALAR_NODE: |
153 | 7.15M | if (!yaml_document_add_scalar( |
154 | 7.15M | document_to, node->tag, node->data.scalar.value, |
155 | 7.15M | node->data.scalar.length, node->data.scalar.style)) |
156 | 21 | goto out; |
157 | 7.15M | break; |
158 | 7.15M | case YAML_SEQUENCE_NODE: |
159 | 111k | if (!yaml_document_add_sequence(document_to, node->tag, |
160 | 111k | node->data.sequence.style)) |
161 | 1 | goto out; |
162 | 111k | break; |
163 | 2.25M | case YAML_MAPPING_NODE: |
164 | 2.25M | if (!yaml_document_add_mapping(document_to, node->tag, |
165 | 2.25M | node->data.mapping.style)) |
166 | 1 | goto out; |
167 | 2.25M | break; |
168 | 2.25M | default: |
169 | 0 | goto out; |
170 | 9.52M | } |
171 | 9.52M | } |
172 | | |
173 | 9.53M | for (node = document_from->nodes.start; node < document_from->nodes.top; |
174 | 9.52M | node++) { |
175 | 9.52M | switch (node->type) { |
176 | 111k | case YAML_SEQUENCE_NODE: |
177 | 111k | for (item = node->data.sequence.items.start; |
178 | 1.68M | item < node->data.sequence.items.top; item++) { |
179 | 1.56M | if (!yaml_document_append_sequence_item( |
180 | 1.56M | document_to, node - document_from->nodes.start + 1, *item)) |
181 | 0 | goto out; |
182 | 1.56M | } |
183 | 111k | break; |
184 | 2.25M | case YAML_MAPPING_NODE: |
185 | 2.25M | for (pair = node->data.mapping.pairs.start; |
186 | 6.58M | pair < node->data.mapping.pairs.top; pair++) { |
187 | 4.32M | if (!yaml_document_append_mapping_pair( |
188 | 4.32M | document_to, node - document_from->nodes.start + 1, pair->key, |
189 | 4.32M | pair->value)) |
190 | 0 | goto out; |
191 | 4.32M | } |
192 | 2.25M | break; |
193 | 7.15M | default: |
194 | 7.15M | break; |
195 | 9.52M | } |
196 | 9.52M | } |
197 | 10.4k | return error; |
198 | | |
199 | 23 | out: |
200 | 23 | yaml_document_delete(document_to); |
201 | 23 | return !error; |
202 | 10.4k | } |
203 | | |
204 | 11.2k | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
205 | 11.2k | if (size < 2) |
206 | 1 | return 0; |
207 | | |
208 | 11.2k | yaml_parser_t parser; |
209 | 11.2k | yaml_emitter_t emitter; |
210 | | |
211 | 11.2k | yaml_document_t document; |
212 | 11.2k | yaml_document_t documents[MAX_DOCUMENTS]; |
213 | 11.2k | size_t document_number = 0; |
214 | 11.2k | int count = 0; |
215 | 11.2k | bool done = false; |
216 | 11.2k | bool equal = false; |
217 | 11.2k | bool is_canonical = data[0] & 1; |
218 | 11.2k | bool is_unicode = data[1] & 1; |
219 | 11.2k | data += 2; |
220 | 11.2k | size -= 2; |
221 | | |
222 | 11.2k | if (!yaml_parser_initialize(&parser)) |
223 | 0 | return 0; |
224 | | |
225 | 11.2k | yaml_parser_set_input_string(&parser, data, size); |
226 | 11.2k | if (!yaml_emitter_initialize(&emitter)) |
227 | 0 | return 0; |
228 | | |
229 | 11.2k | yaml_emitter_set_canonical(&emitter, is_canonical); |
230 | 11.2k | yaml_emitter_set_unicode(&emitter, is_unicode); |
231 | | |
232 | 11.2k | yaml_output_buffer_t out = {/*buf=*/NULL, /*size=*/0, /*capacity=*/1000}; |
233 | 11.2k | yaml_emitter_set_output(&emitter, yaml_write_handler, &out); |
234 | 11.2k | yaml_emitter_open(&emitter); |
235 | | |
236 | 19.0k | while (!done) { |
237 | 16.6k | if (!yaml_parser_load(&parser, &document)) { |
238 | 3.92k | equal = 1; |
239 | 3.92k | break; |
240 | 3.92k | } |
241 | | |
242 | 12.7k | done = (!yaml_document_get_root_node(&document)); |
243 | 12.7k | if (!done) { |
244 | 10.4k | if (document_number >= MAX_DOCUMENTS) { |
245 | 18 | yaml_document_delete(&document); |
246 | 18 | equal = true; |
247 | 18 | break; |
248 | 18 | } |
249 | | |
250 | 10.4k | if (!copy_document(&documents[document_number++], &document)) { |
251 | 30 | yaml_document_delete(&document); |
252 | 30 | equal = true; |
253 | 30 | break; |
254 | 30 | } |
255 | 10.4k | if (!(yaml_emitter_dump(&emitter, &document) || |
256 | 10.4k | (yaml_emitter_flush(&emitter) && 0))) { |
257 | 4.99k | equal = true; |
258 | 4.99k | break; |
259 | 4.99k | } |
260 | | |
261 | 5.43k | count++; |
262 | 5.43k | } else { |
263 | 2.30k | yaml_document_delete(&document); |
264 | 2.30k | } |
265 | 12.7k | } |
266 | | |
267 | 11.2k | yaml_parser_delete(&parser); |
268 | 11.2k | yaml_emitter_close(&emitter); |
269 | 11.2k | yaml_emitter_delete(&emitter); |
270 | | |
271 | 11.2k | if (!equal) { |
272 | 2.30k | count = 0; |
273 | 2.30k | done = false; |
274 | 2.30k | if (!yaml_parser_initialize(&parser)) |
275 | 0 | goto error; |
276 | | |
277 | 2.30k | if (!out.buf) { |
278 | 179 | yaml_parser_delete(&parser); |
279 | 179 | goto error; |
280 | 179 | } |
281 | | |
282 | 2.12k | yaml_parser_set_input_string(&parser, out.buf, out.size); |
283 | | |
284 | 8.24k | while (!done) { |
285 | 6.25k | if (!yaml_parser_load(&parser, &document)) { |
286 | 21 | yaml_parser_delete(&parser); |
287 | 21 | goto error; |
288 | 21 | } |
289 | | |
290 | 6.23k | done = (!yaml_document_get_root_node(&document)); |
291 | 6.23k | if (!done) { |
292 | 4.24k | if (!documents_equal(documents + count, &document)) { |
293 | 111 | yaml_parser_delete(&parser); |
294 | 111 | yaml_document_delete(&document); |
295 | 111 | goto error; |
296 | 111 | } |
297 | 4.12k | count++; |
298 | 4.12k | } |
299 | 6.12k | yaml_document_delete(&document); |
300 | 6.12k | } |
301 | 1.99k | yaml_parser_delete(&parser); |
302 | 1.99k | } |
303 | | |
304 | | |
305 | 11.2k | error: |
306 | | |
307 | 21.7k | for (int k = 0; k < document_number; k++) { |
308 | 10.4k | yaml_document_delete(documents + k); |
309 | 10.4k | } |
310 | 11.2k | free(out.buf); |
311 | 11.2k | return 0; |
312 | 11.2k | } |