/src/pjsip/tests/fuzz/fuzz-xml.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2023 Teluu Inc. (http://www.teluu.com) |
3 | | * |
4 | | * This program is free software; you can redistribute it and/or modify |
5 | | * it under the terms of the GNU General Public License as published by |
6 | | * the Free Software Foundation; either version 2 of the License, or |
7 | | * (at your option) any later version. |
8 | | * |
9 | | * This program is distributed in the hope that it will be useful, |
10 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
11 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
12 | | * GNU General Public License for more details. |
13 | | * |
14 | | * You should have received a copy of the GNU General Public License |
15 | | * along with this program; if not, write to the Free Software |
16 | | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
17 | | */ |
18 | | #include <stdio.h> |
19 | | #include <stdint.h> |
20 | | #include <stdlib.h> |
21 | | |
22 | | #include <pjlib.h> |
23 | | #include <pjlib-util.h> |
24 | | |
25 | 2.51k | #define kMinInputLength 10 |
26 | 1.24k | #define kMaxInputLength 5120 |
27 | | |
28 | | pj_pool_factory *mem; |
29 | | |
30 | 1.23k | int XML_parse(uint8_t *data, size_t Size) { |
31 | | |
32 | 1.23k | pj_pool_t *pool; |
33 | 1.23k | pj_xml_node *root; |
34 | | |
35 | 1.23k | char *output; |
36 | 1.23k | size_t output_size; |
37 | | |
38 | 1.23k | pool = pj_pool_create(mem, "xml", 4096, 1024, NULL); |
39 | 1.23k | root = pj_xml_parse(pool, (char *)data, Size); |
40 | 1.23k | if (!root) { |
41 | 792 | goto on_error; |
42 | 792 | } |
43 | | |
44 | 438 | output = (char*)pj_pool_zalloc(pool, Size + 512); |
45 | 438 | output_size = pj_xml_print(root, output, Size + 512, PJ_TRUE); |
46 | 438 | if (output_size < 1) { |
47 | 0 | goto on_error; |
48 | 0 | } |
49 | | |
50 | 438 | pj_pool_release(pool); |
51 | 438 | return 0; |
52 | | |
53 | 792 | on_error: |
54 | 792 | pj_pool_release(pool); |
55 | 792 | return 1; |
56 | 438 | } |
57 | | |
58 | | extern int |
59 | | LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) |
60 | 1.25k | { |
61 | | |
62 | 1.25k | if (Size < kMinInputLength || Size > kMaxInputLength) { |
63 | 25 | return 1; |
64 | 25 | } |
65 | | |
66 | 1.23k | int ret = 0; |
67 | 1.23k | uint8_t *data; |
68 | 1.23k | pj_caching_pool caching_pool; |
69 | | |
70 | | /* Add NULL byte */ |
71 | 1.23k | data = (uint8_t *)calloc((Size+1), sizeof(uint8_t)); |
72 | 1.23k | memcpy((void *)data, (void *)Data, Size); |
73 | | |
74 | | /* init Calls */ |
75 | 1.23k | pj_init(); |
76 | 1.23k | pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0); |
77 | 1.23k | pj_log_set_level(0); |
78 | | |
79 | 1.23k | mem = &caching_pool.factory; |
80 | | |
81 | | /*Calls fuzzer*/ |
82 | 1.23k | ret = XML_parse(data, Size); |
83 | | |
84 | 1.23k | free(data); |
85 | 1.23k | pj_caching_pool_destroy(&caching_pool); |
86 | | |
87 | 1.23k | return ret; |
88 | 1.25k | } |