/src/quickjs/fuzz/fuzz_regexp.c

Source
/* Copyright 2020 Google Inc.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */

#include "libregexp.h"
#include "quickjs-libc.h"

static int nbinterrupts = 0;

int lre_check_stack_overflow(void *opaque, size_t alloca_size) { return 0; }

void *lre_realloc(void *opaque, void *ptr, size_t size)
{
    return realloc(ptr, size);
}

int lre_check_timeout(void *opaque)
 {
    nbinterrupts++;
    return (nbinterrupts > 100);
 }

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    int len, ret, i;
    uint8_t *bc;
    char error_msg[64];
    const uint8_t *input;
    uint8_t *capture[255 * 2];
    size_t size1 = size;

    //Splits buffer into 2 sub buffers delimited by null character
    for (i = 0; i < size; i++) {
        if (data[i] == 0) {
            size1 = i;
            break;
        }
    }
    if (size1 == size) {
        //missing delimiter
        return 0;
    }
    bc = lre_compile(&len, error_msg, sizeof(error_msg), (const char *) data,
                     size1, 0, NULL);
    if (!bc) {
        return 0;
    }
    input = data + size1 + 1;
    ret = lre_exec(capture, bc, input, 0, size - (size1 + 1), 0, NULL);
    if (ret == 1) {
        lre_get_capture_count(bc);
    }
    free(bc);

    return 0;
}

Line	Count	Source
1		/* Copyright 2020 Google Inc.
2
3		Licensed under the Apache License, Version 2.0 (the "License");
4		you may not use this file except in compliance with the License.
5		You may obtain a copy of the License at
6
7		http://www.apache.org/licenses/LICENSE-2.0
8
9		Unless required by applicable law or agreed to in writing, software
10		distributed under the License is distributed on an "AS IS" BASIS,
11		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		See the License for the specific language governing permissions and
13		limitations under the License.
14		*/
15
16		#include "libregexp.h"
17		#include "quickjs-libc.h"
18
19		static int nbinterrupts = 0;
20
21	271k	int lre_check_stack_overflow(void *opaque, size_t alloca_size) { return 0; }
22
23		void lre_realloc(void opaque, void *ptr, size_t size)
24	2.13M	{
25	2.13M	return realloc(ptr, size);
26	2.13M	}
27
28		int lre_check_timeout(void *opaque)
29	236	{
30	236	nbinterrupts++;
31	236	return (nbinterrupts > 100);
32	236	}
33
34	6.42k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
35	6.42k	int len, ret, i;
36	6.42k	uint8_t *bc;
37	6.42k	char error_msg[64];
38	6.42k	const uint8_t *input;
39	6.42k	uint8_t capture[255 2];
40	6.42k	size_t size1 = size;
41
42		//Splits buffer into 2 sub buffers delimited by null character
43	1.32M	for (i = 0; i < size; i++) {
44	1.32M	if (data[i] == 0) {
45	6.42k	size1 = i;
46	6.42k	break;
47	6.42k	}
48	1.32M	}
49	6.42k	if (size1 == size) {
50		//missing delimiter
51	8	return 0;
52	8	}
53	6.42k	bc = lre_compile(&len, error_msg, sizeof(error_msg), (const char *) data,
54	6.42k	size1, 0, NULL);
55	6.42k	if (!bc) {
56	2.92k	return 0;
57	2.92k	}
58	3.49k	input = data + size1 + 1;
59	3.49k	ret = lre_exec(capture, bc, input, 0, size - (size1 + 1), 0, NULL);
60	3.49k	if (ret == 1) {
61	746	lre_get_capture_count(bc);
62	746	}
63	3.49k	free(bc);
64
65	3.49k	return 0;
66	6.42k	}

Coverage Report

Created: 2025-07-18 06:55