/src/unsafe-libyaml/fuzz/fuzz_targets/scan.rs
Line | Count | Source |
1 | | #![no_main] |
2 | | |
3 | | use libfuzzer_sys::fuzz_target; |
4 | | use std::cmp; |
5 | | use std::ffi::c_void; |
6 | | use std::mem::MaybeUninit; |
7 | | use std::ptr; |
8 | | use std::ptr::addr_of_mut; |
9 | | use unsafe_libyaml::{ |
10 | | yaml_parser_delete, yaml_parser_initialize, yaml_parser_scan, yaml_parser_set_input, |
11 | | yaml_parser_t, yaml_token_delete, yaml_token_t, YAML_STREAM_END_TOKEN, |
12 | | }; |
13 | | |
14 | | fuzz_target!(|data: &[u8]| unsafe { fuzz_target(data) }); |
15 | | |
16 | 7.74k | unsafe fn fuzz_target(mut data: &[u8]) { |
17 | 7.74k | let mut parser = MaybeUninit::<yaml_parser_t>::uninit(); |
18 | 7.74k | let parser = parser.as_mut_ptr(); |
19 | 7.74k | assert!(yaml_parser_initialize(parser).ok); |
20 | 7.74k | yaml_parser_set_input(parser, read_from_slice, addr_of_mut!(data).cast()); |
21 | | |
22 | 7.74k | let mut token = MaybeUninit::<yaml_token_t>::uninit(); |
23 | 7.74k | let token = token.as_mut_ptr(); |
24 | 40.3M | while yaml_parser_scan(parser, token).ok { |
25 | 40.3M | let type_ = (*token).type_; |
26 | 40.3M | yaml_token_delete(token); |
27 | 40.3M | if type_ == YAML_STREAM_END_TOKEN { |
28 | 4.64k | break; |
29 | 40.3M | } |
30 | | } |
31 | 7.74k | yaml_parser_delete(parser); |
32 | 7.74k | } |
33 | | |
34 | 28.0k | unsafe fn read_from_slice( |
35 | 28.0k | data: *mut c_void, |
36 | 28.0k | buffer: *mut u8, |
37 | 28.0k | size: u64, |
38 | 28.0k | size_read: *mut u64, |
39 | 28.0k | ) -> i32 { |
40 | 28.0k | let data = data.cast::<&[u8]>(); |
41 | 28.0k | let input = data.read(); |
42 | 28.0k | let n = cmp::min(input.len(), size as usize); |
43 | 28.0k | ptr::copy_nonoverlapping(input.as_ptr(), buffer, n); |
44 | 28.0k | data.write(&input[n..]); |
45 | 28.0k | *size_read = n as u64; |
46 | 28.0k | 1 |
47 | 28.0k | } |