/src/unsafe-libyaml/fuzz/fuzz_targets/load.rs

Source
#![no_main]

use libfuzzer_sys::fuzz_target;
use std::cmp;
use std::ffi::c_void;
use std::mem::MaybeUninit;
use std::ptr;
use std::ptr::addr_of_mut;
use unsafe_libyaml::{
    yaml_document_delete, yaml_document_get_root_node, yaml_document_t, yaml_parser_delete,
    yaml_parser_initialize, yaml_parser_load, yaml_parser_set_input, yaml_parser_t,
};

fuzz_target!(|data: &[u8]| unsafe { fuzz_target(data) });

unsafe fn fuzz_target(mut data: &[u8]) {
    let mut parser = MaybeUninit::<yaml_parser_t>::uninit();
    let parser = parser.as_mut_ptr();
    assert!(yaml_parser_initialize(parser).ok);
    yaml_parser_set_input(parser, read_from_slice, addr_of_mut!(data).cast());

    let mut document = MaybeUninit::<yaml_document_t>::uninit();
    let document = document.as_mut_ptr();
    while yaml_parser_load(parser, document).ok {
        let done = yaml_document_get_root_node(document).is_null();
        yaml_document_delete(document);
        if done {
            break;
        }
    }
    yaml_parser_delete(parser);
}

unsafe fn read_from_slice(
    data: *mut c_void,
    buffer: *mut u8,
    size: u64,
    size_read: *mut u64,
) -> i32 {
    let data = data.cast::<&[u8]>();
    let input = data.read();
    let n = cmp::min(input.len(), size as usize);
    ptr::copy_nonoverlapping(input.as_ptr(), buffer, n);
    data.write(&input[n..]);
    *size_read = n as u64;
    1
}

Line	Count	Source
1		#![no_main]
2
3		use libfuzzer_sys::fuzz_target;
4		use std::cmp;
5		use std::ffi::c_void;
6		use std::mem::MaybeUninit;
7		use std::ptr;
8		use std::ptr::addr_of_mut;
9		use unsafe_libyaml::{
10		yaml_document_delete, yaml_document_get_root_node, yaml_document_t, yaml_parser_delete,
11		yaml_parser_initialize, yaml_parser_load, yaml_parser_set_input, yaml_parser_t,
12		};
13
14		fuzz_target!(\|data: &[u8]\| unsafe { fuzz_target(data) });
15
16	8.99k	unsafe fn fuzz_target(mut data: &[u8]) {
17	8.99k	let mut parser = MaybeUninit::<yaml_parser_t>::uninit();
18	8.99k	let parser = parser.as_mut_ptr();
19	8.99k	assert!(yaml_parser_initialize(parser).ok);
20	8.99k	yaml_parser_set_input(parser, read_from_slice, addr_of_mut!(data).cast());
21
22	8.99k	let mut document = MaybeUninit::<yaml_document_t>::uninit();
23	8.99k	let document = document.as_mut_ptr();
24	139k	while yaml_parser_load(parser, document).ok {
25	133k	let done = yaml_document_get_root_node(document).is_null();
26	133k	yaml_document_delete(document);
27	133k	if done {
28	3.21k	break;
29	130k	}
30		}
31	8.99k	yaml_parser_delete(parser);
32	8.99k	}
33
34	30.0k	unsafe fn read_from_slice(
35	30.0k	data: *mut c_void,
36	30.0k	buffer: *mut u8,
37	30.0k	size: u64,
38	30.0k	size_read: *mut u64,
39	30.0k	) -> i32 {
40	30.0k	let data = data.cast::<&[u8]>();
41	30.0k	let input = data.read();
42	30.0k	let n = cmp::min(input.len(), size as usize);
43	30.0k	ptr::copy_nonoverlapping(input.as_ptr(), buffer, n);
44	30.0k	data.write(&input[n..]);
45	30.0k	*size_read = n as u64;
46	30.0k	1
47	30.0k	}

Coverage Report

Created: 2025-10-13 06:17