/src/unsafe-libyaml/fuzz/fuzz_targets/load.rs

Source
#![no_main]

use libfuzzer_sys::fuzz_target;
use std::cmp;
use std::ffi::c_void;
use std::mem::MaybeUninit;
use std::ptr;
use std::ptr::addr_of_mut;
use unsafe_libyaml::{
    yaml_document_delete, yaml_document_get_root_node, yaml_document_t, yaml_parser_delete,
    yaml_parser_initialize, yaml_parser_load, yaml_parser_set_input, yaml_parser_t,
};

fuzz_target!(|data: &[u8]| unsafe { fuzz_target(data) });

unsafe fn fuzz_target(mut data: &[u8]) {
    let mut parser = MaybeUninit::<yaml_parser_t>::uninit();
    let parser = parser.as_mut_ptr();
    assert!(yaml_parser_initialize(parser).ok);
    yaml_parser_set_input(parser, read_from_slice, addr_of_mut!(data).cast());

    let mut document = MaybeUninit::<yaml_document_t>::uninit();
    let document = document.as_mut_ptr();
    while yaml_parser_load(parser, document).ok {
        let done = yaml_document_get_root_node(document).is_null();
        yaml_document_delete(document);
        if done {
            break;
        }
    }
    yaml_parser_delete(parser);
}

unsafe fn read_from_slice(
    data: *mut c_void,
    buffer: *mut u8,
    size: u64,
    size_read: *mut u64,
) -> i32 {
    let data = data.cast::<&[u8]>();
    let input = data.read();
    let n = cmp::min(input.len(), size as usize);
    ptr::copy_nonoverlapping(input.as_ptr(), buffer, n);
    data.write(&input[n..]);
    *size_read = n as u64;
    1
}

Line	Count	Source
1		#![no_main]
2
3		use libfuzzer_sys::fuzz_target;
4		use std::cmp;
5		use std::ffi::c_void;
6		use std::mem::MaybeUninit;
7		use std::ptr;
8		use std::ptr::addr_of_mut;
9		use unsafe_libyaml::{
10		yaml_document_delete, yaml_document_get_root_node, yaml_document_t, yaml_parser_delete,
11		yaml_parser_initialize, yaml_parser_load, yaml_parser_set_input, yaml_parser_t,
12		};
13
14		fuzz_target!(\|data: &[u8]\| unsafe { fuzz_target(data) });
15
16	9.17k	unsafe fn fuzz_target(mut data: &[u8]) {
17	9.17k	let mut parser = MaybeUninit::<yaml_parser_t>::uninit();
18	9.17k	let parser = parser.as_mut_ptr();
19	9.17k	assert!(yaml_parser_initialize(parser).ok);
20	9.17k	yaml_parser_set_input(parser, read_from_slice, addr_of_mut!(data).cast());
21
22	9.17k	let mut document = MaybeUninit::<yaml_document_t>::uninit();
23	9.17k	let document = document.as_mut_ptr();
24	156k	while yaml_parser_load(parser, document).ok {
25	150k	let done = yaml_document_get_root_node(document).is_null();
26	150k	yaml_document_delete(document);
27	150k	if done {
28	3.34k	break;
29	147k	}
30		}
31	9.17k	yaml_parser_delete(parser);
32	9.17k	}
33
34	31.6k	unsafe fn read_from_slice(
35	31.6k	data: *mut c_void,
36	31.6k	buffer: *mut u8,
37	31.6k	size: u64,
38	31.6k	size_read: *mut u64,
39	31.6k	) -> i32 {
40	31.6k	let data = data.cast::<&[u8]>();
41	31.6k	let input = data.read();
42	31.6k	let n = cmp::min(input.len(), size as usize);
43	31.6k	ptr::copy_nonoverlapping(input.as_ptr(), buffer, n);
44	31.6k	data.write(&input[n..]);
45	31.6k	*size_read = n as u64;
46	31.6k	1
47	31.6k	}

Coverage Report

Created: 2026-01-17 06:14