/src/uriparser/fuzz/DissectQueryMallocFuzzer.cpp
Line | Count | Source |
1 | | // Copyright 2020 Google LLC |
2 | | // Copyright 2025 Mikhail Khachaiants <mkhachaiants@gmail.com> |
3 | | // |
4 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
5 | | // you may not use this file except in compliance with the License. |
6 | | // You may obtain a copy of the License at |
7 | | // |
8 | | // http://www.apache.org/licenses/LICENSE-2.0 |
9 | | // |
10 | | // Unless required by applicable law or agreed to in writing, software |
11 | | // distributed under the License is distributed on an "AS IS" BASIS, |
12 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | | // See the License for the specific language governing permissions and |
14 | | // limitations under the License. |
15 | | |
16 | | #include "uriparser/Uri.h" |
17 | | #include "FuzzingUtils.h" |
18 | | #include <cstddef> |
19 | | #include <cstdint> |
20 | | #include <utility> |
21 | | #include <vector> |
22 | | |
23 | 5.85k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size) { |
24 | 5.85k | FuzzedDataProvider fdp(data, size); |
25 | 5.85k | const UriString query = consumeRemainingBytesAsString(fdp); |
26 | | |
27 | 5.85k | URI_TYPE(QueryList) * query_list = nullptr; |
28 | 5.85k | int item_count = -1; |
29 | | |
30 | 5.85k | const URI_CHAR * query_start = query.c_str(); |
31 | 5.85k | const URI_CHAR * query_end = query_start + query.size(); |
32 | | |
33 | | // Break a query like "a=b&2=3" into key/value pairs. |
34 | 5.85k | int result = |
35 | 5.85k | URI_FUNC(DissectQueryMalloc)(&query_list, &item_count, query_start, query_end); |
36 | | |
37 | 5.85k | if (query_list == nullptr || result != URI_SUCCESS || item_count < 0) { |
38 | 60 | return 0; |
39 | 60 | } |
40 | | |
41 | 5.79k | int chars_required = 0; |
42 | 5.79k | if (URI_FUNC(ComposeQueryCharsRequired)(query_list, &chars_required) != URI_SUCCESS) { |
43 | 0 | return 0; |
44 | 0 | } |
45 | | |
46 | 5.79k | if (!chars_required) { |
47 | 14 | URI_FUNC(FreeQueryList)(query_list); |
48 | 14 | return 0; |
49 | 14 | } |
50 | | |
51 | | // URI_FUNC(ComposeQuery) requires number of characters including terminator |
52 | 5.78k | const int buf_size = chars_required + 1; |
53 | | |
54 | 5.78k | std::vector<URI_CHAR> buf(buf_size, 0); |
55 | 5.78k | int written = -1; |
56 | | |
57 | | // Reverse the process of uriDissectQueryMallocA. |
58 | 5.78k | result = URI_FUNC(ComposeQuery)(buf.data(), query_list, buf_size, &written); |
59 | | |
60 | 5.78k | URI_FUNC(FreeQueryList)(query_list); |
61 | 5.78k | return 0; |
62 | 5.79k | } Line | Count | Source | 23 | 2.92k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size) { | 24 | 2.92k | FuzzedDataProvider fdp(data, size); | 25 | 2.92k | const UriString query = consumeRemainingBytesAsString(fdp); | 26 | | | 27 | 2.92k | URI_TYPE(QueryList) * query_list = nullptr; | 28 | 2.92k | int item_count = -1; | 29 | | | 30 | 2.92k | const URI_CHAR * query_start = query.c_str(); | 31 | 2.92k | const URI_CHAR * query_end = query_start + query.size(); | 32 | | | 33 | | // Break a query like "a=b&2=3" into key/value pairs. | 34 | 2.92k | int result = | 35 | 2.92k | URI_FUNC(DissectQueryMalloc)(&query_list, &item_count, query_start, query_end); | 36 | | | 37 | 2.92k | if (query_list == nullptr || result != URI_SUCCESS || item_count < 0) { | 38 | 30 | return 0; | 39 | 30 | } | 40 | | | 41 | 2.89k | int chars_required = 0; | 42 | 2.89k | if (URI_FUNC(ComposeQueryCharsRequired)(query_list, &chars_required) != URI_SUCCESS) { | 43 | 0 | return 0; | 44 | 0 | } | 45 | | | 46 | 2.89k | if (!chars_required) { | 47 | 7 | URI_FUNC(FreeQueryList)(query_list); | 48 | 7 | return 0; | 49 | 7 | } | 50 | | | 51 | | // URI_FUNC(ComposeQuery) requires number of characters including terminator | 52 | 2.89k | const int buf_size = chars_required + 1; | 53 | | | 54 | 2.89k | std::vector<URI_CHAR> buf(buf_size, 0); | 55 | 2.89k | int written = -1; | 56 | | | 57 | | // Reverse the process of uriDissectQueryMallocA. | 58 | 2.89k | result = URI_FUNC(ComposeQuery)(buf.data(), query_list, buf_size, &written); | 59 | | | 60 | 2.89k | URI_FUNC(FreeQueryList)(query_list); | 61 | 2.89k | return 0; | 62 | 2.89k | } |
Line | Count | Source | 23 | 2.92k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size) { | 24 | 2.92k | FuzzedDataProvider fdp(data, size); | 25 | 2.92k | const UriString query = consumeRemainingBytesAsString(fdp); | 26 | | | 27 | 2.92k | URI_TYPE(QueryList) * query_list = nullptr; | 28 | 2.92k | int item_count = -1; | 29 | | | 30 | 2.92k | const URI_CHAR * query_start = query.c_str(); | 31 | 2.92k | const URI_CHAR * query_end = query_start + query.size(); | 32 | | | 33 | | // Break a query like "a=b&2=3" into key/value pairs. | 34 | 2.92k | int result = | 35 | 2.92k | URI_FUNC(DissectQueryMalloc)(&query_list, &item_count, query_start, query_end); | 36 | | | 37 | 2.92k | if (query_list == nullptr || result != URI_SUCCESS || item_count < 0) { | 38 | 30 | return 0; | 39 | 30 | } | 40 | | | 41 | 2.89k | int chars_required = 0; | 42 | 2.89k | if (URI_FUNC(ComposeQueryCharsRequired)(query_list, &chars_required) != URI_SUCCESS) { | 43 | 0 | return 0; | 44 | 0 | } | 45 | | | 46 | 2.89k | if (!chars_required) { | 47 | 7 | URI_FUNC(FreeQueryList)(query_list); | 48 | 7 | return 0; | 49 | 7 | } | 50 | | | 51 | | // URI_FUNC(ComposeQuery) requires number of characters including terminator | 52 | 2.89k | const int buf_size = chars_required + 1; | 53 | | | 54 | 2.89k | std::vector<URI_CHAR> buf(buf_size, 0); | 55 | 2.89k | int written = -1; | 56 | | | 57 | | // Reverse the process of uriDissectQueryMallocA. | 58 | 2.89k | result = URI_FUNC(ComposeQuery)(buf.data(), query_list, buf_size, &written); | 59 | | | 60 | 2.89k | URI_FUNC(FreeQueryList)(query_list); | 61 | 2.89k | return 0; | 62 | 2.89k | } |
|