VirtualBox

source: vbox/trunk/src/libs/libxml2-2.12.6/fuzz/xpath.c@ 105635

最後變更 在這個檔案從105635是 104106,由 vboxsync 提交於 10 月 前

libxml2-2.9.14: Applied and adjusted our libxml2 changes to 2.9.14. bugref:10640
  • 屬性 svn:eol-style 設為 native
檔案大小: 1.4 KB
 
1/*
2 * xpath.c: a libFuzzer target to test XPath and XPointer expressions.
3 *
4 * See Copyright for the status of this software.
5 */
6
7#include <libxml/parser.h>
8#include <libxml/xpointer.h>
9#include "fuzz.h"
10
11int
12LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
13 char ***argv ATTRIBUTE_UNUSED) {
14 xmlFuzzMemSetup();
15 xmlInitParser();
16 xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
17
18 return 0;
19}
20
21int
22LLVMFuzzerTestOneInput(const char *data, size_t size) {
23 xmlDocPtr doc;
24 const char *expr, *xml;
25 size_t maxAlloc, exprSize, xmlSize;
26
27 if (size > 10000)
28 return(0);
29
30 xmlFuzzDataInit(data, size);
31
32 maxAlloc = xmlFuzzReadInt(4) % (size + 1);
33 expr = xmlFuzzReadString(&exprSize);
34 xml = xmlFuzzReadString(&xmlSize);
35
36 /* Recovery mode allows more input to be fuzzed. */
37 doc = xmlReadMemory(xml, xmlSize, NULL, NULL, XML_PARSE_RECOVER);
38 if (doc != NULL) {
39 xmlXPathContextPtr xpctxt;
40
41 xmlFuzzMemSetLimit(maxAlloc);
42
43 xpctxt = xmlXPathNewContext(doc);
44 if (xpctxt != NULL) {
45 /* Operation limit to avoid timeout */
46 xpctxt->opLimit = 500000;
47
48 xmlXPathFreeObject(xmlXPtrEval(BAD_CAST expr, xpctxt));
49 xmlXPathFreeContext(xpctxt);
50 }
51
52 xmlFuzzMemSetLimit(0);
53 xmlFreeDoc(doc);
54 }
55
56 xmlFuzzDataCleanup();
57 xmlResetLastError();
58
59 return(0);
60}
61
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette