VirtualBox

source: vbox/trunk/src/libs/libxml2-2.13.2/fuzz/testFuzzer.c@ 105764

最後變更 在這個檔案從105764是 105420,由 vboxsync 提交於 4 月 前

libxml2-2.12.6: Applied and adjusted our libxml2 changes to 2.12.6. bugref:10730
  • 屬性 svn:eol-style 設為 native
檔案大小: 6.1 KB
 
1/*
2 * testFuzzer.c: Test program for the custom entity loader used to fuzz
3 * with multiple inputs.
4 *
5 * See Copyright for the status of this software.
6 */
7
8#include <string.h>
9#include <glob.h>
10#include <libxml/parser.h>
11#include <libxml/tree.h>
12#include <libxml/xmlstring.h>
13#include "fuzz.h"
14
15#ifdef HAVE_HTML_FUZZER
16int fuzzHtmlInit(int *argc, char ***argv);
17int fuzzHtml(const char *data, size_t size);
18#define LLVMFuzzerInitialize fuzzHtmlInit
19#define LLVMFuzzerTestOneInput fuzzHtml
20#include "html.c"
21#undef LLVMFuzzerInitialize
22#undef LLVMFuzzerTestOneInput
23#endif
24
25#ifdef HAVE_READER_FUZZER
26int fuzzReaderInit(int *argc, char ***argv);
27int fuzzReader(const char *data, size_t size);
28#define LLVMFuzzerInitialize fuzzReaderInit
29#define LLVMFuzzerTestOneInput fuzzReader
30#include "reader.c"
31#undef LLVMFuzzerInitialize
32#undef LLVMFuzzerTestOneInput
33#endif
34
35#ifdef HAVE_REGEXP_FUZZER
36int fuzzRegexpInit(int *argc, char ***argv);
37int fuzzRegexp(const char *data, size_t size);
38#define LLVMFuzzerInitialize fuzzRegexpInit
39#define LLVMFuzzerTestOneInput fuzzRegexp
40#include "regexp.c"
41#undef LLVMFuzzerInitialize
42#undef LLVMFuzzerTestOneInput
43#endif
44
45#ifdef HAVE_SCHEMA_FUZZER
46int fuzzSchemaInit(int *argc, char ***argv);
47int fuzzSchema(const char *data, size_t size);
48#define LLVMFuzzerInitialize fuzzSchemaInit
49#define LLVMFuzzerTestOneInput fuzzSchema
50#include "schema.c"
51#undef LLVMFuzzerInitialize
52#undef LLVMFuzzerTestOneInput
53#endif
54
55#ifdef HAVE_URI_FUZZER
56int fuzzUriInit(int *argc, char ***argv);
57int fuzzUri(const char *data, size_t size);
58#define LLVMFuzzerInitialize fuzzUriInit
59#define LLVMFuzzerTestOneInput fuzzUri
60#include "uri.c"
61#undef LLVMFuzzerInitialize
62#undef LLVMFuzzerTestOneInput
63#endif
64
65#ifdef HAVE_VALID_FUZZER
66int fuzzValidInit(int *argc, char ***argv);
67int fuzzValid(const char *data, size_t size);
68#define LLVMFuzzerInitialize fuzzValidInit
69#define LLVMFuzzerTestOneInput fuzzValid
70#include "valid.c"
71#undef LLVMFuzzerInitialize
72#undef LLVMFuzzerTestOneInput
73#endif
74
75#ifdef HAVE_XINCLUDE_FUZZER
76int fuzzXIncludeInit(int *argc, char ***argv);
77int fuzzXInclude(const char *data, size_t size);
78#define LLVMFuzzerInitialize fuzzXIncludeInit
79#define LLVMFuzzerTestOneInput fuzzXInclude
80#include "xinclude.c"
81#undef LLVMFuzzerInitialize
82#undef LLVMFuzzerTestOneInput
83#endif
84
85#ifdef HAVE_XML_FUZZER
86int fuzzXmlInit(int *argc, char ***argv);
87int fuzzXml(const char *data, size_t size);
88#define LLVMFuzzerInitialize fuzzXmlInit
89#define LLVMFuzzerTestOneInput fuzzXml
90#include "xml.c"
91#undef LLVMFuzzerInitialize
92#undef LLVMFuzzerTestOneInput
93#endif
94
95#ifdef HAVE_XPATH_FUZZER
96int fuzzXPathInit(int *argc, char ***argv);
97int fuzzXPath(const char *data, size_t size);
98#define LLVMFuzzerInitialize fuzzXPathInit
99#define LLVMFuzzerTestOneInput fuzzXPath
100#include "xpath.c"
101#undef LLVMFuzzerInitialize
102#undef LLVMFuzzerTestOneInput
103#endif
104
105typedef int
106(*initFunc)(int *argc, char ***argv);
107typedef int
108(*fuzzFunc)(const char *data, size_t size);
109
110int numInputs;
111
112static int
113testFuzzer(initFunc init, fuzzFunc fuzz, const char *pattern) {
114 glob_t globbuf;
115 int ret = -1;
116 size_t i;
117
118 if (glob(pattern, 0, NULL, &globbuf) != 0) {
119 fprintf(stderr, "pattern %s matches no files\n", pattern);
120 return(-1);
121 }
122
123 if (init != NULL)
124 init(NULL, NULL);
125
126 for (i = 0; i < globbuf.gl_pathc; i++) {
127 const char *path = globbuf.gl_pathv[i];
128 char *data;
129 size_t size;
130
131 data = xmlSlurpFile(path, &size);
132 if (data == NULL) {
133 fprintf(stderr, "couldn't read %s\n", path);
134 goto error;
135 }
136 fuzz(data, size);
137 xmlFree(data);
138
139 numInputs++;
140 }
141
142 ret = 0;
143error:
144 globfree(&globbuf);
145 return(ret);
146}
147
148#ifdef HAVE_XML_FUZZER
149static int
150testEntityLoader(void) {
151 static const char data[] =
152 "doc.xml\\\n"
153 "<!DOCTYPE doc SYSTEM \"doc.dtd\">\n"
154 "<doc>&ent;</doc>\\\n"
155 "doc.dtd\\\n"
156 "<!ELEMENT doc (#PCDATA)>\n"
157 "<!ENTITY ent SYSTEM \"ent.txt\">\\\n"
158 "ent.txt\\\n"
159 "Hello, world!\\\n";
160 const char *docBuffer;
161 size_t docSize;
162 xmlDocPtr doc;
163 int ret = 0;
164
165 xmlSetExternalEntityLoader(xmlFuzzEntityLoader);
166
167 xmlFuzzDataInit(data, sizeof(data) - 1);
168 xmlFuzzReadEntities();
169 docBuffer = xmlFuzzMainEntity(&docSize);
170 doc = xmlReadMemory(docBuffer, docSize, NULL, NULL,
171 XML_PARSE_NOENT | XML_PARSE_DTDLOAD);
172
173#ifdef LIBXML_OUTPUT_ENABLED
174 {
175 static xmlChar expected[] =
176 "<?xml version=\"1.0\"?>\n"
177 "<!DOCTYPE doc SYSTEM \"doc.dtd\">\n"
178 "<doc>Hello, world!</doc>\n";
179 xmlChar *out;
180
181 xmlDocDumpMemory(doc, &out, NULL);
182 if (xmlStrcmp(out, expected) != 0) {
183 fprintf(stderr, "Expected:\n%sGot:\n%s", expected, out);
184 ret = 1;
185 }
186 xmlFree(out);
187 }
188#endif
189
190 xmlFreeDoc(doc);
191 xmlFuzzDataCleanup();
192
193 return(ret);
194}
195#endif
196
197int
198main(void) {
199 int ret = 0;
200
201#ifdef HAVE_XML_FUZZER
202 if (testEntityLoader() != 0)
203 ret = 1;
204#endif
205#ifdef HAVE_HTML_FUZZER
206 if (testFuzzer(fuzzHtmlInit, fuzzHtml, "seed/html/*") != 0)
207 ret = 1;
208#endif
209#ifdef HAVE_READER_FUZZER
210 if (testFuzzer(fuzzReaderInit, fuzzReader, "seed/reader/*") != 0)
211 ret = 1;
212#endif
213#ifdef HAVE_REGEXP_FUZZER
214 if (testFuzzer(fuzzRegexpInit, fuzzRegexp, "seed/regexp/*") != 0)
215 ret = 1;
216#endif
217#ifdef HAVE_SCHEMA_FUZZER
218 if (testFuzzer(fuzzSchemaInit, fuzzSchema, "seed/schema/*") != 0)
219 ret = 1;
220#endif
221#ifdef HAVE_URI_FUZZER
222 if (testFuzzer(fuzzUriInit, fuzzUri, "seed/uri/*") != 0)
223 ret = 1;
224#endif
225#ifdef HAVE_VALID_FUZZER
226 if (testFuzzer(fuzzValidInit, fuzzValid, "seed/valid/*") != 0)
227 ret = 1;
228#endif
229#ifdef HAVE_XINCLUDE_FUZZER
230 if (testFuzzer(fuzzXIncludeInit, fuzzXInclude, "seed/xinclude/*") != 0)
231 ret = 1;
232#endif
233#ifdef HAVE_XML_FUZZER
234 if (testFuzzer(fuzzXmlInit, fuzzXml, "seed/xml/*") != 0)
235 ret = 1;
236#endif
237#ifdef HAVE_XPATH_FUZZER
238 if (testFuzzer(fuzzXPathInit, fuzzXPath, "seed/xpath/*") != 0)
239 ret = 1;
240#endif
241
242 if (ret == 0)
243 printf("Successfully tested %d inputs\n", numInputs);
244
245 return(ret);
246}
247
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette