1 /*
2 * regexp.c: a libFuzzer target to test the regexp module.
3 *
4 * See Copyright for the status of this software.
5 */
6
7 #include <libxml/xmlregexp.h>
8 #include "fuzz.h"
9
10 int
LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)11 LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
12 char ***argv ATTRIBUTE_UNUSED) {
13 xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
14
15 return 0;
16 }
17
18 int
LLVMFuzzerTestOneInput(const char * data,size_t size)19 LLVMFuzzerTestOneInput(const char *data, size_t size) {
20 xmlRegexpPtr regexp;
21 char *str[2] = { NULL, NULL };
22 size_t numStrings;
23
24 if (size > 200)
25 return(0);
26
27 numStrings = xmlFuzzExtractStrings(data, size, str, 2);
28
29 /* CUR_SCHAR doesn't handle invalid UTF-8 and may cause infinite loops. */
30 if (xmlCheckUTF8(BAD_CAST str[0]) != 0) {
31 regexp = xmlRegexpCompile(BAD_CAST str[0]);
32 /* xmlRegexpExec has pathological performance in too many cases. */
33 #if 0
34 if ((regexp != NULL) && (numStrings >= 2)) {
35 xmlRegexpExec(regexp, BAD_CAST str[1]);
36 }
37 #endif
38 xmlRegFreeRegexp(regexp);
39 }
40
41 xmlFree(str[0]);
42 xmlFree(str[1]);
43 xmlResetLastError();
44
45 return 0;
46 }
47
48