1 // Copyright 2020 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 // Fuzz UriQuery.c:
16 // uriDissectQueryMallocA
17 // uriComposeQueryA
18
19 #include <cstddef>
20 #include <cstdint>
21 #include <string>
22 #include <utility>
23 #include <vector>
24
25 using std::string;
26 #include "uriparser/include/uriparser/Uri.h"
27
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)28 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
29
30 const string query(reinterpret_cast<const char *>(data), size);
31
32 UriQueryListA *query_list = nullptr;
33 int item_count = -1;
34
35 const char *query_start = query.c_str();
36 const char *query_end = query_start + size;
37
38 // Break a query like "a=b&2=3" into key/value pairs.
39 int result =
40 uriDissectQueryMallocA(&query_list, &item_count, query_start, query_end);
41
42 if (query_list == nullptr || result != URI_SUCCESS || item_count < 0)
43 return 0;
44
45 int chars_required = 0;
46 if (uriComposeQueryCharsRequiredA(query_list, &chars_required) != URI_SUCCESS)
47 return 0;
48
49 if (!chars_required) {
50 uriFreeQueryListA(query_list);
51 return 0;
52 }
53
54 std::vector<char> buf(chars_required, 0);
55 int written = -1;
56 // Reverse the process of uriDissectQueryMallocA.
57 result = uriComposeQueryA(buf.data(), query_list, chars_required, &written);
58
59 uriFreeQueryListA(query_list);
60 return 0;
61 }
62