1 // Copyright 2021 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 //limitations under the License. 14 // 15 //################### 16 #![no_main] 17 #[macro_use] extern crate libfuzzer_sys; 18 extern crate quick_xml; 19 20 use quick_xml::Reader; 21 use quick_xml::events::Event; 22 use std::io::Cursor; 23 24 fuzz_target!(|data: &[u8]| { 25 // fuzzed code goes here 26 let cursor = Cursor::new(data); 27 let mut reader = Reader::from_reader(cursor); 28 let mut buf = vec![]; 29 loop { 30 match reader.read_event(&mut buf) { 31 Ok(Event::Start(ref e)) | Ok(Event::Empty(ref e))=> { 32 if e.unescaped().is_err() { 33 break; 34 } 35 for a in e.attributes() { 36 if a.ok().map_or(false, |a| a.unescaped_value().is_err()) { 37 break; 38 } 39 } 40 } 41 Ok(Event::Text(ref e)) | Ok(Event::Comment(ref e)) 42 | Ok(Event::CData(ref e)) | Ok(Event::PI(ref e)) 43 | Ok(Event::DocType(ref e)) => { 44 if e.unescaped().is_err() { 45 break; 46 } 47 } 48 Ok(Event::Decl(ref e)) => { 49 let _ = e.version(); 50 let _ = e.encoding(); 51 let _ = e.standalone(); 52 } 53 Ok(Event::End(_)) => (), 54 Ok(Event::Eof) | Err(..) => break, 55 } 56 buf.clear(); 57 } 58 }); 59