1 /* 2 * regexp.c: a libFuzzer target to test the regexp module. 3 * 4 * See Copyright for the status of this software. 5 */ 6 7 #include <libxml/xmlregexp.h> 8 #include "fuzz.h" 9 10 int LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)11LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED, 12 char ***argv ATTRIBUTE_UNUSED) { 13 xmlFuzzMemSetup(); 14 xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc); 15 16 return 0; 17 } 18 19 int LLVMFuzzerTestOneInput(const char * data,size_t size)20LLVMFuzzerTestOneInput(const char *data, size_t size) { 21 xmlRegexpPtr regexp; 22 size_t maxAlloc; 23 const char *str1; 24 25 if (size > 200) 26 return(0); 27 28 xmlFuzzDataInit(data, size); 29 maxAlloc = xmlFuzzReadInt(4) % (size * 8 + 1); 30 str1 = xmlFuzzReadString(NULL); 31 32 /* CUR_SCHAR doesn't handle invalid UTF-8 and may cause infinite loops. */ 33 if (xmlCheckUTF8(BAD_CAST str1) != 0) { 34 xmlFuzzMemSetLimit(maxAlloc); 35 regexp = xmlRegexpCompile(BAD_CAST str1); 36 /* xmlRegexpExec has pathological performance in too many cases. */ 37 #if 0 38 xmlRegexpExec(regexp, BAD_CAST str2); 39 #endif 40 xmlRegFreeRegexp(regexp); 41 } 42 43 xmlFuzzMemSetLimit(0); 44 xmlFuzzDataCleanup(); 45 xmlResetLastError(); 46 47 return 0; 48 } 49 50