#include #include #include std::string GenerateRandomXML(FuzzedDataProvider& stream) { std::string xml = ""; int numberOfElements = stream.ConsumeIntegralInRange(1, 10); for (int i = 0; i < numberOfElements; ++i) { std::string elementName = stream.ConsumeRandomLengthString(10); // Limiting name length to 10 xml += "<" + elementName + ">"; if (stream.ConsumeBool()) { std::string textContent = stream.ConsumeRandomLengthString(20); // Limiting text content length xml += textContent; } int numberOfAttributes = stream.ConsumeIntegralInRange(0, 5); for (int j = 0; j < numberOfAttributes; ++j) { std::string attributeName = stream.ConsumeRandomLengthString(10); // Limiting attribute name length std::string attributeValue = stream.ConsumeRandomLengthString(20); // Limiting attribute value length xml += " " + attributeName + "=\"" + attributeValue + "\""; } xml += ""; } xml += ""; return xml; } extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider stream(data, size); // Initialize the XML parser xmlInitParser(); // Create and initialize parser context xmlParserCtxtPtr ctxt = xmlNewParserCtxt(); if (ctxt == nullptr) { // If cannot allocate context, early return return 0; } // Generate fuzzed inputs std::string buffer = GenerateRandomXML(stream); int bufferSize = buffer.length(); std::string URL = stream.ConsumeRandomLengthString(); std::string encoding = stream.ConsumeRandomLengthString(); int options = stream.ConsumeIntegral(); // Call the function under test xmlDocPtr doc = xmlCtxtReadMemory(ctxt, buffer.data(), bufferSize, URL.c_str(), encoding.c_str(), options); // Cleanup if (doc != nullptr) { xmlFreeDoc(doc); } xmlFreeParserCtxt(ctxt); xmlCleanupParser(); return 0; }