1*7c568831SAndroid Build Coastguard Worker /*
2*7c568831SAndroid Build Coastguard Worker * xml.c: a libFuzzer target to test several XML parser interfaces.
3*7c568831SAndroid Build Coastguard Worker *
4*7c568831SAndroid Build Coastguard Worker * See Copyright for the status of this software.
5*7c568831SAndroid Build Coastguard Worker */
6*7c568831SAndroid Build Coastguard Worker
7*7c568831SAndroid Build Coastguard Worker #include <libxml/catalog.h>
8*7c568831SAndroid Build Coastguard Worker #include <libxml/parser.h>
9*7c568831SAndroid Build Coastguard Worker #include <libxml/tree.h>
10*7c568831SAndroid Build Coastguard Worker #include <libxml/xmlerror.h>
11*7c568831SAndroid Build Coastguard Worker #include <libxml/xmlreader.h>
12*7c568831SAndroid Build Coastguard Worker #include <libxml/xmlsave.h>
13*7c568831SAndroid Build Coastguard Worker #include "fuzz.h"
14*7c568831SAndroid Build Coastguard Worker
15*7c568831SAndroid Build Coastguard Worker #include <string.h>
16*7c568831SAndroid Build Coastguard Worker
17*7c568831SAndroid Build Coastguard Worker #if 0
18*7c568831SAndroid Build Coastguard Worker #define DEBUG
19*7c568831SAndroid Build Coastguard Worker #endif
20*7c568831SAndroid Build Coastguard Worker
21*7c568831SAndroid Build Coastguard Worker typedef enum {
22*7c568831SAndroid Build Coastguard Worker OP_READ = 1,
23*7c568831SAndroid Build Coastguard Worker OP_READ_INNER_XML,
24*7c568831SAndroid Build Coastguard Worker OP_READ_OUTER_XML,
25*7c568831SAndroid Build Coastguard Worker OP_READ_STRING,
26*7c568831SAndroid Build Coastguard Worker OP_READ_ATTRIBUTE_VALUE,
27*7c568831SAndroid Build Coastguard Worker OP_ATTRIBUTE_COUNT,
28*7c568831SAndroid Build Coastguard Worker OP_DEPTH,
29*7c568831SAndroid Build Coastguard Worker OP_HAS_ATTRIBUTES,
30*7c568831SAndroid Build Coastguard Worker OP_HAS_VALUE,
31*7c568831SAndroid Build Coastguard Worker OP_IS_DEFAULT,
32*7c568831SAndroid Build Coastguard Worker OP_IS_EMPTY_ELEMENT,
33*7c568831SAndroid Build Coastguard Worker OP_NODE_TYPE,
34*7c568831SAndroid Build Coastguard Worker OP_QUOTE_CHAR,
35*7c568831SAndroid Build Coastguard Worker OP_READ_STATE,
36*7c568831SAndroid Build Coastguard Worker OP_IS_NAMESPACE_DECL,
37*7c568831SAndroid Build Coastguard Worker OP_CONST_BASE_URI,
38*7c568831SAndroid Build Coastguard Worker OP_CONST_LOCAL_NAME,
39*7c568831SAndroid Build Coastguard Worker OP_CONST_NAME,
40*7c568831SAndroid Build Coastguard Worker OP_CONST_NAMESPACE_URI,
41*7c568831SAndroid Build Coastguard Worker OP_CONST_PREFIX,
42*7c568831SAndroid Build Coastguard Worker OP_CONST_XML_LANG,
43*7c568831SAndroid Build Coastguard Worker OP_CONST_VALUE,
44*7c568831SAndroid Build Coastguard Worker OP_BASE_URI,
45*7c568831SAndroid Build Coastguard Worker OP_LOCAL_NAME,
46*7c568831SAndroid Build Coastguard Worker OP_NAME,
47*7c568831SAndroid Build Coastguard Worker OP_NAMESPACE_URI,
48*7c568831SAndroid Build Coastguard Worker OP_PREFIX,
49*7c568831SAndroid Build Coastguard Worker OP_XML_LANG,
50*7c568831SAndroid Build Coastguard Worker OP_VALUE,
51*7c568831SAndroid Build Coastguard Worker OP_CLOSE,
52*7c568831SAndroid Build Coastguard Worker OP_GET_ATTRIBUTE_NO,
53*7c568831SAndroid Build Coastguard Worker OP_GET_ATTRIBUTE,
54*7c568831SAndroid Build Coastguard Worker OP_GET_ATTRIBUTE_NS,
55*7c568831SAndroid Build Coastguard Worker OP_GET_REMAINDER,
56*7c568831SAndroid Build Coastguard Worker OP_LOOKUP_NAMESPACE,
57*7c568831SAndroid Build Coastguard Worker OP_MOVE_TO_ATTRIBUTE_NO,
58*7c568831SAndroid Build Coastguard Worker OP_MOVE_TO_ATTRIBUTE,
59*7c568831SAndroid Build Coastguard Worker OP_MOVE_TO_ATTRIBUTE_NS,
60*7c568831SAndroid Build Coastguard Worker OP_MOVE_TO_FIRST_ATTRIBUTE,
61*7c568831SAndroid Build Coastguard Worker OP_MOVE_TO_NEXT_ATTRIBUTE,
62*7c568831SAndroid Build Coastguard Worker OP_MOVE_TO_ELEMENT,
63*7c568831SAndroid Build Coastguard Worker OP_NORMALIZATION,
64*7c568831SAndroid Build Coastguard Worker OP_CONST_ENCODING,
65*7c568831SAndroid Build Coastguard Worker OP_GET_PARSER_PROP,
66*7c568831SAndroid Build Coastguard Worker OP_CURRENT_NODE,
67*7c568831SAndroid Build Coastguard Worker OP_GET_PARSER_LINE_NUMBER,
68*7c568831SAndroid Build Coastguard Worker OP_GET_PARSER_COLUMN_NUMBER,
69*7c568831SAndroid Build Coastguard Worker OP_PRESERVE,
70*7c568831SAndroid Build Coastguard Worker OP_CURRENT_DOC,
71*7c568831SAndroid Build Coastguard Worker OP_EXPAND,
72*7c568831SAndroid Build Coastguard Worker OP_NEXT,
73*7c568831SAndroid Build Coastguard Worker OP_NEXT_SIBLING,
74*7c568831SAndroid Build Coastguard Worker OP_IS_VALID,
75*7c568831SAndroid Build Coastguard Worker OP_CONST_XML_VERSION,
76*7c568831SAndroid Build Coastguard Worker OP_STANDALONE,
77*7c568831SAndroid Build Coastguard Worker OP_BYTE_CONSUMED,
78*7c568831SAndroid Build Coastguard Worker
79*7c568831SAndroid Build Coastguard Worker OP_MAX
80*7c568831SAndroid Build Coastguard Worker } opType;
81*7c568831SAndroid Build Coastguard Worker
82*7c568831SAndroid Build Coastguard Worker static void
startOp(const char * name)83*7c568831SAndroid Build Coastguard Worker startOp(const char *name) {
84*7c568831SAndroid Build Coastguard Worker (void) name;
85*7c568831SAndroid Build Coastguard Worker #ifdef DEBUG
86*7c568831SAndroid Build Coastguard Worker fprintf(stderr, "%s\n", name);
87*7c568831SAndroid Build Coastguard Worker #endif
88*7c568831SAndroid Build Coastguard Worker }
89*7c568831SAndroid Build Coastguard Worker
90*7c568831SAndroid Build Coastguard Worker int
LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)91*7c568831SAndroid Build Coastguard Worker LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
92*7c568831SAndroid Build Coastguard Worker char ***argv ATTRIBUTE_UNUSED) {
93*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetup();
94*7c568831SAndroid Build Coastguard Worker xmlInitParser();
95*7c568831SAndroid Build Coastguard Worker #ifdef LIBXML_CATALOG_ENABLED
96*7c568831SAndroid Build Coastguard Worker xmlInitializeCatalog();
97*7c568831SAndroid Build Coastguard Worker xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
98*7c568831SAndroid Build Coastguard Worker #endif
99*7c568831SAndroid Build Coastguard Worker
100*7c568831SAndroid Build Coastguard Worker return 0;
101*7c568831SAndroid Build Coastguard Worker }
102*7c568831SAndroid Build Coastguard Worker
103*7c568831SAndroid Build Coastguard Worker int
LLVMFuzzerTestOneInput(const char * data,size_t size)104*7c568831SAndroid Build Coastguard Worker LLVMFuzzerTestOneInput(const char *data, size_t size) {
105*7c568831SAndroid Build Coastguard Worker xmlTextReaderPtr reader;
106*7c568831SAndroid Build Coastguard Worker xmlDocPtr doc = NULL;
107*7c568831SAndroid Build Coastguard Worker const xmlError *error;
108*7c568831SAndroid Build Coastguard Worker const char *docBuffer;
109*7c568831SAndroid Build Coastguard Worker const unsigned char *program;
110*7c568831SAndroid Build Coastguard Worker size_t maxAlloc, docSize, programSize, i;
111*7c568831SAndroid Build Coastguard Worker size_t totalStringSize = 0;
112*7c568831SAndroid Build Coastguard Worker int opts;
113*7c568831SAndroid Build Coastguard Worker int oomReport = 0;
114*7c568831SAndroid Build Coastguard Worker
115*7c568831SAndroid Build Coastguard Worker xmlFuzzDataInit(data, size);
116*7c568831SAndroid Build Coastguard Worker opts = (int) xmlFuzzReadInt(4);
117*7c568831SAndroid Build Coastguard Worker maxAlloc = xmlFuzzReadInt(4) % (size + 100);
118*7c568831SAndroid Build Coastguard Worker
119*7c568831SAndroid Build Coastguard Worker program = (const unsigned char *) xmlFuzzReadString(&programSize);
120*7c568831SAndroid Build Coastguard Worker if (programSize > 1000)
121*7c568831SAndroid Build Coastguard Worker programSize = 1000;
122*7c568831SAndroid Build Coastguard Worker
123*7c568831SAndroid Build Coastguard Worker xmlFuzzReadEntities();
124*7c568831SAndroid Build Coastguard Worker docBuffer = xmlFuzzMainEntity(&docSize);
125*7c568831SAndroid Build Coastguard Worker if (docBuffer == NULL)
126*7c568831SAndroid Build Coastguard Worker goto exit;
127*7c568831SAndroid Build Coastguard Worker
128*7c568831SAndroid Build Coastguard Worker #ifdef DEBUG
129*7c568831SAndroid Build Coastguard Worker fprintf(stderr, "Input document (%d bytes):\n", (int) docSize);
130*7c568831SAndroid Build Coastguard Worker for (i = 0; (size_t) i < docSize; i++) {
131*7c568831SAndroid Build Coastguard Worker int c = (unsigned char) docBuffer[i];
132*7c568831SAndroid Build Coastguard Worker
133*7c568831SAndroid Build Coastguard Worker if ((c == '\n' || (c >= 0x20 && c <= 0x7E)))
134*7c568831SAndroid Build Coastguard Worker putc(c, stderr);
135*7c568831SAndroid Build Coastguard Worker else
136*7c568831SAndroid Build Coastguard Worker fprintf(stderr, "\\x%02X", c);
137*7c568831SAndroid Build Coastguard Worker }
138*7c568831SAndroid Build Coastguard Worker fprintf(stderr, "\nEOF\n");
139*7c568831SAndroid Build Coastguard Worker #endif
140*7c568831SAndroid Build Coastguard Worker
141*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetLimit(maxAlloc);
142*7c568831SAndroid Build Coastguard Worker reader = xmlReaderForMemory(docBuffer, docSize, NULL, NULL, opts);
143*7c568831SAndroid Build Coastguard Worker if (reader == NULL)
144*7c568831SAndroid Build Coastguard Worker goto exit;
145*7c568831SAndroid Build Coastguard Worker
146*7c568831SAndroid Build Coastguard Worker xmlTextReaderSetStructuredErrorHandler(reader, xmlFuzzSErrorFunc, NULL);
147*7c568831SAndroid Build Coastguard Worker xmlTextReaderSetResourceLoader(reader, xmlFuzzResourceLoader, NULL);
148*7c568831SAndroid Build Coastguard Worker
149*7c568831SAndroid Build Coastguard Worker i = 0;
150*7c568831SAndroid Build Coastguard Worker while (i < programSize) {
151*7c568831SAndroid Build Coastguard Worker int op = program[i++];
152*7c568831SAndroid Build Coastguard Worker
153*7c568831SAndroid Build Coastguard Worker #define READ_BYTE() (i < programSize ? program[i++] : 0)
154*7c568831SAndroid Build Coastguard Worker #define FREE_STRING(str) \
155*7c568831SAndroid Build Coastguard Worker do { \
156*7c568831SAndroid Build Coastguard Worker if (str != NULL) { \
157*7c568831SAndroid Build Coastguard Worker totalStringSize += strlen((char *) str); \
158*7c568831SAndroid Build Coastguard Worker xmlFree(str); \
159*7c568831SAndroid Build Coastguard Worker } \
160*7c568831SAndroid Build Coastguard Worker } while (0)
161*7c568831SAndroid Build Coastguard Worker
162*7c568831SAndroid Build Coastguard Worker switch (op & 0x3F) {
163*7c568831SAndroid Build Coastguard Worker case OP_READ:
164*7c568831SAndroid Build Coastguard Worker default:
165*7c568831SAndroid Build Coastguard Worker startOp("Read");
166*7c568831SAndroid Build Coastguard Worker xmlTextReaderRead(reader);
167*7c568831SAndroid Build Coastguard Worker break;
168*7c568831SAndroid Build Coastguard Worker
169*7c568831SAndroid Build Coastguard Worker case OP_READ_INNER_XML: {
170*7c568831SAndroid Build Coastguard Worker xmlChar *result;
171*7c568831SAndroid Build Coastguard Worker
172*7c568831SAndroid Build Coastguard Worker startOp("ReadInnerXml");
173*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderReadInnerXml(reader);
174*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
175*7c568831SAndroid Build Coastguard Worker break;
176*7c568831SAndroid Build Coastguard Worker }
177*7c568831SAndroid Build Coastguard Worker
178*7c568831SAndroid Build Coastguard Worker case OP_READ_OUTER_XML: {
179*7c568831SAndroid Build Coastguard Worker xmlChar *result;
180*7c568831SAndroid Build Coastguard Worker
181*7c568831SAndroid Build Coastguard Worker startOp("ReadOuterXml");
182*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderReadOuterXml(reader);
183*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
184*7c568831SAndroid Build Coastguard Worker break;
185*7c568831SAndroid Build Coastguard Worker }
186*7c568831SAndroid Build Coastguard Worker
187*7c568831SAndroid Build Coastguard Worker case OP_READ_STRING: {
188*7c568831SAndroid Build Coastguard Worker xmlChar *result;
189*7c568831SAndroid Build Coastguard Worker
190*7c568831SAndroid Build Coastguard Worker startOp("ReadString");
191*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderReadString(reader);
192*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
193*7c568831SAndroid Build Coastguard Worker break;
194*7c568831SAndroid Build Coastguard Worker }
195*7c568831SAndroid Build Coastguard Worker
196*7c568831SAndroid Build Coastguard Worker case OP_READ_ATTRIBUTE_VALUE:
197*7c568831SAndroid Build Coastguard Worker startOp("ReadAttributeValue");
198*7c568831SAndroid Build Coastguard Worker xmlTextReaderReadAttributeValue(reader);
199*7c568831SAndroid Build Coastguard Worker break;
200*7c568831SAndroid Build Coastguard Worker
201*7c568831SAndroid Build Coastguard Worker case OP_ATTRIBUTE_COUNT:
202*7c568831SAndroid Build Coastguard Worker startOp("AttributeCount");
203*7c568831SAndroid Build Coastguard Worker xmlTextReaderAttributeCount(reader);
204*7c568831SAndroid Build Coastguard Worker break;
205*7c568831SAndroid Build Coastguard Worker
206*7c568831SAndroid Build Coastguard Worker case OP_DEPTH:
207*7c568831SAndroid Build Coastguard Worker startOp("Depth");
208*7c568831SAndroid Build Coastguard Worker xmlTextReaderDepth(reader);
209*7c568831SAndroid Build Coastguard Worker break;
210*7c568831SAndroid Build Coastguard Worker
211*7c568831SAndroid Build Coastguard Worker case OP_HAS_ATTRIBUTES:
212*7c568831SAndroid Build Coastguard Worker startOp("HasAttributes");
213*7c568831SAndroid Build Coastguard Worker xmlTextReaderHasAttributes(reader);
214*7c568831SAndroid Build Coastguard Worker break;
215*7c568831SAndroid Build Coastguard Worker
216*7c568831SAndroid Build Coastguard Worker case OP_HAS_VALUE:
217*7c568831SAndroid Build Coastguard Worker startOp("HasValue");
218*7c568831SAndroid Build Coastguard Worker xmlTextReaderHasValue(reader);
219*7c568831SAndroid Build Coastguard Worker break;
220*7c568831SAndroid Build Coastguard Worker
221*7c568831SAndroid Build Coastguard Worker case OP_IS_DEFAULT:
222*7c568831SAndroid Build Coastguard Worker startOp("IsDefault");
223*7c568831SAndroid Build Coastguard Worker xmlTextReaderIsDefault(reader);
224*7c568831SAndroid Build Coastguard Worker break;
225*7c568831SAndroid Build Coastguard Worker
226*7c568831SAndroid Build Coastguard Worker case OP_IS_EMPTY_ELEMENT:
227*7c568831SAndroid Build Coastguard Worker startOp("IsEmptyElement");
228*7c568831SAndroid Build Coastguard Worker xmlTextReaderIsEmptyElement(reader);
229*7c568831SAndroid Build Coastguard Worker break;
230*7c568831SAndroid Build Coastguard Worker
231*7c568831SAndroid Build Coastguard Worker case OP_NODE_TYPE:
232*7c568831SAndroid Build Coastguard Worker startOp("NodeType");
233*7c568831SAndroid Build Coastguard Worker xmlTextReaderNodeType(reader);
234*7c568831SAndroid Build Coastguard Worker break;
235*7c568831SAndroid Build Coastguard Worker
236*7c568831SAndroid Build Coastguard Worker case OP_QUOTE_CHAR:
237*7c568831SAndroid Build Coastguard Worker startOp("QuoteChar");
238*7c568831SAndroid Build Coastguard Worker xmlTextReaderQuoteChar(reader);
239*7c568831SAndroid Build Coastguard Worker break;
240*7c568831SAndroid Build Coastguard Worker
241*7c568831SAndroid Build Coastguard Worker case OP_READ_STATE:
242*7c568831SAndroid Build Coastguard Worker startOp("ReadState");
243*7c568831SAndroid Build Coastguard Worker xmlTextReaderReadState(reader);
244*7c568831SAndroid Build Coastguard Worker break;
245*7c568831SAndroid Build Coastguard Worker
246*7c568831SAndroid Build Coastguard Worker case OP_IS_NAMESPACE_DECL:
247*7c568831SAndroid Build Coastguard Worker startOp("IsNamespaceDecl");
248*7c568831SAndroid Build Coastguard Worker xmlTextReaderIsNamespaceDecl(reader);
249*7c568831SAndroid Build Coastguard Worker break;
250*7c568831SAndroid Build Coastguard Worker
251*7c568831SAndroid Build Coastguard Worker case OP_CONST_BASE_URI:
252*7c568831SAndroid Build Coastguard Worker startOp("ConstBaseUri");
253*7c568831SAndroid Build Coastguard Worker xmlTextReaderConstBaseUri(reader);
254*7c568831SAndroid Build Coastguard Worker break;
255*7c568831SAndroid Build Coastguard Worker
256*7c568831SAndroid Build Coastguard Worker case OP_CONST_LOCAL_NAME:
257*7c568831SAndroid Build Coastguard Worker startOp("ConstLocalName");
258*7c568831SAndroid Build Coastguard Worker xmlTextReaderConstLocalName(reader);
259*7c568831SAndroid Build Coastguard Worker break;
260*7c568831SAndroid Build Coastguard Worker
261*7c568831SAndroid Build Coastguard Worker case OP_CONST_NAME:
262*7c568831SAndroid Build Coastguard Worker startOp("ConstName");
263*7c568831SAndroid Build Coastguard Worker xmlTextReaderConstName(reader);
264*7c568831SAndroid Build Coastguard Worker break;
265*7c568831SAndroid Build Coastguard Worker
266*7c568831SAndroid Build Coastguard Worker case OP_CONST_NAMESPACE_URI:
267*7c568831SAndroid Build Coastguard Worker startOp("ConstNamespaceUri");
268*7c568831SAndroid Build Coastguard Worker xmlTextReaderConstNamespaceUri(reader);
269*7c568831SAndroid Build Coastguard Worker break;
270*7c568831SAndroid Build Coastguard Worker
271*7c568831SAndroid Build Coastguard Worker case OP_CONST_PREFIX:
272*7c568831SAndroid Build Coastguard Worker startOp("ConstPrefix");
273*7c568831SAndroid Build Coastguard Worker xmlTextReaderConstPrefix(reader);
274*7c568831SAndroid Build Coastguard Worker break;
275*7c568831SAndroid Build Coastguard Worker
276*7c568831SAndroid Build Coastguard Worker case OP_CONST_XML_LANG:
277*7c568831SAndroid Build Coastguard Worker startOp("ConstXmlLang");
278*7c568831SAndroid Build Coastguard Worker xmlTextReaderConstXmlLang(reader);
279*7c568831SAndroid Build Coastguard Worker oomReport = -1;
280*7c568831SAndroid Build Coastguard Worker break;
281*7c568831SAndroid Build Coastguard Worker
282*7c568831SAndroid Build Coastguard Worker case OP_CONST_VALUE:
283*7c568831SAndroid Build Coastguard Worker startOp("ConstValue");
284*7c568831SAndroid Build Coastguard Worker xmlTextReaderConstValue(reader);
285*7c568831SAndroid Build Coastguard Worker break;
286*7c568831SAndroid Build Coastguard Worker
287*7c568831SAndroid Build Coastguard Worker case OP_BASE_URI: {
288*7c568831SAndroid Build Coastguard Worker xmlChar *result;
289*7c568831SAndroid Build Coastguard Worker
290*7c568831SAndroid Build Coastguard Worker startOp("BaseUri");
291*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderBaseUri(reader);
292*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
293*7c568831SAndroid Build Coastguard Worker break;
294*7c568831SAndroid Build Coastguard Worker }
295*7c568831SAndroid Build Coastguard Worker
296*7c568831SAndroid Build Coastguard Worker case OP_LOCAL_NAME: {
297*7c568831SAndroid Build Coastguard Worker xmlChar *result;
298*7c568831SAndroid Build Coastguard Worker
299*7c568831SAndroid Build Coastguard Worker startOp("LocalName");
300*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderLocalName(reader);
301*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
302*7c568831SAndroid Build Coastguard Worker break;
303*7c568831SAndroid Build Coastguard Worker }
304*7c568831SAndroid Build Coastguard Worker
305*7c568831SAndroid Build Coastguard Worker case OP_NAME: {
306*7c568831SAndroid Build Coastguard Worker xmlChar *result;
307*7c568831SAndroid Build Coastguard Worker
308*7c568831SAndroid Build Coastguard Worker startOp("Name");
309*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderName(reader);
310*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
311*7c568831SAndroid Build Coastguard Worker break;
312*7c568831SAndroid Build Coastguard Worker }
313*7c568831SAndroid Build Coastguard Worker
314*7c568831SAndroid Build Coastguard Worker case OP_NAMESPACE_URI: {
315*7c568831SAndroid Build Coastguard Worker xmlChar *result;
316*7c568831SAndroid Build Coastguard Worker
317*7c568831SAndroid Build Coastguard Worker startOp("NamespaceUri");
318*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderNamespaceUri(reader);
319*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
320*7c568831SAndroid Build Coastguard Worker break;
321*7c568831SAndroid Build Coastguard Worker }
322*7c568831SAndroid Build Coastguard Worker
323*7c568831SAndroid Build Coastguard Worker case OP_PREFIX: {
324*7c568831SAndroid Build Coastguard Worker xmlChar *result;
325*7c568831SAndroid Build Coastguard Worker
326*7c568831SAndroid Build Coastguard Worker startOp("Prefix");
327*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderPrefix(reader);
328*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
329*7c568831SAndroid Build Coastguard Worker break;
330*7c568831SAndroid Build Coastguard Worker }
331*7c568831SAndroid Build Coastguard Worker
332*7c568831SAndroid Build Coastguard Worker case OP_XML_LANG: {
333*7c568831SAndroid Build Coastguard Worker xmlChar *result;
334*7c568831SAndroid Build Coastguard Worker
335*7c568831SAndroid Build Coastguard Worker startOp("XmlLang");
336*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderXmlLang(reader);
337*7c568831SAndroid Build Coastguard Worker oomReport = -1;
338*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
339*7c568831SAndroid Build Coastguard Worker break;
340*7c568831SAndroid Build Coastguard Worker }
341*7c568831SAndroid Build Coastguard Worker
342*7c568831SAndroid Build Coastguard Worker case OP_VALUE: {
343*7c568831SAndroid Build Coastguard Worker xmlChar *result;
344*7c568831SAndroid Build Coastguard Worker
345*7c568831SAndroid Build Coastguard Worker startOp("Value");
346*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderValue(reader);
347*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
348*7c568831SAndroid Build Coastguard Worker break;
349*7c568831SAndroid Build Coastguard Worker }
350*7c568831SAndroid Build Coastguard Worker
351*7c568831SAndroid Build Coastguard Worker case OP_CLOSE:
352*7c568831SAndroid Build Coastguard Worker startOp("Close");
353*7c568831SAndroid Build Coastguard Worker if (doc == NULL)
354*7c568831SAndroid Build Coastguard Worker doc = xmlTextReaderCurrentDoc(reader);
355*7c568831SAndroid Build Coastguard Worker xmlTextReaderClose(reader);
356*7c568831SAndroid Build Coastguard Worker break;
357*7c568831SAndroid Build Coastguard Worker
358*7c568831SAndroid Build Coastguard Worker case OP_GET_ATTRIBUTE_NO: {
359*7c568831SAndroid Build Coastguard Worker xmlChar *result;
360*7c568831SAndroid Build Coastguard Worker int no = READ_BYTE();
361*7c568831SAndroid Build Coastguard Worker
362*7c568831SAndroid Build Coastguard Worker startOp("GetAttributeNo");
363*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderGetAttributeNo(reader, no);
364*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
365*7c568831SAndroid Build Coastguard Worker break;
366*7c568831SAndroid Build Coastguard Worker }
367*7c568831SAndroid Build Coastguard Worker
368*7c568831SAndroid Build Coastguard Worker case OP_GET_ATTRIBUTE: {
369*7c568831SAndroid Build Coastguard Worker const xmlChar *name = xmlTextReaderConstName(reader);
370*7c568831SAndroid Build Coastguard Worker xmlChar *result;
371*7c568831SAndroid Build Coastguard Worker
372*7c568831SAndroid Build Coastguard Worker startOp("GetAttribute");
373*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderGetAttribute(reader, name);
374*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
375*7c568831SAndroid Build Coastguard Worker break;
376*7c568831SAndroid Build Coastguard Worker }
377*7c568831SAndroid Build Coastguard Worker
378*7c568831SAndroid Build Coastguard Worker case OP_GET_ATTRIBUTE_NS: {
379*7c568831SAndroid Build Coastguard Worker const xmlChar *localName, *namespaceUri;
380*7c568831SAndroid Build Coastguard Worker xmlChar *result;
381*7c568831SAndroid Build Coastguard Worker
382*7c568831SAndroid Build Coastguard Worker startOp("GetAttributeNs");
383*7c568831SAndroid Build Coastguard Worker localName = xmlTextReaderConstLocalName(reader);
384*7c568831SAndroid Build Coastguard Worker namespaceUri = xmlTextReaderConstNamespaceUri(reader);
385*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderGetAttributeNs(reader, localName,
386*7c568831SAndroid Build Coastguard Worker namespaceUri);
387*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
388*7c568831SAndroid Build Coastguard Worker break;
389*7c568831SAndroid Build Coastguard Worker }
390*7c568831SAndroid Build Coastguard Worker
391*7c568831SAndroid Build Coastguard Worker case OP_GET_REMAINDER:
392*7c568831SAndroid Build Coastguard Worker startOp("GetRemainder");
393*7c568831SAndroid Build Coastguard Worker if (doc == NULL)
394*7c568831SAndroid Build Coastguard Worker doc = xmlTextReaderCurrentDoc(reader);
395*7c568831SAndroid Build Coastguard Worker xmlFreeParserInputBuffer(xmlTextReaderGetRemainder(reader));
396*7c568831SAndroid Build Coastguard Worker break;
397*7c568831SAndroid Build Coastguard Worker
398*7c568831SAndroid Build Coastguard Worker case OP_LOOKUP_NAMESPACE: {
399*7c568831SAndroid Build Coastguard Worker const xmlChar *prefix = xmlTextReaderConstPrefix(reader);
400*7c568831SAndroid Build Coastguard Worker xmlChar *result;
401*7c568831SAndroid Build Coastguard Worker
402*7c568831SAndroid Build Coastguard Worker startOp("LookupNamespace");
403*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderLookupNamespace(reader, prefix);
404*7c568831SAndroid Build Coastguard Worker FREE_STRING(result);
405*7c568831SAndroid Build Coastguard Worker break;
406*7c568831SAndroid Build Coastguard Worker }
407*7c568831SAndroid Build Coastguard Worker
408*7c568831SAndroid Build Coastguard Worker case OP_MOVE_TO_ATTRIBUTE_NO: {
409*7c568831SAndroid Build Coastguard Worker int no = READ_BYTE();
410*7c568831SAndroid Build Coastguard Worker
411*7c568831SAndroid Build Coastguard Worker startOp("MoveToAttributeNo");
412*7c568831SAndroid Build Coastguard Worker xmlTextReaderMoveToAttributeNo(reader, no);
413*7c568831SAndroid Build Coastguard Worker break;
414*7c568831SAndroid Build Coastguard Worker }
415*7c568831SAndroid Build Coastguard Worker
416*7c568831SAndroid Build Coastguard Worker case OP_MOVE_TO_ATTRIBUTE: {
417*7c568831SAndroid Build Coastguard Worker const xmlChar *name = xmlTextReaderConstName(reader);
418*7c568831SAndroid Build Coastguard Worker
419*7c568831SAndroid Build Coastguard Worker startOp("MoveToAttribute");
420*7c568831SAndroid Build Coastguard Worker xmlTextReaderMoveToAttribute(reader, name);
421*7c568831SAndroid Build Coastguard Worker break;
422*7c568831SAndroid Build Coastguard Worker }
423*7c568831SAndroid Build Coastguard Worker
424*7c568831SAndroid Build Coastguard Worker case OP_MOVE_TO_ATTRIBUTE_NS: {
425*7c568831SAndroid Build Coastguard Worker const xmlChar *localName, *namespaceUri;
426*7c568831SAndroid Build Coastguard Worker
427*7c568831SAndroid Build Coastguard Worker startOp("MoveToAttributeNs");
428*7c568831SAndroid Build Coastguard Worker localName = xmlTextReaderConstLocalName(reader);
429*7c568831SAndroid Build Coastguard Worker namespaceUri = xmlTextReaderConstNamespaceUri(reader);
430*7c568831SAndroid Build Coastguard Worker xmlTextReaderMoveToAttributeNs(reader, localName,
431*7c568831SAndroid Build Coastguard Worker namespaceUri);
432*7c568831SAndroid Build Coastguard Worker break;
433*7c568831SAndroid Build Coastguard Worker }
434*7c568831SAndroid Build Coastguard Worker
435*7c568831SAndroid Build Coastguard Worker case OP_MOVE_TO_FIRST_ATTRIBUTE:
436*7c568831SAndroid Build Coastguard Worker startOp("MoveToFirstAttribute");
437*7c568831SAndroid Build Coastguard Worker xmlTextReaderMoveToFirstAttribute(reader);
438*7c568831SAndroid Build Coastguard Worker break;
439*7c568831SAndroid Build Coastguard Worker
440*7c568831SAndroid Build Coastguard Worker case OP_MOVE_TO_NEXT_ATTRIBUTE:
441*7c568831SAndroid Build Coastguard Worker startOp("MoveToNextAttribute");
442*7c568831SAndroid Build Coastguard Worker xmlTextReaderMoveToNextAttribute(reader);
443*7c568831SAndroid Build Coastguard Worker break;
444*7c568831SAndroid Build Coastguard Worker
445*7c568831SAndroid Build Coastguard Worker case OP_MOVE_TO_ELEMENT:
446*7c568831SAndroid Build Coastguard Worker startOp("MoveToElement");
447*7c568831SAndroid Build Coastguard Worker xmlTextReaderMoveToElement(reader);
448*7c568831SAndroid Build Coastguard Worker break;
449*7c568831SAndroid Build Coastguard Worker
450*7c568831SAndroid Build Coastguard Worker case OP_NORMALIZATION:
451*7c568831SAndroid Build Coastguard Worker startOp("Normalization");
452*7c568831SAndroid Build Coastguard Worker xmlTextReaderNormalization(reader);
453*7c568831SAndroid Build Coastguard Worker break;
454*7c568831SAndroid Build Coastguard Worker
455*7c568831SAndroid Build Coastguard Worker case OP_CONST_ENCODING:
456*7c568831SAndroid Build Coastguard Worker startOp("ConstEncoding");
457*7c568831SAndroid Build Coastguard Worker xmlTextReaderConstEncoding(reader);
458*7c568831SAndroid Build Coastguard Worker break;
459*7c568831SAndroid Build Coastguard Worker
460*7c568831SAndroid Build Coastguard Worker case OP_GET_PARSER_PROP: {
461*7c568831SAndroid Build Coastguard Worker int prop = READ_BYTE();
462*7c568831SAndroid Build Coastguard Worker
463*7c568831SAndroid Build Coastguard Worker startOp("GetParserProp");
464*7c568831SAndroid Build Coastguard Worker xmlTextReaderGetParserProp(reader, prop);
465*7c568831SAndroid Build Coastguard Worker break;
466*7c568831SAndroid Build Coastguard Worker }
467*7c568831SAndroid Build Coastguard Worker
468*7c568831SAndroid Build Coastguard Worker case OP_CURRENT_NODE:
469*7c568831SAndroid Build Coastguard Worker startOp("CurrentNode");
470*7c568831SAndroid Build Coastguard Worker xmlTextReaderCurrentNode(reader);
471*7c568831SAndroid Build Coastguard Worker break;
472*7c568831SAndroid Build Coastguard Worker
473*7c568831SAndroid Build Coastguard Worker case OP_GET_PARSER_LINE_NUMBER:
474*7c568831SAndroid Build Coastguard Worker startOp("GetParserLineNumber");
475*7c568831SAndroid Build Coastguard Worker xmlTextReaderGetParserLineNumber(reader);
476*7c568831SAndroid Build Coastguard Worker break;
477*7c568831SAndroid Build Coastguard Worker
478*7c568831SAndroid Build Coastguard Worker case OP_GET_PARSER_COLUMN_NUMBER:
479*7c568831SAndroid Build Coastguard Worker startOp("GetParserColumnNumber");
480*7c568831SAndroid Build Coastguard Worker xmlTextReaderGetParserColumnNumber(reader);
481*7c568831SAndroid Build Coastguard Worker break;
482*7c568831SAndroid Build Coastguard Worker
483*7c568831SAndroid Build Coastguard Worker case OP_PRESERVE:
484*7c568831SAndroid Build Coastguard Worker startOp("Preserve");
485*7c568831SAndroid Build Coastguard Worker xmlTextReaderPreserve(reader);
486*7c568831SAndroid Build Coastguard Worker break;
487*7c568831SAndroid Build Coastguard Worker
488*7c568831SAndroid Build Coastguard Worker case OP_CURRENT_DOC: {
489*7c568831SAndroid Build Coastguard Worker xmlDocPtr result;
490*7c568831SAndroid Build Coastguard Worker
491*7c568831SAndroid Build Coastguard Worker startOp("CurrentDoc");
492*7c568831SAndroid Build Coastguard Worker result = xmlTextReaderCurrentDoc(reader);
493*7c568831SAndroid Build Coastguard Worker if (doc == NULL)
494*7c568831SAndroid Build Coastguard Worker doc = result;
495*7c568831SAndroid Build Coastguard Worker break;
496*7c568831SAndroid Build Coastguard Worker }
497*7c568831SAndroid Build Coastguard Worker
498*7c568831SAndroid Build Coastguard Worker case OP_EXPAND:
499*7c568831SAndroid Build Coastguard Worker startOp("Expand");
500*7c568831SAndroid Build Coastguard Worker xmlTextReaderExpand(reader);
501*7c568831SAndroid Build Coastguard Worker break;
502*7c568831SAndroid Build Coastguard Worker
503*7c568831SAndroid Build Coastguard Worker case OP_NEXT:
504*7c568831SAndroid Build Coastguard Worker startOp("Next");
505*7c568831SAndroid Build Coastguard Worker xmlTextReaderNext(reader);
506*7c568831SAndroid Build Coastguard Worker break;
507*7c568831SAndroid Build Coastguard Worker
508*7c568831SAndroid Build Coastguard Worker case OP_NEXT_SIBLING:
509*7c568831SAndroid Build Coastguard Worker startOp("NextSibling");
510*7c568831SAndroid Build Coastguard Worker xmlTextReaderNextSibling(reader);
511*7c568831SAndroid Build Coastguard Worker break;
512*7c568831SAndroid Build Coastguard Worker
513*7c568831SAndroid Build Coastguard Worker case OP_IS_VALID:
514*7c568831SAndroid Build Coastguard Worker startOp("IsValid");
515*7c568831SAndroid Build Coastguard Worker xmlTextReaderIsValid(reader);
516*7c568831SAndroid Build Coastguard Worker break;
517*7c568831SAndroid Build Coastguard Worker
518*7c568831SAndroid Build Coastguard Worker case OP_CONST_XML_VERSION:
519*7c568831SAndroid Build Coastguard Worker startOp("ConstXmlVersion");
520*7c568831SAndroid Build Coastguard Worker xmlTextReaderConstXmlVersion(reader);
521*7c568831SAndroid Build Coastguard Worker break;
522*7c568831SAndroid Build Coastguard Worker
523*7c568831SAndroid Build Coastguard Worker case OP_STANDALONE:
524*7c568831SAndroid Build Coastguard Worker startOp("Standalone");
525*7c568831SAndroid Build Coastguard Worker xmlTextReaderStandalone(reader);
526*7c568831SAndroid Build Coastguard Worker break;
527*7c568831SAndroid Build Coastguard Worker
528*7c568831SAndroid Build Coastguard Worker case OP_BYTE_CONSUMED:
529*7c568831SAndroid Build Coastguard Worker startOp("ByteConsumed");
530*7c568831SAndroid Build Coastguard Worker xmlTextReaderByteConsumed(reader);
531*7c568831SAndroid Build Coastguard Worker oomReport = -1;
532*7c568831SAndroid Build Coastguard Worker break;
533*7c568831SAndroid Build Coastguard Worker }
534*7c568831SAndroid Build Coastguard Worker
535*7c568831SAndroid Build Coastguard Worker if (totalStringSize > docSize * 2)
536*7c568831SAndroid Build Coastguard Worker break;
537*7c568831SAndroid Build Coastguard Worker }
538*7c568831SAndroid Build Coastguard Worker
539*7c568831SAndroid Build Coastguard Worker error = xmlTextReaderGetLastError(reader);
540*7c568831SAndroid Build Coastguard Worker if (error->code == XML_ERR_NO_MEMORY)
541*7c568831SAndroid Build Coastguard Worker oomReport = 1;
542*7c568831SAndroid Build Coastguard Worker xmlFuzzCheckMallocFailure("reader", oomReport);
543*7c568831SAndroid Build Coastguard Worker
544*7c568831SAndroid Build Coastguard Worker xmlFreeTextReader(reader);
545*7c568831SAndroid Build Coastguard Worker
546*7c568831SAndroid Build Coastguard Worker if (doc != NULL)
547*7c568831SAndroid Build Coastguard Worker xmlFreeDoc(doc);
548*7c568831SAndroid Build Coastguard Worker
549*7c568831SAndroid Build Coastguard Worker exit:
550*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetLimit(0);
551*7c568831SAndroid Build Coastguard Worker xmlFuzzDataCleanup();
552*7c568831SAndroid Build Coastguard Worker xmlResetLastError();
553*7c568831SAndroid Build Coastguard Worker return(0);
554*7c568831SAndroid Build Coastguard Worker }
555*7c568831SAndroid Build Coastguard Worker
556