xref: /aosp_15_r20/external/libxml2/fuzz/uri.c (revision 7c5688314b92172186c154356a6374bf7684c3ca) 
1*7c568831SAndroid Build Coastguard Worker /*
2*7c568831SAndroid Build Coastguard Worker  * uri.c: a libFuzzer target to test the URI module.
3*7c568831SAndroid Build Coastguard Worker  *
4*7c568831SAndroid Build Coastguard Worker  * See Copyright for the status of this software.
5*7c568831SAndroid Build Coastguard Worker  */
6*7c568831SAndroid Build Coastguard Worker 
7*7c568831SAndroid Build Coastguard Worker #include <libxml/uri.h>
8*7c568831SAndroid Build Coastguard Worker #include "fuzz.h"
9*7c568831SAndroid Build Coastguard Worker 
10*7c568831SAndroid Build Coastguard Worker int
LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)11*7c568831SAndroid Build Coastguard Worker LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
12*7c568831SAndroid Build Coastguard Worker                      char ***argv ATTRIBUTE_UNUSED) {
13*7c568831SAndroid Build Coastguard Worker     xmlFuzzMemSetup();
14*7c568831SAndroid Build Coastguard Worker 
15*7c568831SAndroid Build Coastguard Worker     return 0;
16*7c568831SAndroid Build Coastguard Worker }
17*7c568831SAndroid Build Coastguard Worker 
18*7c568831SAndroid Build Coastguard Worker int
LLVMFuzzerTestOneInput(const char * data,size_t size)19*7c568831SAndroid Build Coastguard Worker LLVMFuzzerTestOneInput(const char *data, size_t size) {
20*7c568831SAndroid Build Coastguard Worker     xmlURIPtr uri;
21*7c568831SAndroid Build Coastguard Worker     size_t maxAlloc;
22*7c568831SAndroid Build Coastguard Worker     const char *str1, *str2;
23*7c568831SAndroid Build Coastguard Worker     char *copy;
24*7c568831SAndroid Build Coastguard Worker     xmlChar *strRes;
25*7c568831SAndroid Build Coastguard Worker     int intRes;
26*7c568831SAndroid Build Coastguard Worker 
27*7c568831SAndroid Build Coastguard Worker     if (size > 10000)
28*7c568831SAndroid Build Coastguard Worker         return(0);
29*7c568831SAndroid Build Coastguard Worker 
30*7c568831SAndroid Build Coastguard Worker     xmlFuzzDataInit(data, size);
31*7c568831SAndroid Build Coastguard Worker     maxAlloc = xmlFuzzReadInt(4) % (size * 8 + 100);
32*7c568831SAndroid Build Coastguard Worker     str1 = xmlFuzzReadString(NULL);
33*7c568831SAndroid Build Coastguard Worker     str2 = xmlFuzzReadString(NULL);
34*7c568831SAndroid Build Coastguard Worker 
35*7c568831SAndroid Build Coastguard Worker     xmlFuzzMemSetLimit(maxAlloc);
36*7c568831SAndroid Build Coastguard Worker 
37*7c568831SAndroid Build Coastguard Worker     xmlFuzzResetMallocFailed();
38*7c568831SAndroid Build Coastguard Worker     intRes = xmlParseURISafe(str1, &uri);
39*7c568831SAndroid Build Coastguard Worker     xmlFuzzCheckMallocFailure("xmlParseURISafe", intRes == -1);
40*7c568831SAndroid Build Coastguard Worker 
41*7c568831SAndroid Build Coastguard Worker     if (uri != NULL) {
42*7c568831SAndroid Build Coastguard Worker         xmlFuzzResetMallocFailed();
43*7c568831SAndroid Build Coastguard Worker         strRes = xmlSaveUri(uri);
44*7c568831SAndroid Build Coastguard Worker         xmlFuzzCheckMallocFailure("xmlSaveURI", strRes == NULL);
45*7c568831SAndroid Build Coastguard Worker         xmlFree(strRes);
46*7c568831SAndroid Build Coastguard Worker         xmlFreeURI(uri);
47*7c568831SAndroid Build Coastguard Worker     }
48*7c568831SAndroid Build Coastguard Worker 
49*7c568831SAndroid Build Coastguard Worker     xmlFreeURI(xmlParseURI(str1));
50*7c568831SAndroid Build Coastguard Worker 
51*7c568831SAndroid Build Coastguard Worker     uri = xmlParseURIRaw(str1, 1);
52*7c568831SAndroid Build Coastguard Worker     xmlFree(xmlSaveUri(uri));
53*7c568831SAndroid Build Coastguard Worker     xmlFreeURI(uri);
54*7c568831SAndroid Build Coastguard Worker 
55*7c568831SAndroid Build Coastguard Worker     xmlFuzzResetMallocFailed();
56*7c568831SAndroid Build Coastguard Worker     strRes = BAD_CAST xmlURIUnescapeString(str1, -1, NULL);
57*7c568831SAndroid Build Coastguard Worker     xmlFuzzCheckMallocFailure("xmlURIUnescapeString",
58*7c568831SAndroid Build Coastguard Worker                               str1 != NULL && strRes == NULL);
59*7c568831SAndroid Build Coastguard Worker     xmlFree(strRes);
60*7c568831SAndroid Build Coastguard Worker 
61*7c568831SAndroid Build Coastguard Worker     xmlFree(xmlURIEscape(BAD_CAST str1));
62*7c568831SAndroid Build Coastguard Worker 
63*7c568831SAndroid Build Coastguard Worker     xmlFuzzResetMallocFailed();
64*7c568831SAndroid Build Coastguard Worker     strRes = xmlCanonicPath(BAD_CAST str1);
65*7c568831SAndroid Build Coastguard Worker     xmlFuzzCheckMallocFailure("xmlCanonicPath",
66*7c568831SAndroid Build Coastguard Worker                               str1 != NULL && strRes == NULL);
67*7c568831SAndroid Build Coastguard Worker     xmlFree(strRes);
68*7c568831SAndroid Build Coastguard Worker 
69*7c568831SAndroid Build Coastguard Worker     xmlFuzzResetMallocFailed();
70*7c568831SAndroid Build Coastguard Worker     strRes = xmlPathToURI(BAD_CAST str1);
71*7c568831SAndroid Build Coastguard Worker     xmlFuzzCheckMallocFailure("xmlPathToURI", str1 != NULL && strRes == NULL);
72*7c568831SAndroid Build Coastguard Worker     xmlFree(strRes);
73*7c568831SAndroid Build Coastguard Worker 
74*7c568831SAndroid Build Coastguard Worker     xmlFuzzResetMallocFailed();
75*7c568831SAndroid Build Coastguard Worker     intRes = xmlBuildURISafe(BAD_CAST str2, BAD_CAST str1, &strRes);
76*7c568831SAndroid Build Coastguard Worker     xmlFuzzCheckMallocFailure("xmlBuildURISafe", intRes == -1);
77*7c568831SAndroid Build Coastguard Worker     xmlFree(strRes);
78*7c568831SAndroid Build Coastguard Worker 
79*7c568831SAndroid Build Coastguard Worker     xmlFree(xmlBuildURI(BAD_CAST str2, BAD_CAST str1));
80*7c568831SAndroid Build Coastguard Worker 
81*7c568831SAndroid Build Coastguard Worker     xmlFuzzResetMallocFailed();
82*7c568831SAndroid Build Coastguard Worker     intRes = xmlBuildRelativeURISafe(BAD_CAST str2, BAD_CAST str1, &strRes);
83*7c568831SAndroid Build Coastguard Worker     xmlFuzzCheckMallocFailure("xmlBuildRelativeURISafe", intRes == -1);
84*7c568831SAndroid Build Coastguard Worker     xmlFree(strRes);
85*7c568831SAndroid Build Coastguard Worker 
86*7c568831SAndroid Build Coastguard Worker     xmlFree(xmlBuildRelativeURI(BAD_CAST str2, BAD_CAST str1));
87*7c568831SAndroid Build Coastguard Worker 
88*7c568831SAndroid Build Coastguard Worker     xmlFuzzResetMallocFailed();
89*7c568831SAndroid Build Coastguard Worker     strRes = xmlURIEscapeStr(BAD_CAST str1, BAD_CAST str2);
90*7c568831SAndroid Build Coastguard Worker     xmlFuzzCheckMallocFailure("xmlURIEscapeStr",
91*7c568831SAndroid Build Coastguard Worker                               str1 != NULL && strRes == NULL);
92*7c568831SAndroid Build Coastguard Worker     xmlFree(strRes);
93*7c568831SAndroid Build Coastguard Worker 
94*7c568831SAndroid Build Coastguard Worker     copy = (char *) xmlCharStrdup(str1);
95*7c568831SAndroid Build Coastguard Worker     xmlNormalizeURIPath(copy);
96*7c568831SAndroid Build Coastguard Worker     xmlFree(copy);
97*7c568831SAndroid Build Coastguard Worker 
98*7c568831SAndroid Build Coastguard Worker     xmlFuzzMemSetLimit(0);
99*7c568831SAndroid Build Coastguard Worker     xmlFuzzDataCleanup();
100*7c568831SAndroid Build Coastguard Worker 
101*7c568831SAndroid Build Coastguard Worker     return 0;
102*7c568831SAndroid Build Coastguard Worker }
103*7c568831SAndroid Build Coastguard Worker 
104