xref: /aosp_15_r20/external/libxml2/fuzz/xinclude.c (revision 7c5688314b92172186c154356a6374bf7684c3ca) 
1 /*
2  * xinclude.c: a libFuzzer target to test the XInclude engine.
3  *
4  * See Copyright for the status of this software.
5  */
6 
7 #include <libxml/catalog.h>
8 #include <libxml/parser.h>
9 #include <libxml/tree.h>
10 #include <libxml/xmlerror.h>
11 #include <libxml/xinclude.h>
12 #include "fuzz.h"
13 
14 int
LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)15 LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
16                      char ***argv ATTRIBUTE_UNUSED) {
17     xmlFuzzMemSetup();
18     xmlInitParser();
19 #ifdef LIBXML_CATALOG_ENABLED
20     xmlInitializeCatalog();
21     xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE);
22 #endif
23     xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
24 
25     return 0;
26 }
27 
28 int
LLVMFuzzerTestOneInput(const char * data,size_t size)29 LLVMFuzzerTestOneInput(const char *data, size_t size) {
30     xmlParserCtxtPtr ctxt;
31     xmlDocPtr doc;
32     const char *docBuffer, *docUrl;
33     size_t maxAlloc, docSize;
34     int opts;
35 
36     xmlFuzzDataInit(data, size);
37     opts = (int) xmlFuzzReadInt(4);
38     opts |= XML_PARSE_XINCLUDE;
39     maxAlloc = xmlFuzzReadInt(4) % (size + 100);
40 
41     xmlFuzzReadEntities();
42     docBuffer = xmlFuzzMainEntity(&docSize);
43     docUrl = xmlFuzzMainUrl();
44     if (docBuffer == NULL)
45         goto exit;
46 
47     /* Pull parser */
48 
49     xmlFuzzMemSetLimit(maxAlloc);
50     ctxt = xmlNewParserCtxt();
51     if (ctxt != NULL) {
52         xmlXIncludeCtxtPtr xinc;
53         xmlDocPtr copy;
54 
55         xmlCtxtSetResourceLoader(ctxt, xmlFuzzResourceLoader, NULL);
56 
57         doc = xmlCtxtReadMemory(ctxt, docBuffer, docSize, docUrl, NULL, opts);
58         xmlFuzzCheckMallocFailure("xmlCtxtReadMemory",
59                                   ctxt->errNo == XML_ERR_NO_MEMORY);
60 
61         xinc = xmlXIncludeNewContext(doc);
62         xmlXIncludeSetResourceLoader(xinc, xmlFuzzResourceLoader, NULL);
63         xmlXIncludeSetFlags(xinc, opts);
64         xmlXIncludeProcessNode(xinc, (xmlNodePtr) doc);
65         if (doc != NULL) {
66             xmlFuzzCheckMallocFailure("xmlXIncludeProcessNode",
67                     xinc == NULL ||
68                     xmlXIncludeGetLastError(xinc) == XML_ERR_NO_MEMORY);
69         }
70         xmlXIncludeFreeContext(xinc);
71 
72         xmlFuzzResetMallocFailed();
73         copy = xmlCopyDoc(doc, 1);
74         if (doc != NULL)
75             xmlFuzzCheckMallocFailure("xmlCopyNode", copy == NULL);
76         xmlFreeDoc(copy);
77 
78         xmlFreeDoc(doc);
79         xmlFreeParserCtxt(ctxt);
80     }
81 
82 exit:
83     xmlFuzzMemSetLimit(0);
84     xmlFuzzDataCleanup();
85     xmlResetLastError();
86     return(0);
87 }
88 
89