xref: /aosp_15_r20/external/libxml2/fuzz/regexp.c (revision 7c5688314b92172186c154356a6374bf7684c3ca) 
1 /*
2  * regexp.c: a libFuzzer target to test the regexp module.
3  *
4  * See Copyright for the status of this software.
5  */
6 
7 #include <stdio.h>
8 #include <stdlib.h>
9 #include <libxml/xmlregexp.h>
10 #include "fuzz.h"
11 
12 int
LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)13 LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
14                      char ***argv ATTRIBUTE_UNUSED) {
15     xmlFuzzMemSetup();
16 
17     return 0;
18 }
19 
20 int
LLVMFuzzerTestOneInput(const char * data,size_t size)21 LLVMFuzzerTestOneInput(const char *data, size_t size) {
22     xmlRegexpPtr regexp;
23     size_t maxAlloc;
24     const char *str1;
25 
26     if (size > 200)
27         return(0);
28 
29     xmlFuzzDataInit(data, size);
30     maxAlloc = xmlFuzzReadInt(4) % (size * 8 + 100);
31     str1 = xmlFuzzReadString(NULL);
32 
33     xmlFuzzMemSetLimit(maxAlloc);
34     regexp = xmlRegexpCompile(BAD_CAST str1);
35     if (xmlFuzzMallocFailed() && regexp != NULL) {
36         fprintf(stderr, "malloc failure not reported\n");
37         abort();
38     }
39     /* xmlRegexpExec has pathological performance in too many cases. */
40 #if 0
41     xmlRegexpExec(regexp, BAD_CAST str2);
42 #endif
43     xmlRegFreeRegexp(regexp);
44 
45     xmlFuzzMemSetLimit(0);
46     xmlFuzzDataCleanup();
47     xmlResetLastError();
48 
49     return 0;
50 }
51 
52