1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <cassert>
6 #include <cstddef>
7 #include <cstdint>
8
9 #include <functional>
10 #include <limits>
11 #include <string>
12
13 #include "libxml/parser.h"
14 #include "libxml/xmlsave.h"
15
ignore(void * ctx,const char * msg,...)16 void ignore (void* ctx, const char* msg, ...) {
17 // Error handler to avoid spam of error messages from libxml parser.
18 }
19
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)20 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
21 xmlSetGenericErrorFunc(NULL, &ignore);
22
23 // Test default empty options value and one random combination of flags.
24 const std::string data_string(reinterpret_cast<const char*>(data), size);
25 const std::size_t data_hash = std::hash<std::string>()(data_string);
26 const int max_option_value = std::numeric_limits<int>::max();
27 // Disable XML_PARSE_HUGE to avoid stack overflow. http://crbug.com/738947.
28 // Disable XML_PARSE_NOENT, XML_PARSE_DTD[LOAD|ATTR|VALID] to avoid timeout
29 // loading external entity from stdin. http://crbug.com/755142.
30 const int random_option = data_hash & max_option_value & ~XML_PARSE_NOENT &
31 ~XML_PARSE_DTDLOAD & ~XML_PARSE_DTDATTR &
32 ~XML_PARSE_DTDVALID & ~XML_PARSE_HUGE;
33 const int options[] = {0, random_option};
34
35 for (const auto option_value : options) {
36 // Intentionally pass raw data as the API does not require trailing \0.
37 if (auto doc = xmlReadMemory(reinterpret_cast<const char*>(data), size,
38 "noname.xml", NULL, option_value)) {
39 auto buffer = xmlBufferCreate();
40 assert(buffer);
41
42 auto context = xmlSaveToBuffer(buffer, NULL, 0);
43 xmlSaveDoc(context, doc);
44 xmlSaveClose(context);
45 xmlFreeDoc(doc);
46 xmlBufferFree(buffer);
47 }
48 }
49
50 return 0;
51 }
52