1*7c568831SAndroid Build Coastguard Worker /* 2*7c568831SAndroid Build Coastguard Worker * regexp.c: a libFuzzer target to test the regexp module. 3*7c568831SAndroid Build Coastguard Worker * 4*7c568831SAndroid Build Coastguard Worker * See Copyright for the status of this software. 5*7c568831SAndroid Build Coastguard Worker */ 6*7c568831SAndroid Build Coastguard Worker 7*7c568831SAndroid Build Coastguard Worker #include <stdio.h> 8*7c568831SAndroid Build Coastguard Worker #include <stdlib.h> 9*7c568831SAndroid Build Coastguard Worker #include <libxml/xmlregexp.h> 10*7c568831SAndroid Build Coastguard Worker #include "fuzz.h" 11*7c568831SAndroid Build Coastguard Worker 12*7c568831SAndroid Build Coastguard Worker int LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)13*7c568831SAndroid Build Coastguard WorkerLLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED, 14*7c568831SAndroid Build Coastguard Worker char ***argv ATTRIBUTE_UNUSED) { 15*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetup(); 16*7c568831SAndroid Build Coastguard Worker 17*7c568831SAndroid Build Coastguard Worker return 0; 18*7c568831SAndroid Build Coastguard Worker } 19*7c568831SAndroid Build Coastguard Worker 20*7c568831SAndroid Build Coastguard Worker int LLVMFuzzerTestOneInput(const char * data,size_t size)21*7c568831SAndroid Build Coastguard WorkerLLVMFuzzerTestOneInput(const char *data, size_t size) { 22*7c568831SAndroid Build Coastguard Worker xmlRegexpPtr regexp; 23*7c568831SAndroid Build Coastguard Worker size_t maxAlloc; 24*7c568831SAndroid Build Coastguard Worker const char *str1; 25*7c568831SAndroid Build Coastguard Worker 26*7c568831SAndroid Build Coastguard Worker if (size > 200) 27*7c568831SAndroid Build Coastguard Worker return(0); 28*7c568831SAndroid Build Coastguard Worker 29*7c568831SAndroid Build Coastguard Worker xmlFuzzDataInit(data, size); 30*7c568831SAndroid Build Coastguard Worker maxAlloc = xmlFuzzReadInt(4) % (size * 8 + 100); 31*7c568831SAndroid Build Coastguard Worker str1 = xmlFuzzReadString(NULL); 32*7c568831SAndroid Build Coastguard Worker 33*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetLimit(maxAlloc); 34*7c568831SAndroid Build Coastguard Worker regexp = xmlRegexpCompile(BAD_CAST str1); 35*7c568831SAndroid Build Coastguard Worker if (xmlFuzzMallocFailed() && regexp != NULL) { 36*7c568831SAndroid Build Coastguard Worker fprintf(stderr, "malloc failure not reported\n"); 37*7c568831SAndroid Build Coastguard Worker abort(); 38*7c568831SAndroid Build Coastguard Worker } 39*7c568831SAndroid Build Coastguard Worker /* xmlRegexpExec has pathological performance in too many cases. */ 40*7c568831SAndroid Build Coastguard Worker #if 0 41*7c568831SAndroid Build Coastguard Worker xmlRegexpExec(regexp, BAD_CAST str2); 42*7c568831SAndroid Build Coastguard Worker #endif 43*7c568831SAndroid Build Coastguard Worker xmlRegFreeRegexp(regexp); 44*7c568831SAndroid Build Coastguard Worker 45*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetLimit(0); 46*7c568831SAndroid Build Coastguard Worker xmlFuzzDataCleanup(); 47*7c568831SAndroid Build Coastguard Worker xmlResetLastError(); 48*7c568831SAndroid Build Coastguard Worker 49*7c568831SAndroid Build Coastguard Worker return 0; 50*7c568831SAndroid Build Coastguard Worker } 51*7c568831SAndroid Build Coastguard Worker 52