1 /* 2 * schema.c: a libFuzzer target to test the XML Schema processor. 3 * 4 * See Copyright for the status of this software. 5 */ 6 7 #include <libxml/catalog.h> 8 #include <libxml/xmlschemas.h> 9 #include "fuzz.h" 10 11 int LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)12LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED, 13 char ***argv ATTRIBUTE_UNUSED) { 14 xmlFuzzMemSetup(); 15 xmlInitParser(); 16 #ifdef LIBXML_CATALOG_ENABLED 17 xmlInitializeCatalog(); 18 xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE); 19 #endif 20 21 return 0; 22 } 23 24 int LLVMFuzzerTestOneInput(const char * data,size_t size)25LLVMFuzzerTestOneInput(const char *data, size_t size) { 26 xmlSchemaParserCtxtPtr pctxt; 27 size_t maxAlloc; 28 29 if (size > 50000) 30 return(0); 31 32 maxAlloc = xmlFuzzReadInt(4) % (size + 100); 33 34 xmlFuzzDataInit(data, size); 35 xmlFuzzReadEntities(); 36 37 xmlFuzzMemSetLimit(maxAlloc); 38 pctxt = xmlSchemaNewParserCtxt(xmlFuzzMainUrl()); 39 xmlSchemaSetParserStructuredErrors(pctxt, xmlFuzzSErrorFunc, NULL); 40 xmlSchemaSetResourceLoader(pctxt, xmlFuzzResourceLoader, NULL); 41 xmlSchemaFree(xmlSchemaParse(pctxt)); 42 xmlSchemaFreeParserCtxt(pctxt); 43 44 xmlFuzzMemSetLimit(0); 45 xmlFuzzDataCleanup(); 46 xmlResetLastError(); 47 48 return(0); 49 } 50 51