1*7c568831SAndroid Build Coastguard Worker /* 2*7c568831SAndroid Build Coastguard Worker * schema.c: a libFuzzer target to test the XML Schema processor. 3*7c568831SAndroid Build Coastguard Worker * 4*7c568831SAndroid Build Coastguard Worker * See Copyright for the status of this software. 5*7c568831SAndroid Build Coastguard Worker */ 6*7c568831SAndroid Build Coastguard Worker 7*7c568831SAndroid Build Coastguard Worker #include <libxml/catalog.h> 8*7c568831SAndroid Build Coastguard Worker #include <libxml/xmlschemas.h> 9*7c568831SAndroid Build Coastguard Worker #include "fuzz.h" 10*7c568831SAndroid Build Coastguard Worker 11*7c568831SAndroid Build Coastguard Worker int LLVMFuzzerInitialize(int * argc ATTRIBUTE_UNUSED,char *** argv ATTRIBUTE_UNUSED)12*7c568831SAndroid Build Coastguard WorkerLLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED, 13*7c568831SAndroid Build Coastguard Worker char ***argv ATTRIBUTE_UNUSED) { 14*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetup(); 15*7c568831SAndroid Build Coastguard Worker xmlInitParser(); 16*7c568831SAndroid Build Coastguard Worker #ifdef LIBXML_CATALOG_ENABLED 17*7c568831SAndroid Build Coastguard Worker xmlInitializeCatalog(); 18*7c568831SAndroid Build Coastguard Worker xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE); 19*7c568831SAndroid Build Coastguard Worker #endif 20*7c568831SAndroid Build Coastguard Worker 21*7c568831SAndroid Build Coastguard Worker return 0; 22*7c568831SAndroid Build Coastguard Worker } 23*7c568831SAndroid Build Coastguard Worker 24*7c568831SAndroid Build Coastguard Worker int LLVMFuzzerTestOneInput(const char * data,size_t size)25*7c568831SAndroid Build Coastguard WorkerLLVMFuzzerTestOneInput(const char *data, size_t size) { 26*7c568831SAndroid Build Coastguard Worker xmlSchemaParserCtxtPtr pctxt; 27*7c568831SAndroid Build Coastguard Worker size_t maxAlloc; 28*7c568831SAndroid Build Coastguard Worker 29*7c568831SAndroid Build Coastguard Worker if (size > 50000) 30*7c568831SAndroid Build Coastguard Worker return(0); 31*7c568831SAndroid Build Coastguard Worker 32*7c568831SAndroid Build Coastguard Worker maxAlloc = xmlFuzzReadInt(4) % (size + 100); 33*7c568831SAndroid Build Coastguard Worker 34*7c568831SAndroid Build Coastguard Worker xmlFuzzDataInit(data, size); 35*7c568831SAndroid Build Coastguard Worker xmlFuzzReadEntities(); 36*7c568831SAndroid Build Coastguard Worker 37*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetLimit(maxAlloc); 38*7c568831SAndroid Build Coastguard Worker pctxt = xmlSchemaNewParserCtxt(xmlFuzzMainUrl()); 39*7c568831SAndroid Build Coastguard Worker xmlSchemaSetParserStructuredErrors(pctxt, xmlFuzzSErrorFunc, NULL); 40*7c568831SAndroid Build Coastguard Worker xmlSchemaSetResourceLoader(pctxt, xmlFuzzResourceLoader, NULL); 41*7c568831SAndroid Build Coastguard Worker xmlSchemaFree(xmlSchemaParse(pctxt)); 42*7c568831SAndroid Build Coastguard Worker xmlSchemaFreeParserCtxt(pctxt); 43*7c568831SAndroid Build Coastguard Worker 44*7c568831SAndroid Build Coastguard Worker xmlFuzzMemSetLimit(0); 45*7c568831SAndroid Build Coastguard Worker xmlFuzzDataCleanup(); 46*7c568831SAndroid Build Coastguard Worker xmlResetLastError(); 47*7c568831SAndroid Build Coastguard Worker 48*7c568831SAndroid Build Coastguard Worker return(0); 49*7c568831SAndroid Build Coastguard Worker } 50*7c568831SAndroid Build Coastguard Worker 51