From 9d8d1932887b230aa71ae493d0fb648019d3b9d2 Mon Sep 17 00:00:00 2001 From: Nathaniel Brough Date: Sat, 4 Mar 2023 13:13:24 -0800 Subject: [PATCH 1/3] tests: excersizes query code on xml doc --- tests/fuzz_xpath.cpp | 54 ++++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 20 deletions(-) diff --git a/tests/fuzz_xpath.cpp b/tests/fuzz_xpath.cpp index c7ff4cd0f..2d97a2b90 100644 --- a/tests/fuzz_xpath.cpp +++ b/tests/fuzz_xpath.cpp @@ -1,26 +1,40 @@ #include "../src/pugixml.hpp" +#include "fuzzer/FuzzedDataProvider.h" #include #include +#include -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ - char* text = new char[Size + 1]; - memcpy(text, Data, Size); - text[Size] = 0; - -#ifdef PUGIXML_NO_EXCEPTIONS - pugi::xpath_query q(text); -#else - try - { - pugi::xpath_query q(text); - } - catch (pugi::xpath_exception&) - { - } -#endif - - delete[] text; - return 0; +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + FuzzedDataProvider fdp(Data, Size); + std::string text = fdp.ConsumeRandomLengthString(1024); + + try { + pugi::xpath_variable_set vars; + size_t var_count = fdp.ConsumeIntegralInRange(0, 50); + std::vector var_name_storage = {}; + for (size_t i = 0; i < var_count; i++) { + var_name_storage.push_back(fdp.ConsumeRandomLengthString(128)); + + pugi::xpath_value_type value_type = + static_cast(fdp.ConsumeIntegralInRange(0, 5)); + vars.add(var_name_storage.back().c_str(), value_type); + } + pugi::xpath_query q(text.c_str(), &vars); + + std::vector xml_buffer = + fdp.ConsumeBytes(fdp.ConsumeIntegralInRange(0, 1024)); + pugi::xml_document doc; + doc.load_buffer(xml_buffer.data(), xml_buffer.size(), pugi::parse_full); + + bool boolean = q.evaluate_boolean(doc); + double num = q.evaluate_number(doc); + pugi::string_t s = q.evaluate_string(doc); + pugi::xpath_node n = q.evaluate_node(doc); + pugi::xpath_node_set set = q.evaluate_node_set(doc); + + } catch (pugi::xpath_exception &) { + } + + return 0; } From d75a081aa33990c97927882e21ea9a201d299edf Mon Sep 17 00:00:00 2001 From: Arseny Kapoulkine Date: Sat, 21 Oct 2023 11:11:11 -0700 Subject: [PATCH 2/3] Update fuzz_xpath.cpp Fix code style, no exceptions, other tweaks. --- tests/fuzz_xpath.cpp | 70 ++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 32 deletions(-) diff --git a/tests/fuzz_xpath.cpp b/tests/fuzz_xpath.cpp index 2d97a2b90..66cb84c91 100644 --- a/tests/fuzz_xpath.cpp +++ b/tests/fuzz_xpath.cpp @@ -5,36 +5,42 @@ #include #include -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - FuzzedDataProvider fdp(Data, Size); - std::string text = fdp.ConsumeRandomLengthString(1024); - - try { - pugi::xpath_variable_set vars; - size_t var_count = fdp.ConsumeIntegralInRange(0, 50); - std::vector var_name_storage = {}; - for (size_t i = 0; i < var_count; i++) { - var_name_storage.push_back(fdp.ConsumeRandomLengthString(128)); - - pugi::xpath_value_type value_type = - static_cast(fdp.ConsumeIntegralInRange(0, 5)); - vars.add(var_name_storage.back().c_str(), value_type); - } - pugi::xpath_query q(text.c_str(), &vars); - - std::vector xml_buffer = - fdp.ConsumeBytes(fdp.ConsumeIntegralInRange(0, 1024)); - pugi::xml_document doc; - doc.load_buffer(xml_buffer.data(), xml_buffer.size(), pugi::parse_full); - - bool boolean = q.evaluate_boolean(doc); - double num = q.evaluate_number(doc); - pugi::string_t s = q.evaluate_string(doc); - pugi::xpath_node n = q.evaluate_node(doc); - pugi::xpath_node_set set = q.evaluate_node_set(doc); - - } catch (pugi::xpath_exception &) { - } - - return 0; +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) +{ + FuzzedDataProvider fdp(Data, Size); + std::string text = fdp.ConsumeRandomLengthString(1024); + +#ifndef PUGIXML_NO_EXCEPTIONS + try +#endif + { + pugi::xpath_variable_set vars; + size_t var_count = fdp.ConsumeIntegralInRange(0, 50); + std::vector var_name_storage; + for (size_t i = 0; i < var_count; ++i) + { + var_name_storage.push_back(fdp.ConsumeRandomLengthString(128)); + + const int xpath_value_type_count = pugi::xpath_type_boolean + 1; + pugi::xpath_value_type value_type = static_cast(fdp.ConsumeIntegralInRange(0, xpath_value_type_count)); + vars.add(var_name_storage.back().c_str(), value_type); + } + pugi::xpath_query q(text.c_str(), &vars); + + std::vector xml_buffer = fdp.ConsumeBytes(fdp.ConsumeIntegralInRange(0, 1024)); + pugi::xml_document doc; + doc.load_buffer(xml_buffer.data(), xml_buffer.size(), pugi::parse_full); + + bool boolean = q.evaluate_boolean(doc); + double num = q.evaluate_number(doc); + pugi::string_t s = q.evaluate_string(doc); + pugi::xpath_node n = q.evaluate_node(doc); + pugi::xpath_node_set set = q.evaluate_node_set(doc); + } +#ifndef PUGIXML_NO_EXCEPTIONS + catch (pugi::xpath_exception&) + { + } +#endif + return 0; } From 4d42ba7a608badd1f1bcf452ca7b6cf97a961dde Mon Sep 17 00:00:00 2001 From: Arseny Kapoulkine Date: Sat, 21 Oct 2023 11:20:03 -0700 Subject: [PATCH 3/3] Update fuzz_xpath.cpp Remove unused variables --- tests/fuzz_xpath.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/fuzz_xpath.cpp b/tests/fuzz_xpath.cpp index 66cb84c91..a1a3b5093 100644 --- a/tests/fuzz_xpath.cpp +++ b/tests/fuzz_xpath.cpp @@ -31,11 +31,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) pugi::xml_document doc; doc.load_buffer(xml_buffer.data(), xml_buffer.size(), pugi::parse_full); - bool boolean = q.evaluate_boolean(doc); - double num = q.evaluate_number(doc); - pugi::string_t s = q.evaluate_string(doc); - pugi::xpath_node n = q.evaluate_node(doc); - pugi::xpath_node_set set = q.evaluate_node_set(doc); + q.evaluate_boolean(doc); + q.evaluate_number(doc); + q.evaluate_string(doc); + q.evaluate_node(doc); + q.evaluate_node_set(doc); } #ifndef PUGIXML_NO_EXCEPTIONS catch (pugi::xpath_exception&)