| OLD | NEW |
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include <stddef.h> |
| 6 #include <stdint.h> |
| 7 |
| 8 #include "third_party/expat/files/lib/expat.h" |
| 9 |
| 10 #include <array> |
| 11 |
| 12 static void XMLCALL |
| 13 startElement(void* userData, const char* name, const char** atts) { |
| 14 int* depthPtr = static_cast<int*>(userData); |
| 15 (void)atts; |
| 16 |
| 17 for (int i = 0; i < *depthPtr; i++) |
| 18 (void)name; |
| 19 |
| 20 *depthPtr += 1; |
| 21 } |
| 22 |
| 23 |
| 24 static void XMLCALL |
| 25 endElement(void* userData, const char* name) { |
| 26 int* depthPtr = static_cast<int*>(userData); |
| 27 (void)name; |
| 28 |
| 29 *depthPtr -= 1; |
| 30 } |
| 31 |
| 32 |
| 33 std::array<const char*, 7> kEncodings = {{ "UTF-16", "UTF-8", "ISO_8859_1", |
| 34 "US_ASCII", "UTF_16BE", "UTF_16LE", |
| 35 nullptr }}; |
| 36 |
| 37 |
| 38 // Entry point for LibFuzzer. |
| 39 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 40 for (auto enc : kEncodings) { |
| 41 XML_Parser parser = XML_ParserCreate(enc); |
| 42 if (!parser) |
| 43 return 0; |
| 44 |
| 45 int depth = 0; |
| 46 XML_SetUserData(parser, &depth); |
| 47 XML_SetElementHandler(parser, startElement, endElement); |
| 48 |
| 49 const char* dataPtr = reinterpret_cast<const char*>(data); |
| 50 |
| 51 // Feed the data with two different values of |isFinal| for better coverage. |
| 52 for (int isFinal = 0; isFinal <= 1; ++isFinal) { |
| 53 if (XML_Parse(parser, dataPtr, size, isFinal) == XML_STATUS_ERROR) { |
| 54 XML_ErrorString(XML_GetErrorCode(parser)); |
| 55 XML_GetCurrentLineNumber(parser); |
| 56 } |
| 57 } |
| 58 |
| 59 XML_ParserFree(parser); |
| 60 } |
| 61 |
| 62 return 0; |
| 63 } |
| OLD | NEW |