1  // Copyright 2015 The Chromium Authors. All rights reserved.
 2  // Use of this source code is governed by a BSD-style license that can be
 3  // found in the LICENSE file.
 4  
 5  #include <cassert>
 6  #include <cstddef>
 7  #include <cstdint>
 8  
 9  #include <functional>
10  #include <limits>
11  #include <string>
12  
13  #include "libxml/parser.h"
14  #include "libxml/xmlsave.h"
15  
16  extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
17  
18  static void ignore (void* ctx, const char* msg, ...) {
19    // Error handler to avoid spam of error messages from libxml parser.
20  }
21  
22  extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
23    xmlSetGenericErrorFunc(NULL, &ignore);
24  
25    // Test default empty options value and some random combination.
26    std::string data_string(reinterpret_cast<const char*>(data), size);
27    const std::size_t data_hash = std::hash<std::string>()(data_string);
28    const int max_option_value = std::numeric_limits<int>::max();
29    const int random_option_value = data_hash % max_option_value;
30    const int options[] = {0, random_option_value};
31  
32    for (const auto option_value : options) {
33      size_t data_string_length = data_string.length();
34      assert(data_string_length < std::numeric_limits<int>::max());
35      if (auto doc = xmlReadMemory(data_string.c_str(), static_cast<int>(data_string_length),
36                                   "noname.xml", NULL, option_value | XML_PARSE_NONET)) {
37        auto buf = xmlBufferCreate();
38        assert(buf);
39        auto ctxt = xmlSaveToBuffer(buf, NULL, 0);
40        xmlSaveDoc(ctxt, doc);
41        xmlSaveClose(ctxt);
42        xmlFreeDoc(doc);
43        xmlBufferFree(buf);
44      }
45    }
46  
47    return 0;
48  }