rk3588-game
/
android13
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
android13/external/oss-fuzz/projects/tidy-html5/tidy_general_fuzzer.c

161 lines
3.8 KiB
C
Raw Blame History

/*
* Copyright 2021 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <sys/types.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <unistd.h>
#include "tidybuffio.h"
#include "tidy.h"
// All boolean options. These will be set randomly
// based on the fuzzer data.
TidyOptionId bool_options[] = {
TidyJoinClasses,
TidyJoinStyles,
TidyKeepFileTimes,
TidyKeepTabs,
TidyLiteralAttribs,
TidyLogicalEmphasis,
TidyLowerLiterals,
TidyMakeBare,
TidyFixUri,
TidyForceOutput,
TidyGDocClean,
TidyHideComments,
TidyMark,
TidyXmlTags,
TidyMakeClean,
TidyAnchorAsName,
TidyMergeEmphasis,
TidyMakeBare,
TidyMetaCharset,
TidyMuteShow,
TidyNCR,
TidyNumEntities,
TidyOmitOptionalTags,
TidyPunctWrap,
TidyQuiet,
TidyQuoteAmpersand,
TidyQuoteMarks,
TidyQuoteNbsp,
TidyReplaceColor,
TidyShowFilename,
TidyShowInfo,
TidyShowMarkup,
TidyShowMetaChange,
TidyShowWarnings,
TidySkipNested,
TidyUpperCaseTags,
TidyWarnPropAttrs,
TidyWord2000,
TidyWrapAsp,
TidyWrapAttVals,
TidyWrapJste,
TidyWrapPhp,
TidyWrapScriptlets,
TidyWrapSection,
TidyWriteBack,
};
void set_option(const uint8_t** data, size_t *size, TidyDoc *tdoc, TidyOptionId tboolID) {
uint8_t decider;
decider = **data;
*data += 1;
*size -= 1;
if (decider % 2 == 0) tidyOptSetBool( *tdoc, tboolID, yes );
else { tidyOptSetBool( *tdoc, tboolID, no ); }
}
int TidyXhtml(const uint8_t* data, size_t size, TidyBuffer* output, TidyBuffer* errbuf) {
uint8_t decider;
// We need enough data for picking all of the options. One byte per option.
if (size < 5+(sizeof(bool_options)/sizeof(bool_options[0]))) {
return 0;
}
TidyDoc tdoc = tidyCreate();
// Decide output format
decider = *data;
data++; size--;
if (decider % 3 == 0) tidyOptSetBool( tdoc, TidyXhtmlOut, yes );
else { tidyOptSetBool( tdoc, TidyXhtmlOut, no ); }
if (decider % 3 == 1) tidyOptSetBool( tdoc, TidyHtmlOut, yes );
else { tidyOptSetBool( tdoc, TidyHtmlOut, no ); }
if (decider % 3 == 2) tidyOptSetBool( tdoc, TidyXmlOut, yes );
else { tidyOptSetBool( tdoc, TidyXmlOut, no ); }
// Set options
for (int i=0; i < sizeof(bool_options)/sizeof(TidyOptionId); i++) {
set_option(&data, &size, &tdoc, bool_options[i]);
}
// Set an error buffer.
tidySetErrorBuffer(tdoc, errbuf);
// Parse the data
decider = *data;
data++; size--;
switch (decider % 2) {
case 0: {
char filename[256];
sprintf(filename, "/tmp/libfuzzer.%d", getpid());
FILE *fp = fopen(filename, "wb");
if (!fp) {
return 0;
}
fwrite(data, size, 1, fp);
fclose(fp);
tidyParseFile(tdoc, filename);
unlink(filename);
}
break;
case 1: {
char *inp = malloc(size+1);
inp[size] = '\0';
memcpy(inp, data, size);
tidyParseString(tdoc, inp);
free(inp);
}
}
// Cleanup
tidyRelease( tdoc );
return 0;
}
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
TidyBuffer fuzz_toutput;
TidyBuffer fuzz_terror;
tidyBufInit(&fuzz_toutput);
tidyBufInit(&fuzz_terror);
TidyXhtml(data, size, &fuzz_toutput, &fuzz_terror);
tidyBufFree(&fuzz_toutput);
tidyBufFree(&fuzz_terror);
return 0;
}
Reference in New Issue View Git Blame Copy Permalink