0
0
mirror of https://github.com/zeux/pugixml.git synced 2024-12-26 21:04:25 +08:00

tests: Add support for afl-fuzz

With the current setup it successfully finds the (fixed) DOCTYPE buffer overrun
in ~50 minutes (on a single core).
This commit is contained in:
Arseny Kapoulkine 2015-03-13 00:18:30 -07:00
parent 0542b1869b
commit 15fba1debc
8 changed files with 28 additions and 3 deletions

View File

@ -3,10 +3,10 @@ defines=standard
BUILD=build/make-$(CXX)-$(config)-$(defines) BUILD=build/make-$(CXX)-$(config)-$(defines)
SOURCES=src/pugixml.cpp $(wildcard tests/*.cpp) SOURCES=src/pugixml.cpp tests/main.cpp tests/allocator.cpp tests/test.cpp tests/writer_string.cpp $(wildcard tests/test_*.cpp)
EXECUTABLE=$(BUILD)/test EXECUTABLE=$(BUILD)/test
CXXFLAGS=-c -g -Wall -Wextra -Werror -pedantic CXXFLAGS=-g -Wall -Wextra -Werror -pedantic
LDFLAGS= LDFLAGS=
ifeq ($(config),release) ifeq ($(config),release)
@ -39,6 +39,11 @@ test: $(EXECUTABLE)
./$(EXECUTABLE) ./$(EXECUTABLE)
endif endif
fuzz:
@mkdir -p $(BUILD)
$(AFL)/afl-clang++ tests/fuzz_parse.cpp tests/allocator.cpp src/pugixml.cpp $(CXXFLAGS) -o $(BUILD)/fuzz_parse
$(AFL)/afl-fuzz -i tests/data_fuzz_parse -o $(BUILD)/fuzz_parse_out -x $(AFL)/testcases/_extras/xml/ -- $(BUILD)/fuzz_parse @@
clean: clean:
rm -rf $(BUILD) rm -rf $(BUILD)
@ -47,7 +52,7 @@ $(EXECUTABLE): $(OBJECTS)
$(BUILD)/%.o: % $(BUILD)/%.o: %
@mkdir -p $(dir $@) @mkdir -p $(dir $@)
$(CXX) $< $(CXXFLAGS) -MMD -MP -o $@ $(CXX) $< $(CXXFLAGS) -c -MMD -MP -o $@
-include $(OBJECTS:.o=.d) -include $(OBJECTS:.o=.d)

View File

@ -0,0 +1 @@
<node attr="value" />

View File

@ -0,0 +1 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!DOCTYPE [ <!ELEMENT p (#PCDATA|emph)* > ]> <!DOCTYPE foo [ <![INCLUDE[<!ATTLIST foo bar CDATA #IMPLIED>]]> <![IGNORE[some junk]]> ]> <!DOCTYPE root [ <!ELEMENT a EMPTY> <!ATTLIST a attr1 CDATA "&ge1;"> <!--* GE reference in attr default before declaration *--> <!ENTITY ge1 "abcdef"> ]> <node/>

View File

@ -0,0 +1 @@
<?xml version='1.0'?> <node enc='&lt; &gt; &amp; &quot; &apos; &#12; &#xAB;'> pcdata &lt; &gt; &amp; &quot; &apos; &#12; &#xAB; &unknown; %entity; </node>

View File

@ -0,0 +1 @@
<?xml version='1.0'?> <!DOCTYPE html> <node attr="value"> <child/> pcdata <![CDATA[ test ]]> <!-- comment - --> <?pi value?> </node>

Binary file not shown.

Binary file not shown.

16
tests/fuzz_parse.cpp Normal file
View File

@ -0,0 +1,16 @@
#include "../src/pugixml.hpp"
#include "allocator.hpp"
int main(int argc, const char** argv)
{
pugi::set_memory_management_functions(memory_allocate, memory_deallocate);
pugi::xml_document doc;
for (int i = 1; i < argc; ++i)
{
doc.load_file(argv[i]);
doc.load_file(argv[i], pugi::parse_minimal);
doc.load_file(argv[i], pugi::parse_full);
}
}