libyaml-safer/fuzz/fuzz_targets/load.rs

48 lines
1.4 KiB
Rust
Raw Normal View History

2022-07-08 07:25:19 +00:00
#![no_main]
use libfuzzer_sys::fuzz_target;
use std::cmp;
use std::ffi::c_void;
use std::mem::MaybeUninit;
use std::ptr;
use std::ptr::addr_of_mut;
use unsafe_libyaml::{
2022-07-08 23:20:32 +00:00
yaml_document_delete, yaml_document_get_root_node, yaml_document_t, yaml_parser_delete,
yaml_parser_initialize, yaml_parser_load, yaml_parser_set_input, yaml_parser_t,
2022-07-08 07:25:19 +00:00
};
fuzz_target!(|data: &[u8]| { unsafe { fuzz_target(data) } });
unsafe fn fuzz_target(mut data: &[u8]) {
let mut parser = MaybeUninit::<yaml_parser_t>::uninit();
let parser = parser.as_mut_ptr();
assert!(yaml_parser_initialize(parser).ok);
yaml_parser_set_input(parser, read_from_slice, addr_of_mut!(data).cast());
2022-07-08 23:20:32 +00:00
let mut document = MaybeUninit::<yaml_document_t>::uninit();
let document = document.as_mut_ptr();
while yaml_parser_load(parser, document).ok {
2022-07-08 23:20:32 +00:00
let done = yaml_document_get_root_node(document).is_null();
yaml_document_delete(document);
if done {
2022-07-08 07:25:19 +00:00
break;
}
}
yaml_parser_delete(parser);
}
unsafe fn read_from_slice(
data: *mut c_void,
buffer: *mut u8,
size: u64,
size_read: *mut u64,
) -> i32 {
let data = data.cast::<&[u8]>();
let input = data.read();
let n = cmp::min(input.len(), size as usize);
ptr::copy_nonoverlapping(input.as_ptr(), buffer, n);
data.write(&input[n..]);
*size_read = n as u64;
1
}