Add fuzz targets for scan and load

fuzz/Cargo.toml

@@ -12,8 +12,20 @@ libfuzzer-sys = "0.4"
 unsafe-libyaml = { path = ".." }
 
 [[bin]]
-name = "parser"
-path = "fuzz_targets/parser.rs"
+name = "scan"
+path = "fuzz_targets/scan.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "parse"
+path = "fuzz_targets/parse.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "load"
+path = "fuzz_targets/load.rs"
 test = false
 doc = false
 

fuzz/fuzz_targets/load.rs

@@ -0,0 +1,47 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use std::cmp;
+use std::ffi::c_void;
+use std::mem::MaybeUninit;
+use std::ptr;
+use std::ptr::addr_of_mut;
+use unsafe_libyaml::{
+    yaml_document_delete, yaml_document_get_root_node, yaml_document_t, yaml_parser_delete,
+    yaml_parser_initialize, yaml_parser_load, yaml_parser_set_input, yaml_parser_t,
+};
+
+fuzz_target!(|data: &[u8]| { unsafe { fuzz_target(data) } });
+
+unsafe fn fuzz_target(mut data: &[u8]) {
+    let mut parser = MaybeUninit::<yaml_parser_t>::uninit();
+    let parser = parser.as_mut_ptr();
+    assert_ne!(yaml_parser_initialize(parser), 0);
+    yaml_parser_set_input(parser, Some(read_from_slice), addr_of_mut!(data).cast());
+
+    let mut document = MaybeUninit::<yaml_document_t>::uninit();
+    let document = document.as_mut_ptr();
+    while yaml_parser_load(parser, document) != 0 {
+        let done = yaml_document_get_root_node(document).is_null();
+        yaml_document_delete(document);
+        if done {
+            break;
+        }
+    }
+    yaml_parser_delete(parser);
+}
+
+unsafe fn read_from_slice(
+    data: *mut c_void,
+    buffer: *mut u8,
+    size: u64,
+    size_read: *mut u64,
+) -> i32 {
+    let data = data.cast::<&[u8]>();
+    let input = data.read();
+    let n = cmp::min(input.len(), size as usize);
+    ptr::copy_nonoverlapping(input.as_ptr(), buffer, n);
+    data.write(&input[n..]);
+    *size_read = n as u64;
+    1
+}

fuzz/fuzz_targets/parse.rs

@@ -16,10 +16,11 @@ fuzz_target!(|data: &[u8]| { unsafe { fuzz_target(data) } });
 unsafe fn fuzz_target(mut data: &[u8]) {
     let mut parser = MaybeUninit::<yaml_parser_t>::uninit();
     let parser = parser.as_mut_ptr();
-    let mut event = MaybeUninit::<yaml_event_t>::uninit();
-    let event = event.as_mut_ptr();
     assert_ne!(yaml_parser_initialize(parser), 0);
     yaml_parser_set_input(parser, Some(read_from_slice), addr_of_mut!(data).cast());
+
+    let mut event = MaybeUninit::<yaml_event_t>::uninit();
+    let event = event.as_mut_ptr();
     while yaml_parser_parse(parser, event) != 0 {
         let type_ = (*event).type_;
         yaml_event_delete(event);

fuzz/fuzz_targets/scan.rs

@@ -0,0 +1,47 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use std::cmp;
+use std::ffi::c_void;
+use std::mem::MaybeUninit;
+use std::ptr;
+use std::ptr::addr_of_mut;
+use unsafe_libyaml::{
+    yaml_parser_delete, yaml_parser_initialize, yaml_parser_scan, yaml_parser_set_input,
+    yaml_parser_t, yaml_token_delete, yaml_token_t, YAML_STREAM_END_TOKEN,
+};
+
+fuzz_target!(|data: &[u8]| { unsafe { fuzz_target(data) } });
+
+unsafe fn fuzz_target(mut data: &[u8]) {
+    let mut parser = MaybeUninit::<yaml_parser_t>::uninit();
+    let parser = parser.as_mut_ptr();
+    assert_ne!(yaml_parser_initialize(parser), 0);
+    yaml_parser_set_input(parser, Some(read_from_slice), addr_of_mut!(data).cast());
+
+    let mut token = MaybeUninit::<yaml_token_t>::uninit();
+    let token = token.as_mut_ptr();
+    while yaml_parser_scan(parser, token) != 0 {
+        let type_ = (*token).type_;
+        yaml_token_delete(token);
+        if type_ == YAML_STREAM_END_TOKEN {
+            break;
+        }
+    }
+    yaml_parser_delete(parser);
+}
+
+unsafe fn read_from_slice(
+    data: *mut c_void,
+    buffer: *mut u8,
+    size: u64,
+    size_read: *mut u64,
+) -> i32 {
+    let data = data.cast::<&[u8]>();
+    let input = data.read();
+    let n = cmp::min(input.len(), size as usize);
+    ptr::copy_nonoverlapping(input.as_ptr(), buffer, n);
+    data.write(&input[n..]);
+    *size_read = n as u64;
+    1
+}