tests: Add fuzzing dictionaries

Hopefully this will allow for better fuzzing coverage

3 files changed, 145 insertions, 1 deletions

diff --git a/Makefile b/Makefile
index e483e02..500675c 100644
--- a/Makefile
+++ b/Makefile
@@ -70,7 +70,7 @@ endif
 
 fuzz_%: $(BUILD)/fuzz_%
 	@mkdir -p build/$@
-	$< build/$@ tests/data_$*
+	$< build/$@ tests/data_$* -max_len=1024 -dict=tests/fuzz_$*.dict
 
 clean:
 	rm -rf $(BUILD)
diff --git a/tests/fuzz_parse.dict b/tests/fuzz_parse.dict
new file mode 100644
index 0000000..b1a0067
--- /dev/null
+++ b/tests/fuzz_parse.dict
@@ -0,0 +1,72 @@
+#

+# AFL dictionary for XML

+# ----------------------

+#

+# Several basic syntax elements and attributes, modeled on libxml2.

+#

+# Created by Michal Zalewski <lcamtuf@google.com>

+#

+

+attr_encoding=" encoding=\"1\""

+attr_generic=" a=\"1\""

+attr_href=" href=\"1\""

+attr_standalone=" standalone=\"no\""

+attr_version=" version=\"1\""

+attr_xml_base=" xml:base=\"1\""

+attr_xml_id=" xml:id=\"1\""

+attr_xml_lang=" xml:lang=\"1\""

+attr_xml_space=" xml:space=\"1\""

+attr_xmlns=" xmlns=\"1\""

+

+entity_builtin="&lt;"

+entity_decimal="&#1;"

+entity_external="&a;"

+entity_hex="&#x1;"

+

+string_any="ANY"

+string_brackets="[]"

+string_cdata="CDATA"

+string_col_fallback=":fallback"

+string_col_generic=":a"

+string_col_include=":include"

+string_dashes="--"

+string_empty="EMPTY"

+string_empty_dblquotes="\"\""

+string_empty_quotes="''"

+string_entities="ENTITIES"

+string_entity="ENTITY"

+string_fixed="#FIXED"

+string_id="ID"

+string_idref="IDREF"

+string_idrefs="IDREFS"

+string_implied="#IMPLIED"

+string_nmtoken="NMTOKEN"

+string_nmtokens="NMTOKENS"

+string_notation="NOTATION"

+string_parentheses="()"

+string_pcdata="#PCDATA"

+string_percent="%a"

+string_public="PUBLIC"

+string_required="#REQUIRED"

+string_schema=":schema"

+string_system="SYSTEM"

+string_ucs4="UCS-4"

+string_utf16="UTF-16"

+string_utf8="UTF-8"

+string_xmlns="xmlns:"

+

+tag_attlist="<!ATTLIST"

+tag_cdata="<![CDATA["

+tag_close="</a>"

+tag_doctype="<!DOCTYPE"

+tag_element="<!ELEMENT"

+tag_entity="<!ENTITY"

+tag_ignore="<![IGNORE["

+tag_include="<![INCLUDE["

+tag_notation="<!NOTATION"

+tag_open="<a>"

+tag_open_close="<a />"

+tag_open_exclamation="<!"

+tag_open_q="<?"

+tag_sq2_close="]]>"

+tag_xml_q="<?xml?>"

diff --git a/tests/fuzz_xpath.dict b/tests/fuzz_xpath.dict
new file mode 100644
index 0000000..c469f6e
--- /dev/null
+++ b/tests/fuzz_xpath.dict
@@ -0,0 +1,72 @@
+"boolean"

+"count"

+"contains"

+"concat"

+"ceiling"

+"false"

+"floor"

+"id"

+"last"

+"lang"

+"local-name"

+"name"

+"namespace-uri"

+"normalize-space"

+"not"

+"number"

+"position"

+"round"

+"string"

+"string-length"

+"starts-with"

+"substring-before"

+"substring-after"

+"substring"

+"sum"

+"translate"

+"true"

+"ancestor"

+"ancestor-or-self"

+"attribute"

+"child"

+"descendant"

+"descendant-or-self"

+"following"

+"following-sibling"

+"namespace"

+"parent"

+"preceding"

+"preceding-sibling"

+"self"

+"comment"

+"node"

+"processing-instruction"

+"text"

+"or"

+"and"

+"div"

+"mod"

+">"

+">="

+"<"

+"<="

+"!"

+"!="

+"="

+"+"

+"-"

+"*"

+"|"

+"$"

+"("

+")"

+"["

+"]"

+","

+"//"

+"/"

+".."

+"."

+"@"

+"::"

+":"