summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorArseny Kapoulkine <arseny.kapoulkine@gmail.com>2015-03-13 00:18:30 -0700
committerArseny Kapoulkine <arseny.kapoulkine@gmail.com>2015-03-13 00:18:30 -0700
commit15fba1debca5498989048677ffda38758b2df984 (patch)
treed2891e531717681619f55e79fc5efa81b46822e2 /tests
parent0542b1869b6970003caa954ebc5f1dea41d48032 (diff)
tests: Add support for afl-fuzz
With the current setup it successfully finds the (fixed) DOCTYPE buffer overrun in ~50 minutes (on a single core).
Diffstat (limited to 'tests')
-rw-r--r--tests/data_fuzz_parse/basic.xml1
-rw-r--r--tests/data_fuzz_parse/doctype.xml1
-rw-r--r--tests/data_fuzz_parse/refs.xml1
-rw-r--r--tests/data_fuzz_parse/types.xml1
-rw-r--r--tests/data_fuzz_parse/utf16.xmlbin0 -> 700 bytes
-rw-r--r--tests/data_fuzz_parse/utf32.xmlbin0 -> 652 bytes
-rw-r--r--tests/fuzz_parse.cpp16
7 files changed, 20 insertions, 0 deletions
diff --git a/tests/data_fuzz_parse/basic.xml b/tests/data_fuzz_parse/basic.xml
new file mode 100644
index 0000000..a8eaa09
--- /dev/null
+++ b/tests/data_fuzz_parse/basic.xml
@@ -0,0 +1 @@
+<node attr="value" /> \ No newline at end of file
diff --git a/tests/data_fuzz_parse/doctype.xml b/tests/data_fuzz_parse/doctype.xml
new file mode 100644
index 0000000..dd1831d
--- /dev/null
+++ b/tests/data_fuzz_parse/doctype.xml
@@ -0,0 +1 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!DOCTYPE [ <!ELEMENT p (#PCDATA|emph)* > ]> <!DOCTYPE foo [ <![INCLUDE[<!ATTLIST foo bar CDATA #IMPLIED>]]> <![IGNORE[some junk]]> ]> <!DOCTYPE root [ <!ELEMENT a EMPTY> <!ATTLIST a attr1 CDATA "&ge1;"> <!--* GE reference in attr default before declaration *--> <!ENTITY ge1 "abcdef"> ]> <node/> \ No newline at end of file
diff --git a/tests/data_fuzz_parse/refs.xml b/tests/data_fuzz_parse/refs.xml
new file mode 100644
index 0000000..e42df5f
--- /dev/null
+++ b/tests/data_fuzz_parse/refs.xml
@@ -0,0 +1 @@
+<?xml version='1.0'?> <node enc='&lt; &gt; &amp; &quot; &apos; &#12; &#xAB;'> pcdata &lt; &gt; &amp; &quot; &apos; &#12; &#xAB; &unknown; %entity; </node> \ No newline at end of file
diff --git a/tests/data_fuzz_parse/types.xml b/tests/data_fuzz_parse/types.xml
new file mode 100644
index 0000000..dc6369a
--- /dev/null
+++ b/tests/data_fuzz_parse/types.xml
@@ -0,0 +1 @@
+<?xml version='1.0'?> <!DOCTYPE html> <node attr="value"> <child/> pcdata <![CDATA[ test ]]> <!-- comment - --> <?pi value?> </node> \ No newline at end of file
diff --git a/tests/data_fuzz_parse/utf16.xml b/tests/data_fuzz_parse/utf16.xml
new file mode 100644
index 0000000..3847a93
--- /dev/null
+++ b/tests/data_fuzz_parse/utf16.xml
Binary files differ
diff --git a/tests/data_fuzz_parse/utf32.xml b/tests/data_fuzz_parse/utf32.xml
new file mode 100644
index 0000000..51b8a89
--- /dev/null
+++ b/tests/data_fuzz_parse/utf32.xml
Binary files differ
diff --git a/tests/fuzz_parse.cpp b/tests/fuzz_parse.cpp
new file mode 100644
index 0000000..e758196
--- /dev/null
+++ b/tests/fuzz_parse.cpp
@@ -0,0 +1,16 @@
+#include "../src/pugixml.hpp"
+#include "allocator.hpp"
+
+int main(int argc, const char** argv)
+{
+ pugi::set_memory_management_functions(memory_allocate, memory_deallocate);
+
+ pugi::xml_document doc;
+
+ for (int i = 1; i < argc; ++i)
+ {
+ doc.load_file(argv[i]);
+ doc.load_file(argv[i], pugi::parse_minimal);
+ doc.load_file(argv[i], pugi::parse_full);
+ }
+}