aboutsummaryrefslogtreecommitdiff
path: root/contrib/expat/fuzz
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/expat/fuzz')
-rw-r--r--contrib/expat/fuzz/xml_lpm_fuzzer.cpp6
-rw-r--r--contrib/expat/fuzz/xml_parse_fuzzer.c20
-rw-r--r--contrib/expat/fuzz/xml_parsebuffer_fuzzer.c24
3 files changed, 30 insertions, 20 deletions
diff --git a/contrib/expat/fuzz/xml_lpm_fuzzer.cpp b/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
index f52ea7b21e40..719629a6b547 100644
--- a/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
+++ b/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
@@ -354,8 +354,10 @@ ExternalEntityRefHandler(XML_Parser parser, const XML_Char *context,
if (g_external_entity) {
XML_Parser ext_parser
= XML_ExternalEntityParserCreate(parser, context, g_encoding);
- rc = Parse(ext_parser, g_external_entity, g_external_entity_size, 1);
- XML_ParserFree(ext_parser);
+ if (ext_parser != NULL) {
+ rc = Parse(ext_parser, g_external_entity, g_external_entity_size, 1);
+ XML_ParserFree(ext_parser);
+ }
}
return rc;
diff --git a/contrib/expat/fuzz/xml_parse_fuzzer.c b/contrib/expat/fuzz/xml_parse_fuzzer.c
index 6a1affe2b1f6..29ab33ff79d9 100644
--- a/contrib/expat/fuzz/xml_parse_fuzzer.c
+++ b/contrib/expat/fuzz/xml_parse_fuzzer.c
@@ -15,6 +15,7 @@
*/
#include <assert.h>
+#include <limits.h> // for INT_MAX
#include <stdint.h>
#include "expat.h"
@@ -65,8 +66,9 @@ ParseOneInput(XML_Parser p, const uint8_t *data, size_t size) {
XML_SetUserData(p, p);
XML_SetElementHandler(p, start, end);
XML_SetCharacterDataHandler(p, may_stop_character_handler);
- XML_Parse(p, (const XML_Char *)data, size, 0);
- if (XML_Parse(p, (const XML_Char *)data, size, 1) == XML_STATUS_ERROR) {
+ assert(size <= INT_MAX);
+ XML_Parse(p, (const XML_Char *)data, (int)size, 0);
+ if (XML_Parse(p, (const XML_Char *)data, (int)size, 1) == XML_STATUS_ERROR) {
XML_ErrorString(XML_GetErrorCode(p));
}
XML_GetCurrentLineNumber(p);
@@ -89,15 +91,17 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
XML_Parser externalEntityParser
= XML_ExternalEntityParserCreate(parentParser, "e1", NULL);
- assert(externalEntityParser);
- ParseOneInput(externalEntityParser, data, size);
- XML_ParserFree(externalEntityParser);
+ if (externalEntityParser != NULL) {
+ ParseOneInput(externalEntityParser, data, size);
+ XML_ParserFree(externalEntityParser);
+ }
XML_Parser externalDtdParser
= XML_ExternalEntityParserCreate(parentParser, NULL, NULL);
- assert(externalDtdParser);
- ParseOneInput(externalDtdParser, data, size);
- XML_ParserFree(externalDtdParser);
+ if (externalDtdParser != NULL) {
+ ParseOneInput(externalDtdParser, data, size);
+ XML_ParserFree(externalDtdParser);
+ }
// finally frees this parser which served as parent
XML_ParserFree(parentParser);
diff --git a/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c b/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
index cfc4af202851..38b9981b0b50 100644
--- a/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
+++ b/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
@@ -15,6 +15,7 @@
*/
#include <assert.h>
+#include <limits.h> // for INT_MAX
#include <stdint.h>
#include <string.h>
@@ -66,16 +67,17 @@ ParseOneInput(XML_Parser p, const uint8_t *data, size_t size) {
XML_SetUserData(p, p);
XML_SetElementHandler(p, start, end);
XML_SetCharacterDataHandler(p, may_stop_character_handler);
- void *buf = XML_GetBuffer(p, size);
+ assert(size <= INT_MAX);
+ void *buf = XML_GetBuffer(p, (int)size);
assert(buf);
memcpy(buf, data, size);
- XML_ParseBuffer(p, size, 0);
- buf = XML_GetBuffer(p, size);
+ XML_ParseBuffer(p, (int)size, 0);
+ buf = XML_GetBuffer(p, (int)size);
if (buf == NULL) {
return;
}
memcpy(buf, data, size);
- if (XML_ParseBuffer(p, size, 1) == XML_STATUS_ERROR) {
+ if (XML_ParseBuffer(p, (int)size, 1) == XML_STATUS_ERROR) {
XML_ErrorString(XML_GetErrorCode(p));
}
XML_GetCurrentLineNumber(p);
@@ -101,15 +103,17 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
XML_Parser externalEntityParser
= XML_ExternalEntityParserCreate(parentParser, "e1", NULL);
- assert(externalEntityParser);
- ParseOneInput(externalEntityParser, data, size);
- XML_ParserFree(externalEntityParser);
+ if (externalEntityParser != NULL) {
+ ParseOneInput(externalEntityParser, data, size);
+ XML_ParserFree(externalEntityParser);
+ }
XML_Parser externalDtdParser
= XML_ExternalEntityParserCreate(parentParser, NULL, NULL);
- assert(externalDtdParser);
- ParseOneInput(externalDtdParser, data, size);
- XML_ParserFree(externalDtdParser);
+ if (externalDtdParser != NULL) {
+ ParseOneInput(externalDtdParser, data, size);
+ XML_ParserFree(externalDtdParser);
+ }
// finally frees this parser which served as parent
XML_ParserFree(parentParser);
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-11 15:55:07 +0000