1 /*
2 * Fuzzing of boost property tree parsers.
3 * by Paul Dreik 20180818
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 #include <boost/property_tree/xml_parser.hpp>
19 #include <sstream>
20
21 int
readXml(const char * Data,size_t Size)22 readXml(const char* Data, size_t Size)
23 {
24
25 namespace pt = boost::property_tree;
26
27 if (Size < 1) {
28 // no data to use for flags - skip.
29 return 0;
30 }
31
32 std::stringstream ss;
33 const auto firstbyte = Data[0];
34
35 ss.write(Data + 1, Size - 1);
36
37 pt::ptree tree;
38
39 try {
40 // set the parse flags based on the first byte
41 int flags = 0;
42 if (firstbyte & 0x1) {
43 flags |= pt::xml_parser::no_concat_text;
44 }
45 if (firstbyte & 0x2) {
46 flags |= pt::xml_parser::no_comments;
47 }
48 if (firstbyte & 0x4) {
49 flags |= pt::xml_parser::trim_whitespace;
50 }
51 pt::read_xml(ss, tree, flags);
52
53 return tree.size() ? 1 : 0;
54 } catch (...) {
55 return 0;
56 }
57 }
58
59 extern "C" int
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)60 LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size)
61 {
62 readXml(reinterpret_cast<const char*>(Data), Size);
63 return 0;
64 }
65