diff options
| author | Jörg Frings-Fürst <debian@jff-webhsoting.net> | 2026-05-08 11:53:46 +0200 |
|---|---|---|
| committer | Jörg Frings-Fürst <debian@jff-webhsoting.net> | 2026-05-08 11:53:46 +0200 |
| commit | 5177d88bf591522d1b934e24221e16e02cd1592b (patch) | |
| tree | 1d8458cb6627ccfc673f791c5f0db45f9c06f7e0 /fuzz/DissectQueryMallocFuzzer.cpp | |
| parent | a1dac799b819ba356a2faff3a98d7f5f076c24b6 (diff) | |
| parent | c3dce46c5f7cad6bc3cc91cc2c711ac089f25923 (diff) | |
Update upstream source from tag 'upstream/1.0.1+dfsg'
Update to upstream version '1.0.1+dfsg'
with Debian dir 3248cd7c10aca9ce2c693401e326390414aefe62
Diffstat (limited to 'fuzz/DissectQueryMallocFuzzer.cpp')
| -rw-r--r-- | fuzz/DissectQueryMallocFuzzer.cpp | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/fuzz/DissectQueryMallocFuzzer.cpp b/fuzz/DissectQueryMallocFuzzer.cpp new file mode 100644 index 0000000..e31e4a3 --- /dev/null +++ b/fuzz/DissectQueryMallocFuzzer.cpp @@ -0,0 +1,62 @@ +// Copyright 2020 Google LLC +// Copyright 2025 Mikhail Khachaiants <mkhachaiants@gmail.com> +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "uriparser/Uri.h" +#include "FuzzingUtils.h" +#include <cstddef> +#include <cstdint> +#include <utility> +#include <vector> + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size) { + FuzzedDataProvider fdp(data, size); + const UriString query = consumeRemainingBytesAsString(fdp); + + URI_TYPE(QueryList) * query_list = nullptr; + int item_count = -1; + + const URI_CHAR * query_start = query.c_str(); + const URI_CHAR * query_end = query_start + query.size(); + + // Break a query like "a=b&2=3" into key/value pairs. + int result = + URI_FUNC(DissectQueryMalloc)(&query_list, &item_count, query_start, query_end); + + if (query_list == nullptr || result != URI_SUCCESS || item_count < 0) { + return 0; + } + + int chars_required = 0; + if (URI_FUNC(ComposeQueryCharsRequired)(query_list, &chars_required) != URI_SUCCESS) { + return 0; + } + + if (!chars_required) { + URI_FUNC(FreeQueryList)(query_list); + return 0; + } + + // URI_FUNC(ComposeQuery) requires number of characters including terminator + const int buf_size = chars_required + 1; + + std::vector<URI_CHAR> buf(buf_size, 0); + int written = -1; + + // Reverse the process of uriDissectQueryMallocA. + result = URI_FUNC(ComposeQuery)(buf.data(), query_list, buf_size, &written); + + URI_FUNC(FreeQueryList)(query_list); + return 0; +} |