Commit fuzzer source code.

.gitignore

@@ -105,3 +105,6 @@ tests/scripts/*.log
 tests/scripts/*.trs
 tests/test-suite.log
 Testing/
+
+# Vincent
+build/

CMakeLists.txt

@@ -177,8 +177,14 @@ install(
 # Process subdirectories
 add_subdirectory(doc)
 add_subdirectory(src)
-add_subdirectory(tests)
-add_subdirectory(samples)
+if (NOT (DEFINED XERCES_BUILD_FUZZERS))
+  add_subdirectory(tests)
+  add_subdirectory(samples)
+endif()
+
+if ((DEFINED XERCES_BUILD_FUZZERS) OR (DEFINED XERCES_BUILD_FOR_OSS_FUZZ))
+  add_subdirectory(fuzzers)
+endif()
 
 # Display configuration summary
 message(STATUS "")

build_fuzzer.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+rm -rf build
+mkdir build
+cd build
+CC=clang CXX=clang++  CXXFLAGS="-std=c++14" cmake .. -DXERCES_BUILD_FUZZERS=1 -Wfatal-errors
+CC=clang CXX=clang++  CXXFLAGS="-std=c++14" make -j8
+

cmake/XercesIntTypes.cmake

@@ -58,14 +58,14 @@ set(HAVE_OFF_T ${SIZEOF_OFF_T})
 set(HAVE_SIZE_T ${SIZEOF_SIZE_T})
 set(HAVE_SSIZE_T ${SSIZEOF_SSIZE_T})
 set(HAVE_WCHAR_T ${WCHAROF_WCHAR_T})
-if(SIZEOF_SIZE_T)
+if(HAVE_SIZEOF_SIZE_T)
   set(XERCES_SIZE_T size_t)
   set(XERCES_SIZE_MAX SIZE_MAX)
 else()
   set(XERCES_SIZE_T "unsigned long")
   set(XERCES_SIZE_MAX ULONG_MAX)
 endif()
-if(SIZEOF_SSIZE_T)
+if(HAVE_SIZEOF_SSIZE_T)
   set(XERCES_SSIZE_T ssize_t)
   set(XERCES_SSIZE_MAX SSIZE_MAX)
 else()

doc/build.xml

@@ -572,14 +572,16 @@
           <td>AIX PowerPC</td>
           <td>IBM XL C++</td>
           <td><code>./configure CXX=xlC_r CC=xlc_r</code><br/>
-              <code>gmake libxerces_c_la_LDFLAGS=-qmkshrobj</code></td>
+              <code>gmake libxerces_c_la_LDFLAGS=-qmkshrobj</code><br/>
+              (for xlC v11-v13, libxerces_c_la_LDFLAGS is not needed, but CXXFLAGS=-rtti is needed otherwise RTTI is disabled by default)</td>
         </tr>
         <tr>
           <td>AIX PowerPC-64</td>
           <td>IBM XL C++</td>
           <td><code>export OBJECT_MODE=64</code><br/>
               <code>./configure CXX=xlC_r CC=xlc_r CXXFLAGS=-q64 CFLAGS=-q64</code><br/>
-              <code>gmake libxerces_c_la_LDFLAGS=-qmkshrobj</code></td>
+              <code>gmake libxerces_c_la_LDFLAGS=-qmkshrobj</code><br/>
+              (for xlC v11-v13, libxerces_c_la_LDFLAGS is not needed, but CXXFLAGS="-q64 -rtti" is needed otherwise RTTI is disabled by default)</td>
         </tr>
         <tr>
           <td>HP-UX IA-64-32</td>

fuzzers/CMakeLists.txt

@@ -0,0 +1,90 @@
+# CMake build for xerces-c
+#
+# Written by Roger Leigh <[email protected]>
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Definitions required for building
+add_definitions(
+  -DHAVE_CONFIG_H=1
+)
+# Search the project binary dir for config.h
+include_directories(
+  ${PROJECT_BINARY_DIR}
+  ${PROJECT_SOURCE_DIR}/src
+  ${PROJECT_BINARY_DIR}/src
+  ${CMAKE_CURRENT_SOURCE_DIR}
+)
+
+macro(add_fuzzer_executable name)
+  add_executable(${name} ${ARGN})
+  target_link_libraries(${name} xerces-c)
+  if (XERCES_BUILD_FUZZERS)
+    target_compile_options(${name} PUBLIC -fsanitize=fuzzer-no-link)
+    target_link_libraries(${name} -fsanitize=fuzzer)
+  elseif(XERCES_BUILD_FOR_OSS_FUZZ)
+    target_link_libraries(${name} $ENV{LIB_FUZZING_ENGINE})
+  endif()
+  set_target_properties(${name} PROPERTIES FOLDER "Fuzzers")
+endmacro()
+
+add_fuzzer_executable(fuzz_parser_target
+  src/xerces_fuzz_common.cpp
+  src/parse_target.cpp
+
+)
+
+include(ExternalProject)
+
+set(EXTERNAL_INSTALL_LOCATION ${CMAKE_CURRENT_BINARY_DIR}/external)
+
+
+ExternalProject_Add(libprotobuf-mutator
+  GIT_SHALLOW 1
+  GIT_REPOSITORY https://github.com/google/libprotobuf-mutator.git
+  CMAKE_ARGS -DCMAKE_BUILD_TYPE=Release -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON -DLIB_PROTO_MUTATOR_TESTING=false -DCMAKE_INSTALL_PREFIX=${EXTERNAL_INSTALL_LOCATION}
+)
+
+set(PROTOC_PATH ${CMAKE_CURRENT_BINARY_DIR}/libprotobuf-mutator-prefix/src/libprotobuf-mutator-build/external.protobuf/bin/protoc)
+
+add_custom_command(
+  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/genfiles ${CMAKE_CURRENT_BINARY_DIR}/genfiles/xml.pb.cc
+  DEPENDS libprotobuf-mutator
+  WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/src
+  COMMAND mkdir   ${CMAKE_CURRENT_BINARY_DIR}/genfiles && ${PROTOC_PATH} xml.proto --cpp_out=${CMAKE_CURRENT_BINARY_DIR}/genfiles
+)
+add_custom_target(xml_proto_files ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/genfiles)
+
+
+
+add_fuzzer_executable(fuzz_parser_target_proto
+  src/xerces_fuzz_common.cpp
+  src/parse_target_proto.cpp
+  src/xmlProtoConverter.cpp
+  ${CMAKE_CURRENT_BINARY_DIR}/genfiles/xml.pb.cc
+)
+add_dependencies(fuzz_parser_target_proto xml_proto_files)
+add_dependencies(fuzz_parser_target_proto libprotobuf-mutator)
+target_include_directories(fuzz_parser_target_proto PUBLIC ${EXTERNAL_INSTALL_LOCATION}/include
+  fuzz_parser_target_proto PUBLIC ${EXTERNAL_INSTALL_LOCATION}/include/libprotobuf-mutator/
+  ${EXTERNAL_INSTALL_LOCATION}/../libprotobuf-mutator-prefix/src/libprotobuf-mutator-build/external.protobuf/include
+  fuzz_parser_target_proto PUBLIC ${CMAKE_CURRENT_BINARY_DIR}/genfiles
+)
+target_link_libraries(fuzz_parser_target_proto
+  ${EXTERNAL_INSTALL_LOCATION}/lib/libprotobuf-mutator-libfuzzer.a
+  ${EXTERNAL_INSTALL_LOCATION}/lib/libprotobuf-mutator.a
+  ${CMAKE_CURRENT_BINARY_DIR}/libprotobuf-mutator-prefix/src/libprotobuf-mutator-build/external.protobuf/src/external.protobuf-build/libprotobuf.a)
+

fuzzers/src/parse_target.cpp

@@ -0,0 +1,28 @@
+/*
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+#include "xerces_fuzz_common.h"
+
+#include "xercesc/framework/MemBufInputSource.hpp"
+#include "xercesc/parsers/SAXParser.hpp"
+#include "xercesc/util/OutOfMemoryException.hpp"
+
+using namespace xercesc_3_2;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    parseInMemory(Data, Size);
+    return 0;
+}

fuzzers/src/parse_target_proto.cpp

@@ -0,0 +1,45 @@
+/*
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+#include "xerces_fuzz_common.h"
+#include "xmlProtoConverter.h"
+
+#include "xercesc/framework/MemBufInputSource.hpp"
+#include "xercesc/parsers/SAXParser.hpp"
+#include "xercesc/util/OutOfMemoryException.hpp"
+
+#include "xml.pb.h"
+
+#include "libprotobuf-mutator/src/libfuzzer/libfuzzer_macro.h"
+
+#include <iostream>
+
+namespace {
+    protobuf_mutator::protobuf::LogSilencer log_silincer;
+    void ignore(void* ctx, const char* msg, ...) {}
+
+    template <class T, class D>
+    std::unique_ptr<T, D> MakeUnique(T* obj, D del) {
+    return {obj, del};
+    }
+}
+
+using namespace xercesc_3_2;
+
+DEFINE_PROTO_FUZZER(const xmlProtoFuzzer::XmlDocument& xmlDocument) {
+    std::string xmlData = xmlProtoFuzzer::ProtoConverter().protoToString(xmlDocument);
+    parseInMemory((const uint8_t *)xmlData.c_str(), xmlData.size());
+}

fuzzers/src/xerces_fuzz_common.cpp

@@ -0,0 +1,47 @@
+/*
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+#include "xerces_fuzz_common.h"
+
+using namespace xercesc_3_2;
+static bool initialized = false;
+
+void parseInMemory(const uint8_t *Data, size_t Size)
+{
+    if (!initialized)
+    {
+        XMLPlatformUtils::Initialize();
+        initialized = true;
+    }
+    SAXParser::ValSchemes valScheme = SAXParser::Val_Auto;
+    bool doNamespaces = false;
+    bool doSchema = false;
+    bool schemaFullChecking = false;
+    SAXParser *parser = new SAXParser;
+    parser->setValidationScheme(valScheme);
+    parser->setDoNamespaces(doNamespaces);
+    parser->setDoSchema(doSchema);
+    parser->setHandleMultipleImports(true);
+    parser->setValidationSchemaFullChecking(schemaFullChecking);
+    static const char *gMemBufId = "prodInfo";
+
+    MemBufInputSource *memBufIS = new MemBufInputSource(
+        (const XMLByte *)Data, Size, gMemBufId, false);
+    parser->parse(*memBufIS);
+    delete parser;
+    delete memBufIS;
+    //XMLPlatformUtils::Terminate();
+}

fuzzers/src/xerces_fuzz_common.h

@@ -0,0 +1,23 @@
+/*
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+#pragma once
+
+#include "xercesc/parsers/SAXParser.hpp"
+#include "xercesc/framework/MemBufInputSource.hpp"
+#include "xercesc/util/OutOfMemoryException.hpp"
+
+void parseInMemory(const uint8_t *Data, size_t Size);