Commit 67ba5bfe authored by Philip Withnall's avatar Philip Withnall

fuzzing: Test g_uri_unescape_segment() as well as g_uri_unescape_bytes()

They have different `%`-encoding behaviour, and probably both deserve to
be tested.
Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
parent 0b198104
#include "fuzz.h"
int
LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
static void
test_bytes (const guint8 *data,
gsize size)
{
GBytes *unescaped_bytes = NULL;
gchar *escaped_string = NULL;
fuzz_set_logging_func ();
if (size > G_MAXSSIZE)
return 0;
return;
unescaped_bytes = g_uri_unescape_bytes ((const gchar *) data, (gssize) size);
if (unescaped_bytes == NULL)
return 0;
return;
escaped_string = g_uri_escape_bytes (g_bytes_get_data (unescaped_bytes, NULL),
g_bytes_get_size (unescaped_bytes),
......@@ -21,9 +20,41 @@ LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
g_bytes_unref (unescaped_bytes);
if (escaped_string == NULL)
return 0;
return;
g_free (escaped_string);
}
static void
test_string (const guint8 *data,
gsize size)
{
gchar *unescaped_string = NULL;
gchar *escaped_string = NULL;
unescaped_string = g_uri_unescape_segment ((const gchar *) data, (const gchar *) data + size, NULL);
if (unescaped_string == NULL)
return;
escaped_string = g_uri_escape_string (unescaped_string, NULL, TRUE);
g_free (unescaped_string);
if (escaped_string == NULL)
return;
g_free (escaped_string);
}
int
LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
{
fuzz_set_logging_func ();
/* Bytes form */
test_bytes (data, size);
/* String form (doesn’t do %-decoding) */
test_string (data, size);
return 0;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment