From cd07912073c951b4bbb871ed2653af1be2cfc714 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 11:55:11 +0200 Subject: Adding upstream version 2.1.30. Signed-off-by: Daniel Baumann --- tests/fuzz/CMakeLists.txt | 28 +++++ tests/fuzz/README.md | 64 +++++++++++ tests/fuzz/corpus/lyd_parse_mem_json/pull11438 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1203 | 12 +++ tests/fuzz/corpus/lyd_parse_mem_json/pull1269 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1269_2 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1280 | 1 + .../fuzz/corpus/lyd_parse_mem_json/pull1347_number | 1 + .../corpus/lyd_parse_mem_json/pull1347_strings | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1348 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1460 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1460_2 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1571 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1585 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1626 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1693 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1696_1 | 1 + tests/fuzz/corpus/lyd_parse_mem_json/pull1696_2 | 1 + tests/fuzz/corpus/lyd_parse_mem_xml/issue1074 | 4 + tests/fuzz/corpus/lyd_parse_mem_xml/issue1131 | Bin 0 -> 119 bytes tests/fuzz/corpus/lyd_parse_mem_xml/issue1132 | 1 + tests/fuzz/corpus/lyd_parse_mem_xml/issue1132_2 | 119 +++++++++++++++++++++ tests/fuzz/corpus/lyd_parse_mem_xml/issue1132_3 | 18 ++++ tests/fuzz/corpus/lyd_parse_mem_xml/pull1129_1 | Bin 0 -> 202 bytes tests/fuzz/corpus/lyd_parse_mem_xml/pull1129_2 | 1 + tests/fuzz/corpus/lyd_parse_mem_xml/pull1529 | 1 + tests/fuzz/corpus/lyd_parse_mem_xml/pull1537 | 1 + tests/fuzz/corpus/lyd_parse_mem_xml/pull1562 | 1 + tests/fuzz/corpus/lys_parse_mem/issue1004.yang | 10 ++ tests/fuzz/corpus/lys_parse_mem/issue1025.yang | 16 +++ tests/fuzz/corpus/lys_parse_mem/issue1027.yang | 9 ++ tests/fuzz/corpus/lys_parse_mem/issue1040.yang | 13 +++ tests/fuzz/corpus/lys_parse_mem/issue1041.yang | 34 ++++++ .../lys_parse_mem/issue1042_base-yang-types.yang | 9 ++ .../issue1042_test-type-provider-b.yang | 13 +++ .../issue1042_test-type-provider.yang | 13 +++ tests/fuzz/corpus/lys_parse_mem/issue1043.yang | 31 ++++++ tests/fuzz/corpus/lys_parse_mem/issue722.yang | 16 +++ tests/fuzz/corpus/lys_parse_mem/issue723.yang | 17 +++ tests/fuzz/corpus/lys_parse_mem/issue724.yang | 22 ++++ tests/fuzz/corpus/lys_parse_mem/issue728.yang | 14 +++ tests/fuzz/corpus/lys_parse_mem/issue733.yang | 13 +++ tests/fuzz/corpus/lys_parse_mem/issue734.yang | 17 +++ tests/fuzz/corpus/lys_parse_mem/issue735.yang | 17 +++ tests/fuzz/corpus/lys_parse_mem/issue739.yang | 11 ++ tests/fuzz/corpus/lys_parse_mem/issue740.yang | 14 +++ tests/fuzz/corpus/lys_parse_mem/issue741.yang | 16 +++ tests/fuzz/corpus/lys_parse_mem/issue742.yang | 15 +++ tests/fuzz/corpus/lys_parse_mem/issue769.yang | 31 ++++++ tests/fuzz/corpus/lys_parse_mem/issue771.yang | Bin 0 -> 16 bytes tests/fuzz/corpus/lys_parse_mem/issue772.yang | 54 ++++++++++ tests/fuzz/corpus/lys_parse_mem/issue773.yang | Bin 0 -> 462 bytes tests/fuzz/corpus/lys_parse_mem/issue774.yang | 55 ++++++++++ tests/fuzz/corpus/lys_parse_mem/issue777.yang | 16 +++ tests/fuzz/corpus/lys_parse_mem/issue780.yang | Bin 0 -> 212 bytes tests/fuzz/corpus/lys_parse_mem/issue788.yang | 8 ++ tests/fuzz/corpus/lys_parse_mem/issue789.yang | 10 ++ tests/fuzz/corpus/lys_parse_mem/issue791.yang | 3 + tests/fuzz/corpus/lys_parse_mem/issue791_2.yang | 13 +++ tests/fuzz/corpus/lys_parse_mem/issue795.yang | 7 ++ tests/fuzz/corpus/lys_parse_mem/issue804.yang | 7 ++ tests/fuzz/corpus/lys_parse_mem/issue805.yang | 7 ++ tests/fuzz/corpus/lys_parse_mem/issue807.yang | 9 ++ tests/fuzz/corpus/lys_parse_mem/issue826.yang | 12 +++ tests/fuzz/corpus/lys_parse_mem/issue827.yang | 10 ++ tests/fuzz/corpus/lys_parse_mem/issue872.yang | 7 ++ tests/fuzz/corpus/lys_parse_mem/issue874.yang | 28 +++++ tests/fuzz/corpus/lys_parse_mem/issue970.yang | 18 ++++ tests/fuzz/corpus/lys_parse_mem/issue973.yang | 10 ++ tests/fuzz/corpus/lys_parse_mem/issue975.yang | 28 +++++ tests/fuzz/corpus/lys_parse_mem/issue976_a.yang | 12 +++ tests/fuzz/corpus/lys_parse_mem/issue976_b.yang | 32 ++++++ tests/fuzz/corpus/lys_parse_mem/issue979_a.yang | 41 +++++++ tests/fuzz/corpus/lys_parse_mem/issue979_b.yang | 13 +++ tests/fuzz/corpus/lys_parse_mem/pull1524.yang | 1 + tests/fuzz/corpus/lys_parse_mem/pull1568.yang | 4 + tests/fuzz/corpus/lys_parse_mem/pull1592.yang | 67 ++++++++++++ tests/fuzz/corpus/lys_parse_mem/pull958.yang | 8 ++ tests/fuzz/corpus/lys_parse_mem/pull960.yang | 9 ++ tests/fuzz/fuzz_regression_test.c | 70 ++++++++++++ tests/fuzz/lyd_parse_mem_json.c | 86 +++++++++++++++ tests/fuzz/lyd_parse_mem_xml.c | 86 +++++++++++++++ tests/fuzz/lys_parse_mem.c | 37 +++++++ tests/fuzz/main.c | 47 ++++++++ tests/fuzz/yang_parse_module.c | 39 +++++++ 85 files changed, 1470 insertions(+) create mode 100644 tests/fuzz/CMakeLists.txt create mode 100644 tests/fuzz/README.md create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull11438 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1203 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1269 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1269_2 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1280 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1347_number create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1347_strings create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1348 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1460 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1460_2 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1571 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1585 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1626 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1693 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1696_1 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_json/pull1696_2 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/issue1074 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/issue1131 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/issue1132 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/issue1132_2 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/issue1132_3 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/pull1129_1 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/pull1129_2 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/pull1529 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/pull1537 create mode 100644 tests/fuzz/corpus/lyd_parse_mem_xml/pull1562 create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue1004.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue1025.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue1027.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue1040.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue1041.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue1042_base-yang-types.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue1042_test-type-provider-b.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue1042_test-type-provider.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue1043.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue722.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue723.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue724.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue728.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue733.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue734.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue735.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue739.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue740.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue741.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue742.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue769.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue771.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue772.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue773.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue774.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue777.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue780.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue788.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue789.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue791.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue791_2.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue795.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue804.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue805.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue807.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue826.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue827.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue872.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue874.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue970.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue973.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue975.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue976_a.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue976_b.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue979_a.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/issue979_b.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/pull1524.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/pull1568.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/pull1592.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/pull958.yang create mode 100644 tests/fuzz/corpus/lys_parse_mem/pull960.yang create mode 100644 tests/fuzz/fuzz_regression_test.c create mode 100644 tests/fuzz/lyd_parse_mem_json.c create mode 100644 tests/fuzz/lyd_parse_mem_xml.c create mode 100644 tests/fuzz/lys_parse_mem.c create mode 100644 tests/fuzz/main.c create mode 100644 tests/fuzz/yang_parse_module.c (limited to 'tests/fuzz') diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt new file mode 100644 index 0000000..3da61e1 --- /dev/null +++ b/tests/fuzz/CMakeLists.txt @@ -0,0 +1,28 @@ +if(ENABLE_FUZZ_TARGETS) + set(fuzz_targets lys_parse_mem lyd_parse_mem_xml lyd_parse_mem_json yang_parse_module) + + if(FUZZER STREQUAL "AFL") + foreach(target_name IN LISTS fuzz_targets) + add_executable(${target_name}_fuzz_harness ${target_name}.c main.c) + target_link_libraries(${target_name}_fuzz_harness yang) + endforeach() + elseif() + foreach(target_name IN LISTS fuzz_targets) + add_executable(${target_name}_fuzz_harness ${target_name}.c) + set_source_files_properties(${target_name}.c PROPERTIES COMPILE_FLAGS "-fsanitize=fuzzer") + target_link_libraries(${target_name}_fuzz_harness yang "-fsanitize=fuzzer") + endforeach() + endif() +endif() + +if(ENABLE_TESTS) + add_executable(fuzz_regression_test fuzz_regression_test.c) + set(fuzz_regression_tests lys_parse_mem lyd_parse_mem_xml lyd_parse_mem_json) + foreach(target_name IN LISTS fuzz_regression_tests) + file(COPY ${CMAKE_SOURCE_DIR}/tests/fuzz/corpus/${target_name} DESTINATION ${CMAKE_BINARY_DIR}/tests/fuzz/) + add_executable(regress_fuzz_${target_name} ${target_name}.c main.c) + set_target_properties(regress_fuzz_${target_name} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/tests/fuzz/${target_name}") + target_link_libraries(regress_fuzz_${target_name} yang) + add_test(NAME regress_fuzz_${target_name} COMMAND fuzz_regression_test regress_fuzz_${target_name} . WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/tests/fuzz/${target_name}) + endforeach() +endif() diff --git a/tests/fuzz/README.md b/tests/fuzz/README.md new file mode 100644 index 0000000..d0abf4d --- /dev/null +++ b/tests/fuzz/README.md @@ -0,0 +1,64 @@ +# FUZZING +This directory contains a collection of fuzz harnesses, which are designed to +be used with [AFL](http://lcamtuf.coredump.cx/afl/) and [LibFuzzer](https://llvm.org/docs/LibFuzzer.html) +fuzzers. The harnesses should also be easily reusable with other similar fuzzers. + +Two asciinema examples are available, one for LibFuzzer: +https://asciinema.org/a/311035 +and one for AFL: +https://asciinema.org/a/311060 + +To build the fuzz targets, the ENABLE_FUZZ_TARGETS option has to be enabled. +The FUZZER option specifies which fuzzer to use, currently only AFL and LibFuzzer +are supported, with AFL being the default. LibFuzzer is based on the same +principles that AFL works with, but has a different implementation of the fuzzing engine +and is integrated with UBSAN by default, while AFL lacks official integration with UBSAN. + +To use the harnesses with AFL, one of AFL's compilers should be used. +For example the AFL clang-fast compiler can be used with the cmake option shown below. +It is recommended to set the build type to Release, since otherwise the fuzzer will +detect failed asserts as crashes. +If LibFuzzer is used, clang has to be used, as gcc doesn't support -fsanitize=fuzzer. + +``` +$ cmake -DENABLE_FUZZ_TARGETS=ON -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER=path_to_afl/afl-clang-fast .. +``` + +After that the programs can be built by running make: +``` +$ make +``` + +The target executables will then be available in tests/fuzz of the build directory that was used. + +The libyang yang test files available in the `tests/modules/` subdirectory can be used as initial +test cases for fuzzing targets that receive YANG models, like the lys_parse_mem_fuzz_harness. However, a smaller corpus of YANG models should probably +be used, as larger models decrease execution speed. A good place to start would be to collect +small YANG files, each of which uses only a single YANG feature. + +The files that will be used as starting test cases should be copied into a single directory. Those files should then be minimized by using afl-cmin and afl-tmin. + +To increase the speed of fuzzing, the test cases and AFL output files should be stored on a temporary RAM disk. +If a new fuzz target is used, AFL persistent mode should be used. More about persistent mode can be read in the official AFL documentation. + +When all of the above is done the fuzzing process can begin. AFL supports running multiple instances of the fuzzer, which can speed up the +process on multi core CPUs. The first fuzz instance should be started in master mode, and the other instances in slave mode. +The total number of instances should usually be equal to the number of cores. + +Below is an example of running 2 instances. The -i flag specifies the testcase input directory, and the -o file specifies the directory the fuzzer will use for output. +``` +afl-fuzz -i minimised_testcases/ -o syncdir/ -M fuzzer1 -- libyang/build/tests/fuzz/lyd_parse_mem_fuzz_harness +afl-fuzz -i minimised_testcases/ -o syncdir/ -S fuzzer2 -- libyang/build/tests/fuzz/lyd_parse_mem_fuzz_harness +``` + +To fuzz with LibFuzzer, at the most basic level, everything that is required is +to run the compiled fuzz target. +However, running the target like that invokes the harness with only one job +on a single core, with no starting inputs. +Multiple jobs running on separate cores should be used, with a starting input corpus. +The options are described in the official LibFuzzer documentation (https://llvm.org/docs/LibFuzzer.html). + +## Fuzzing corpus and regression testing +The `tests/fuzz/corpus` directory contains subdirectories for every fuzz target. Those subdirectories contain a collection of previous inputs that were found by fuzzing and caused visible issues or crashes. Every input file is named after the issue or pull request where it was originally reported. When a new issue is discovered, the input causing the issue should be added to the appropriate directory. + +These input files are then used by the fuzz_regression_test test which sends the corpus into the corresponding fuzz harness, to test whether any of the files crash and cause regressions. diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull11438 b/tests/fuzz/corpus/lyd_parse_mem_json/pull11438 new file mode 100644 index 0000000..d4722b2 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull11438 @@ -0,0 +1 @@ +{"0R:0::809e-47,-689e-47,-689e-489e-47":[809e-47,-689e-47,-689e-4709e-47,-689e-47,-689e-489e-47":[809e-47,-689e-47,-689e-47647,-688Je7,-6889e647,-688Je7,-6889e-47" \ No newline at end of file diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1203 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1203 new file mode 100644 index 0000000..b732c50 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1203 @@ -0,0 +1,12 @@ + + + + + + + + + + + + diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1269 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1269 new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1269 @@ -0,0 +1 @@ +[] diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1269_2 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1269_2 new file mode 100644 index 0000000..9f553e6 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1269_2 @@ -0,0 +1 @@ +[[], []] diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1280 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1280 new file mode 100644 index 0000000..0b15336 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1280 @@ -0,0 +1 @@ +"\u1 \ No newline at end of file diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1347_number b/tests/fuzz/corpus/lyd_parse_mem_json/pull1347_number new file mode 100644 index 0000000..cbbee10 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1347_number @@ -0,0 +1 @@ +{"200 -11-10T23:00:00Z": 1E+2} diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1347_strings b/tests/fuzz/corpus/lyd_parse_mem_json/pull1347_strings new file mode 100644 index 0000000..9e93b42 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1347_strings @@ -0,0 +1 @@ +{"200 -11-10T23:00:00Z": "hello w\rld"}, diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1348 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1348 new file mode 100644 index 0000000..5759231 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1348 @@ -0,0 +1 @@ + "a\tHtdiff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1460 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1460 new file mode 100644 index 0000000..66bc72f --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1460 @@ -0,0 +1 @@ +"viøonisionp\u\ \ No newline at end of file diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1460_2 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1460_2 new file mode 100644 index 0000000..1df63c8 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1460_2 @@ -0,0 +1 @@ +"viøonisionp\uGAAA" diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1571 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1571 new file mode 100644 index 0000000..965dad8 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1571 @@ -0,0 +1 @@ +{"@types:uint32":{"typus:@uint32":1,"typus:@uint32":2,"typJs:uint32":3}} diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1585 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1585 new file mode 100644 index 0000000..e9c1d5d --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1585 @@ -0,0 +1 @@ +{"@types:uint32":{"@":{"ns:int32":{"a":[1 diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1626 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1626 new file mode 100644 index 0000000..d8e0d57 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1626 @@ -0,0 +1 @@ +{"@types:uint32":{"@":{">:1,":9,"\\\\\\\\\\:2,":8,":3,":7,":-402 diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1693 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1693 new file mode 100644 index 0000000..db6d1a4 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1693 @@ -0,0 +1 @@ +{"types:cont":{"":"","":{}}} \ No newline at end of file diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1696_1 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1696_1 new file mode 100644 index 0000000..e411daa --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1696_1 @@ -0,0 +1 @@ +{"types:cont":{"leaflt30,1,10,2]xxnt32":1,"types:uint":1,"types:uinis2":922337203685477}} \ No newline at end of file diff --git a/tests/fuzz/corpus/lyd_parse_mem_json/pull1696_2 b/tests/fuzz/corpus/lyd_parse_mem_json/pull1696_2 new file mode 100644 index 0000000..623be41 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_json/pull1696_2 @@ -0,0 +1 @@ +{"types:cont":{"leaflt30,1,GGGGGGGGGGGGGGGGGGGGGGGGGGGGG10,2]xxnt32":1,"types:ui~t":1,"types:uinis2":922337203685477}} \ No newline at end of file diff --git a/tests/fuzz/corpus/lyd_parse_mem_xml/issue1074 b/tests/fuzz/corpus/lyd_parse_mem_xml/issue1074 new file mode 100644 index 0000000..c1195cb --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_xml/issue1074 @@ -0,0 +1,4 @@ + +x +1 + diff --git a/tests/fuzz/corpus/lyd_parse_mem_xml/issue1131 b/tests/fuzz/corpus/lyd_parse_mem_xml/issue1131 new file mode 100644 index 0000000..5cc30ac Binary files /dev/null and b/tests/fuzz/corpus/lyd_parse_mem_xml/issue1131 differ diff --git a/tests/fuzz/corpus/lyd_parse_mem_xml/issue1132 b/tests/fuzz/corpus/lyd_parse_mem_xml/issue1132 new file mode 100644 index 0000000..174fa95 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_xml/issue1132 @@ -0,0 +1 @@ + + + + + + + Attribute values must start with attribute names, not "?". + + Names may not start with "."; it's not a Letter. + + Processing Instruction target name is required. + + SGML-ism: processing instructions end in '?>' not '>'. + + Processing instructions end in '?>' not '?'. + + XML comments may not contain "--" + + General entity references have no whitespace after the + entity name and before the semicolon. + + Entity references must include names, which don't begin + with '.' (it's not a Letter or other name start character). + + Character references may have only decimal or numeric strings. + + Ampersand may only appear as part of a general entity reference. + + SGML-ism: attribute values must be explicitly assigned a + value, it can't act as a boolean toggle. + + SGML-ism: attribute values must be quoted in all cases. + + The quotes on both ends of an attribute value must match. + + Attribute valueF-8"?> + + + + + + Attribute values must start with attribute names, not "?". + + Names may not start with "."; it's not a Letter. + + Processing Instruction target name is required. + + SGML-ism: processing instructions end in '?>' not '>'. + + Processing instructions end in '?>s may not contain literal '<' characters. + + Attribute values need a value, not just an equals sign. + + Attribute values need an associated name. + + CDATA sections need a terminating ']]>'. + + CDATA sections begin with a literal '<![CDATA[', no space. + + End tags may not be abbreviated as '</>'. + + Attribute values may not contain literal '&' + characters except as part of an entity reference. + + Attribute values may not contain literal '&' + characters except as part of an entity reference. 3/TEST> + + Character references end with semicolons, always! + + Digits are not valid name start characters. + + Digits are not valid name start characters. + + Text may not contain a literal ']]>' sequence. + + Text may not contain a literal ']]>' sequence. + + Comments must be terminated with "-->". + + Processing instructions must end with '?>'. + + Text may not contain a literal ']]>' sequence. + + A form feed is not a legal XML character. diff --git a/tests/fuzz/corpus/lyd_parse_mem_xml/issue1132_3 b/tests/fuzz/corpus/lyd_parse_mem_xml/issue1132_3 new file mode 100644 index 0000000..914b233 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_xml/issue1132_3 @@ -0,0 +1,18 @@ + + + +]> +.0"?> + +]> +.0"?> + +]> +.0"?> + + + +]> +.0"?> +��/doc> oc> diff --git a/tests/fuzz/corpus/lyd_parse_mem_xml/pull1529 b/tests/fuzz/corpus/lyd_parse_mem_xml/pull1529 new file mode 100644 index 0000000..4fd305f --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_xml/pull1529 @@ -0,0 +1 @@ +'< \ No newline at end of file diff --git a/tests/fuzz/corpus/lyd_parse_mem_xml/pull1562 b/tests/fuzz/corpus/lyd_parse_mem_xml/pull1562 new file mode 100644 index 0000000..2c64095 --- /dev/null +++ b/tests/fuzz/corpus/lyd_parse_mem_xml/pull1562 @@ -0,0 +1 @@ + diff --git a/tests/fuzz/corpus/lys_parse_mem/issue1004.yang b/tests/fuzz/corpus/lys_parse_mem/issue1004.yang new file mode 100644 index 0000000..76479d2 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue1004.yang @@ -0,0 +1,10 @@ +module a { + yang-version 1.1; + namespace "a"; + prefix a; + + leaf-list A { + type pt8; + default 0; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue1025.yang b/tests/fuzz/corpus/lys_parse_mem/issue1025.yang new file mode 100644 index 0000000..94d78f2 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue1025.yang @@ -0,0 +1,16 @@ +module a { + yang-version 1.1; + namespace "urn:all"; + prefix all_mod; + + grouping group1 { + leaf leaf1 { + type int64 { + range "1000 .. 50000" { + error:message + "Spec"; + } + } + } + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue1027.yang b/tests/fuzz/corpus/lys_parse_mem/issue1027.yang new file mode 100644 index 0000000..2356615 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue1027.yang @@ -0,0 +1,9 @@ +module d{ + namespace ""; + prefix d; + leaf f { + type string; + must ":e"; + default ""; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue1040.yang b/tests/fuzz/corpus/lys_parse_mem/issue1040.yang new file mode 100644 index 0000000..3641d27 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue1040.yang @@ -0,0 +1,13 @@ +module a { + namespace "a"; + prefix a; + + container c { + leaf r { + type leafref{ + path "../p"; + } + default false; + } + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue1041.yang b/tests/fuzz/corpus/lys_parse_mem/issue1041.yang new file mode 100644 index 0000000..16c6d87 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue1041.yang @@ -0,0 +1,34 @@ +module foo { + namespace foo; + prefix foo; + yang-version 1.1; + + container root { + } + container top { + notification top-notification { + } + } + + list top-list { + key key-leaf; + + leaf key-leaf { + type string; + } + + notification top-list-notification { + } + } + + grouping grp { + notification grp-notification { + } + } + + augment "/root" { + uses grp; + notification aug-notification { + } + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue1042_base-yang-types.yang b/tests/fuzz/corpus/lys_parse_mem/issue1042_base-yang-types.yang new file mode 100644 index 0000000..d6b323d --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue1042_base-yang-types.yang @@ -0,0 +1,9 @@ +module issue1042_base-yang-types { + yang-version 1.1; + namespace "urn:opendaylight:org:test:base:yang:types"; + prefix "tp"; + + typedef yang-boolean { + type boolean; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue1042_test-type-provider-b.yang b/tests/fuzz/corpus/lys_parse_mem/issue1042_test-type-provider-b.yang new file mode 100644 index 0000000..f8fe6a6 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue1042_test-type-provider-b.yang @@ -0,0 +1,13 @@ +module issue1042_test-type-provider-b { + yang-version 1.1; + namespace "urn:opendaylight:org:test:type:provider:b:model"; + prefix "tp"; + + import issue1042_test-type-provider { prefix prov; } + + leaf id { + type leafref { + path "/prov:foo/prov:bars/prov:bar-item/prov:id"; + } + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue1042_test-type-provider.yang b/tests/fuzz/corpus/lys_parse_mem/issue1042_test-type-provider.yang new file mode 100644 index 0000000..467e23b --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue1042_test-type-provider.yang @@ -0,0 +1,13 @@ +module issue1042_test-type-provider { + yang-version 1.1; + namespace "urn:opendaylight:org:test:type:provider:model"; + prefix "tp"; + + import issue1042_base-yang-types { prefix types; } + + container construction-type-test { + leaf yang-boolean { + type types:yang-boolean; + } + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue1043.yang b/tests/fuzz/corpus/lys_parse_mem/issue1043.yang new file mode 100644 index 0000000..950e92d --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue1043.yang @@ -0,0 +1,31 @@ +module SUPf-entity { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-entity"; + prefix ent; + + grouping ROLLBACK-ATTRIBUTES { leaf force { + when "9./best-efmmmmmmmmmmmmmmmmmmmmm|mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmfort = 'falsq'" { + } + type boolean; + default "false"; + } + leaf best-effort { + when ". +} + diff --git a/tests/fuzz/corpus/lys_parse_mem/issue740.yang b/tests/fuzz/corpus/lys_parse_mem/issue740.yang new file mode 100644 index 0000000..41e3050 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue740.yang @@ -0,0 +1,14 @@ +module xpath-1.1 { + namespace "urn:xpath-1.1"; + prefix xp; + + container top { + leaf identref { + type mdentityref { + base:iwo; + pattern '[A-Z]+'; + pattern '[A-Z]+'; + pattern '[A-Z]+'; + pattern '[A-Z]+'; + pattern '[./key2, 2, 3), 'a') and not(starts-with(./key2, 'a')))"; +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue741.yang b/tests/fuzz/corpus/lys_parse_mem/issue741.yang new file mode 100644 index 0000000..685174c --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue741.yang @@ -0,0 +1,16 @@ +module mod6 { + prefix adc; + namespace "http://www.example.com"; + + grouping g { + list ll { + leaf:date { + type string; + } + } + } + + container ccc { + uses g; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue742.yang b/tests/fuzz/corpus/lys_parse_mem/issue742.yang new file mode 100644 index 0000000..0e94299 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue742.yang @@ -0,0 +1,15 @@ +module links { + yang-version 1.1; + namespace "urn:mo:1"; + prefix yang; + + import ietf-yang-metadata { + prefix md; + revision-date 2016-08-05; + } + + md:annotation value { + reference "RFC7950 section 7.7.9."; + description; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue769.yang b/tests/fuzz/corpus/lys_parse_mem/issue769.yang new file mode 100644 index 0000000..a5bcfa0 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue769.yang @@ -0,0 +1,31 @@ +module mod6 { + + prefix abc; + namespace "http://www.example.c; + yang-version 1.1; + + container cont1 { + //x" { + + } + + augment "/aug-cont" { + list list2 { + key "key2"; + leaf key2 { + type string; + } + } + notification nn { + typedef Mt { + type string { + length "1..255"; + } + } + + container log { + grouping g { + notification nn { + type j2an; + } + } diff --git a/tests/fuzz/corpus/lys_parse_mem/issue771.yang b/tests/fuzz/corpus/lys_parse_mem/issue771.yang new file mode 100644 index 0000000..dbcf22c Binary files /dev/null and b/tests/fuzz/corpus/lys_parse_mem/issue771.yang differ diff --git a/tests/fuzz/corpus/lys_parse_mem/issue772.yang b/tests/fuzz/corpus/lys_parse_mem/issue772.yang new file mode 100644 index 0000000..83e7f34 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue772.yang @@ -0,0 +1,54 @@ +module all { + yang-version 1.1; + namespace "urn:all"; + prefix all_mod; + + grouping t1 { + uses group1 { + } + + leaf leaf12 { + type bits { + bit flag0 { + position 0; + if-feature "feat1"; + } + bit flag1; + bit flag2 { + position 2; + } + + bit flag3 { + position 3; + } + } + default "flag0 flag3"; + } + + list list1 { + key "leaf18"; + unique "leaf1--------------------------------------------------- leaf leaT18 { + type string; + } + + + action act1 { + input ons on thg leaf"; + leaf leaf30 { + type string; + } + } + } + + augment "/cont1" { + leaf leaf17 { + type ideZtityref { + base all_imp:iden44; + } + must "../leaf17 = 'all_imp:iden } + + action act1 { + t5'"; + } + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue773.yang b/tests/fuzz/corpus/lys_parse_mem/issue773.yang new file mode 100644 index 0000000..fcd1403 Binary files /dev/null and b/tests/fuzz/corpus/lys_parse_mem/issue773.yang differ diff --git a/tests/fuzz/corpus/lys_parse_mem/issue774.yang b/tests/fuzz/corpus/lys_parse_mem/issue774.yang new file mode 100644 index 0000000..086d018 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue774.yang @@ -0,0 +1,55 @@ +module state-lists { + yang-version 1.1; + namespace "urn:state-lists"; + prefix sl; + + container cont { + config false; + grouping group1 { + leaf leaf3 { + type tdef2 { + length "3..9 | 30..40"; + pattern "[ac + }*"; + } + + units "none"; + default "aaa"; + } + + typedef tdef2 { + type string { + length "2..17 | 20..50"; + pattern "[ab]*"; + } + } + + container cont1 { + uses group1 { + if-feature "feat2"; + refine "leaf1" { + if-feature "feat3"; + must "24 - 4 = number('20')"; + default "25"; + config true; + mandatory false; + description "dsc"; + reference "none"; + } + } + + leaf leaf4 { + type int64 { + range "1000 .. 50000" { + error-message + "Special e + } + ."; + } + } + } + + } + } + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue777.yang b/tests/fuzz/corpus/lys_parse_mem/issue777.yang new file mode 100644 index 0000000..21bb436 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue777.yang @@ -0,0 +1,16 @@ +module m0d0 { + prefix a0c; + namespace 0000000000000000000000"; + + list list0 { +key "key1"; + unique "0n000"; + leaf key1 { + type string; + } + + leaf uniq0 { + type string; + } + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue780.yang b/tests/fuzz/corpus/lys_parse_mem/issue780.yang new file mode 100644 index 0000000..2e9ba1e Binary files /dev/null and b/tests/fuzz/corpus/lys_parse_mem/issue780.yang differ diff --git a/tests/fuzz/corpus/lys_parse_mem/issue788.yang b/tests/fuzz/corpus/lys_parse_mem/issue788.yang new file mode 100644 index 0000000..9804c02 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue788.yang @@ -0,0 +1,8 @@ +module d00000000 { + namespace "n"; + prefix d; + leaf l1 { + type string; + when "/l0{k='when']"; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue789.yang b/tests/fuzz/corpus/lys_parse_mem/issue789.yang new file mode 100644 index 0000000..1ec8ae7 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue789.yang @@ -0,0 +1,10 @@ +module m { + prefix p; + namespace "n"; + grouping g { + } + + grouping s { + uses g; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue791.yang b/tests/fuzz/corpus/lys_parse_mem/issue791.yang new file mode 100644 index 0000000..d2568b7 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue791.yang @@ -0,0 +1,3 @@ +module m { + include "" +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue791_2.yang b/tests/fuzz/corpus/lys_parse_mem/issue791_2.yang new file mode 100644 index 0000000..8303f87 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue791_2.yang @@ -0,0 +1,13 @@ +module m { + namespace "n"; + prefix p; + + container c { + leaf trg-bits { + type bits { + bit b1; + bit ""; + } + } + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue795.yang b/tests/fuzz/corpus/lys_parse_mem/issue795.yang new file mode 100644 index 0000000..f33e321 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue795.yang @@ -0,0 +1,7 @@ +module m { + prefix p; + namespace "n"; + list l { + must ""; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue804.yang b/tests/fuzz/corpus/lys_parse_mem/issue804.yang new file mode 100644 index 0000000..1578b7e --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue804.yang @@ -0,0 +1,7 @@ +module m { + prefix p; + namespace n; + list l { + if-feature 0(; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue805.yang b/tests/fuzz/corpus/lys_parse_mem/issue805.yang new file mode 100644 index 0000000..45ee5f1 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue805.yang @@ -0,0 +1,7 @@ +module d{ + namespace n; + prefix p; + list l { + when ""; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue807.yang b/tests/fuzz/corpus/lys_parse_mem/issue807.yang new file mode 100644 index 0000000..0493a79 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue807.yang @@ -0,0 +1,9 @@ +module d{ + namespace ""; + prefix d; + leaf f { + type string; + must "0e"; + default ""; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue826.yang b/tests/fuzz/corpus/lys_parse_mem/issue826.yang new file mode 100644 index 0000000..ffd0778 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue826.yang @@ -0,0 +1,12 @@ +module mod6 { + + prefix abc; + namespace "ht/www.example.c; +-versin~ 1.1 containerLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLre lse; +if-feature DDDDDDDDDDDD,DDLLLLLLLLLTL)ont1 { //x" {} augment "/aurrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr-----------------------------------------------------------------------------------------------------------------------------------------------LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLau" { + container c { uses egroup1 { + if-feature "feat2"; if-feature lse; + +} } + } +} \ No newline at end of file diff --git a/tests/fuzz/corpus/lys_parse_mem/issue827.yang b/tests/fuzz/corpus/lys_parse_mem/issue827.yang new file mode 100644 index 0000000..c5637f9 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue827.yang @@ -0,0 +1,10 @@ +module eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeveeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeod { + yang-version 1.1; + namespace "urn:all"; + prefix p; + + container cond1 { } + + grouping group1 { + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue872.yang b/tests/fuzz/corpus/lys_parse_mem/issue872.yang new file mode 100644 index 0000000..27decd5 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue872.yang @@ -0,0 +1,7 @@ +module d{ +namespace "";prefix d; + leaf f{ + type w0iiiiiiiiiiiiiiiiiiiiiiiiiiiii0000; + default ""; + } +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue874.yang b/tests/fuzz/corpus/lys_parse_mem/issue874.yang new file mode 100644 index 0000000..c42be25 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue874.yang @@ -0,0 +1,28 @@ +module o00 { prefix c; namespace "00t000000w0000p00000 +00n000e0000n00000 + + 0cANG m0dule de0in0s an 'exten0ion' s0atemns + for defining 0etadat0 an0Copyri0ht (0) 2016 IE00 T0uct and th0 persons identifi4.0 of the IETF Tru0t0s Le0a0 P0ovi0i00s + Relatin0 t0 IE0F D0cu0e0 of RFC 7 (/tru0te0.ietf0org0license-info0. + + Th0s ve00io0 of thi0 YA0G mod0le i0 pa't of RFC 78 (http:/0www-e0itor.!rg/info/0fc0902); see the 0FC i000lf + f0r fodule, i ";revision 2016-08-05{ +description +"Initial revision."; +reference "RFC 7952: Defining and 0sin0 0etada0a with YANG"; +} + +extension annotation{ +argument name; +description "This extension allows f0r defietadat0tadata an00tation0 in + YAN0 modules. 0he 0sion."; +reference "RFC 7952: Defining and 0sin0 0etada0a with YANG"; +} + +extension annotation{ +argument name; +description " YAN0 modules. 0he 0sion."; +reference "RFC 7952: Defining and 0sin0 0etada0a with YANG"; +} + +} diff --git a/tests/fuzz/corpus/lys_parse_mem/issue970.yang b/tests/fuzz/corpus/lys_parse_mem/issue970.yang new file mode 100644 index 0000000..18df054 --- /dev/null +++ b/tests/fuzz/corpus/lys_parse_mem/issue970.yang @@ -0,0 +1,18 @@ +module p{ + namespace ""; + prefix p; + + container ports{ + list port { + key name; + leaf name{ + type string;} + } + } + augment "/ports/port" { + when "0 +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + DIR *d; + struct dirent *dir; + pid_t p = 0; + int input_fd = 0; + int status = 0; + int rc = 0; + struct stat path_stat; + + if (argc != 3) { + fprintf(stderr, "invalid number of arguments. Call like this ./fuzz_regression_test fuzz_harness corpus_dir\n"); + return EXIT_FAILURE; + } + + d = opendir(argv[2]); + if (!d) { + fprintf(stderr, "error opening dir %s\n", argv[2]); + return EXIT_FAILURE; + } + + while ((dir = readdir(d)) != NULL) { + stat(dir->d_name, &path_stat); + if (!S_ISREG(path_stat.st_mode)) { + continue; + } + + p = fork(); + if (p == -1) { + fprintf(stderr, "fork failed\n"); + return EXIT_FAILURE; + } else if (p == 0) { + input_fd = open(dir->d_name, O_RDONLY); + if (input_fd == -1) { + fprintf(stderr, "error opening input file %s\n", dir->d_name); + return EXIT_FAILURE; + } + + dup2(input_fd, STDIN_FILENO); + execl(argv[1], argv[1], NULL); + return EXIT_SUCCESS; + } + + rc = waitpid(p, &status, 0); + if (rc == -1) { + fprintf(stderr, "waitpid failed\n"); + return EXIT_FAILURE; + } + + if (!WIFEXITED(status)) { + fprintf(stderr, "test %s - %s failed\n", argv[1], dir->d_name); + return EXIT_FAILURE; + } + + printf("test %s - %s successful\n", argv[1], dir->d_name); + } + + closedir(d); + + return EXIT_SUCCESS; +} diff --git a/tests/fuzz/lyd_parse_mem_json.c b/tests/fuzz/lyd_parse_mem_json.c new file mode 100644 index 0000000..0acad34 --- /dev/null +++ b/tests/fuzz/lyd_parse_mem_json.c @@ -0,0 +1,86 @@ +#include +#include +#include + +#include "libyang.h" + +int LLVMFuzzerTestOneInput(uint8_t const *buf, size_t len) +{ + struct ly_ctx *ctx = NULL; + static bool log = false; + const char *schema_a = + "module defs {namespace urn:tests:defs;prefix d;yang-version 1.1;" + "identity crypto-alg; identity interface-type; identity ethernet {base interface-type;}" + "identity fast-ethernet {base ethernet;}}"; + const char *schema_b = + "module types {namespace urn:tests:types;prefix t;yang-version 1.1; import defs {prefix defs;}" + "feature f; identity gigabit-ethernet { base defs:ethernet;}" + "container cont {leaf leaftarget {type empty;}" + "list listtarget {key id; max-elements 5;leaf id {type uint8;} leaf value {type string;}}" + "leaf-list leaflisttarget {type uint8; max-elements 5;}}" + "list list {key id; leaf id {type string;} leaf value {type string;} leaf-list targets {type string;}}" + "list list2 {key \"id value\"; leaf id {type string;} leaf value {type string;}}" + "list list_inst {key id; leaf id {type instance-identifier {require-instance true;}} leaf value {type string;}}" + "list list_ident {key id; leaf id {type identityref {base defs:interface-type;}} leaf value {type string;}}" + "leaf-list leaflisttarget {type string;}" + "leaf binary {type binary {length 5 {error-message \"This base64 value must be of length 5.\";}}}" + "leaf binary-norestr {type binary;}" + "leaf int8 {type int8 {range 10..20;}}" + "leaf uint8 {type uint8 {range 150..200;}}" + "leaf int16 {type int16 {range -20..-10;}}" + "leaf uint16 {type uint16 {range 150..200;}}" + "leaf int32 {type int32;}" + "leaf uint32 {type uint32;}" + "leaf int64 {type int64;}" + "leaf uint64 {type uint64;}" + "leaf bits {type bits {bit zero; bit one {if-feature f;} bit two;}}" + "leaf enums {type enumeration {enum white; enum yellow {if-feature f;}}}" + "leaf dec64 {type decimal64 {fraction-digits 1; range 1.5..10;}}" + "leaf dec64-norestr {type decimal64 {fraction-digits 18;}}" + "leaf str {type string {length 8..10; pattern '[a-z ]*';}}" + "leaf str-norestr {type string;}" + "leaf str-utf8 {type string{length 2..5; pattern '€*';}}" + "leaf bool {type boolean;}" + "leaf empty {type empty;}" + "leaf ident {type identityref {base defs:interface-type;}}" + "leaf inst {type instance-identifier {require-instance true;}}" + "leaf inst-noreq {type instance-identifier {require-instance false;}}" + "leaf lref {type leafref {path /leaflisttarget; require-instance true;}}" + "leaf lref2 {type leafref {path \"../list[id = current()/../str-norestr]/targets\"; require-instance true;}}" + "leaf un1 {type union {" + "type leafref {path /int8; require-instance true;}" + "type union { type identityref {base defs:interface-type;} type instance-identifier {require-instance true;} }" + "type string {length 1..20;}}}}"; + char *data = NULL; + struct lyd_node *tree = NULL; + LY_ERR err; + + if (!log) { + ly_log_options(0); + log = true; + } + + err = ly_ctx_new(NULL, 0, &ctx); + if (err != LY_SUCCESS) { + fprintf(stderr, "Failed to create context\n"); + exit(EXIT_FAILURE); + } + + lys_parse_mem(ctx, schema_a, LYS_IN_YANG, NULL); + lys_parse_mem(ctx, schema_b, LYS_IN_YANG, NULL); + + data = malloc(len + 1); + if (data == NULL) { + return 0; + } + memcpy(data, buf, len); + data[len] = 0; + + lyd_parse_data_mem(ctx, data, LYD_JSON, 0, LYD_VALIDATE_PRESENT, &tree); + lyd_free_all(tree); + ly_ctx_destroy(ctx); + + free(data); + + return 0; +} diff --git a/tests/fuzz/lyd_parse_mem_xml.c b/tests/fuzz/lyd_parse_mem_xml.c new file mode 100644 index 0000000..5574f8d --- /dev/null +++ b/tests/fuzz/lyd_parse_mem_xml.c @@ -0,0 +1,86 @@ +#include +#include +#include + +#include "libyang.h" + +int LLVMFuzzerTestOneInput(uint8_t const *buf, size_t len) +{ + struct ly_ctx *ctx = NULL; + static bool log = false; + const char *schema_a = + "module defs {namespace urn:tests:defs;prefix d;yang-version 1.1;" + "identity crypto-alg; identity interface-type; identity ethernet {base interface-type;}" + "identity fast-ethernet {base ethernet;}}"; + const char *schema_b = + "module types {namespace urn:tests:types;prefix t;yang-version 1.1; import defs {prefix defs;}" + "feature f; identity gigabit-ethernet { base defs:ethernet;}" + "container cont {leaf leaftarget {type empty;}" + "list listtarget {key id; max-elements 5;leaf id {type uint8;} leaf value {type string;}}" + "leaf-list leaflisttarget {type uint8; max-elements 5;}}" + "list list {key id; leaf id {type string;} leaf value {type string;} leaf-list targets {type string;}}" + "list list2 {key \"id value\"; leaf id {type string;} leaf value {type string;}}" + "list list_inst {key id; leaf id {type instance-identifier {require-instance true;}} leaf value {type string;}}" + "list list_ident {key id; leaf id {type identityref {base defs:interface-type;}} leaf value {type string;}}" + "leaf-list leaflisttarget {type string;}" + "leaf binary {type binary {length 5 {error-message \"This base64 value must be of length 5.\";}}}" + "leaf binary-norestr {type binary;}" + "leaf int8 {type int8 {range 10..20;}}" + "leaf uint8 {type uint8 {range 150..200;}}" + "leaf int16 {type int16 {range -20..-10;}}" + "leaf uint16 {type uint16 {range 150..200;}}" + "leaf int32 {type int32;}" + "leaf uint32 {type uint32;}" + "leaf int64 {type int64;}" + "leaf uint64 {type uint64;}" + "leaf bits {type bits {bit zero; bit one {if-feature f;} bit two;}}" + "leaf enums {type enumeration {enum white; enum yellow {if-feature f;}}}" + "leaf dec64 {type decimal64 {fraction-digits 1; range 1.5..10;}}" + "leaf dec64-norestr {type decimal64 {fraction-digits 18;}}" + "leaf str {type string {length 8..10; pattern '[a-z ]*';}}" + "leaf str-norestr {type string;}" + "leaf str-utf8 {type string{length 2..5; pattern '€*';}}" + "leaf bool {type boolean;}" + "leaf empty {type empty;}" + "leaf ident {type identityref {base defs:interface-type;}}" + "leaf inst {type instance-identifier {require-instance true;}}" + "leaf inst-noreq {type instance-identifier {require-instance false;}}" + "leaf lref {type leafref {path /leaflisttarget; require-instance true;}}" + "leaf lref2 {type leafref {path \"../list[id = current()/../str-norestr]/targets\"; require-instance true;}}" + "leaf un1 {type union {" + "type leafref {path /int8; require-instance true;}" + "type union { type identityref {base defs:interface-type;} type instance-identifier {require-instance true;} }" + "type string {length 1..20;}}}}"; + char *data = NULL; + struct lyd_node *tree = NULL; + LY_ERR err; + + if (!log) { + ly_log_options(0); + log = true; + } + + err = ly_ctx_new(NULL, 0, &ctx); + if (err != LY_SUCCESS) { + fprintf(stderr, "Failed to create context\n"); + exit(EXIT_FAILURE); + } + + lys_parse_mem(ctx, schema_a, LYS_IN_YANG, NULL); + lys_parse_mem(ctx, schema_b, LYS_IN_YANG, NULL); + + data = malloc(len + 1); + if (data == NULL) { + return 0; + } + memcpy(data, buf, len); + data[len] = 0; + + lyd_parse_data_mem(ctx, data, LYD_XML, 0, LYD_VALIDATE_PRESENT, &tree); + lyd_free_all(tree); + ly_ctx_destroy(ctx); + + free(data); + + return 0; +} diff --git a/tests/fuzz/lys_parse_mem.c b/tests/fuzz/lys_parse_mem.c new file mode 100644 index 0000000..02e0a62 --- /dev/null +++ b/tests/fuzz/lys_parse_mem.c @@ -0,0 +1,37 @@ +#include +#include +#include + +#include "libyang.h" + +int LLVMFuzzerTestOneInput(uint8_t const *buf, size_t len) +{ + struct ly_ctx *ctx = NULL; + static bool log = false; + char *data = NULL; + LY_ERR err; + + if (!log) { + ly_log_options(0); + log = true; + } + + err = ly_ctx_new(NULL, 0, &ctx); + if (err != LY_SUCCESS) { + fprintf(stderr, "Failed to create context\n"); + exit(EXIT_FAILURE); + } + + data = malloc(len + 1); + if (data == NULL) { + return 0; + } + + memcpy(data, buf, len); + data[len] = 0; + + lys_parse_mem(ctx, data, LYS_IN_YANG, NULL); + ly_ctx_destroy(ctx); + free(data); + return 0; +} diff --git a/tests/fuzz/main.c b/tests/fuzz/main.c new file mode 100644 index 0000000..a4b64b5 --- /dev/null +++ b/tests/fuzz/main.c @@ -0,0 +1,47 @@ +#include +#include +#include + +int LLVMFuzzerTestOneInput(uint8_t const *buf, size_t len); + +#ifdef __AFL_COMPILER + +int main(void) { + int ret; + uint8_t buf[64 * 1024]; + +#ifdef __AFL_LOOP + while (__AFL_LOOP(10000)) +#endif + { + ret = fread(buf, 1, sizeof(buf), stdin); + if (ret < 0) { + return 0; + } + + LLVMFuzzerTestOneInput(buf, ret); + + } + + return 0; +} + +#else + +int +main(void) +{ + int ret; + uint8_t buf[64 * 1024]; + + ret = fread(buf, 1, sizeof(buf), stdin); + if (ret < 0) { + return 0; + } + + LLVMFuzzerTestOneInput(buf, ret); + + return 0; +} + +#endif /* __AFL_COMPILER */ diff --git a/tests/fuzz/yang_parse_module.c b/tests/fuzz/yang_parse_module.c new file mode 100644 index 0000000..f420966 --- /dev/null +++ b/tests/fuzz/yang_parse_module.c @@ -0,0 +1,39 @@ +#include +#include +#include + +#include "libyang.h" + +int LLVMFuzzerTestOneInput(uint8_t const *buf, size_t len) +{ + struct lys_module *mod; + uint8_t *data = NULL; + struct ly_ctx *ctx = NULL; + static bool log = false; + LY_ERR err; + + if (!log) { + ly_log_options(0); + log = true; + } + + err = ly_ctx_new(NULL, 0, &ctx); + if (err != LY_SUCCESS) { + fprintf(stderr, "Failed to create new context\n"); + return 0; + } + + data = malloc(len + 1); + if (data == NULL) { + fprintf(stderr, "Out of memory\n"); + return 0; + } + memcpy(data, buf, len); + data[len] = 0; + + lys_parse_mem(ctx, (const char *)data, LYS_IN_YANG, &mod); + + free(data); + ly_ctx_destroy(ctx); + return 0; +} -- cgit v1.2.3