From f21b23058e01515166a6b61fdea01864ad9c0572 Mon Sep 17 00:00:00 2001 From: Brad Larsen Date: Fri, 3 Nov 2023 17:01:56 -0400 Subject: [PATCH] Add a fuzz target for `_elementtree.XMLParser._parse_whole` (#111477) * Add a fuzzer for `_elementtree.XMLParser._parse_whole` --- .../fuzz_elementtree_parsewhole.dict | 134 ++++++++++++++++++ .../c14nComment.xml | 4 + .../c14nDefault.xml | 3 + .../c14nPrefix.xml | 4 + .../c14nPrefixQname.xml | 7 + .../c14nPrefixQnameXpathElem.xml | 8 ++ .../c14nQname.xml | 6 + .../c14nQnameElem.xml | 6 + .../c14nQnameXpathElem.xml | 7 + .../c14nTrim.xml | 4 + .../expat224_utf8_bug.xml | 2 + .../inC14N1.xml | 14 ++ .../inC14N2.xml | 11 ++ .../inC14N3.xml | 18 +++ .../inC14N4.xml | 13 ++ .../inC14N5.xml | 12 ++ .../inC14N6.xml | 2 + .../inNsContent.xml | 4 + .../inNsDefault.xml | 3 + .../inNsPushdown.xml | 6 + .../inNsRedecl.xml | 3 + .../inNsSort.xml | 4 + .../inNsSuperfluous.xml | 4 + .../inNsXml.xml | 3 + .../out_inC14N1_c14nComment.xml | 6 + .../out_inC14N1_c14nDefault.xml | 4 + .../out_inC14N2_c14nDefault.xml | 11 ++ .../out_inC14N2_c14nTrim.xml | 1 + .../out_inC14N3_c14nDefault.xml | 14 ++ .../out_inC14N3_c14nPrefix.xml | 14 ++ .../out_inC14N3_c14nTrim.xml | 1 + .../out_inC14N4_c14nDefault.xml | 10 ++ .../out_inC14N4_c14nTrim.xml | 2 + .../out_inC14N5_c14nDefault.xml | 3 + .../out_inC14N5_c14nTrim.xml | 1 + .../out_inC14N6_c14nDefault.xml | 1 + .../out_inNsContent_c14nDefault.xml | 4 + ...t_inNsContent_c14nPrefixQnameXpathElem.xml | 4 + .../out_inNsContent_c14nQnameElem.xml | 4 + .../out_inNsContent_c14nQnameXpathElem.xml | 4 + .../out_inNsDefault_c14nDefault.xml | 3 + .../out_inNsDefault_c14nPrefix.xml | 3 + .../out_inNsPushdown_c14nDefault.xml | 6 + .../out_inNsPushdown_c14nPrefix.xml | 6 + .../out_inNsRedecl_c14nDefault.xml | 3 + .../out_inNsRedecl_c14nPrefix.xml | 3 + .../out_inNsSort_c14nDefault.xml | 4 + .../out_inNsSort_c14nPrefix.xml | 4 + .../out_inNsSuperfluous_c14nDefault.xml | 4 + .../out_inNsSuperfluous_c14nPrefix.xml | 4 + .../out_inNsXml_c14nDefault.xml | 3 + .../out_inNsXml_c14nPrefix.xml | 3 + .../out_inNsXml_c14nPrefixQname.xml | 3 + .../out_inNsXml_c14nQname.xml | 3 + .../simple-ns.xml | 7 + .../simple.xml | 6 + .../test.xml | 115 +++++++++++++++ Modules/_xxtestfuzz/fuzz_tests.txt | 1 + Modules/_xxtestfuzz/fuzzer.c | 73 ++++++++++ Tools/c-analyzer/cpython/ignored.tsv | 3 + 60 files changed, 623 insertions(+) create mode 100644 Modules/_xxtestfuzz/dictionaries/fuzz_elementtree_parsewhole.dict create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nComment.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefix.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefixQname.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefixQnameXpathElem.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQname.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQnameElem.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQnameXpathElem.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nTrim.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/expat224_utf8_bug.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N1.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N2.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N3.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N4.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N5.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N6.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsContent.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsPushdown.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsRedecl.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsSort.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsSuperfluous.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsXml.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N1_c14nComment.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N1_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N2_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N2_c14nTrim.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nPrefix.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nTrim.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N4_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N4_c14nTrim.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N5_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N5_c14nTrim.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N6_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nPrefixQnameXpathElem.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nQnameElem.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nQnameXpathElem.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsDefault_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsDefault_c14nPrefix.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsPushdown_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsPushdown_c14nPrefix.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsRedecl_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsRedecl_c14nPrefix.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSort_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSort_c14nPrefix.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSuperfluous_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSuperfluous_c14nPrefix.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nDefault.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nPrefix.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nPrefixQname.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nQname.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/simple-ns.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/simple.xml create mode 100644 Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/test.xml diff --git a/Modules/_xxtestfuzz/dictionaries/fuzz_elementtree_parsewhole.dict b/Modules/_xxtestfuzz/dictionaries/fuzz_elementtree_parsewhole.dict new file mode 100644 index 00000000000..e1b58cdb248 --- /dev/null +++ b/Modules/_xxtestfuzz/dictionaries/fuzz_elementtree_parsewhole.dict @@ -0,0 +1,134 @@ +tok_1="<" +tok_2=">" +tok_3="/" +tok_4="" +tok_6="" +tok_7="version" +tok_8="encoding" +tok_9="UTF-8" +tok_9a="UTF-16" +tok_9b="ASCII" +tok_9c="LATIN-1" +tok_9d="UTF-32" +tok_9e="UTF-7" +tok_10="\"" +tok_11="&" +tok_11a="&#" +tok_11b=";" +tok_12="'" +tok_13="" +tok_14="" +tag_doctype="" +tag_open_close="" +tag_open_exclamation="" +tag_xml_q="" + +encoding_utf="UTF-" +encoding_iso1="ISO-8859" +encoding_iso3="ISO-10646-UCS" +encoding_iso5="ISO-LATIN-1" +encoding_jis="SHIFT_JIS" +encoding_utf7="UTF-7" +encoding_utf16le="UTF-16BE" +encoding_utf16le="UTF-16LE" +encoding_ascii="US-ASCII" +encoding_latin1="latin1" diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nComment.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nComment.xml new file mode 100644 index 00000000000..e95aa302d04 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nComment.xml @@ -0,0 +1,4 @@ + + true + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nDefault.xml new file mode 100644 index 00000000000..c1364142cc5 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nDefault.xml @@ -0,0 +1,3 @@ + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefix.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefix.xml new file mode 100644 index 00000000000..fb233b42b13 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefix.xml @@ -0,0 +1,4 @@ + + sequential + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefixQname.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefixQname.xml new file mode 100644 index 00000000000..23188eedbc2 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefixQname.xml @@ -0,0 +1,7 @@ + + sequential + + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefixQnameXpathElem.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefixQnameXpathElem.xml new file mode 100644 index 00000000000..626fc48f410 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nPrefixQnameXpathElem.xml @@ -0,0 +1,8 @@ + + sequential + + + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQname.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQname.xml new file mode 100644 index 00000000000..919e5903f5c --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQname.xml @@ -0,0 +1,6 @@ + + + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQnameElem.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQnameElem.xml new file mode 100644 index 00000000000..0321f806195 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQnameElem.xml @@ -0,0 +1,6 @@ + + + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQnameXpathElem.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQnameXpathElem.xml new file mode 100644 index 00000000000..c4890bc8b01 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nQnameXpathElem.xml @@ -0,0 +1,7 @@ + + + + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nTrim.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nTrim.xml new file mode 100644 index 00000000000..ccb9cf65db7 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/c14nTrim.xml @@ -0,0 +1,4 @@ + + true + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/expat224_utf8_bug.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/expat224_utf8_bug.xml new file mode 100644 index 00000000000..d66a8e6b50f --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/expat224_utf8_bug.xml @@ -0,0 +1,2 @@ + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N1.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N1.xml new file mode 100644 index 00000000000..ed450c7341d --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N1.xml @@ -0,0 +1,14 @@ + + + + + + +Hello, world! + + + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N2.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N2.xml new file mode 100644 index 00000000000..74eeea147c3 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N2.xml @@ -0,0 +1,11 @@ + + + A B + + A + + B + A B + C + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N3.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N3.xml new file mode 100644 index 00000000000..fea78213f1a --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N3.xml @@ -0,0 +1,18 @@ +]> + + + + + + + + + + + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N4.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N4.xml new file mode 100644 index 00000000000..909a847435b --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N4.xml @@ -0,0 +1,13 @@ + + +]> + + First line Second line + 2 + "0" && value<"10" ?"valid":"error"]]> + valid + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N5.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N5.xml new file mode 100644 index 00000000000..501161bad51 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N5.xml @@ -0,0 +1,12 @@ + + + + + +]> + + &ent1;, &ent2;! + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N6.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N6.xml new file mode 100644 index 00000000000..31e20718672 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inC14N6.xml @@ -0,0 +1,2 @@ + +© diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsContent.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsContent.xml new file mode 100644 index 00000000000..b9924660ba6 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsContent.xml @@ -0,0 +1,4 @@ + + xsd:string + /soap-env:body/child::b:foo[@att1 != "c:val" and @att2 != 'xsd:string'] + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsDefault.xml new file mode 100644 index 00000000000..3e0d323bad2 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsDefault.xml @@ -0,0 +1,3 @@ + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsPushdown.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsPushdown.xml new file mode 100644 index 00000000000..daa67d83f15 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsPushdown.xml @@ -0,0 +1,6 @@ + + + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsRedecl.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsRedecl.xml new file mode 100644 index 00000000000..10bd97beda3 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsRedecl.xml @@ -0,0 +1,3 @@ + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsSort.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsSort.xml new file mode 100644 index 00000000000..8e9fc01c647 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsSort.xml @@ -0,0 +1,4 @@ + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsSuperfluous.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsSuperfluous.xml new file mode 100644 index 00000000000..f77720f7b0b --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsSuperfluous.xml @@ -0,0 +1,4 @@ + + + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsXml.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsXml.xml new file mode 100644 index 00000000000..7520cf3fb9e --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/inNsXml.xml @@ -0,0 +1,3 @@ + + data + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N1_c14nComment.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N1_c14nComment.xml new file mode 100644 index 00000000000..d98d16840c6 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N1_c14nComment.xml @@ -0,0 +1,6 @@ + +Hello, world! + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N1_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N1_c14nDefault.xml new file mode 100644 index 00000000000..af9a9770578 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N1_c14nDefault.xml @@ -0,0 +1,4 @@ + +Hello, world! + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N2_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N2_c14nDefault.xml new file mode 100644 index 00000000000..2afa15ccb36 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N2_c14nDefault.xml @@ -0,0 +1,11 @@ + + + A B + + A + + B + A B + C + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N2_c14nTrim.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N2_c14nTrim.xml new file mode 100644 index 00000000000..7a1dc32946b --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N2_c14nTrim.xml @@ -0,0 +1 @@ +A BABA BC \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nDefault.xml new file mode 100644 index 00000000000..662e108aa8a --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nDefault.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nPrefix.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nPrefix.xml new file mode 100644 index 00000000000..041e1ec8ebe --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nPrefix.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nTrim.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nTrim.xml new file mode 100644 index 00000000000..4f35ad9662d --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N3_c14nTrim.xml @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N4_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N4_c14nDefault.xml new file mode 100644 index 00000000000..243d0e61f2e --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N4_c14nDefault.xml @@ -0,0 +1,10 @@ + + First line +Second line + 2 + value>"0" && value<"10" ?"valid":"error" + valid + + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N4_c14nTrim.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N4_c14nTrim.xml new file mode 100644 index 00000000000..24d83ba8ab0 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N4_c14nTrim.xml @@ -0,0 +1,2 @@ +First line +Second line2value>"0" && value<"10" ?"valid":"error"valid \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N5_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N5_c14nDefault.xml new file mode 100644 index 00000000000..c232e740aee --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N5_c14nDefault.xml @@ -0,0 +1,3 @@ + + Hello, world! + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N5_c14nTrim.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N5_c14nTrim.xml new file mode 100644 index 00000000000..3fa84b1e986 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N5_c14nTrim.xml @@ -0,0 +1 @@ +Hello, world! \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N6_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N6_c14nDefault.xml new file mode 100644 index 00000000000..0be38f98cb1 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inC14N6_c14nDefault.xml @@ -0,0 +1 @@ +© \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nDefault.xml new file mode 100644 index 00000000000..62d7e004a44 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nDefault.xml @@ -0,0 +1,4 @@ + + xsd:string + /soap-env:body/child::b:foo[@att1 != "c:val" and @att2 != 'xsd:string'] + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nPrefixQnameXpathElem.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nPrefixQnameXpathElem.xml new file mode 100644 index 00000000000..20e1c2e9d6d --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nPrefixQnameXpathElem.xml @@ -0,0 +1,4 @@ + + n1:string + /n3:body/child::n2:foo[@att1 != "c:val" and @att2 != 'xsd:string'] + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nQnameElem.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nQnameElem.xml new file mode 100644 index 00000000000..db8680daa03 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nQnameElem.xml @@ -0,0 +1,4 @@ + + xsd:string + /soap-env:body/child::b:foo[@att1 != "c:val" and @att2 != 'xsd:string'] + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nQnameXpathElem.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nQnameXpathElem.xml new file mode 100644 index 00000000000..df3b21579fa --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsContent_c14nQnameXpathElem.xml @@ -0,0 +1,4 @@ + + xsd:string + /soap-env:body/child::b:foo[@att1 != "c:val" and @att2 != 'xsd:string'] + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsDefault_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsDefault_c14nDefault.xml new file mode 100644 index 00000000000..674b076dd6d --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsDefault_c14nDefault.xml @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsDefault_c14nPrefix.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsDefault_c14nPrefix.xml new file mode 100644 index 00000000000..83edaae91e7 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsDefault_c14nPrefix.xml @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsPushdown_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsPushdown_c14nDefault.xml new file mode 100644 index 00000000000..fa4f21b5d0a --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsPushdown_c14nDefault.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsPushdown_c14nPrefix.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsPushdown_c14nPrefix.xml new file mode 100644 index 00000000000..6d579200c9d --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsPushdown_c14nPrefix.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsRedecl_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsRedecl_c14nDefault.xml new file mode 100644 index 00000000000..ba37f925103 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsRedecl_c14nDefault.xml @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsRedecl_c14nPrefix.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsRedecl_c14nPrefix.xml new file mode 100644 index 00000000000..af3bb2d6f06 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsRedecl_c14nPrefix.xml @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSort_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSort_c14nDefault.xml new file mode 100644 index 00000000000..8a92c5c61c2 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSort_c14nDefault.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSort_c14nPrefix.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSort_c14nPrefix.xml new file mode 100644 index 00000000000..8d44c84fe5d --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSort_c14nPrefix.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSuperfluous_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSuperfluous_c14nDefault.xml new file mode 100644 index 00000000000..6bb862d763d --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSuperfluous_c14nDefault.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSuperfluous_c14nPrefix.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSuperfluous_c14nPrefix.xml new file mode 100644 index 00000000000..700a16d42a7 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsSuperfluous_c14nPrefix.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nDefault.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nDefault.xml new file mode 100644 index 00000000000..1689f3bf423 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nDefault.xml @@ -0,0 +1,3 @@ + + data + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nPrefix.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nPrefix.xml new file mode 100644 index 00000000000..38508a47f6b --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nPrefix.xml @@ -0,0 +1,3 @@ + + data + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nPrefixQname.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nPrefixQname.xml new file mode 100644 index 00000000000..867980f82bf --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nPrefixQname.xml @@ -0,0 +1,3 @@ + + data + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nQname.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nQname.xml new file mode 100644 index 00000000000..0300f9d562d --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/out_inNsXml_c14nQname.xml @@ -0,0 +1,3 @@ + + data + \ No newline at end of file diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/simple-ns.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/simple-ns.xml new file mode 100644 index 00000000000..f1f34b2e29c --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/simple-ns.xml @@ -0,0 +1,7 @@ + + + + text + texttail + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/simple.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/simple.xml new file mode 100644 index 00000000000..b88c2c7e69a --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/simple.xml @@ -0,0 +1,6 @@ + + + text + texttail + + diff --git a/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/test.xml b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/test.xml new file mode 100644 index 00000000000..92136da76d3 --- /dev/null +++ b/Modules/_xxtestfuzz/fuzz_elementtree_parsewhole_corpus/test.xml @@ -0,0 +1,115 @@ + + +Introduction to XSL +

Introduction to XSL

+ + + +
+

Overview +

+ + + + + + + +
+

Intro

+ + + + + + + +
+

History: XML and SGML

+ + + + + + + +
+

History: What are stylesheets?

+ + + + + + + +
+

History: FOSI

+ + + + + + diff --git a/Modules/_xxtestfuzz/fuzz_tests.txt b/Modules/_xxtestfuzz/fuzz_tests.txt index 4e046ecf6d8..40aa22110e7 100644 --- a/Modules/_xxtestfuzz/fuzz_tests.txt +++ b/Modules/_xxtestfuzz/fuzz_tests.txt @@ -7,3 +7,4 @@ fuzz_sre_match fuzz_csv_reader fuzz_struct_unpack fuzz_ast_literal_eval +fuzz_elementtree_parsewhole diff --git a/Modules/_xxtestfuzz/fuzzer.c b/Modules/_xxtestfuzz/fuzzer.c index 816ba09c8fd..77d29ce773a 100644 --- a/Modules/_xxtestfuzz/fuzzer.c +++ b/Modules/_xxtestfuzz/fuzzer.c @@ -439,6 +439,68 @@ static int fuzz_ast_literal_eval(const char* data, size_t size) { return 0; } +#define MAX_ELEMENTTREE_PARSEWHOLE_TEST_SIZE 0x100000 +PyObject* xmlparser_type = NULL; +PyObject* bytesio_type = NULL; +/* Called by LLVMFuzzerTestOneInput for initialization */ +static int init_elementtree_parsewhole(void) { + PyObject* elementtree_module = PyImport_ImportModule("_elementtree"); + if (elementtree_module == NULL) { + return 0; + } + xmlparser_type = PyObject_GetAttrString(elementtree_module, "XMLParser"); + Py_DECREF(elementtree_module); + if (xmlparser_type == NULL) { + return 0; + } + + + PyObject* io_module = PyImport_ImportModule("io"); + if (io_module == NULL) { + return 0; + } + bytesio_type = PyObject_GetAttrString(io_module, "BytesIO"); + Py_DECREF(io_module); + if (bytesio_type == NULL) { + return 0; + } + + return 1; +} +/* Fuzz _elementtree.XMLParser._parse_whole(x) */ +static int fuzz_elementtree_parsewhole(const char* data, size_t size) { + if (size > MAX_ELEMENTTREE_PARSEWHOLE_TEST_SIZE) { + return 0; + } + + PyObject *input = PyObject_CallFunction(bytesio_type, "y#", data, (Py_ssize_t)size); + if (input == NULL) { + assert(PyErr_Occurred()); + PyErr_Print(); + abort(); + } + + PyObject *xmlparser_instance = PyObject_CallObject(xmlparser_type, NULL); + if (xmlparser_instance == NULL) { + assert(PyErr_Occurred()); + PyErr_Print(); + abort(); + } + + PyObject *result = PyObject_CallMethod(xmlparser_instance, "_parse_whole", "O", input); + if (result == NULL) { + /* Ignore exception here, which can be caused by invalid XML input */ + PyErr_Clear(); + } else { + Py_DECREF(result); + } + + Py_DECREF(xmlparser_instance); + Py_DECREF(input); + + return 0; +} + /* Run fuzzer and abort on failure. */ static int _run_fuzz(const uint8_t *data, size_t size, int(*fuzzer)(const char* , size_t)) { int rv = fuzzer((const char*) data, size); @@ -569,6 +631,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { } rv |= _run_fuzz(data, size, fuzz_ast_literal_eval); +#endif +#if !defined(_Py_FUZZ_ONE) || defined(_Py_FUZZ_fuzz_elementtree_parsewhole) + static int ELEMENTTREE_PARSEWHOLE_INITIALIZED = 0; + if (!ELEMENTTREE_PARSEWHOLE_INITIALIZED && !init_elementtree_parsewhole()) { + PyErr_Print(); + abort(); + } else { + ELEMENTTREE_PARSEWHOLE_INITIALIZED = 1; + } + + rv |= _run_fuzz(data, size, fuzz_elementtree_parsewhole); #endif return rv; } diff --git a/Tools/c-analyzer/cpython/ignored.tsv b/Tools/c-analyzer/cpython/ignored.tsv index eea633a1505..68d32b78eed 100644 --- a/Tools/c-analyzer/cpython/ignored.tsv +++ b/Tools/c-analyzer/cpython/ignored.tsv @@ -589,6 +589,7 @@ Modules/_xxtestfuzz/_xxtestfuzz.c - _fuzzmodule - Modules/_xxtestfuzz/_xxtestfuzz.c - module_methods - Modules/_xxtestfuzz/fuzzer.c - RE_FLAG_DEBUG - Modules/_xxtestfuzz/fuzzer.c - ast_literal_eval_method - +Modules/_xxtestfuzz/fuzzer.c - bytesio_type - Modules/_xxtestfuzz/fuzzer.c - compiled_patterns - Modules/_xxtestfuzz/fuzzer.c - csv_error - Modules/_xxtestfuzz/fuzzer.c - csv_module - @@ -598,12 +599,14 @@ Modules/_xxtestfuzz/fuzzer.c - re_compile_method - Modules/_xxtestfuzz/fuzzer.c - re_error_exception - Modules/_xxtestfuzz/fuzzer.c - struct_error - Modules/_xxtestfuzz/fuzzer.c - struct_unpack_method - +Modules/_xxtestfuzz/fuzzer.c - xmlparser_type - Modules/_xxtestfuzz/fuzzer.c LLVMFuzzerTestOneInput CSV_READER_INITIALIZED - Modules/_xxtestfuzz/fuzzer.c LLVMFuzzerTestOneInput JSON_LOADS_INITIALIZED - Modules/_xxtestfuzz/fuzzer.c LLVMFuzzerTestOneInput SRE_COMPILE_INITIALIZED - Modules/_xxtestfuzz/fuzzer.c LLVMFuzzerTestOneInput SRE_MATCH_INITIALIZED - Modules/_xxtestfuzz/fuzzer.c LLVMFuzzerTestOneInput STRUCT_UNPACK_INITIALIZED - Modules/_xxtestfuzz/fuzzer.c LLVMFuzzerTestOneInput AST_LITERAL_EVAL_INITIALIZED - +Modules/_xxtestfuzz/fuzzer.c LLVMFuzzerTestOneInput ELEMENTTREE_PARSEWHOLE_INITIALIZED - ##----------------------- ## the analyzer should have ignored these