From 495381df0478c88613936534e8a223518d725627 Mon Sep 17 00:00:00 2001
From: Kostya Serebryany <kcc@google.com>
Date: Sat, 1 Oct 2016 07:37:40 +0000
Subject: [PATCH] [libFuzzer] add fuzzer test for libxml2, finds
 https://bugzilla.gnome.org/show_bug.cgi?id=751631

llvm-svn: 283024
---
 .../fuzzer-test-suite/libxml2-v2.9.2/build.sh    | 13 +++++++++++++
 .../fuzzer-test-suite/libxml2-v2.9.2/target.cc   | 16 ++++++++++++++++
 .../fuzzer-test-suite/libxml2-v2.9.2/test.sh     |  9 +++++++++
 3 files changed, 38 insertions(+)
 create mode 100755 lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/build.sh
 create mode 100644 lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/target.cc
 create mode 100755 lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/test.sh

diff --git a/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/build.sh b/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/build.sh
new file mode 100755
index 00000000000..5693579e861
--- /dev/null
+++ b/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/build.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+. $(dirname $0)/../common.sh
+
+build_lib() {
+  rm -rf BUILD
+  cp -rf SRC BUILD
+  (cd BUILD && ./autogen.sh && CXX="clang++ $FUZZ_CXXFLAGS" CC="clang $FUZZ_CXXFLAGS" CCLD="clang++ $FUZZ_CXXFLAGS"  ./configure && make -j $JOBS)
+}
+
+get_git_tag git://git.gnome.org/libxml2  v2.9.2 SRC
+build_lib
+build_libfuzzer
+clang++ -std=c++11  $SCRIPT_DIR/target.cc  $FUZZ_CXXFLAGS  -I BUILD/include BUILD/.libs/libxml2.a libFuzzer.a  -lz -o $EXECUTABLE_NAME_BASE
diff --git a/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/target.cc b/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/target.cc
new file mode 100644
index 00000000000..3fdcb6fbb07
--- /dev/null
+++ b/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/target.cc
@@ -0,0 +1,16 @@
+#include <string>
+#include <vector>
+#include "libxml/xmlversion.h"
+#include "libxml/parser.h"
+#include "libxml/HTMLparser.h"
+#include "libxml/tree.h"
+
+void ignore (void * ctx, const char * msg, ...) {}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  xmlSetGenericErrorFunc(NULL, &ignore);
+  if (auto doc = xmlReadMemory(reinterpret_cast<const char *>(data), size,
+                               "noname.xml", NULL, 0))
+    xmlFreeDoc(doc);
+  return 0;
+}
diff --git a/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/test.sh b/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/test.sh
new file mode 100755
index 00000000000..d645e1dd973
--- /dev/null
+++ b/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/test.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+set -x
+. $(dirname $0)/../common.sh
+
+get_git_revision https://github.com/mcarpenter/afl be3e88d639da5350603f6c0fee06970128504342 afl
+rm -rf $CORPUS
+mkdir $CORPUS
+[ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -jobs=$JOBS -dict=afl/dictionaries/xml.dict -workers=$JOBS $CORPUS
+grep "AddressSanitizer: heap-buffer-overflow" fuzz-0.log