aboutsummaryrefslogtreecommitdiff
path: root/fuzz
diff options
context:
space:
mode:
Diffstat (limited to 'fuzz')
-rw-r--r--fuzz/.gitignore4
-rw-r--r--fuzz/Cargo.toml27
-rw-r--r--fuzz/fuzz_targets/fuzz_document_parse.rs35
3 files changed, 66 insertions, 0 deletions
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
new file mode 100644
index 0000000..572e03b
--- /dev/null
+++ b/fuzz/.gitignore
@@ -0,0 +1,4 @@
+
+target
+corpus
+artifacts
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
new file mode 100644
index 0000000..b4dcbe1
--- /dev/null
+++ b/fuzz/Cargo.toml
@@ -0,0 +1,27 @@
+
+[package]
+name = "html5ever-fuzz"
+version = "0.0.0"
+authors = ["David Korczynski <david@adalogics.com>"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.3"
+
+[dependencies.html5ever]
+path = ".."
+
+[dependencies.markup5ever_rcdom]
+path = "../../rcdom/"
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzz_document_parse"
+path = "fuzz_targets/fuzz_document_parse.rs"
diff --git a/fuzz/fuzz_targets/fuzz_document_parse.rs b/fuzz/fuzz_targets/fuzz_document_parse.rs
new file mode 100644
index 0000000..17840de
--- /dev/null
+++ b/fuzz/fuzz_targets/fuzz_document_parse.rs
@@ -0,0 +1,35 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+use std::io::BufReader;
+use html5ever::driver::ParseOpts;
+use markup5ever_rcdom::{RcDom, SerializableHandle};
+use html5ever::tendril::TendrilSink;
+use html5ever::tree_builder::TreeBuilderOpts;
+use html5ever::{parse_document, serialize};
+
+// Target inspired by the Rust-Fuzz project
+// https://github.com/rust-fuzz/targets
+fuzz_target!(|data: &[u8]| {
+ let opts = ParseOpts {
+ tree_builder: TreeBuilderOpts {
+ drop_doctype: true,
+ ..Default::default()
+ },
+ ..Default::default()
+ };
+
+ let dom = parse_document(RcDom::default(), opts)
+ .from_utf8()
+ .read_from(&mut BufReader::new(data));
+
+ let dom = if let Ok(dom) = dom {
+ dom
+ } else {
+ return;
+ };
+
+ let mut out = std::io::sink();
+ let document: SerializableHandle = dom.document.into();
+ let _ = serialize(&mut out, &document, Default::default());
+});