Skip to content

Commit

Permalink
Address oss fuzz XMLParser regression (#5325)
Browse files Browse the repository at this point in the history
* Refs #21856: Regression test

Signed-off-by: Mario Dominguez <[email protected]>

* Refs #21856: Fix

Signed-off-by: Mario Dominguez <[email protected]>

---------

Signed-off-by: Mario Dominguez <[email protected]>
  • Loading branch information
Mario-DL authored Oct 16, 2024
1 parent 6afab1f commit a4e0019
Show file tree
Hide file tree
Showing 3 changed files with 142 additions and 36 deletions.
176 changes: 140 additions & 36 deletions src/cpp/xmlparser/XMLDynamicParser.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1391,9 +1391,14 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
length)};
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
inner_builder->build(),
bounds)->build();
bounds);
member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, BOOLEAN, BOOLEAN_len) == 0)
Expand All @@ -1406,9 +1411,14 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_BOOLEAN),
bounds)->build();
bounds);
member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, CHAR, CHAR_len) == 0)
Expand All @@ -1421,9 +1431,14 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_CHAR8),
bounds)->build();
bounds);
member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, WCHAR, WCHAR_len) == 0)
Expand All @@ -1436,9 +1451,14 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_CHAR16),
bounds)->build();
bounds);
member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, TBYTE, TBYTE_len) == 0
Expand All @@ -1452,9 +1472,14 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_BYTE),
bounds)->build();
bounds);
member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, UINT8, UINT8_len) == 0)
Expand All @@ -1467,9 +1492,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_UINT8),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, INT8, INT8_len) == 0)
Expand All @@ -1482,9 +1513,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_INT8),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, SHORT, SHORT_len) == 0)
Expand All @@ -1497,9 +1534,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_INT16),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, LONG, LONG_len) == 0)
Expand All @@ -1512,9 +1555,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_INT32),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, ULONG, ULONG_len) == 0)
Expand All @@ -1527,9 +1576,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_UINT32),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, USHORT, USHORT_len) == 0)
Expand All @@ -1542,9 +1597,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_UINT16),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, LONGLONG, LONGLONG_len) == 0)
Expand All @@ -1557,9 +1618,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_INT64),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, ULONGLONG, ULONGLONG_len) == 0)
Expand All @@ -1572,9 +1639,18 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_UINT64),
bounds)->build();
bounds);

if (nullptr != builder)
{
member = builder->build();
}
else
{
member = nullptr;
}
}
}
else if (strncmp(memberType, FLOAT, FLOAT_len) == 0)
Expand All @@ -1587,9 +1663,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_FLOAT32),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, DOUBLE, DOUBLE_len) == 0)
Expand All @@ -1602,9 +1684,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_FLOAT64),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, LONGDOUBLE, LONGDOUBLE_len) == 0)
Expand All @@ -1617,9 +1705,15 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
factory->get_primitive_type(TK_FLOAT128),
bounds)->build();
bounds);

member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else if (strncmp(memberType, STRING, STRING_len) == 0)
Expand Down Expand Up @@ -1691,9 +1785,14 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> boundsArray;
dimensionsToArrayBounds(memberArray, boundsArray);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
wstring_builder->build(),
boundsArray)->build();
boundsArray);
member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}
else // Complex type?
Expand All @@ -1718,9 +1817,14 @@ DynamicType::_ref_type XMLParser:: parseXMLMemberDynamicType(
{
std::vector<uint32_t> bounds;
dimensionsToArrayBounds(memberArray, bounds);
member = factory->create_array_type(
DynamicTypeBuilder::_ref_type builder = factory->create_array_type(
type,
bounds)->build();
bounds);
member = nullptr;
if (nullptr != builder)
{
member = builder->build();
}
}
}

Expand Down
1 change: 1 addition & 0 deletions test/unittest/xmlparser/XMLParserTests.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ TEST_F(XMLParserTests, regressions)
EXPECT_EQ(XMLP_ret::XML_ERROR, XMLParser::loadXML("regressions/21181_profile_bin.xml", root));
EXPECT_EQ(XMLP_ret::XML_ERROR, XMLParser::loadXML("regressions/21223_profile_bin.xml", root));
EXPECT_EQ(XMLP_ret::XML_ERROR, XMLParser::loadXML("regressions/21334_profile_bin.xml", root));
EXPECT_EQ(XMLP_ret::XML_ERROR, XMLParser::loadXML("regressions/21856_profile_bin.xml", root));
Log::Flush();
}

Expand Down
1 change: 1 addition & 0 deletions test/unittest/xmlparser/regressions/21856_profile_bin.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
<profiles>le<types><type>+68ÌÏnn<typedef type="uint65" name=":" arrayDimkindons="ÿÿÜnnÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ&ÿÿÿÿÿÿÿÿÿÿnnÿÿ/0ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ4" /></type></types>pofilï_tyna<types><type>+00000000000000000001ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ6744073709551616ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿþÿÿÿ><typedef type="uint32" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿ3ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ4" /></type></types>pofilï_tyna<types><type>ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ4" /></type></types>pofilï_tyna<types><type>+30ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/<typedef type="uint64" name=":" arrayDimensions="ÿÿ4" /></type></types>pofilï_tyna<types><type>+30ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿþÿÿ><typedef type="uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ8" /></type></types>pofilï_tyna<types><type>+257pÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ><typedef type="uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿnnÿÿ/0ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ4" /></type></types>pofilï_tyna<types><type>+000 0000000000000001ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ"ÿÿ4" /></type></types>pofilï_tyna<types><type>+30ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿþÿÿ><typedef type="uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ8" /></type></types>pofilï_tyne<types><type>+257pÿÿÿÿÿÿÿÿÿ$ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ><typedef type="uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿnnÿÿ/0ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ4" /></type></types>pofilï_tyna<types><type>+00000000000000000000ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ><typedef type="uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ4" /></type></types>pofilï_tyna<types><type>+31ÿÿ><typedef type="uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ8" /></type></types>pofilï_tyna<types><type>+257pÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ><typedef type="uint32" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿnnÿÿ/0ÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ8" /></type></types>pofilï_tyna<types><type>+6pÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ><typedef type="uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿnnÿÿ/0ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ4" /></type></types>pofilï_tyna<types><type>+00000000000000000000ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ><typedef type="uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ4" /></type></types>pofilï_tyna<types><type>+31ÿÿ><typedef type="uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ8" /></type></types>pofilï_tyna<types><type>+257pÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimensions="ÿÿ8" /></type></types>pofilï_tyna<types><type>+25"uint64" name=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":" arrayDimenSions="ÿÿ4" /></type></types>pofilï_tyna<types><type>+31ÿÿ><typedef type="uint64" name=":" arrayDômensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ/4" /></type></types>pfile<types><type>+/><typedef type="uint64" name=":"naÿÿÿÿÿÿÿÿÿme=":" arrayDimensions="ÿÿÜÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿnnÿÿ" /></type></types></profiles>

0 comments on commit a4e0019

Please sign in to comment.