Add new HTML parser fuzzer

* fuzz/Makefile.am: Add wget_html_fuzzer
* fuzz/wget_html_fuzzer.c: New fuzzer
* fuzz/wget_html_fuzzer.dict: HTML dictionary for fuzzing
* fuzz/wget_html_fuzzer.in: Initial corpora
* src/html-url.c: Add new function get_urls_html_fm()
* src/html-url.h: Add ne function get_urls_html_fm()
* src/wget.h: Fix define for fopen_wgetrc()

fuzz/Makefile.am

@@ -10,6 +10,7 @@ LDADD = ../lib/libgnu.a \
 
 WGET_TESTS = \
  wget_css_fuzzer$(EXEEXT) \
+ wget_html_fuzzer$(EXEEXT) \
  wget_options_fuzzer$(EXEEXT)
 
 if FUZZING
@@ -33,6 +34,9 @@ endif
 wget_css_fuzzer_SOURCES = wget_css_fuzzer.c $(MAIN)
 wget_css_fuzzer_LDADD = ../src/libunittest.a $(LDADD)
 
+wget_html_fuzzer_SOURCES = wget_html_fuzzer.c $(MAIN)
+wget_html_fuzzer_LDADD = ../src/libunittest.a $(LDADD)
+
 wget_options_fuzzer_SOURCES = wget_options_fuzzer.c $(MAIN)
 wget_options_fuzzer_LDADD = ../src/libunittest.a $(LDADD)
 

fuzz/wget_html_fuzzer.c

@@ -0,0 +1,102 @@
+/*
+ * Copyright(c) 2017-2018 Free Software Foundation, Inc.
+ *
+ * This file is part of GNU Wget.
+ *
+ * GNU Wget is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNU Wget is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Wget.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <dirent.h> // opendir, readdir
+#include <stdint.h> // uint8_t
+#include <stdio.h>  // fmemopen
+#include <string.h>  // strncmp
+#include <stdlib.h>  // free
+#include <fcntl.h>  // open flags
+#include <unistd.h>  // close
+#include <setjmp.h> // longjmp, setjmp
+
+#ifdef  __cplusplus
+  extern "C" {
+#endif
+  #include "utils.h"
+  #include "html-url.h"
+  #include "css-url.h"
+
+  // declarations for wget internal functions
+  int main_wget(int argc, const char **argv);
+  void cleanup(void);
+  FILE *fopen_wget(const char *pathname, const char *mode);
+  FILE *fopen_wgetrc(const char *pathname, const char *mode);
+  void exit_wget(int status);
+#ifdef __cplusplus
+  }
+#endif
+
+#include "fuzzer.h"
+
+static const uint8_t *g_data;
+static size_t g_size;
+
+FILE *fopen_wget(const char *pathname, const char *mode)
+{
+	return fopen("/dev/null", mode);
+}
+
+#undef fopen_wgetrc
+FILE *fopen_wgetrc(const char *pathname, const char *mode)
+{
+#ifdef HAVE_FMEMOPEN
+	return fmemopen((void *) g_data, g_size, mode);
+#else
+	return NULL;
+#endif
+}
+
+#ifdef FUZZING
+void exit_wget(int status)
+{
+}
+#else
+void exit(int status)
+{
+}
+#endif
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+   struct urlpos *urls;
+   struct file_memory fm;
+   FILE *bak;
+
+   if (size > 4096) // same as max_len = ... in .options file
+		return 0;
+
+	bak = stderr;
+	stderr = fopen("/dev/null", "w");
+
+   fm.content = (char *) data;
+   fm.length = size;
+   fm.mmap_p = 0;
+
+   urls = get_urls_html_fm("xxx", &fm, "https://x.y", NULL, NULL);
+	free_urlpos(urls);
+
+	fclose(stderr);
+	stderr = bak;
+
+	return 0;
+}

fuzz/wget_html_fuzzer.dict

@@ -0,0 +1,22 @@
+"<base"
+"<link"
+"<meta"
+"action"
+"href"
+"src"
+"srcset"
+"style"
+"follow"
+"nofollow"
+"all"
+"none"
+"robots="
+"name=\"robots\""
+"content="
+"http-equiv=\"Content-Type\""
+"charset="
+"style="
+"rel=\"shortcut icon\""
+"rel=\"stylesheet\""
+"rel=\"preload\""
+"srcset="

fuzz/wget_html_fuzzer.in/01f3749f4075613b86b2d942fac2ad89f7842f6b

@@ -0,0 +1 @@
+ ˙˙=<base href   =   //[::1::]]UU<lUUCU

fuzz/wget_html_fuzzer.in/021346ca813d28f75002292382a3eaae822f698f

@@ -0,0 +1 @@
+a<s>>

fuzz/wget_html_fuzzer.in/0224b47db70aaf7b5708612e05827fdb9d559465

@@ -0,0 +1 @@
+<lin<linkklin<lin

fuzz/wget_html_fuzzer.in/025d416bdf80e12009c9e21a18a402313e6782df

@@ -0,0 +1 @@
+<báÿ  href           ŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽ      Ž            *                *      ]]]]]]]]]]]]]]]W]]]3]]]all]]]]]]]]]]]]]]]]m<]]srcset]]]]]]]]]]        name="robots"]m]]    !        href                 style=   ]]]]]]S]]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W]]]3]]]]]]]]]]rcset]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W]]]3]]]]]]]]]]rcset]]]]]]]style        t]]]]]]]]]]]m]]    !        href                 style=   ]]]]]]S]]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W] href                 style=   ]]]]]]S]]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W]]]3]]]]]]]]]]rcset]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W]]]3]]]]]]]]]]rcset]]]]]]]style        t]]]]]]]]]]]m]]    !        href                 style=   ]]]]]]S]]]]]]]]W]]]3]]]]]]]]]]]]]W]]]3]]]]]]]]]]rcset]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W]]]3]]]]]]]]]]rcset]]]]]]]style        t]]]]]]]]]]]m]]    !        href                 style=   ]]]]]]S]]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W] href                 style=   ]]]]]]S]]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W]]]3]]]]]]]]]]rcset]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W]]]3]]]]]]]]]]rcset]]]]]]]style        t]]]]]]]]]]]m]]    !        href                 style=   ]]]]]]S]]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]ª’â]]]]]]]]]]]]ª’⢌¢¢]]]]]]]]]]]]]W]]]3]]]]]]]]]]rcset]]]]]]]]]]             href             $     href             $    ]]3]]]]]]]]]]]]]]]]]]]]m   href             $     href             $    ]]3]]]]]]]]]]]]]]]]]]]]m]]    !        href                              *      ]]]]]]]]]]]]΀€

fuzz/wget_html_fuzzer.in/03ab25234831bd329e61f9bf51941fb5c7b4d336

@@ -0,0 +1 @@
+ ]]]]]]]]]]]]]]]W]]]3]]]]]tyle          hr]   style          href  m<]]srcset]]]]]]]]]]]<link style          hr]   style          href       ="2yhletesethttp-equiv="Cont]]]]m<]]srcset]]]]]]]]]]]<link style          hr]   style          href       ="syhletesethttp-equiv="Content-Type"txle<inknksrel        hr]   style          href       ="syhleteset"txlinksre											:												l					Ire="Ls=

fuzz/wget_html_fuzzer.in/04d80726bf6ab25d85a2d9c3b268ebf62062d31e

@@ -0,0 +1 @@
+<conten    rel="preload"                                ````chrset=```e``t``et""

fuzz/wget_html_fuzzer.in/05d7b7f7b21cfc3055261415e04cd020cbee7e83

@@ -0,0 +1 @@
+ÿname="robo  ]]]]]]S]]]]]]]]W]]]3]]]]]]]]]]]]]]]]]']ª’Œ¢]]¢Ã¢¢]]]]]]]]]]]W]]]3]]]]]]]]]Yrcset]]]g]]]]]]]]]]   <meta     name="robots"  href             $     http-equiv="Content-Type"          allc at    ion        content=     ÿÿÿs==txle=brobots==tstcharset=ÿÿöÿvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNcdict=wget_ht“é<aö<61>š/]]]   <meÿ

fuzz/wget_html_fuzzer.in/069b7faef9e3c4fe96cf4695e62caaef623753b4

@@ -0,0 +1 @@
+<!<e==

fuzz/wget_html_fuzzer.in/06e3b8a41d4781f3f4628d9d2e1db6ae84a3558c

@@ -0,0 +1 @@
+<<basem                           rel="st```          `                 ˆ                      mal     @     mallow    ˆ    &qllÿÿÿÿ          <20>š/ÿ'```````<l     mall                                                               mall                                       &qllÿDÿÿ     l      mall                        ) low        @     mallow    ˆ    &qllÿÿÿÿ          <20>š/ÿ'```````      è          rel="stylesheet"```e``t``et""

fuzz/wget_html_fuzzer.in/06ed0cfccf5cda94df7a1722da6a81699e103755

@@ -0,0 +1 @@
+ ifra]]]]]]]]]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]]m<]ylesheet"txllsrcseô=ksrelesheet"ksre]]]]]]]]]W]]]3]]]]]]]]]]]]]]]]]]    ]]]]]]]]]]]]]]]]]]m<]]srcset]]]]]]]]]]]<link style          hr]   style          href       ="-yhletesethttp-epppq(iv="Content-Type"txle<inknksrel="stylexlksrel="style 

fuzz/wget_html_fuzzer.in/07a98905d94eb89d5acbbfd7964da780404b5ae9

@@ -0,0 +1 @@
+]]]]]]]]]]] <img  href      srcset= "!<no]     )))))))))))))))))))))))©)))))))))))nyT-pet"<< 

fuzz/wget_html_fuzzer.in/07ad21dd2ad1f36a000b022cb6ebb3398a4da413

@@ -0,0 +1 @@
+<e/