[libxml2] Fix std::string use in the fuzz targets: avoid it when possible.

3 files changed, 21 insertions, 5 deletions

diff --git a/projects/libxml2/byte_stream.h b/projects/libxml2/byte_stream.h
index 6a4257891..da72d5573 100644
--- a/projects/libxml2/byte_stream.h
+++ b/projects/libxml2/byte_stream.h
@@ -32,6 +32,11 @@ class ByteStream {
   ByteStream(const ByteStream&) = delete;
   ByteStream& operator=(const ByteStream&) = delete;
 
+  // Returns a pointer to the chunk of data of |size| bytes, where |size| is
+  // either a requested value or all the bytes that are available. If the
+  // requested |size| is 0, return all the bytes that are available.
+  const uint8_t* GetNextChunk(size_t* size);
+
   // Returns a string. Strings are obtained from the byte stream by reading a
   // size_t N followed by N char elements. If there are fewer than N bytes left
   // in the stream, this returns as many bytes as are available.
@@ -94,6 +99,15 @@ class ByteStream {
   size_t position_;
 };
 
+inline const uint8_t* ByteStream::GetNextChunk(size_t* size) {
+  if (*size)
+    *size = std::min(*size, capacity());
+  else
+    *size = capacity();
+
+  return UncheckedConsume(*size);
+}
+
 inline std::string ByteStream::GetNextString() {
   const size_t requested_size = GetNextSizeT();
   const size_t consumed_size = std::min(requested_size, capacity());
diff --git a/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc b/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc
index db2707b91..6f1d54982 100644
--- a/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc
+++ b/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc
@@ -31,7 +31,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   const int options[] = {0, random_option_value};
 
   for (const auto option_value : options) {
-    if (auto doc = xmlReadMemory(data_string.c_str(), data_string.length(),
+    // Intentionally pass raw data as the API does not require trailing \0.
+    if (auto doc = xmlReadMemory(reinterpret_cast<const char*>(data), size,
                                  "noname.xml", NULL, option_value)) {
       auto buf = xmlBufferCreate();
       assert(buf);
diff --git a/projects/libxml2/libxml2_xml_reader_for_file_fuzzer.cc b/projects/libxml2/libxml2_xml_reader_for_file_fuzzer.cc
index 4f4cf6c35..ab296d834 100644
--- a/projects/libxml2/libxml2_xml_reader_for_file_fuzzer.cc
+++ b/projects/libxml2/libxml2_xml_reader_for_file_fuzzer.cc
@@ -31,10 +31,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   ByteStream stream(data, size);
   const int options = stream.GetNextInt();
   const std::string encoding = stream.GetNextString();
-  const std::string file_contents = stream.GetNextString();
-  FuzzerTemporaryFile file(
-      reinterpret_cast<const uint8_t*>(file_contents.c_str()),
-      file_contents.size());
+  size_t file_contents_size = 0;
+  const uint8_t* file_contents = stream.GetNextChunk(&file_contents_size);
+
+  // Intentionally pass raw data as the API does not require trailing \0.
+  FuzzerTemporaryFile file(file_contents, file_contents_size);
 
   xmlTextReaderPtr xmlReader =
       xmlReaderForFile(file.filename(), encoding.c_str(), options);