Add libfuzzer test for QXmlStreamReader::readNext()

Change-Id: I8a15057954dbb09200bcef8a89a8008e0e9fad9c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>

tests/libfuzzer/README

@@ -0,0 +1,37 @@
+This directory contains tests to be run with clang's libFuzzer. It will generate data, pass this
+data to the function
+
+ LLVMFuzzerTestOneInput(const char *Data, size_t Size)
+
+of the test and track the code execution. Should the test crash, libFuzzer will provide you with the
+data which triggered the crash. You can then use this to debug and fix the called code.
+
+! Please note: The purpose of fuzz testing is to find unexpected code paths. Running fuzz tests may!
+! result in unforeseen bevavior, including loss of data. Consider running the tests in an isolated !
+! environment, e.g. on a virtual machine. You have been warned.                                    !
+
+To run a test with libFuzzer:
+
+1. Install libFuzzer, e.g. from the repositories of the Linux distribution you are using.
+2. Make sure clang and clang++ from this version of clang are found in PATH.
+3. Configure Qt with
+    -platform linux-clang -coverage trace-pc-guard
+   to add the needed code coverage instrumentation. Since speed of execution is crucial for fuzz
+   testing, it's recommendable to also use the switches
+    -release -static
+   It might also make sense to add sanitzers by passing
+    -sanitize <...>
+4. Build Qt.
+5. Build one of the tests using this Qt build.
+6. Execute the resulting executable.
+   Depending on the expected input format of the tested function, you will get results faster if
+   you:
+    * provide a set of interesting input data by passing the path of a directory which contains
+      these data, each in one file. You can find such datasets in the subdirectory "testcases".
+    * pass a so-called dictionary listing keywords of the input format using
+       -dict=<dictionary file>
+      A couple of such dictionaries are provided by AFL (http://lcamtuf.coredump.cx/afl/)
+    * tell libFuzzer to generate only ASCII data using
+       -only_ascii=1
+
+For further info, see https://llvm.org/docs/LibFuzzer.html

tests/libfuzzer/corelib/serialization/qxmlstream/qxmlstreamreader/readnext/main.cpp

@@ -0,0 +1,36 @@
+/****************************************************************************
+**
+** Copyright (C) 2018 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the test suite of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:GPL-EXCEPT$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 3 as published by the Free Software
+** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include <QXmlStreamReader>
+
+extern "C" int LLVMFuzzerTestOneInput(const char *Data, size_t Size) {
+    QXmlStreamReader reader(QByteArray(Data, Size));
+    while (!reader.atEnd())
+        reader.readNext();
+    return 0;
+}

tests/libfuzzer/corelib/serialization/qxmlstream/qxmlstreamreader/readnext/readnext.pro

@@ -0,0 +1,5 @@
+QT -= gui
+CONFIG += c++11 console
+CONFIG -= app_bundle
+SOURCES += main.cpp
+LIBS += -lFuzzer