diff --git a/tests/fuzzing/fuzzer.cpp b/tests/fuzzing/fuzzer.cpp new file mode 100644 index 0000000..7baeddb --- /dev/null +++ b/tests/fuzzing/fuzzer.cpp @@ -0,0 +1,43 @@ +#include +#include + +#include +#include +#include +#include +#include + +using valijson::Schema; +using valijson::SchemaParser; +using valijson::adapters::RapidJsonAdapter; + +extern "C" int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + if(size<3) return 0; + char input_file[256]; + sprintf(input_file, "/tmp/libfuzzer.json"); + FILE *fp = fopen(input_file, "wb"); + if (!fp) + return 0; + fwrite(data, size, 1, fp); + fclose(fp); + + rapidjson::Document schemaDocument; + if (!valijson::utils::loadDocument(input_file, schemaDocument)) { + return 1; + } + + Schema schema; + SchemaParser parser; + RapidJsonAdapter schemaDocumentAdapter(schemaDocument); + try { + parser.populateSchema(schemaDocumentAdapter, schema); + } catch (std::exception &e) { + unlink(input_file); + return 1; + } + + unlink(input_file); + return 1; +} diff --git a/tests/fuzzing/oss-fuzz-build.sh b/tests/fuzzing/oss-fuzz-build.sh new file mode 100755 index 0000000..957b728 --- /dev/null +++ b/tests/fuzzing/oss-fuzz-build.sh @@ -0,0 +1,32 @@ +#!/bin/bash -eu + +# This line causes an abort which breaks fuzzing: +sed -i '27d' include/valijson/utils/rapidjson_utils.hpp + +mkdir build +cd build +cmake -Dvalijson_BUILD_EXAMPLES=FALSE \ + -Dvalijson_EXCLUDE_BOOST=TRUE \ + .. + +make -j$(nproc) + +cd ../tests/fuzzing + +find ../.. -name "*.o" -exec ar rcs fuzz_lib.a {} \; + +$CXX $CXXFLAGS -DVALIJSON_USE_EXCEPTIONS=1 \ + -I/src/valijson/thirdparty/rapidjson-1.1.0/include \ + -I/src/valijson/thirdparty/rapidjson-1.1.0/include/rapidjson \ + -I/src/valijson/include \ + -I/src/valijson/include/valijson \ + -I/src/valijson/include/valijson/adapters \ + -c fuzzer.cpp -o fuzzer.o + +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \ + -DVALIJSON_USE_EXCEPTIONS=1 \ + -rdynamic fuzzer.o \ + -o $OUT/fuzzer fuzz_lib.a + +zip $OUT/fuzzer_seed_corpus.zip \ + $SRC/valijson/doc/schema/draft-03.json