Merge branch 'develop' into feature/release_information

2017-01-04 20:06:23 +01:00 · 2017-01-04 20:06:23 +01:00 · e1b89dd1d6
commit e1b89dd1d6
parent ea4d71ee21 9f6c86f233
7 changed files with 287 additions and 348 deletions
--- a/test/Makefile
+++ b/test/Makefile
@ -52,7 +52,7 @@ TESTCASES = $(patsubst src/unit-%.cpp,test-%,$(wildcard src/unit-*.cpp))
 all: $(TESTCASES)

 clean:
-	rm -fr json_unit $(OBJECTS) $(SOURCES:.cpp=.gcno) $(SOURCES:.cpp=.gcda) $(TESTCASES)
+	rm -fr json_unit $(OBJECTS) $(SOURCES:.cpp=.gcno) $(SOURCES:.cpp=.gcda) $(TESTCASES) parse_afl_fuzzer parse_cbor_fuzzer parse_msgpack_fuzzer

 ##############################################################################
 # single test file
@ -85,13 +85,14 @@ check: $(TESTCASES)
 # fuzzer
 ##############################################################################

+FUZZER_ENGINE = src/fuzzer-driver_afl.cpp
 fuzzers: parse_afl_fuzzer parse_cbor_fuzzer parse_msgpack_fuzzer

 parse_afl_fuzzer:
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) src/fuzzer-driver_afl.cpp src/fuzzer-parse_json.cpp -o $@
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_json.cpp -o $@

 parse_cbor_fuzzer:
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) src/fuzzer-driver_afl.cpp src/fuzzer-parse_cbor.cpp -o $@
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_cbor.cpp -o $@

 parse_msgpack_fuzzer:
-	$(CXX) $(CXXFLAGS) $(CPPFLAGS) src/fuzzer-driver_afl.cpp src/fuzzer-parse_msgpack.cpp -o $@
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_msgpack.cpp -o $@
--- a/test/src/unit-allocator.cpp
+++ b/test/src/unit-allocator.cpp
@ -80,7 +80,7 @@ struct my_allocator : std::allocator<T>
        }
        else
        {
-            ::new(reinterpret_cast<void*>(p)) T(std::forward<Args>(args)...);
+            ::new (reinterpret_cast<void*>(p)) T(std::forward<Args>(args)...);
        }
    }

--- a/test/src/unit-constructor1.cpp
+++ b/test/src/unit-constructor1.cpp
@ -912,7 +912,7 @@ TEST_CASE("constructors")

            SECTION("array")
            {
-                json j { {"one", 1}, {"two", 1u}, {"three", 2.2}, {"four", false} , 13 };
+                json j { {"one", 1}, {"two", 1u}, {"three", 2.2}, {"four", false}, 13 };
                CHECK(j.type() == json::value_t::array);
            }
        }
--- a/test/src/unit-regression.cpp
+++ b/test/src/unit-regression.cpp
@ -663,4 +663,31 @@ TEST_CASE("regression tests")
        std::vector<uint8_t> vec3 {0xbf, 0x61, 0x61, 0x01};
        CHECK_THROWS_AS(json::from_cbor(vec3), std::out_of_range);
    }
+
+    SECTION("issue #416 - Use-of-uninitialized-value (OSS-Fuzz issue 377)")
+    {
+        // original test case
+        std::vector<uint8_t> vec1
+        {
+            0x94, 0xfa, 0xfa, 0xfa, 0xfa, 0xfa, 0xfa, 0xfa,
+            0x3a, 0x96, 0x96, 0xb4, 0xb4, 0xb4, 0xb4, 0xb4,
+            0xb4, 0xb4, 0xb4, 0xb4, 0xb4, 0xb4, 0xb4, 0x71,
+            0xb4, 0xb4, 0xfa, 0xfa, 0xfa, 0xfa, 0xfa, 0x3a,
+            0x96, 0x96, 0xb4, 0xb4, 0xfa, 0x94, 0x94, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0xfa
+        };
+        CHECK_THROWS_AS(json::from_cbor(vec1), std::out_of_range);
+
+        // related test case: double-precision
+        std::vector<uint8_t> vec2
+        {
+            0x94, 0xfa, 0xfa, 0xfa, 0xfa, 0xfa, 0xfa, 0xfa,
+            0x3a, 0x96, 0x96, 0xb4, 0xb4, 0xb4, 0xb4, 0xb4,
+            0xb4, 0xb4, 0xb4, 0xb4, 0xb4, 0xb4, 0xb4, 0x71,
+            0xb4, 0xb4, 0xfa, 0xfa, 0xfa, 0xfa, 0xfa, 0x3a,
+            0x96, 0x96, 0xb4, 0xb4, 0xfa, 0x94, 0x94, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0xfb
+        };
+        CHECK_THROWS_AS(json::from_cbor(vec2), std::out_of_range);
+    }
 }