✅ added fuzzer for UBJSON input

2018-01-27 18:38:11 +01:00 · 2018-01-27 18:38:11 +01:00 · f0b26c8f38
commit f0b26c8f38
parent b0a68f540f
3 changed files with 79 additions and 3 deletions
--- a/test/Makefile
+++ b/test/Makefile
@ -54,7 +54,7 @@ TESTCASES = $(patsubst src/unit-%.cpp,test-%,$(wildcard src/unit-*.cpp))
 all: $(TESTCASES)

 clean:
-	rm -fr json_unit $(OBJECTS) $(SOURCES:.cpp=.gcno) $(SOURCES:.cpp=.gcda) $(TESTCASES) parse_afl_fuzzer parse_cbor_fuzzer parse_msgpack_fuzzer
+	rm -fr json_unit $(OBJECTS) $(SOURCES:.cpp=.gcno) $(SOURCES:.cpp=.gcda) $(TESTCASES) $(FUZZERS)

 ##############################################################################
 # single test file
@ -88,7 +88,8 @@ check: $(OBJECTS) $(TESTCASES)
 ##############################################################################

 FUZZER_ENGINE = src/fuzzer-driver_afl.cpp
-fuzzers: parse_afl_fuzzer parse_cbor_fuzzer parse_msgpack_fuzzer
+FUZZERS = parse_afl_fuzzer parse_cbor_fuzzer parse_msgpack_fuzzer parse_ubjson_fuzzer
+fuzzers: $(FUZZERS)

 parse_afl_fuzzer:
 	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_json.cpp -o $@
@ -98,3 +99,6 @@ parse_cbor_fuzzer:

 parse_msgpack_fuzzer:
 	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_msgpack.cpp -o $@
+
+parse_ubjson_fuzzer:
+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_ubjson.cpp -o $@
--- a/test/src/fuzzer-parse_ubjson.cpp
+++ b/test/src/fuzzer-parse_ubjson.cpp
@ -0,0 +1,64 @@
+/*
+    __ _____ _____ _____
+ __|  |   __|     |   | |  JSON for Modern C++ (fuzz test support)
+|  |  |__   |  |  | | | |  version 3.0.1
+|_____|_____|_____|_|___|  https://github.com/nlohmann/json
+
+This file implements a parser test suitable for fuzz testing. Given a byte
+array data, it performs the following steps:
+
+- j1 = from_ubjson(data)
+- vec = to_ubjson(j1)
+- j2 = from_ubjson(vec)
+- assert(j1 == j2)
+
+The provided function `LLVMFuzzerTestOneInput` can be used in different fuzzer
+drivers.
+
+Licensed under the MIT License <http://opensource.org/licenses/MIT>.
+*/
+
+#include <iostream>
+#include <sstream>
+#include <json.hpp>
+
+using json = nlohmann::json;
+
+// see http://llvm.org/docs/LibFuzzer.html
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    try
+    {
+        // step 1: parse input
+        std::vector<uint8_t> vec1(data, data + size);
+        json j1 = json::from_ubjson(vec1);
+
+        try
+        {
+            // step 2: round trip
+            std::vector<uint8_t> vec2 = json::to_ubjson(j1);
+
+            // parse serialization
+            json j2 = json::from_ubjson(vec2);
+
+            // serializations must match
+            assert(json::to_ubjson(j2) == vec2);
+        }
+        catch (const json::parse_error&)
+        {
+            // parsing a UBJSON serialization must not fail
+            assert(false);
+        }
+    }
+    catch (const json::parse_error&)
+    {
+        // parse errors are ok, because input may be random bytes
+    }
+    catch (const json::type_error&)
+    {
+        // type errors can occur during parsing, too
+    }
+
+    // return 0 - non-zero return values are reserved for future use
+    return 0;
+}