RepoMirrors
/
cJSON
mirror of https://github.com/DaveGamble/cJSON
1
0
Fork 0
Code Issues Releases Wiki Activity

convert fuzz target to c89, optimize

This commit is contained in:
randy408 2019-10-21 15:27:47 +02:00
parent dc56e24f7f
commit ec8d2f9c2e
4 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzing/CMakeLists.txt
View File

@ -28,6 +28,6 @@ if (ENABLE_FUZZING)
endif() endif()
if(ENABLE_CJSON_TEST) if(ENABLE_CJSON_TEST)
ADD_EXECUTABLE(fuzz_main fuzz_main.c) ADD_EXECUTABLE(fuzz_main fuzz_main.c cjson_read_fuzzer.c)
TARGET_LINK_LIBRARIES(fuzz_main cjson) TARGET_LINK_LIBRARIES(fuzz_main cjson)
endif() endif()

28
fuzzing/cjson_read_fuzzer.cc → fuzzing/cjson_read_fuzzer.c
View File

@ -4,9 +4,8 @@
#include "../cJSON.h" #include "../cJSON.h"
#ifdef __cplusplus int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); /* required by C89 */
extern "C"
#endif
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{ {
cJSON *json; cJSON *json;
@ -17,6 +16,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
if(size <= offset) return 0; if(size <= offset) return 0;
if(data[size-1] != '\0') return 0;
if(data[0] != '1' && data[0] != '0') return 0; if(data[0] != '1' && data[0] != '0') return 0;
if(data[1] != '1' && data[1] != '0') return 0; if(data[1] != '1' && data[1] != '0') return 0;
if(data[2] != '1' && data[2] != '0') return 0; if(data[2] != '1' && data[2] != '0') return 0;
@ -27,19 +27,9 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
formatted = data[2] == '1' ? 1 : 0; formatted = data[2] == '1' ? 1 : 0;
buffered = data[3] == '1' ? 1 : 0; buffered = data[3] == '1' ? 1 : 0;
copied = (unsigned char*)malloc(size); json = cJSON_ParseWithOpts((const char*)data + offset, NULL, require_termination);
if(copied == NULL) return 0;
memcpy(copied, data, size); if(json == NULL) return 0;
copied[size-1] = '\0';
json = cJSON_ParseWithOpts((const char*)copied + offset, NULL, require_termination);
if(json == NULL)
{
free(copied);
return 0;
}
if(buffered) if(buffered)
{ {
@ -62,11 +52,17 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
if(minify) if(minify)
{ {
copied = (unsigned char*)malloc(size);
if(copied == NULL) return 0;
memcpy(copied, data, size);
cJSON_Minify((char*)copied + offset); cJSON_Minify((char*)copied + offset);
free(copied);
} }
cJSON_Delete(json); cJSON_Delete(json);
free(copied);
return 0; return 0;
} }

4
fuzzing/fuzz_main.c
View File

@ -2,9 +2,7 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); /* required by C90 */ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); /* required by C89 */
#include "cjson_read_fuzzer.cc"
/* fuzz target entry point, works without libFuzzer */ /* fuzz target entry point, works without libFuzzer */

4
fuzzing/ossfuzz.sh
View File

@ -8,8 +8,8 @@ cd build
cmake -DBUILD_SHARED_LIBS=OFF -DENABLE_CJSON_TEST=OFF .. cmake -DBUILD_SHARED_LIBS=OFF -DENABLE_CJSON_TEST=OFF ..
make -j$(nproc) make -j$(nproc)
$CXX $CXXFLAGS -std=c++11 -I. \ $CC $CFLAGS -std=c89 -I. \
$SRC/cjson/fuzzing/cjson_read_fuzzer.cc \ $SRC/cjson/fuzzing/cjson_read_fuzzer.c \
-o $OUT/cjson_read_fuzzer \ -o $OUT/cjson_read_fuzzer \
$LIB_FUZZING_ENGINE $SRC/cjson/build/libcjson.a $LIB_FUZZING_ENGINE $SRC/cjson/build/libcjson.a