diff options
-rw-r--r-- | tests/fuzzer/CMakeLists.txt | 2 | ||||
-rw-r--r-- | tests/fuzzer/flatbuffers_monster_fuzzer.cc | 6 | ||||
-rw-r--r-- | tests/fuzzer/flatbuffers_parser_fuzzer.cc | 6 | ||||
-rw-r--r-- | tests/fuzzer/flatbuffers_scalar_fuzzer.cc | 6 | ||||
-rw-r--r-- | tests/fuzzer/monster_fuzzer.dict (renamed from tests/fuzzer/monster_json.dict) | 0 | ||||
-rw-r--r-- | tests/fuzzer/parser_fuzzer.dict (renamed from tests/fuzzer/parser_fbs.dict) | 0 | ||||
-rw-r--r-- | tests/fuzzer/scalar_fuzzer.dict (renamed from tests/fuzzer/scalar_json.dict) | 10 |
7 files changed, 26 insertions, 4 deletions
diff --git a/tests/fuzzer/CMakeLists.txt b/tests/fuzzer/CMakeLists.txt index 85eddf83..a171eb06 100644 --- a/tests/fuzzer/CMakeLists.txt +++ b/tests/fuzzer/CMakeLists.txt @@ -136,7 +136,7 @@ target_link_libraries(verifier_fuzzer PRIVATE flatbuffers_fuzzed) add_executable(monster_fuzzer flatbuffers_monster_fuzzer.cc) target_link_libraries(monster_fuzzer PRIVATE flatbuffers_fuzzed) add_custom_command( - TARGET monster_fuzzer POST_BUILD + TARGET monster_fuzzer PRE_BUILD COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_SOURCE_DIR}/../monster_test.bfbs ${CMAKE_CURRENT_BINARY_DIR}/monster_test.bfbs) diff --git a/tests/fuzzer/flatbuffers_monster_fuzzer.cc b/tests/fuzzer/flatbuffers_monster_fuzzer.cc index 13bdef91..2b050487 100644 --- a/tests/fuzzer/flatbuffers_monster_fuzzer.cc +++ b/tests/fuzzer/flatbuffers_monster_fuzzer.cc @@ -26,6 +26,9 @@ namespace { +static constexpr size_t kMinInputLength = 1; +static constexpr size_t kMaxInputLength = 99000; + static constexpr uint8_t flags_strict_json = 0x80; static constexpr uint8_t flags_skip_unexpected_fields_in_json = 0x40; static constexpr uint8_t flags_allow_non_utf8 = 0x20; @@ -83,7 +86,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { const std::string original(reinterpret_cast<const char *>(data), size); auto input = std::string(original.c_str()); // until '\0' - if (input.empty()) return 0; + if (input.size() < kMinInputLength || input.size() > kMaxInputLength) + return 0; flatbuffers::IDLOptions opts; opts.strict_json = (flags & flags_strict_json); diff --git a/tests/fuzzer/flatbuffers_parser_fuzzer.cc b/tests/fuzzer/flatbuffers_parser_fuzzer.cc index 26f9e9fe..d4bbb0e2 100644 --- a/tests/fuzzer/flatbuffers_parser_fuzzer.cc +++ b/tests/fuzzer/flatbuffers_parser_fuzzer.cc @@ -9,6 +9,9 @@ #include "flatbuffers/idl.h" #include "test_init.h" +static constexpr size_t kMinInputLength = 1; +static constexpr size_t kMaxInputLength = 33000; + static constexpr uint8_t flags_strict_json = 0x80; static constexpr uint8_t flags_skip_unexpected_fields_in_json = 0x40; static constexpr uint8_t flags_allow_non_utf8 = 0x20; @@ -26,7 +29,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { const std::string original(reinterpret_cast<const char *>(data), size); auto input = std::string(original.c_str()); // until '\0' - if (input.empty()) return 0; + if (input.size() < kMinInputLength || input.size() > kMaxInputLength) + return 0; flatbuffers::IDLOptions opts; opts.strict_json = (flags & flags_strict_json); diff --git a/tests/fuzzer/flatbuffers_scalar_fuzzer.cc b/tests/fuzzer/flatbuffers_scalar_fuzzer.cc index fd128a35..faa069e1 100644 --- a/tests/fuzzer/flatbuffers_scalar_fuzzer.cc +++ b/tests/fuzzer/flatbuffers_scalar_fuzzer.cc @@ -27,6 +27,9 @@ #include "flatbuffers/idl.h" #include "test_init.h" +static constexpr size_t kMinInputLength = 1; +static constexpr size_t kMaxInputLength = 3000; + static constexpr uint8_t flags_scalar_type = 0x0F; // type of scalar value static constexpr uint8_t flags_quotes_kind = 0x10; // quote " or ' // reserved for future: json {named} or [unnamed] @@ -241,7 +244,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { // Guarantee 0-termination. const std::string original(reinterpret_cast<const char *>(data), size); auto input = std::string(original.c_str()); // until '\0' - if (input.empty()) return 0; + if (input.size() < kMinInputLength || input.size() > kMaxInputLength) + return 0; // Break comments in json to avoid complexity with regex matcher. // The string " 12345 /* text */" will be accepted if insert it to string diff --git a/tests/fuzzer/monster_json.dict b/tests/fuzzer/monster_fuzzer.dict index a06e1e06..a06e1e06 100644 --- a/tests/fuzzer/monster_json.dict +++ b/tests/fuzzer/monster_fuzzer.dict diff --git a/tests/fuzzer/parser_fbs.dict b/tests/fuzzer/parser_fuzzer.dict index 44c18da8..44c18da8 100644 --- a/tests/fuzzer/parser_fbs.dict +++ b/tests/fuzzer/parser_fuzzer.dict diff --git a/tests/fuzzer/scalar_json.dict b/tests/fuzzer/scalar_fuzzer.dict index 7558dc3e..3b2fbc84 100644 --- a/tests/fuzzer/scalar_json.dict +++ b/tests/fuzzer/scalar_fuzzer.dict @@ -10,6 +10,16 @@ "0x" "-0x" "p" +"0" +"1" +"2" +"3" +"4" +"5" +"6" +"7" +"8" +"9" "a" "b" "c" |