summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tests/fuzzer/CMakeLists.txt2
-rw-r--r--tests/fuzzer/flatbuffers_monster_fuzzer.cc6
-rw-r--r--tests/fuzzer/flatbuffers_parser_fuzzer.cc6
-rw-r--r--tests/fuzzer/flatbuffers_scalar_fuzzer.cc6
-rw-r--r--tests/fuzzer/monster_fuzzer.dict (renamed from tests/fuzzer/monster_json.dict)0
-rw-r--r--tests/fuzzer/parser_fuzzer.dict (renamed from tests/fuzzer/parser_fbs.dict)0
-rw-r--r--tests/fuzzer/scalar_fuzzer.dict (renamed from tests/fuzzer/scalar_json.dict)10
7 files changed, 26 insertions, 4 deletions
diff --git a/tests/fuzzer/CMakeLists.txt b/tests/fuzzer/CMakeLists.txt
index 85eddf83..a171eb06 100644
--- a/tests/fuzzer/CMakeLists.txt
+++ b/tests/fuzzer/CMakeLists.txt
@@ -136,7 +136,7 @@ target_link_libraries(verifier_fuzzer PRIVATE flatbuffers_fuzzed)
add_executable(monster_fuzzer flatbuffers_monster_fuzzer.cc)
target_link_libraries(monster_fuzzer PRIVATE flatbuffers_fuzzed)
add_custom_command(
- TARGET monster_fuzzer POST_BUILD
+ TARGET monster_fuzzer PRE_BUILD
COMMAND ${CMAKE_COMMAND} -E copy
${CMAKE_SOURCE_DIR}/../monster_test.bfbs
${CMAKE_CURRENT_BINARY_DIR}/monster_test.bfbs)
diff --git a/tests/fuzzer/flatbuffers_monster_fuzzer.cc b/tests/fuzzer/flatbuffers_monster_fuzzer.cc
index 13bdef91..2b050487 100644
--- a/tests/fuzzer/flatbuffers_monster_fuzzer.cc
+++ b/tests/fuzzer/flatbuffers_monster_fuzzer.cc
@@ -26,6 +26,9 @@
namespace {
+static constexpr size_t kMinInputLength = 1;
+static constexpr size_t kMaxInputLength = 99000;
+
static constexpr uint8_t flags_strict_json = 0x80;
static constexpr uint8_t flags_skip_unexpected_fields_in_json = 0x40;
static constexpr uint8_t flags_allow_non_utf8 = 0x20;
@@ -83,7 +86,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
const std::string original(reinterpret_cast<const char *>(data), size);
auto input = std::string(original.c_str()); // until '\0'
- if (input.empty()) return 0;
+ if (input.size() < kMinInputLength || input.size() > kMaxInputLength)
+ return 0;
flatbuffers::IDLOptions opts;
opts.strict_json = (flags & flags_strict_json);
diff --git a/tests/fuzzer/flatbuffers_parser_fuzzer.cc b/tests/fuzzer/flatbuffers_parser_fuzzer.cc
index 26f9e9fe..d4bbb0e2 100644
--- a/tests/fuzzer/flatbuffers_parser_fuzzer.cc
+++ b/tests/fuzzer/flatbuffers_parser_fuzzer.cc
@@ -9,6 +9,9 @@
#include "flatbuffers/idl.h"
#include "test_init.h"
+static constexpr size_t kMinInputLength = 1;
+static constexpr size_t kMaxInputLength = 33000;
+
static constexpr uint8_t flags_strict_json = 0x80;
static constexpr uint8_t flags_skip_unexpected_fields_in_json = 0x40;
static constexpr uint8_t flags_allow_non_utf8 = 0x20;
@@ -26,7 +29,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
const std::string original(reinterpret_cast<const char *>(data), size);
auto input = std::string(original.c_str()); // until '\0'
- if (input.empty()) return 0;
+ if (input.size() < kMinInputLength || input.size() > kMaxInputLength)
+ return 0;
flatbuffers::IDLOptions opts;
opts.strict_json = (flags & flags_strict_json);
diff --git a/tests/fuzzer/flatbuffers_scalar_fuzzer.cc b/tests/fuzzer/flatbuffers_scalar_fuzzer.cc
index fd128a35..faa069e1 100644
--- a/tests/fuzzer/flatbuffers_scalar_fuzzer.cc
+++ b/tests/fuzzer/flatbuffers_scalar_fuzzer.cc
@@ -27,6 +27,9 @@
#include "flatbuffers/idl.h"
#include "test_init.h"
+static constexpr size_t kMinInputLength = 1;
+static constexpr size_t kMaxInputLength = 3000;
+
static constexpr uint8_t flags_scalar_type = 0x0F; // type of scalar value
static constexpr uint8_t flags_quotes_kind = 0x10; // quote " or '
// reserved for future: json {named} or [unnamed]
@@ -241,7 +244,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// Guarantee 0-termination.
const std::string original(reinterpret_cast<const char *>(data), size);
auto input = std::string(original.c_str()); // until '\0'
- if (input.empty()) return 0;
+ if (input.size() < kMinInputLength || input.size() > kMaxInputLength)
+ return 0;
// Break comments in json to avoid complexity with regex matcher.
// The string " 12345 /* text */" will be accepted if insert it to string
diff --git a/tests/fuzzer/monster_json.dict b/tests/fuzzer/monster_fuzzer.dict
index a06e1e06..a06e1e06 100644
--- a/tests/fuzzer/monster_json.dict
+++ b/tests/fuzzer/monster_fuzzer.dict
diff --git a/tests/fuzzer/parser_fbs.dict b/tests/fuzzer/parser_fuzzer.dict
index 44c18da8..44c18da8 100644
--- a/tests/fuzzer/parser_fbs.dict
+++ b/tests/fuzzer/parser_fuzzer.dict
diff --git a/tests/fuzzer/scalar_json.dict b/tests/fuzzer/scalar_fuzzer.dict
index 7558dc3e..3b2fbc84 100644
--- a/tests/fuzzer/scalar_json.dict
+++ b/tests/fuzzer/scalar_fuzzer.dict
@@ -10,6 +10,16 @@
"0x"
"-0x"
"p"
+"0"
+"1"
+"2"
+"3"
+"4"
+"5"
+"6"
+"7"
+"8"
+"9"
"a"
"b"
"c"