Chris Wolfe
7 years ago
5 changed files with 70 additions and 0 deletions
Unified View
Diff Options
-
+3 -0ChangeLog
-
+6 -0fuzz/README.md
-
+30 -0fuzz/build.sh
-
+13 -0fuzz/tokener_parse_ex_fuzzer.cc
-
+18 -0fuzz/tokener_parse_ex_fuzzer.dict
+ 3
- 0
ChangeLog
View File
| @@ -9,6 +9,9 @@ Deprecated and removed features: | |||||
| * lh_table_lookup() has been removed, use lh_table_lookup_ex() instead. | * lh_table_lookup() has been removed, use lh_table_lookup_ex() instead. | ||||
| * Remove TRUE and FALSE defines, use 1 and 0 instead. | * Remove TRUE and FALSE defines, use 1 and 0 instead. | ||||
| Build changes: | |||||
| -------------- | |||||
| * Add a top level fuzz directory for fuzzers run by OSS-Fuzz | |||||
| 0.13 (up to commit 5dae561, 2017/11/29) | 0.13 (up to commit 5dae561, 2017/11/29) | ||||
| ================================= | ================================= | ||||
+ 6
- 0
fuzz/README.md
View File
| @@ -0,0 +1,6 @@ | |||||
| # Fuzzers | |||||
| This directory contains fuzzers that | |||||
| target [llvm's LibFuzzer](https://llvm.org/docs/LibFuzzer.html). They are built | |||||
| and run automatically by | |||||
| Google's [OSS-Fuzz](https://github.com/google/oss-fuzz/) infrastructure. | |||||
+ 30
- 0
fuzz/build.sh
View File
| @@ -0,0 +1,30 @@ | |||||
| #!/bin/bash -eu | |||||
| # Copyright 2018 Google Inc. | |||||
| # | |||||
| # Licensed under the Apache License, Version 2.0 (the "License"); | |||||
| # you may not use this file except in compliance with the License. | |||||
| # You may obtain a copy of the License at | |||||
| # | |||||
| # http://www.apache.org/licenses/LICENSE-2.0 | |||||
| # | |||||
| # Unless required by applicable law or agreed to in writing, software | |||||
| # distributed under the License is distributed on an "AS IS" BASIS, | |||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||||
| # See the License for the specific language governing permissions and | |||||
| # limitations under the License. | |||||
| # | |||||
| ################################################################################ | |||||
| ./autogen.sh | |||||
| ./configure --enable-static --disable-shared | |||||
| make -j$(nproc) all | |||||
| ar rc json_c.a *.o | |||||
| cp $SRC/*.dict $OUT/ | |||||
| for f in $SRC/*_fuzzer.cc; do | |||||
| fuzzer=$(basename "$f" _fuzzer.cc) | |||||
| $CXX $CXXFLAGS -std=c++11 -I$SRC/json-c \ | |||||
| $SRC/${fuzzer}_fuzzer.cc -o $OUT/${fuzzer}_fuzzer \ | |||||
| -lFuzzingEngine $SRC/json-c/json_c.a | |||||
| done | |||||
+ 13
- 0
fuzz/tokener_parse_ex_fuzzer.cc
View File
| @@ -0,0 +1,13 @@ | |||||
| #include <stdint.h> | |||||
| #include <json.h> | |||||
| extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { | |||||
| const char *data1 = reinterpret_cast<const char *>(data); | |||||
| json_tokener *tok = json_tokener_new(); | |||||
| json_object *obj = json_tokener_parse_ex(tok, data1, size); | |||||
| json_object_put(obj); | |||||
| json_tokener_free(tok); | |||||
| return 0; | |||||
| } | |||||
+ 18
- 0
fuzz/tokener_parse_ex_fuzzer.dict
View File
| @@ -0,0 +1,18 @@ | |||||
| "{" | |||||
| "}" | |||||
| "," | |||||
| "[" | |||||
| "]" | |||||
| "," | |||||
| ":" | |||||
| "e" | |||||
| "e+" | |||||
| "e-" | |||||
| "E" | |||||
| "E+" | |||||
| "E-" | |||||
| "\"" | |||||
| "null" | |||||
| "1" | |||||
| "1.234" | |||||
| "3e4" | |||||