begin getting the fuzzers built as part of CI; add a runner making it possible to exercise them

fuzz/CMakeLists.txt

@@ -0,0 +1,16 @@
+# https://cmake.org/cmake/help/v3.0/command/add_test.html
+# https://pabloariasal.github.io/2018/02/19/its-time-to-do-cmake-right/
+enable_language(CXX)
+
+include_directories(PUBLIC ${CMAKE_SOURCE_DIR})
+
+foreach(FUZZERNAME
+	tokener_parse_ex_fuzzer)
+
+add_executable(${FUZZERNAME} ${FUZZERNAME}.cc standalone_runner.cc)
+
+target_include_directories(${FUZZERNAME} PUBLIC ${PROJECT_BINARY_DIR})
+
+target_link_libraries(${FUZZERNAME} PRIVATE json-c)
+
+endforeach(FUZZERNAME)

fuzz/standalone_runner.cc

@@ -0,0 +1,25 @@
+#include <cassert>
+#include <fstream>
+#include <iostream>
+#include <vector>
+
+// Forward declare the "fuzz target" interface.
+// We deliberately keep this inteface simple and header-free.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int main(int argc, char **argv) {
+  for (int i = 1; i < argc; i++) {
+    std::ifstream in(argv[i]);
+    in.seekg(0, in.end);
+    size_t length = in.tellg();
+    in.seekg(0, in.beg);
+    std::cout << "Reading " << length << " bytes from " << argv[i] << std::endl;
+    // Allocate exactly length bytes so that we reliably catch buffer overflows.
+    std::vector<char> bytes(length);
+    in.read(bytes.data(), bytes.size());
+    assert(in);
+    LLVMFuzzerTestOneInput(reinterpret_cast<const uint8_t *>(bytes.data()),
+                           bytes.size());
+    std::cout << "Execution successful" << std::endl;
+  }
+}