JsonArray::remove() and JsonObject::remove() now release the memory of strings

2025-07-17 04:22:18 +02:00 · 2018-11-09 17:27:32 +01:00
parent e842838a23
commit f375459d53
68 changed files with 1504 additions and 740 deletions
--- a/fuzzing/fuzzer_main.cpp
+++ b/fuzzing/fuzzer_main.cpp
@ -5,17 +5,34 @@
 // This file is NOT use by Google's OSS fuzz
 // I only use it to reproduce the bugs found

-#include <stdint.h>
-#include <fstream>
+#include <stdint.h>  // size_t
+#include <stdio.h>   // fopen et al.
+#include <stdlib.h>  // exit
 #include <iostream>
-#include <string>
+#include <vector>

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);

-std::string read(const char* path) {
-  std::ifstream file(path);
-  return std::string(std::istreambuf_iterator<char>(file),
-                     std::istreambuf_iterator<char>());
+std::vector<uint8_t> read(const char* path) {
+  FILE* f = fopen(path, "rb");
+  if (!f) {
+    std::cerr << "Failed to open " << path << std::endl;
+    exit(1);
+  }
+
+  fseek(f, 0, SEEK_END);
+  size_t size = ftell(f);
+  fseek(f, 0, SEEK_SET);
+
+  std::vector<uint8_t> buffer(size);
+  if (fread(buffer.data(), 1, size, f) != size) {
+    fclose(f);
+    std::cerr << "Failed to read " << path << std::endl;
+    exit(1);
+  }
+
+  fclose(f);
+  return buffer;
 }

 int main(int argc, const char* argv[]) {
@ -26,9 +43,8 @@ int main(int argc, const char* argv[]) {

  for (int i = 1; i < argc; i++) {
    std::cout << "Loading " << argv[i] << std::endl;
-    std::string buffer = read(argv[i]);
-    LLVMFuzzerTestOneInput(reinterpret_cast<const uint8_t*>(buffer.data()),
-                           buffer.size());
+    std::vector<uint8_t> buffer = read(argv[i]);
+    LLVMFuzzerTestOneInput(buffer.data(), buffer.size());
  }
  return 0;
 }