feedc0de/ArduinoJson
1
0
Fork 0
forked from bblanchon/ArduinoJson
Code Pull Requests Activity

Added MessagePack fuzzing

Browse Source
This commit is contained in:
Benoit Blanchon
2018-06-07 10:36:57 +02:00
parent 4ff6809bc5
commit a9a730fd74
41 changed files with 74 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
fuzzing/Makefile
View File

@ -5,15 +5,18 @@ CXXFLAGS += -I../src
all: \
$(OUT)/json_fuzzer \
$(OUT)/json_fuzzer_seed_corpus.zip \
$(OUT)/json_fuzzer.options
$(OUT)/json_fuzzer.options \
$(OUT)/msgpack_fuzzer \
$(OUT)/msgpack_fuzzer_seed_corpus.zip \
$(OUT)/msgpack_fuzzer.options
$(OUT)/json_fuzzer: fuzzer.cpp $(shell find ../src -type f)
$(OUT)/%_fuzzer: %_fuzzer.cpp $(shell find ../src -type f)
$(CXX) $(CXXFLAGS) $< -o$@ $(LIB_FUZZING_ENGINE)
$(OUT)/json_fuzzer_seed_corpus.zip: seed_corpus/*
$(OUT)/%_fuzzer_seed_corpus.zip: %_seed_corpus/*
zip -j $@ $?
$(OUT)/json_fuzzer.options:
$(OUT)/%_fuzzer.options:
@echo "[libfuzzer]" > $@
@echo "max_len = 256" >> $@
@echo "timeout = 10" >> $@

27
fuzzing/fuzzer.cpp
View File

@ -1,27 +0,0 @@
#include <ArduinoJson.h>
class memstream : public std::istream {
struct membuf : std::streambuf {
membuf(const uint8_t *p, size_t l) {
setg((char *)p, (char *)p, (char *)p + l);
}
};
membuf _buffer;
public:
memstream(const uint8_t *p, size_t l)
: std::istream(&_buffer), _buffer(p, l) {
rdbuf(&_buffer);
}
};
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
DynamicJsonDocument doc;
memstream json(data, size);
DeserializationError error = deserializeJson(doc, json);
if (error == DeserializationError::Ok) {
JsonVariant variant = doc.as<JsonVariant>();
variant.as<std::string>(); // <- serialize to JSON
}
return 0;
}

0
fuzzing/my_corpus/.gitignore → fuzzing/json_corpus/.gitignore vendored
View File

11
fuzzing/json_fuzzer.cpp Normal file
View File

@ -0,0 +1,11 @@
#include <ArduinoJson.h>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
DynamicJsonDocument doc;
DeserializationError error = deserializeJson(doc, data, size);
if (!error) {
std::string json;
serializeJson(doc, json);
}
return 0;
}

0
fuzzing/seed_corpus/Comments.json → fuzzing/json_seed_corpus/Comments.json
View File

0
fuzzing/seed_corpus/EmptyArray.json → fuzzing/json_seed_corpus/EmptyArray.json
View File

0
fuzzing/seed_corpus/EmptyObject.json → fuzzing/json_seed_corpus/EmptyObject.json
View File

0
fuzzing/seed_corpus/ExcessiveNesting.json → fuzzing/json_seed_corpus/ExcessiveNesting.json
View File

0
fuzzing/seed_corpus/Numbers.json → fuzzing/json_seed_corpus/Numbers.json
View File

0
fuzzing/seed_corpus/OpenWeatherMap.json → fuzzing/json_seed_corpus/OpenWeatherMap.json
View File

0
fuzzing/seed_corpus/Strings.json → fuzzing/json_seed_corpus/Strings.json
View File

0
fuzzing/seed_corpus/WeatherUnderground.json → fuzzing/json_seed_corpus/WeatherUnderground.json
View File

2
fuzzing/msgpack_corpus/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*
!.gitignore

11
fuzzing/msgpack_fuzzer.cpp Normal file
View File

@ -0,0 +1,11 @@
#include <ArduinoJson.h>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
DynamicJsonDocument doc;
DeserializationError error = deserializeMsgPack(doc, data, size);
if (!error) {
std::string json;
serializeMsgPack(doc, json);
}
return 0;
}

BIN
fuzzing/msgpack_seed_corpus/array16 Normal file
View File

Binary file not shown.

BIN
fuzzing/msgpack_seed_corpus/array32 Normal file
View File

Binary file not shown.

1
fuzzing/msgpack_seed_corpus/false Normal file
View File

@ -0,0 +1 @@
<EFBFBD>

1
fuzzing/msgpack_seed_corpus/fixarray Normal file
View File

@ -0,0 +1 @@
<EFBFBD><EFBFBD>hello<EFBFBD>world

1
fuzzing/msgpack_seed_corpus/fixint_negative Normal file
View File

@ -0,0 +1 @@
<EFBFBD>

1
fuzzing/msgpack_seed_corpus/fixint_positive Normal file
View File

@ -0,0 +1 @@


1
fuzzing/msgpack_seed_corpus/fixmap Normal file
View File

@ -0,0 +1 @@
<EFBFBD><EFBFBD>one<01>two

1
fuzzing/msgpack_seed_corpus/fixstr Normal file
View File

@ -0,0 +1 @@
<EFBFBD>hello world

1
fuzzing/msgpack_seed_corpus/float32 Normal file
View File

@ -0,0 +1 @@
<EFBFBD>@H<><48>

1
fuzzing/msgpack_seed_corpus/float64 Normal file
View File

@ -0,0 +1 @@
<EFBFBD>@ !<21><><EFBFBD>o

1
fuzzing/msgpack_seed_corpus/int16 Normal file
View File

@ -0,0 +1 @@
<EFBFBD><EFBFBD><EFBFBD>

1
fuzzing/msgpack_seed_corpus/int32 Normal file
View File

@ -0,0 +1 @@
Ҷi<EFBFBD>.

1
fuzzing/msgpack_seed_corpus/int64 Normal file
View File

@ -0,0 +1 @@
<EFBFBD>4Vx<56><78><EFBFBD><EFBFBD>

1
fuzzing/msgpack_seed_corpus/int8 Normal file
View File

@ -0,0 +1 @@
<EFBFBD><EFBFBD>

BIN
fuzzing/msgpack_seed_corpus/map16 Normal file
View File

Binary file not shown.

BIN
fuzzing/msgpack_seed_corpus/map32 Normal file
View File

Binary file not shown.

1
fuzzing/msgpack_seed_corpus/nil Normal file
View File

@ -0,0 +1 @@
<EFBFBD>

BIN
fuzzing/msgpack_seed_corpus/str16 Normal file
View File

Binary file not shown.

BIN
fuzzing/msgpack_seed_corpus/str32 Normal file
View File

Binary file not shown.

1
fuzzing/msgpack_seed_corpus/str8 Normal file
View File

@ -0,0 +1 @@
<EFBFBD>hello

1
fuzzing/msgpack_seed_corpus/true Normal file
View File

@ -0,0 +1 @@
<EFBFBD>

1
fuzzing/msgpack_seed_corpus/uint16 Normal file
View File

@ -0,0 +1 @@
<EFBFBD>09

1
fuzzing/msgpack_seed_corpus/uint32 Normal file
View File

@ -0,0 +1 @@
<EFBFBD>4Vx

1
fuzzing/msgpack_seed_corpus/uint64 Normal file
View File

@ -0,0 +1 @@
<EFBFBD>4Vx<56><78><EFBFBD><EFBFBD>

1
fuzzing/msgpack_seed_corpus/uint8 Normal file
View File

@ -0,0 +1 @@
<EFBFBD><EFBFBD>