Merge pull request #350 from DavidKorczynski/master

Updated the libfuzzer to target marshalling.
2024-11-20 15:44:49 +00:00 · 2020-04-19 18:56:51 -04:00 · 2020-04-19 18:56:51 -04:00 · 63812c9f80
commit 63812c9f80
parent 12d21dcb85 676a0afe4c
1 changed files with 34 additions and 10 deletions
--- a/test/fuzzers/fuzz_dostring.c
+++ b/test/fuzzers/fuzz_dostring.c
@ -3,20 +3,44 @@
 #include <janet.h>

 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    char *new_str = (char *)malloc(size + 1);
-    if (new_str == NULL) {
-        return 0;
-    }
-    memcpy(new_str, data, size);
-    new_str[size] = '\0';

-    /* janet logic */
+    /* init Janet */
    janet_init();
-    JanetTable *env = janet_core_env(NULL);
-    janet_dostring(env, new_str, "main", NULL);
+
+    /* fuzz the parser */
+    JanetParser parser;
+    janet_parser_init(&parser);
+    for (int i=0, done = 0; i < size; i++)
+    {
+         switch (janet_parser_status(&parser)) {
+            case JANET_PARSE_DEAD:
+            case JANET_PARSE_ERROR:
+                done = 1;
+                break;
+            case JANET_PARSE_PENDING:
+                if (i == size) {
+                    janet_parser_eof(&parser);
+                } else {
+                    janet_parser_consume(&parser, data[i]);
+                }
+                break;
+            case JANET_PARSE_ROOT:
+                if (i >= size) {
+                    janet_parser_eof(&parser);
+                } else {
+                    janet_parser_consume(&parser, data[i]);
+                }
+                break;
+        }
+
+        if (done == 1)
+            break;
+    }
+    janet_parser_deinit(&parser);
+
+    /* cleanup Janet */
    janet_deinit();

-    free(new_str);
    return 0;
 }