diff --git a/test/fuzzers/fuzz_dostring.c b/test/fuzzers/fuzz_dostring.c index 7bccbc56..17834432 100644 --- a/test/fuzzers/fuzz_dostring.c +++ b/test/fuzzers/fuzz_dostring.c @@ -2,45 +2,45 @@ #include #include - -char *cmd_start = "(def v (unmarshal (slurp ((dyn :"; -char *cmd_end = ") 1)) load-image-dict)); - int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - char *new_str = (char *)malloc(size + strlen(cmd_start) + strlen(cmd_end) + 1); - if (new_str == NULL) { - return 0; - } - // Copy start of command into the string we will execute - memcpy(new_str, cmd_start, strlen(cmd_start)); - // Copy fuzz-data into the exec string - char *datap = new_str + strlen(cmd_start); - memcpy(datap, data, size); - - // Copy the end of the command into the exec string - end_data = datap + size; - memcpy(end_data, cmd_end, strlen(cmd_end)); - - char *null_terminator = end_data + strlen(cmd_end) + 1; - *null_terminator = '\0'; - - // Remove any parentheses from the fuzz data - for (int i = 0; i < size; i++) - { - if (datap[i] == '(') - datap[i] = (char)(datap[i] + 1); - if (datap[i] == ')') - datap[i] = (char)(datap[i] + 1); - } - - // janet logic + /* init Janet */ janet_init(); - JanetTable *env = janet_core_env(NULL); - janet_dostring(env, new_str, "main", NULL); + + /* fuzz the parser */ + JanetParser parser; + janet_parser_init(&parser); + for (int i=0, done = 0; i < size; i++) + { + switch (janet_parser_status(&parser)) { + case JANET_PARSE_DEAD: + case JANET_PARSE_ERROR: + done = 1; + break; + case JANET_PARSE_PENDING: + if (i == size) { + janet_parser_eof(&parser); + } else { + janet_parser_consume(&parser, data[i]); + } + break; + case JANET_PARSE_ROOT: + if (i >= size) { + janet_parser_eof(&parser); + } else { + janet_parser_consume(&parser, data[i]); + } + break; + } + + if (done == 1) + break; + } + janet_parser_deinit(&parser); + + /* cleanup Janet */ janet_deinit(); - free(new_str); return 0; }