Line data Source code
1 : // Copyright 2016 the V8 project authors. All rights reserved.
2 : // Use of this source code is governed by a BSD-style license that can be
3 : // found in the LICENSE file.
4 :
5 : #include <limits.h>
6 : #include <stddef.h>
7 : #include <stdint.h>
8 :
9 : #include <cctype>
10 : #include <list>
11 :
12 : #include "include/v8.h"
13 : #include "src/objects-inl.h"
14 : #include "src/objects.h"
15 : #include "src/parsing/parse-info.h"
16 : #include "src/parsing/parsing.h"
17 : #include "src/parsing/preparser.h"
18 : #include "test/fuzzer/fuzzer-support.h"
19 :
20 1 : bool IsValidInput(const uint8_t* data, size_t size) {
21 : std::list<char> parentheses;
22 : const char* ptr = reinterpret_cast<const char*>(data);
23 :
24 29 : for (size_t i = 0; i != size; ++i) {
25 : // Check that all characters in the data are valid.
26 28 : if (!(std::isspace(ptr[i]) || std::isprint(ptr[i]))) {
27 : return false;
28 : }
29 :
30 : // Check balance of parentheses in the data.
31 28 : switch (ptr[i]) {
32 : case '(':
33 : case '[':
34 : case '{':
35 : parentheses.push_back(ptr[i]);
36 : break;
37 : case ')':
38 1 : if (parentheses.back() != '(') return false;
39 : parentheses.pop_back();
40 : break;
41 : case ']':
42 0 : if (parentheses.back() != '[') return false;
43 : parentheses.pop_back();
44 : break;
45 : case '}':
46 0 : if (parentheses.back() != '{') return false;
47 : parentheses.pop_back();
48 : break;
49 : default:
50 : break;
51 : }
52 : }
53 :
54 1 : return parentheses.empty();
55 : }
56 :
57 1 : extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
58 1 : if (!IsValidInput(data, size)) {
59 : return 0;
60 : }
61 :
62 1 : v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
63 1 : v8::Isolate* isolate = support->GetIsolate();
64 :
65 : v8::Isolate::Scope isolate_scope(isolate);
66 2 : v8::HandleScope handle_scope(isolate);
67 1 : v8::Context::Scope context_scope(support->GetContext());
68 2 : v8::TryCatch try_catch(isolate);
69 :
70 : v8::internal::Isolate* i_isolate =
71 : reinterpret_cast<v8::internal::Isolate*>(isolate);
72 : v8::internal::Factory* factory = i_isolate->factory();
73 :
74 1 : if (size > INT_MAX) return 0;
75 : v8::internal::MaybeHandle<v8::internal::String> source =
76 : factory->NewStringFromOneByte(
77 2 : v8::internal::Vector<const uint8_t>(data, static_cast<int>(size)));
78 1 : if (source.is_null()) return 0;
79 :
80 : v8::internal::Handle<v8::internal::Script> script =
81 1 : factory->NewScript(source.ToHandleChecked());
82 2 : v8::internal::ParseInfo info(script);
83 1 : if (!v8::internal::parsing::ParseProgram(&info, i_isolate)) {
84 0 : i_isolate->OptionalRescheduleException(true);
85 : }
86 : isolate->RequestGarbageCollectionForTesting(
87 1 : v8::Isolate::kFullGarbageCollection);
88 : return 0;
89 : }
|
