Coverage Report

Created: 2023-09-25 06:45

/src/boost_regex_fuzzer.cc
Line
Count
Source (jump to first uncovered line)
1
/* Copyright 2021 Google LLC
2
Licensed under the Apache License, Version 2.0 (the "License");
3
you may not use this file except in compliance with the License.
4
You may obtain a copy of the License at
5
      http://www.apache.org/licenses/LICENSE-2.0
6
Unless required by applicable law or agreed to in writing, software
7
distributed under the License is distributed on an "AS IS" BASIS,
8
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9
See the License for the specific language governing permissions and
10
limitations under the License.
11
*/
12
// From https://svn.boost.org/trac10/ticket/12818
13
// This fuzz target can likely be enhanced to exercise more code.
14
// The ideal place for this fuzz target is the boost repository.
15
#ifdef DEBUG
16
#include <iostream>
17
#endif
18
19
#include <boost/regex.hpp>
20
#include <fuzzer/FuzzedDataProvider.h>
21
22
namespace {
23
  void assertPostConditions(boost::match_results<std::string::const_iterator> const& match, boost::regex const& e)
24
184
  {
25
    // See https://www.boost.org/doc/libs/1_71_0/libs/regex/doc/html/boost_regex/ref/regex_match.html
26
184
    assert(match.size() == e.mark_count() + 1);
27
0
    assert(!match.empty());
28
0
    assert(!match.prefix().matched);
29
0
    assert(!match.suffix().matched);
30
184
  }
31
}
32
33
424
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
34
424
  FuzzedDataProvider fuzzed_data(Data, Size);
35
  // First value is length of the regex string
36
424
  size_t regex_length = fuzzed_data.ConsumeIntegral<uint8_t>();
37
  // Second value is regexp string whose length is `regex_length`
38
424
  std::string regex_string = fuzzed_data.ConsumeBytesAsString(regex_length);
39
424
  try {
40
424
    boost::regex e(regex_string);
41
    // Last value is the text to be matched
42
424
    std::string text = fuzzed_data.ConsumeRemainingBytesAsString();
43
44
#ifdef DEBUG
45
    std::cout << "Regexp string: " << regex_string << "Size: " << regex_string.size() << std::endl;
46
    std::cout << "Text: " << text << "Size: " << text.size() << std::endl;
47
#endif
48
49
424
    boost::match_results<std::string::const_iterator> what;
50
424
    bool match = boost::regex_match(text, what, e,
51
424
                       boost::match_default | boost::match_partial);
52
424
    if (match)
53
184
      assertPostConditions(what, e);
54
424
  }
55
424
  catch (const std::runtime_error &) {
56
91
  }
57
424
  return 0;
58
424
}