/src/boost_regex_fuzzer.cc
Line | Count | Source |
1 | | /* Copyright 2021 Google LLC |
2 | | Licensed under the Apache License, Version 2.0 (the "License"); |
3 | | you may not use this file except in compliance with the License. |
4 | | You may obtain a copy of the License at |
5 | | http://www.apache.org/licenses/LICENSE-2.0 |
6 | | Unless required by applicable law or agreed to in writing, software |
7 | | distributed under the License is distributed on an "AS IS" BASIS, |
8 | | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
9 | | See the License for the specific language governing permissions and |
10 | | limitations under the License. |
11 | | */ |
12 | | // From https://svn.boost.org/trac10/ticket/12818 |
13 | | // This fuzz target can likely be enhanced to exercise more code. |
14 | | // The ideal place for this fuzz target is the boost repository. |
15 | | #ifdef DEBUG |
16 | | #include <iostream> |
17 | | #endif |
18 | | |
19 | | #include <boost/regex.hpp> |
20 | | #include <fuzzer/FuzzedDataProvider.h> |
21 | | |
22 | | namespace { |
23 | | void assertPostConditions(boost::match_results<std::string::const_iterator> const& match, boost::regex const& e) |
24 | 2.86k | { |
25 | | // See https://www.boost.org/doc/libs/1_71_0/libs/regex/doc/html/boost_regex/ref/regex_match.html |
26 | 2.86k | assert(match.size() == e.mark_count() + 1); |
27 | 2.86k | assert(!match.empty()); |
28 | 2.86k | assert(!match.prefix().matched); |
29 | 2.86k | assert(!match.suffix().matched); |
30 | 2.86k | } |
31 | | } |
32 | | |
33 | 9.24k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
34 | 9.24k | FuzzedDataProvider fuzzed_data(Data, Size); |
35 | | // First value is length of the regex string |
36 | 9.24k | size_t regex_length = fuzzed_data.ConsumeIntegral<uint8_t>(); |
37 | | // Second value is regexp string whose length is `regex_length` |
38 | 9.24k | std::string regex_string = fuzzed_data.ConsumeBytesAsString(regex_length); |
39 | 9.24k | try { |
40 | 9.24k | boost::regex e(regex_string); |
41 | | // Last value is the text to be matched |
42 | 9.24k | std::string text = fuzzed_data.ConsumeRemainingBytesAsString(); |
43 | | |
44 | | #ifdef DEBUG |
45 | | std::cout << "Regexp string: " << regex_string << "Size: " << regex_string.size() << std::endl; |
46 | | std::cout << "Text: " << text << "Size: " << text.size() << std::endl; |
47 | | #endif |
48 | | |
49 | 9.24k | boost::match_results<std::string::const_iterator> what; |
50 | 9.24k | bool match = boost::regex_match(text, what, e, |
51 | 9.24k | boost::match_default | boost::match_partial); |
52 | 9.24k | if (match) |
53 | 2.86k | assertPostConditions(what, e); |
54 | 9.24k | } |
55 | 9.24k | catch (const std::runtime_error &) { |
56 | 3.72k | } |
57 | 9.24k | return 0; |
58 | 9.24k | } |