/src/CMake/Tests/Fuzzing/cmExprParserFuzzer.cxx
Line | Count | Source |
1 | | /* Distributed under the OSI-approved BSD 3-Clause License. See accompanying |
2 | | file LICENSE.rst or https://cmake.org/licensing for details. */ |
3 | | |
4 | | /* |
5 | | * Fuzzer for CMake's math expression parser |
6 | | * |
7 | | * The math() command uses cmExprParserHelper to evaluate mathematical |
8 | | * expressions. This fuzzer tests the expression parser for crashes, |
9 | | * hangs, and undefined behavior. |
10 | | * |
11 | | * Coverage targets: |
12 | | * - Integer arithmetic parsing |
13 | | * - Operator precedence handling |
14 | | * - Parentheses nesting |
15 | | * - Error handling for invalid expressions |
16 | | */ |
17 | | |
18 | | #include <cstddef> |
19 | | #include <cstdint> |
20 | | #include <string> |
21 | | |
22 | | #include "cmExprParserHelper.h" |
23 | | |
24 | | // Limit input size to prevent DoS via deeply nested expressions |
25 | | static constexpr size_t kMaxInputSize = 4096; |
26 | | |
27 | | extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) |
28 | 3.85k | { |
29 | 3.85k | if (size == 0 || size > kMaxInputSize) { |
30 | 28 | return 0; |
31 | 28 | } |
32 | | |
33 | | // Create null-terminated string |
34 | 3.82k | std::string input(reinterpret_cast<char const*>(data), size); |
35 | | |
36 | 3.82k | cmExprParserHelper helper; |
37 | | |
38 | | // Parse with different verbosity levels |
39 | 3.82k | int result = helper.ParseString(input.c_str(), 0); |
40 | 3.82k | (void)result; |
41 | | |
42 | | // Always check result and error accessors |
43 | 3.82k | (void)helper.GetResult(); |
44 | 3.82k | (void)helper.GetError(); |
45 | 3.82k | (void)helper.GetWarning(); |
46 | | |
47 | 3.82k | return 0; |
48 | 3.85k | } |