/src/CMake/Tests/Fuzzing/cmPkgConfigParserFuzzer.cxx

Source
/* Distributed under the OSI-approved BSD 3-Clause License.  See accompanying
   file LICENSE.rst or https://cmake.org/licensing for details.  */

/*
 * Fuzzer for CMake's pkg-config file parser
 *
 * CMake parses .pc files (pkg-config) when using PkgConfig find module.
 * Malformed .pc files from untrusted sources could trigger vulnerabilities.
 *
 * Coverage targets:
 * - Variable definitions (key=value)
 * - Keyword definitions (key: value)
 * - Variable references (${var})
 * - Multi-line handling
 * - Comment handling
 */

#include <cstddef>
#include <cstdint>
#include <string>
#include <vector>

#include "cmPkgConfigParser.h"

// Limit input size
static constexpr size_t kMaxInputSize = 64 * 1024; // 64KB

extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size)
{
  if (size == 0 || size > kMaxInputSize) {
    return 0;
  }

  // cmPkgConfigParser::Parse takes non-const buffer (may modify in place)
  std::vector<char> buffer(data, data + size);

  cmPkgConfigParser parser;

  // Parse the input
  auto result = parser.Parse(buffer.data(), buffer.size());
  (void)result;

  // Finish parsing
  result = parser.Finish();
  (void)result;

  // Access parsed data to exercise accessors
  auto& entries = parser.Data();
  for (auto const& entry : entries) {
    (void)entry.IsVariable;
    (void)entry.Key;
    for (auto const& elem : entry.Val) {
      (void)elem.IsVariable;
      (void)elem.Data;
    }
  }

  return 0;
}

Line	Count	Source
1		/* Distributed under the OSI-approved BSD 3-Clause License. See accompanying
2		file LICENSE.rst or https://cmake.org/licensing for details. */
3
4		/*
5		* Fuzzer for CMake's pkg-config file parser
6		*
7		* CMake parses .pc files (pkg-config) when using PkgConfig find module.
8		* Malformed .pc files from untrusted sources could trigger vulnerabilities.
9		*
10		* Coverage targets:
11		* - Variable definitions (key=value)
12		* - Keyword definitions (key: value)
13		* - Variable references (${var})
14		* - Multi-line handling
15		* - Comment handling
16		*/
17
18		#include <cstddef>
19		#include <cstdint>
20		#include <string>
21		#include <vector>
22
23		#include "cmPkgConfigParser.h"
24
25		// Limit input size
26		static constexpr size_t kMaxInputSize = 64 * 1024; // 64KB
27
28		extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size)
29	505	{
30	505	if (size == 0 \|\| size > kMaxInputSize) {
31	10	return 0;
32	10	}
33
34		// cmPkgConfigParser::Parse takes non-const buffer (may modify in place)
35	495	std::vector<char> buffer(data, data + size);
36
37	495	cmPkgConfigParser parser;
38
39		// Parse the input
40	495	auto result = parser.Parse(buffer.data(), buffer.size());
41	495	(void)result;
42
43		// Finish parsing
44	495	result = parser.Finish();
45	495	(void)result;
46
47		// Access parsed data to exercise accessors
48	495	auto& entries = parser.Data();
49	59.5k	for (auto const& entry : entries) {
50	59.5k	(void)entry.IsVariable;
51	59.5k	(void)entry.Key;
52	59.5k	for (auto const& elem : entry.Val) {
53	41.5k	(void)elem.IsVariable;
54	41.5k	(void)elem.Data;
55	41.5k	}
56	59.5k	}
57
58	495	return 0;
59	505	}

Coverage Report

Created: 2026-03-12 06:35