Line | Count | Source |
1 | | /* Copyright 2023 Google LLC |
2 | | Licensed under the Apache License, Version 2.0 (the "License"); |
3 | | you may not use this file except in compliance with the License. |
4 | | You may obtain a copy of the License at |
5 | | http://www.apache.org/licenses/LICENSE-2.0 |
6 | | Unless required by applicable law or agreed to in writing, software |
7 | | distributed under the License is distributed on an "AS IS" BASIS, |
8 | | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
9 | | See the License for the specific language governing permissions and |
10 | | limitations under the License. |
11 | | */ |
12 | | #include <stdint.h> |
13 | | #include <stdio.h> |
14 | | #include <stdlib.h> |
15 | | |
16 | | #include <tap.h> |
17 | | #include <my_sys.h> |
18 | | #include <json_lib.h> |
19 | | |
20 | 25.5k | #define FUZZ_KEY_SIZE 32 |
21 | | |
22 | 2.13k | void fuzz_get_object_get(const uint8_t *data, size_t size) { |
23 | 2.13k | if (size < FUZZ_KEY_SIZE) { |
24 | 8 | return; |
25 | 8 | } |
26 | 2.13k | char *fuzz_key = malloc(FUZZ_KEY_SIZE + 1); |
27 | 2.13k | memcpy(fuzz_key, data, FUZZ_KEY_SIZE); |
28 | 2.13k | fuzz_key[FUZZ_KEY_SIZE] = '\0'; |
29 | | |
30 | 2.13k | data += FUZZ_KEY_SIZE; |
31 | 2.13k | size -= FUZZ_KEY_SIZE; |
32 | | |
33 | 2.13k | char *fuzz_str = malloc(size + 1); |
34 | 2.13k | memcpy(fuzz_str, data, size); |
35 | 2.13k | fuzz_str[size] = '\0'; |
36 | | |
37 | 2.13k | const char *value_start; |
38 | 2.13k | int value_len; |
39 | | |
40 | 2.13k | json_get_object_key(fuzz_str, fuzz_str + size, fuzz_key, &value_start, |
41 | 2.13k | &value_len); |
42 | | |
43 | 2.13k | free(fuzz_str); |
44 | 2.13k | free(fuzz_key); |
45 | 2.13k | } |
46 | | |
47 | 2.13k | void fuzz_json_locate_key(const uint8_t *data, size_t size) { |
48 | 2.13k | if (size < FUZZ_KEY_SIZE) { |
49 | 8 | return; |
50 | 8 | } |
51 | 2.13k | char *fuzz_key = malloc(FUZZ_KEY_SIZE + 1); |
52 | 2.13k | memcpy(fuzz_key, data, FUZZ_KEY_SIZE); |
53 | 2.13k | fuzz_key[FUZZ_KEY_SIZE] = '\0'; |
54 | | |
55 | 2.13k | data += FUZZ_KEY_SIZE; |
56 | 2.13k | size -= FUZZ_KEY_SIZE; |
57 | | |
58 | 2.13k | char *fuzz_str = malloc(size + 1); |
59 | 2.13k | memcpy(fuzz_str, data, size); |
60 | 2.13k | fuzz_str[size] = '\0'; |
61 | | |
62 | 2.13k | const char *key_start; |
63 | 2.13k | const char *key_end; |
64 | 2.13k | int comma_pos; |
65 | | |
66 | 2.13k | json_locate_key(fuzz_str, fuzz_str + size, fuzz_key, &key_start, &key_end, |
67 | 2.13k | &comma_pos); |
68 | | |
69 | 2.13k | free(fuzz_str); |
70 | 2.13k | free(fuzz_key); |
71 | 2.13k | } |
72 | | |
73 | 2.13k | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
74 | 2.13k | fuzz_get_object_get(data, size); |
75 | 2.13k | fuzz_json_locate_key(data, size); |
76 | 2.13k | return 0; |
77 | 2.13k | } |