/src/mruby/oss-fuzz/mruby_proto_fuzzer.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | #include <string> |
2 | | #include <iostream> |
3 | | #include <fstream> |
4 | | |
5 | | #include <mruby.h> |
6 | | #include <mruby/compile.h> |
7 | | |
8 | | #include <src/libfuzzer/libfuzzer_macro.h> |
9 | | #include <ruby.pb.h> |
10 | | #include "proto_to_ruby.h" |
11 | | |
12 | | using namespace ruby_fuzzer; |
13 | | using namespace std; |
14 | | |
15 | 476 | int FuzzRB(const uint8_t *Data, size_t size) { |
16 | 476 | mrb_value v; |
17 | 476 | mrb_state *mrb = mrb_open(); |
18 | 476 | if (!mrb) |
19 | 0 | return 0; |
20 | | |
21 | 476 | char *code = (char*)malloc(size+1); |
22 | 476 | if (!code) |
23 | 0 | return 0; |
24 | 476 | memcpy(code, Data, size); |
25 | 476 | code[size] = '\0'; |
26 | | |
27 | 476 | if (const char *dump_path = getenv("PROTO_FUZZER_DUMP_PATH")) { |
28 | | // With libFuzzer binary run this to generate an RB file x.rb: |
29 | | // PROTO_FUZZER_DUMP_PATH=x.rb ./a.out proto-input |
30 | 0 | std::ofstream of(dump_path); |
31 | 0 | of.write(code, size); |
32 | 0 | } |
33 | 476 | std::cout << "\n\n############\n" << code << "\n############\n\n"; |
34 | 476 | v = mrb_load_string(mrb, code); |
35 | 476 | mrb_close(mrb); |
36 | | |
37 | 476 | free(code); |
38 | 476 | return 0; |
39 | 476 | } |
40 | | |
41 | 476 | DEFINE_PROTO_FUZZER(const Function &function) { |
42 | 476 | protoConverter converter; |
43 | 476 | auto s = converter.FunctionToString(function); |
44 | 476 | (void)FuzzRB((const uint8_t*)s.data(), s.size()); |
45 | 476 | } |