/src/mruby/oss-fuzz/mruby_proto_fuzzer.cpp

Source
#include <string>
#include <iostream>
#include <fstream>

#include <mruby.h>
#include <mruby/compile.h>

#include <src/libfuzzer/libfuzzer_macro.h>
#include <ruby.pb.h>
#include "proto_to_ruby.h"

using namespace ruby_fuzzer;
using namespace std;

int FuzzRB(const uint8_t *Data, size_t size) {
  mrb_value v;
  mrb_state *mrb = mrb_open();
  if (!mrb)
    return 0;

  char *code = (char*)malloc(size+1);
  if (!code)
    return 0;
  memcpy(code, Data, size);
  code[size] = '\0';

  if (const char *dump_path = getenv("PROTO_FUZZER_DUMP_PATH")) {
    // With libFuzzer binary run this to generate an RB file x.rb:
    // PROTO_FUZZER_DUMP_PATH=x.rb ./a.out proto-input
    std::ofstream of(dump_path);
    of.write(code, size);
  }
  std::cout << "\n\n############\n" << code << "\n############\n\n";
  v = mrb_load_string(mrb, code);
  mrb_close(mrb);

  free(code);
  return 0;
}

DEFINE_PROTO_FUZZER(const Function &function) {
  protoConverter converter;
  auto s = converter.FunctionToString(function);
  (void)FuzzRB((const uint8_t*)s.data(), s.size());
}

Line	Count	Source
1		#include <string>
2		#include <iostream>
3		#include <fstream>
4
5		#include <mruby.h>
6		#include <mruby/compile.h>
7
8		#include <src/libfuzzer/libfuzzer_macro.h>
9		#include <ruby.pb.h>
10		#include "proto_to_ruby.h"
11
12		using namespace ruby_fuzzer;
13		using namespace std;
14
15	14.8k	int FuzzRB(const uint8_t *Data, size_t size) {
16	14.8k	mrb_value v;
17	14.8k	mrb_state *mrb = mrb_open();
18	14.8k	if (!mrb)
19	0	return 0;
20
21	14.8k	char code = (char)malloc(size+1);
22	14.8k	if (!code)
23	0	return 0;
24	14.8k	memcpy(code, Data, size);
25	14.8k	code[size] = '\0';
26
27	14.8k	if (const char *dump_path = getenv("PROTO_FUZZER_DUMP_PATH")) {
28		// With libFuzzer binary run this to generate an RB file x.rb:
29		// PROTO_FUZZER_DUMP_PATH=x.rb ./a.out proto-input
30	0	std::ofstream of(dump_path);
31	0	of.write(code, size);
32	0	}
33	14.8k	std::cout << "\n\n############\n" << code << "\n############\n\n";
34	14.8k	v = mrb_load_string(mrb, code);
35	14.8k	mrb_close(mrb);
36
37	14.8k	free(code);
38	14.8k	return 0;
39	14.8k	}
40
41	14.8k	DEFINE_PROTO_FUZZER(const Function &function) {
42	14.8k	protoConverter converter;
43	14.8k	auto s = converter.FunctionToString(function);
44	14.8k	(void)FuzzRB((const uint8_t*)s.data(), s.size());
45	14.8k	}

Coverage Report

Created: 2026-03-22 07:15