/src/pjsip/tests/fuzz/fuzz-json.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2023 Teluu Inc. (http://www.teluu.com) |
3 | | * |
4 | | * This program is free software; you can redistribute it and/or modify |
5 | | * it under the terms of the GNU General Public License as published by |
6 | | * the Free Software Foundation; either version 2 of the License, or |
7 | | * (at your option) any later version. |
8 | | * |
9 | | * This program is distributed in the hope that it will be useful, |
10 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
11 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
12 | | * GNU General Public License for more details. |
13 | | * |
14 | | * You should have received a copy of the GNU General Public License |
15 | | * along with this program; if not, write to the Free Software |
16 | | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
17 | | */ |
18 | | #include <stdio.h> |
19 | | #include <stdint.h> |
20 | | #include <stdlib.h> |
21 | | |
22 | | #include <pjlib.h> |
23 | | #include <pjlib-util.h> |
24 | | |
25 | 27.9k | #define kMinInputLength 10 |
26 | 13.9k | #define kMaxInputLength 5120 |
27 | | |
28 | | pj_pool_factory *mem; |
29 | | |
30 | 1.37k | int Json_parse(uint8_t *data, size_t Size) { |
31 | | |
32 | 1.37k | pj_pool_t *pool; |
33 | 1.37k | pj_json_elem *elem; |
34 | 1.37k | pj_json_err_info err; |
35 | | |
36 | 1.37k | char *output; |
37 | 1.37k | unsigned int output_size; |
38 | | |
39 | 1.37k | pool = pj_pool_create(mem, "json", 1000, 1000, NULL); |
40 | | |
41 | 1.37k | elem = pj_json_parse(pool, (char *)data, (unsigned *)&Size, &err); |
42 | 1.37k | if (!elem) { |
43 | 561 | goto on_error; |
44 | 561 | } |
45 | | |
46 | 818 | output_size = Size * 2; |
47 | 818 | output = pj_pool_alloc(pool, output_size); |
48 | | |
49 | 818 | if (pj_json_write(elem, output, &output_size)) { |
50 | 524 | goto on_error; |
51 | 524 | } |
52 | | |
53 | 294 | pj_pool_release(pool); |
54 | 294 | return 0; |
55 | | |
56 | 1.08k | on_error: |
57 | 1.08k | pj_pool_release(pool); |
58 | 1.08k | return 1; |
59 | 818 | } |
60 | | |
61 | | extern int |
62 | | LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) |
63 | 13.9k | { |
64 | | |
65 | 13.9k | if (Size < kMinInputLength || Size > kMaxInputLength) { |
66 | 328 | return 1; |
67 | 328 | } |
68 | | |
69 | 13.6k | int ret = 0; |
70 | 13.6k | uint8_t *data; |
71 | 13.6k | pj_caching_pool caching_pool; |
72 | | |
73 | | /* Add NULL byte */ |
74 | 13.6k | data = (uint8_t *)calloc((Size+1), sizeof(uint8_t)); |
75 | 13.6k | memcpy((void *)data, (void *)Data, Size); |
76 | | |
77 | | /* init Calls */ |
78 | 13.6k | pj_init(); |
79 | 13.6k | pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0); |
80 | 13.6k | pj_log_set_level(0); |
81 | | |
82 | 13.6k | mem = &caching_pool.factory; |
83 | | |
84 | | /* Call fuzzer */ |
85 | 13.6k | ret = Json_parse(data, Size); |
86 | | |
87 | 13.6k | free(data); |
88 | 13.6k | pj_caching_pool_destroy(&caching_pool); |
89 | | |
90 | 13.6k | return ret; |
91 | 13.9k | } |