1 /*
2 * Copyright 2014 Google Inc. All rights reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stddef.h>
18 #include <stdint.h>
19
20 #include <clocale>
21 #include <filesystem>
22 #include <string>
23
24 #include "cpp17/generated_cpp17/monster_test_generated.h"
25 #include "flatbuffers/idl.h"
26 #include "test_init.h"
27
28 namespace fs = std::filesystem;
29
30 // Utility for test run.
31 OneTimeTestInit OneTimeTestInit::one_time_init_;
32 // The current executable path (see LLVMFuzzerInitialize).
33 static fs::path exe_path_;
34
35 namespace {
36
37 static constexpr size_t kMinInputLength = 1;
38 static constexpr size_t kMaxInputLength = 16384;
39
40 static constexpr uint8_t flags_strict_json = 0x80;
41 static constexpr uint8_t flags_skip_unexpected_fields_in_json = 0x40;
42 static constexpr uint8_t flags_allow_non_utf8 = 0x20;
43
TestFileExists(fs::path file_path)44 bool TestFileExists(fs::path file_path) {
45 if (file_path.has_filename() && fs::exists(file_path)) return true;
46
47 TEST_OUTPUT_LINE("@DEBUG: file '%s' not found", file_path.string().c_str());
48 for (const auto &entry : fs::directory_iterator(file_path.parent_path())) {
49 TEST_OUTPUT_LINE("@DEBUG: parent path entry: '%s'", entry.path().string().c_str());
50 }
51 return false;
52 }
53
LoadBinarySchema(const char * file_name)54 std::string LoadBinarySchema(const char *file_name) {
55 const auto file_path = exe_path_.parent_path() / file_name;
56 TEST_EQ(true, TestFileExists(file_path));
57 std::string schemafile;
58 TEST_EQ(true, flatbuffers::LoadFile(file_path.string().c_str(), true, &schemafile));
59
60 flatbuffers::Verifier verifier(
61 reinterpret_cast<const uint8_t *>(schemafile.c_str()), schemafile.size());
62 TEST_EQ(true, reflection::VerifySchemaBuffer(verifier));
63 return schemafile;
64 }
65
do_test(const flatbuffers::IDLOptions & opts,const std::string input_json,const bool check_parser)66 std::string do_test(const flatbuffers::IDLOptions &opts,
67 const std::string input_json, const bool check_parser) {
68 // once loaded from disk
69 static const std::string schemafile = LoadBinarySchema("monster_test.bfbs");
70 // parse schema first, so we can use it to parse the data after
71 flatbuffers::Parser parser;
72 TEST_EQ(true, parser.Deserialize(
73 reinterpret_cast<const uint8_t *>(schemafile.c_str()),
74 schemafile.size()));
75 // (re)define parser options
76 parser.opts = opts;
77
78 std::string jsongen;
79 if (parser.ParseJson(input_json.c_str())) {
80 flatbuffers::Verifier verifier(parser.builder_.GetBufferPointer(),
81 parser.builder_.GetSize());
82 TEST_EQ(true, MyGame::Example::VerifyMonsterBuffer(verifier));
83 TEST_ASSERT(
84 GenerateText(parser, parser.builder_.GetBufferPointer(), &jsongen));
85 } else if (check_parser) {
86 TEST_OUTPUT_LINE("parser failed with JSON:\n%s", input_json.c_str());
87 TEST_EQ_STR("", parser.error_.c_str());
88 TEST_ASSERT(false);
89 }
90 return jsongen;
91 };
92 } // namespace
93
94 // https://google.github.io/oss-fuzz/further-reading/fuzzer-environment/
95 // Current working directory
96 // You should not make any assumptions about the current working directory of
97 // your fuzz target. If you need to load data files, please use argv[0] to get
98 // the directory where your fuzz target executable is located.
99 // You must not modify argv[0].
LLVMFuzzerInitialize(int * argc,char *** argv)100 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
101 (void)argc;
102 exe_path_ = (*argv)[0];
103 return 0;
104 }
105
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)106 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
107 // Reserve one byte for Parser flags and one byte for repetition counter.
108 if (size < 3) return 0;
109 const uint8_t flags = data[0];
110 (void)data[1]; // reserved
111 data += 2;
112 size -= 2; // bypass
113
114 const std::string original(reinterpret_cast<const char *>(data), size);
115 auto input = std::string(original.c_str()); // until '\0'
116 if (input.size() < kMinInputLength || input.size() > kMaxInputLength)
117 return 0;
118
119 flatbuffers::IDLOptions opts;
120 opts.strict_json = (flags & flags_strict_json);
121 opts.skip_unexpected_fields_in_json =
122 (flags & flags_skip_unexpected_fields_in_json);
123 opts.allow_non_utf8 = (flags & flags_allow_non_utf8);
124
125 const std::string jsongen_1 = do_test(opts, input, false);
126 if (!jsongen_1.empty()) {
127 const std::string jsongen_2 = do_test(opts, jsongen_1, true);
128 TEST_EQ(jsongen_1, jsongen_2);
129 }
130 return 0;
131 }
132