1 // Protocol Buffers - Google's data interchange format
2 // Copyright 2023 Google LLC. All rights reserved.
3 //
4 // Use of this source code is governed by a BSD-style
5 // license that can be found in the LICENSE file or at
6 // https://developers.google.com/open-source/licenses/bsd
7
8 #include <cstddef>
9 #include <cstring>
10 #include <string_view>
11
12 #include <gtest/gtest.h>
13 #include "testing/fuzzing/fuzztest.h"
14 #include "upb/base/status.hpp"
15 #include "upb/base/upcast.h"
16 #include "upb/json/decode.h"
17 #include "upb/json/encode.h"
18 #include "upb/json/test.upb.h"
19 #include "upb/json/test.upbdefs.h"
20 #include "upb/mem/arena.h"
21 #include "upb/mem/arena.hpp"
22 #include "upb/reflection/def.hpp"
23
24 namespace {
25
DecodeEncodeArbitraryJson(std::string_view json)26 void DecodeEncodeArbitraryJson(std::string_view json) {
27 upb::Arena arena;
28 upb::Status status;
29
30 // Copy the input string to the heap. This helps asan reproduce issues that
31 // don't reproduce when passing static memory pointers. See b/309107518.
32 auto* json_heap = new char[json.size()];
33 memcpy(json_heap, json.data(), json.size());
34
35 upb::DefPool defpool;
36 upb::MessageDefPtr m(upb_test_Box_getmsgdef(defpool.ptr()));
37 EXPECT_TRUE(m.ptr() != nullptr);
38
39 upb_test_Box* box = upb_test_Box_new(arena.ptr());
40 int options = 0;
41 bool ok = upb_JsonDecode(json_heap, json.size(), UPB_UPCAST(box), m.ptr(),
42 defpool.ptr(), options, arena.ptr(), status.ptr());
43 delete[] json_heap;
44 if (!ok) return;
45
46 size_t size = upb_JsonEncode(UPB_UPCAST(box), m.ptr(), defpool.ptr(), options,
47 nullptr, 0, status.ptr());
48 char* json_buf = (char*)upb_Arena_Malloc(arena.ptr(), size + 1);
49
50 size_t written = upb_JsonEncode(UPB_UPCAST(box), m.ptr(), defpool.ptr(),
51 options, json_buf, size + 1, status.ptr());
52 EXPECT_EQ(written, size);
53 }
54 FUZZ_TEST(FuzzTest, DecodeEncodeArbitraryJson);
55
TEST(FuzzTest,UnclosedObjectKey)56 TEST(FuzzTest, UnclosedObjectKey) { DecodeEncodeArbitraryJson("{\" "); }
57
TEST(FuzzTest,MalformedExponent)58 TEST(FuzzTest, MalformedExponent) {
59 DecodeEncodeArbitraryJson(R"({"val":0XE$})");
60 }
61
62 } // namespace
63