• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Protocol Buffers - Google's data interchange format
2 // Copyright 2023 Google LLC.  All rights reserved.
3 //
4 // Use of this source code is governed by a BSD-style
5 // license that can be found in the LICENSE file or at
6 // https://developers.google.com/open-source/licenses/bsd
7 
8 #ifndef UPB_TEST_FUZZ_UTIL_H_
9 #define UPB_TEST_FUZZ_UTIL_H_
10 
11 #include <string>
12 #include <vector>
13 
14 #include "upb/mem/arena.h"
15 #include "upb/mini_table/extension_registry.h"
16 #include "upb/mini_table/message.h"
17 
18 namespace upb {
19 namespace fuzz {
20 
21 struct MiniTableFuzzInput {
22   // MiniDescriptors for N messages, in the format accepted by
23   // upb_MiniTable_Build().
24   std::vector<std::string> mini_descriptors;
25 
26   // MiniDescriptors for N enums, in the format accepted by
27   // upb_MiniTableEnum_Build().
28   std::vector<std::string> enum_mini_descriptors;
29 
30   // A MiniDescriptor for N extensions, in the format accepted by
31   // upb_MiniTableExtension_Build().
32   std::string extensions;
33 
34   // Integer indexes into the message or enum mini tables lists.  These specify
35   // which message or enum to use for each sub-message or enum field.  We mod
36   // by the total number of enums or messages so that any link value can be
37   // valid.
38   std::vector<uint32_t> links;
39 };
40 
41 // Builds an arbitrary mini table corresponding to the random data in `input`.
42 // This function should be capable of producing any mini table that can
43 // successfully build, and any topology of messages and enums (including
44 // cycles).
45 //
46 // As currently written, it effectively fuzzes the mini descriptor parser also,
47 // and can therefore trigger any bugs in that parser. To better isolate these
48 // two, we may want to change this implementation to use the mini descriptor
49 // builder API so we are producing mini descriptors in a known good format. That
50 // would mostly eliminate the chance of crashing the mini descriptor parser
51 // itself.
52 //
53 // TODO: maps.  If we give maps some space in the regular encoding instead of
54 // using a separate function, we could get that for free.
55 const upb_MiniTable* BuildMiniTable(const MiniTableFuzzInput& input,
56                                     upb_ExtensionRegistry** exts,
57                                     upb_Arena* arena);
58 
59 }  // namespace fuzz
60 }  // namespace upb
61 
62 #endif  // UPB_TEST_FUZZ_UTIL_H_
63