1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 import com.android.json.stream.JsonReader; 18 19 import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 21 import java.io.IOException; 22 import java.io.Reader; 23 import java.io.StringReader; 24 25 /** 26 * JsonReaderFuzzer contains fuzzerTestOneInput(...) method to fuzz JsonReader 27 * using the jazzer fuzzing engine. 28 */ 29 public class JsonReaderFuzzer { 30 /** 31 * fuzzerTestOneInput(FuzzedDataProvider data) is called by the jazzer 32 * fuzzing engine repeatedly with random inputs to try and crash the code 33 * in JsonReader. 34 * @param data 35 * argument of type FuzzedDataProvider to provide easy access to various 36 * data types to feed into the fuzzer program. 37 */ fuzzerTestOneInput(FuzzedDataProvider data)38 public static void fuzzerTestOneInput(FuzzedDataProvider data) { 39 String initString = data.consumeRemainingAsString(); 40 Reader in = new StringReader(initString); 41 JsonReader jsonReader = new JsonReader(in); 42 boolean hasNext = true; 43 while (hasNext) { 44 try { 45 hasNext = jsonReader.hasNext(); 46 } catch (IOException e) { 47 break; 48 } 49 try { 50 jsonReader.nextString(); 51 } catch (IOException | IllegalStateException e) { 52 break; 53 } 54 } 55 } 56 } 57