• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright 2021 Google LLC
2 Licensed under the Apache License, Version 2.0 (the "License");
3 you may not use this file except in compliance with the License.
4 You may obtain a copy of the License at
5       http://www.apache.org/licenses/LICENSE-2.0
6 Unless required by applicable law or agreed to in writing, software
7 distributed under the License is distributed on an "AS IS" BASIS,
8 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9 See the License for the specific language governing permissions and
10 limitations under the License.
11 */
12 // From https://svn.boost.org/trac10/ticket/12818
13 // This fuzz target can likely be enhanced to exercise more code.
14 // The ideal place for this fuzz target is the boost repository.
15 #ifdef DEBUG
16 #include <iostream>
17 #endif
18 
19 #include <boost/regex.hpp>
20 #include <fuzzer/FuzzedDataProvider.h>
21 
22 namespace {
assertPostConditions(boost::match_results<std::string::const_iterator> const & match,boost::regex const & e)23   void assertPostConditions(boost::match_results<std::string::const_iterator> const& match, boost::regex const& e)
24   {
25     // See https://www.boost.org/doc/libs/1_71_0/libs/regex/doc/html/boost_regex/ref/regex_match.html
26     assert(match.size() == e.mark_count() + 1);
27     assert(!match.empty());
28     assert(!match.prefix().matched);
29     assert(!match.suffix().matched);
30   }
31 }
32 
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)33 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
34   FuzzedDataProvider fuzzed_data(Data, Size);
35   // First value is length of the regex string
36   size_t regex_length = fuzzed_data.ConsumeIntegral<uint8_t>();
37   // Second value is regexp string whose length is `regex_length`
38   std::string regex_string = fuzzed_data.ConsumeBytesAsString(regex_length);
39   try {
40     boost::regex e(regex_string);
41     // Last value is the text to be matched
42     std::string text = fuzzed_data.ConsumeRemainingBytesAsString();
43 
44 #ifdef DEBUG
45     std::cout << "Regexp string: " << regex_string << "Size: " << regex_string.size() << std::endl;
46     std::cout << "Text: " << text << "Size: " << text.size() << std::endl;
47 #endif
48 
49     boost::match_results<std::string::const_iterator> what;
50     bool match = boost::regex_match(text, what, e,
51                        boost::match_default | boost::match_partial);
52     if (match)
53       assertPostConditions(what, e);
54   }
55   catch (const std::runtime_error &) {
56   }
57   return 0;
58 }
59