LCOV - code coverage report
Current view: top level - disco/rpcserver - fuzz_json_lex.c (source / functions) Hit Total Coverage
Test: cov.lcov Lines: 10 11 90.9 %
Date: 2025-01-08 12:08:44 Functions: 1 2 50.0 % 

          Line data    Source code
       1             : #include <stdlib.h>
       2             : #include <unistd.h>
       3             : 
       4             : #include "../../util/fd_util.h"
       5             : #include "json_lex.h"
       6             : 
       7             : # define SMAX (1L<<20UL)
       8             : # define FMAX (1UL)
       9             : uchar scratch_mem [ SMAX ] __attribute__((aligned(FD_SCRATCH_SMEM_ALIGN)));
      10             : ulong scratch_fmem[ FMAX ] __attribute((aligned(FD_SCRATCH_FMEM_ALIGN)));
      11             : 
      12             : struct json_lex_state *lex_state = NULL;
      13             : 
      14           0 : void free_lex_state( void ) { free(lex_state); }
      15             : 
      16          18 : int LLVMFuzzerInitialize(int *argc, char ***argv) {
      17             :   /* Set up shell without signal handlers */
      18          18 :   putenv("FD_LOG_BACKTRACE=0");
      19          18 :   fd_boot(argc, argv);
      20          18 :   atexit(fd_halt);
      21          18 :   fd_log_level_core_set(3); /* crash on warning log */
      22             : 
      23          18 :   lex_state = malloc(sizeof(struct json_lex_state));
      24          18 :   atexit(free_lex_state);
      25             : 
      26             :   /* Disable parsing error logging */
      27          18 :   fd_log_level_stderr_set(4);
      28          18 :   return 0;
      29          18 : }
      30             : 
      31             : int
      32             : LLVMFuzzerTestOneInput(uchar const *data, ulong size) {
      33             :   fd_scratch_attach( scratch_mem, scratch_fmem, SMAX, FMAX );
      34             :   json_lex_state_new(lex_state, (const char *)data, size);
      35             :   for (;;) {
      36             :     long token_type = json_lex_next_token(lex_state);
      37             : 
      38             :     if (token_type == JSON_TOKEN_END || token_type == JSON_TOKEN_ERROR) {
      39             :       break;
      40             :     }
      41             : 
      42             :     ulong sz_out;
      43             :     const char *out = json_lex_get_text(lex_state, &sz_out);
      44             : 
      45             :     if (sz_out) {
      46             :       // Access the first and last byte of the state
      47             :       const char a __attribute__((unused)) = out[0];
      48             : 
      49             :       // An ASAN hit here would mean that json_lex_get_text claims that we can
      50             :       // read further than we can.
      51             :       const char b __attribute__((unused)) = out[sz_out - 1];
      52             :     }
      53             :   }
      54             : 
      55             :   json_lex_state_delete(lex_state);
      56             :   fd_scratch_detach( NULL );
      57             :   return 0;
      58             : }

Generated by: LCOV version 1.14