Line data Source code
1 : #include <stdlib.h> 2 : #include <unistd.h> 3 : 4 : #include "../../util/fd_util.h" 5 : #include "json_lex.h" 6 : 7 : # define SMAX (1L<<20UL) 8 : # define FMAX (1UL) 9 : uchar scratch_mem [ SMAX ] __attribute__((aligned(FD_SCRATCH_SMEM_ALIGN))); 10 : ulong scratch_fmem[ FMAX ] __attribute((aligned(FD_SCRATCH_FMEM_ALIGN))); 11 : 12 : struct json_lex_state *lex_state = NULL; 13 : 14 0 : void free_lex_state( void ) { free(lex_state); } 15 : 16 15 : int LLVMFuzzerInitialize(int *argc, char ***argv) { 17 : /* Set up shell without signal handlers */ 18 15 : putenv("FD_LOG_BACKTRACE=0"); 19 15 : fd_boot(argc, argv); 20 15 : atexit(fd_halt); 21 15 : fd_log_level_core_set(3); /* crash on warning log */ 22 : 23 15 : lex_state = malloc(sizeof(struct json_lex_state)); 24 15 : atexit(free_lex_state); 25 : 26 : /* Disable parsing error logging */ 27 15 : fd_log_level_stderr_set(4); 28 15 : return 0; 29 15 : } 30 : 31 : int 32 : LLVMFuzzerTestOneInput(uchar const *data, ulong size) { 33 : fd_scratch_attach( scratch_mem, scratch_fmem, SMAX, FMAX ); 34 : fd_scratch_push(); 35 : json_lex_state_new(lex_state, (const char *)data, size); 36 : for (;;) { 37 : long token_type = json_lex_next_token(lex_state); 38 : 39 : if (token_type == JSON_TOKEN_END || token_type == JSON_TOKEN_ERROR) { 40 : break; 41 : } 42 : 43 : ulong sz_out; 44 : const char *out = json_lex_get_text(lex_state, &sz_out); 45 : 46 : if (sz_out) { 47 : // Access the first and last byte of the state 48 : const char a __attribute__((unused)) = out[0]; 49 : 50 : // An ASAN hit here would mean that json_lex_get_text claims that we can 51 : // read further than we can. 52 : const char b __attribute__((unused)) = out[sz_out - 1]; 53 : } 54 : } 55 : 56 : json_lex_state_delete(lex_state); 57 : fd_scratch_pop(); 58 : fd_scratch_detach( NULL ); 59 : return 0; 60 : }