mirror/cJSON
1
0
Fork 0
mirror of https://github.com/DaveGamble/cJSON.git synced 2023-08-10 21:13:26 +03:00
Code Issues Projects Releases Wiki Activity

update fuzzer

Browse Source
This commit is contained in:
Randy 2019-07-11 14:42:27 +02:00
parent f7f175fdf2
commit 2691e142f4
1 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
fuzzing/cjson_read_fuzzer.cc
View File

@ -1,30 +1,38 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdint.h> #include <stdint.h>
#include <string.h>
#include "../cJSON.h" #include "../cJSON.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{ {
if((data[0] == '\0') || (size < 3) || (data[1] == '\0')) return 0; size_t offset = 4;
cJSON *json = cJSON_Parse((const char*)data + 2); if(size < offset) return 0;
if(data[0] != '1' && data[0] != '0') return 0;
if(data[1] != '1' && data[1] != '0') return 0;
if(data[2] != '1' && data[2] != '0') return 0;
if(data[3] != '1' && data[3] != '0') return 0;
int minify = data[0] == '1' ? 1 : 0;
int require_termination = data[1] == '1' ? 1 : 0;
int formatted = data[2] == '1' ? 1 : 0;
int buffered = data[3] == '1' ? 1 : 0;
cJSON *json = cJSON_ParseWithOpts((const char*)data + offset, NULL, require_termination);
if(json == NULL) return 0; if(json == NULL) return 0;
int do_format = 0;
char *printed_json = NULL; char *printed_json = NULL;
if(data[1] == 'f') do_format = 1; if(buffered)
if(data[0] == 'b')
{ {
/* buffered printing */ printed_json = cJSON_PrintBuffered(json, 1, formatted);
printed_json = cJSON_PrintBuffered(json, 1, do_format);
} }
else else
{ {
/* unbuffered printing */ /* unbuffered printing */
if(do_format) if(formatted)
{ {
printed_json = cJSON_Print(json); printed_json = cJSON_Print(json);
} }
@ -35,6 +43,18 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
} }
if(printed_json != NULL) free(printed_json); if(printed_json != NULL) free(printed_json);
if(minify)
{
unsigned char *copied = (unsigned char*)malloc(size);
memcpy(copied, data + offset, size);
cJSON_Minify((char*)printed_json);
free(copied);
}
cJSON_Delete(json); cJSON_Delete(json);
return 0; return 0;