fuzzing: Fuzz printing as well.

With one big limitation: It can only be fuzzed with what has been
parsed by the library beforehand.
This commit is contained in:
Max Bruckner 2017-02-18 02:07:12 +01:00
parent 0e0cd5bae5
commit 4785070ad3
2 changed files with 35 additions and 6 deletions

View File

@ -5,7 +5,6 @@ if (ENABLE_FUZZING)
message(FATAL_ERROR "Couldn't find afl-fuzz.") message(FATAL_ERROR "Couldn't find afl-fuzz.")
endif() endif()
add_executable(afl-main afl.c) add_executable(afl-main afl.c)
target_link_libraries(afl-main "${CJSON_LIB}") target_link_libraries(afl-main "${CJSON_LIB}")
@ -13,8 +12,14 @@ if (ENABLE_FUZZING)
message(FATAL_ERROR "Enable sanitizers with -DENABLE_SANITIZERS=On to do fuzzing.") message(FATAL_ERROR "Enable sanitizers with -DENABLE_SANITIZERS=On to do fuzzing.")
endif() endif()
option(ENABLE_FUZZING_PRINT "Fuzz printing functions together with parser." On)
set(fuzz_print_parameter "no")
if (ENABLE_FUZZING_PRINT)
set(fuzz_print_parameter "yes")
endif()
add_custom_target(afl add_custom_target(afl
COMMAND "${AFL_FUZZ}" -i "${CMAKE_CURRENT_SOURCE_DIR}/inputs" -o "${CMAKE_CURRENT_BINARY_DIR}/findings" -x "${CMAKE_CURRENT_SOURCE_DIR}/json.dict" -- "${CMAKE_CURRENT_BINARY_DIR}/afl-main" "@@" COMMAND "${AFL_FUZZ}" -i "${CMAKE_CURRENT_SOURCE_DIR}/inputs" -o "${CMAKE_CURRENT_BINARY_DIR}/findings" -x "${CMAKE_CURRENT_SOURCE_DIR}/json.dict" -- "${CMAKE_CURRENT_BINARY_DIR}/afl-main" "@@" "${fuzz_print_parameter}"
DEPENDS afl-main) DEPENDS afl-main)

View File

@ -22,6 +22,7 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h>
#include "../cJSON.h" #include "../cJSON.h"
@ -86,23 +87,42 @@ int main(int argc, char** argv)
const char *filename = NULL; const char *filename = NULL;
cJSON *item = NULL; cJSON *item = NULL;
char *json = NULL; char *json = NULL;
int status = EXIT_SUCCESS;
char *printed_json = NULL;
if (argc < 2) if ((argc < 2) || (argc > 3))
{ {
printf("Usage:\n"); printf("Usage:\n");
printf("%s input_file\n", argv[0]); printf("%s input_file [enable_printing]\n", argv[0]);
printf("\t input_file: file containing the test data"); printf("\t input_file: file containing the test data\n");
printf("\t enable_printing: print after parsing, 'yes' or 'no', defaults to 'no'\n");
} }
filename = argv[1]; filename = argv[1];
json = read_file(filename); json = read_file(filename);
if (json == NULL)
{
status = EXIT_FAILURE;
goto cleanup;
}
item = cJSON_Parse(json); item = cJSON_Parse(json);
if (item == NULL) if (item == NULL)
{ {
goto cleanup; goto cleanup;
} }
if ((argc == 3) && (strncmp(argv[2], "yes", 3) == 0))
{
printed_json = cJSON_Print(item);
if (printed_json == NULL)
{
status = EXIT_FAILURE;
goto cleanup;
}
printf("%s\n", printed_json);
}
cleanup: cleanup:
if (item != NULL) if (item != NULL)
{ {
@ -112,6 +132,10 @@ cleanup:
{ {
free(json); free(json);
} }
if (printed_json != NULL)
{
free(printed_json);
}
return EXIT_SUCCESS; return status;
} }