fuzzing: Fuzz different print methods

This is achieved by encoding the type of function used in the first two bytes. First byte: b: buffered Second byte: f: formatted
2023-08-10 21:13:26 +03:00 · 2017-02-18 02:31:42 +01:00
parent 4785070ad3
commit c5a09a32a9
15 changed files with 117 additions and 17 deletions
--- a/fuzzing/afl.c
+++ b/fuzzing/afl.c
@ -101,12 +101,12 @@ int main(int argc, char** argv)
    filename = argv[1];

    json = read_file(filename);
-    if (json == NULL)
+    if ((json == NULL) || (json[0] == '\0') || (json[1] == '\0'))
    {
        status = EXIT_FAILURE;
        goto cleanup;
    }
-    item = cJSON_Parse(json);
+    item = cJSON_Parse(json + 2);
    if (item == NULL)
    {
        goto cleanup;
@ -114,7 +114,29 @@ int main(int argc, char** argv)

    if ((argc == 3) && (strncmp(argv[2], "yes", 3) == 0))
    {
-        printed_json = cJSON_Print(item);
+        int do_format = 0;
+        if (json[1] == 'f')
+        {
+            do_format = 1;
+        }
+
+        if (json[0] == 'b')
+        {
+            /* buffered printing */
+            printed_json = cJSON_PrintBuffered(item, 1, do_format);
+        }
+        else
+        {
+            /* unbuffered printing */
+            if (do_format)
+            {
+                printed_json = cJSON_Print(item);
+            }
+            else
+            {
+                printed_json = cJSON_PrintUnformatted(item);
+            }
+        }
        if (printed_json == NULL)
        {
            status = EXIT_FAILURE;