diff options
author | David Korczynski <david@adalogics.com> | 2023-11-30 13:22:27 +0000 |
---|---|---|
committer | Emanuele Torre <torreemanuele6@gmail.com> | 2023-11-30 14:40:36 +0100 |
commit | 252ab244cead3670a11d06bc3110f3a4577a2341 (patch) | |
tree | 7c6832a4b7376e7793d1239bd0abe0d580c69ee3 | |
parent | 13353515bd3aedf84c6e6ebfb726563ae84db778 (diff) |
Add fuzzer targeting jq_next
Signed-off-by: David Korczynski <david@adalogics.com>
-rw-r--r-- | tests/jq_fuzz_execute.cpp | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/tests/jq_fuzz_execute.cpp b/tests/jq_fuzz_execute.cpp new file mode 100644 index 00000000..db844818 --- /dev/null +++ b/tests/jq_fuzz_execute.cpp @@ -0,0 +1,40 @@ +#include <fuzzer/FuzzedDataProvider.h> +#include <string> + +extern "C" { +#include "jq.h" +#include "jv.h" +} + +// Fuzzer inspired by /src/jq_test.c +// The goal is to have the fuzzer execute the functions: +// jq_compile -> jv_parse -> jq_next. +extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { + FuzzedDataProvider fdp(data, size); + std::string prog_payload = fdp.ConsumeRandomLengthString(); + std::string parse_payload1 = fdp.ConsumeRandomLengthString(); + std::string parse_payload2 = fdp.ConsumeRandomLengthString(); + + jq_state *jq = NULL; + jq = jq_init(); + if (jq != NULL) { + if (jq_compile(jq, prog_payload.c_str())) { + // Process to jv_parse and then jv_next + jv input = jv_parse(parse_payload1.c_str()); + if (jv_is_valid(input)) { + jq_start(jq, input, 0); + jv next = jv_parse(parse_payload2.c_str()); + if (jv_is_valid(next)) { + jv actual = jq_next(jq); + jv_free(actual); + } + jv_free(next); + } + + // Do not free "input" as this is handled by jq_teardown. + } + } + jq_teardown(&jq); + + return 0; +} |