ceph/src/boost/libs/json/fuzzing/fuzz_parser.cpp

   1 // Copyright (c) 2019 Vinnie Falco (vinnie.falco@gmail.com)
   2 // Copyright (c) 2020 Paul Dreik (github@pauldreik.se)
   3 //
   4 // Distributed under the Boost Software License, Version 1.0. (See accompanying
   5 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
   6 //
   7 // Official repository: https://github.com/boostorg/json
   8 //
   9
  10 #include <boost/json/parse_options.hpp>
  11 #include <boost/json/serialize.hpp>
  12 #include <boost/json/stream_parser.hpp>
  13 #include <boost/json/monotonic_resource.hpp>
  14 #include <boost/json/null_resource.hpp>
  15 #include <boost/json/static_resource.hpp>
  16 #include <memory>
  17
  18 using namespace boost::json;
  19
  20 struct FuzzHelper {
  21     parse_options opt;
  22     string_view jsontext;
  23     std::size_t memlimit1;
  24     std::size_t memlimit2;
  25     bool res;
  26     void run(stream_parser& p) {
  27         error_code ec;
  28
  29         // Write the first part of the buffer
  30         p.write( jsontext, ec);
  31
  32         if(! ec)
  33             p.finish( ec );
  34
  35         // Take ownership of the resulting value.
  36         if(! ec)
  37         {
  38             value jv = p.release();
  39             res=serialize(jv).size()==42;
  40         } else
  41             res=false;
  42     }
  43
  44     // easy case - everything default
  45     void useDefault() {
  46         stream_parser p(storage_ptr{}, opt);
  47         run(p);
  48     }
  49
  50     void useMonotonic() {
  51         monotonic_resource mr;
  52         stream_parser p(storage_ptr{}, opt);
  53         p.reset( &mr );
  54
  55         run(p);
  56     }
  57
  58     void useLocalBuffer() {
  59         std::unique_ptr<unsigned char[]> temp(new unsigned char[memlimit1]);
  60         stream_parser p(
  61                     storage_ptr(),
  62                     opt,
  63                     temp.get(),
  64                     memlimit1);
  65         run(p);
  66     }
  67
  68     void useDynLess() {
  69         // this is on the heap because the size is chosen dynamically
  70         std::unique_ptr<unsigned char[]> temp(new unsigned char[memlimit1]);
  71         stream_parser p(get_null_resource(),
  72                  opt,
  73                  temp.get(),
  74                  memlimit1);
  75
  76         // this is on the heap because the size is chosen dynamically
  77         std::unique_ptr<unsigned char[]> buf(new unsigned char[memlimit2]);
  78         static_resource mr2( buf.get(), memlimit2 );
  79         p.reset( &mr2 );
  80
  81         run(p);
  82     }
  83
  84 };
  85
  86
  87 extern "C"
  88 int
  89 LLVMFuzzerTestOneInput(
  90         const uint8_t* data, size_t size)
  91 {
  92     if(size<=5)
  93         return 0;
  94
  95     FuzzHelper fh;
  96
  97     // set parse options
  98     fh.opt.allow_comments=!!(data[0]&0x1);
  99     fh.opt.allow_trailing_commas=!!(data[0]&0x2);
 100     fh.opt.allow_invalid_utf8=!!(data[0]&0x4);
 101     fh.opt.max_depth= (data[0]>>3);
 102
 103     // select memory strategy to use
 104     const int strategy=data[1] & 0x3;
 105
 106     // memory limits
 107     fh.memlimit1=data[2]*256+data[3];
 108     fh.memlimit2=data[4]*256+data[5];
 109
 110     data+=6;
 111     size-=6;
 112
 113     //set the json string to parse
 114     fh.jsontext=string_view{
 115             reinterpret_cast<const char*>(
 116                 data), size};
 117     try
 118     {
 119         switch(strategy) {
 120         case 0:
 121             fh.useDefault();
 122             break;
 123         case 1:
 124             fh.useDefault();
 125             break;
 126         case 2:
 127             fh.useLocalBuffer();
 128             break;
 129         case 3:
 130             fh.useDynLess();
 131             break;
 132         }
 133     }
 134     catch(...)
 135     {
 136     }
 137     return 0;
 138 }
 139