diff options
-rw-r--r-- | src/fuzz/fuzz-json.c | 30 | ||||
-rw-r--r-- | src/fuzz/meson.build | 4 | ||||
-rwxr-xr-x | tools/oss-fuzz.sh | 3 |
3 files changed, 37 insertions, 0 deletions
diff --git a/src/fuzz/fuzz-json.c b/src/fuzz/fuzz-json.c new file mode 100644 index 000000000..3aa9d089e --- /dev/null +++ b/src/fuzz/fuzz-json.c @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#include "alloc-util.h" +#include "fd-util.h" +#include "fuzz.h" +#include "json.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + _cleanup_free_ char *out = NULL; /* out should be freed after g */ + size_t out_size; + _cleanup_fclose_ FILE *f = NULL, *g = NULL; + _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + + if (size == 0) + return 0; + + f = fmemopen((char*) data, size, "re"); + assert_se(f); + + if (json_parse_file(f, NULL, &v, NULL, NULL) < 0) + return 0; + + g = open_memstream(&out, &out_size); + assert_se(g); + + json_variant_dump(v, 0, g, NULL); + json_variant_dump(v, JSON_FORMAT_PRETTY|JSON_FORMAT_COLOR|JSON_FORMAT_SOURCE, g, NULL); + + return 0; +} diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build index 31ee41cbe..4c2384935 100644 --- a/src/fuzz/meson.build +++ b/src/fuzz/meson.build @@ -37,6 +37,10 @@ fuzzers += [ libsystemd_network], []], + [['src/fuzz/fuzz-json.c'], + [libshared], + []], + [['src/fuzz/fuzz-unit-file.c'], [libcore, libshared], diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh index 4d11e81ed..df72e47d7 100755 --- a/tools/oss-fuzz.sh +++ b/tools/oss-fuzz.sh @@ -48,5 +48,8 @@ zip -jqr $OUT/fuzz-dns-packet_seed_corpus.zip $df/packet install -Dt $OUT/src/shared/ $build/src/shared/libsystemd-shared-*.so +wget -O $OUT/fuzz-json_seed_corpus.zip https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip +wget -O $OUT/fuzz-json.dict https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/json.dict + find $build -maxdepth 1 -type f -executable -name "fuzz-*" -exec mv {} $OUT \; cp src/fuzz/*.options $OUT |