From ec8d2f9c2e9de7524f9ddd78d39605d5fc6987ef Mon Sep 17 00:00:00 2001 From: randy408 Date: Mon, 21 Oct 2019 15:27:47 +0200 Subject: [PATCH] convert fuzz target to c89, optimize --- fuzzing/CMakeLists.txt | 2 +- ...son_read_fuzzer.cc => cjson_read_fuzzer.c} | 28 ++++++++----------- fuzzing/fuzz_main.c | 4 +-- fuzzing/ossfuzz.sh | 4 +-- 4 files changed, 16 insertions(+), 22 deletions(-) rename fuzzing/{cjson_read_fuzzer.cc => cjson_read_fuzzer.c} (77%) diff --git a/fuzzing/CMakeLists.txt b/fuzzing/CMakeLists.txt index 84278e8..587368d 100644 --- a/fuzzing/CMakeLists.txt +++ b/fuzzing/CMakeLists.txt @@ -28,6 +28,6 @@ if (ENABLE_FUZZING) endif() if(ENABLE_CJSON_TEST) - ADD_EXECUTABLE(fuzz_main fuzz_main.c) + ADD_EXECUTABLE(fuzz_main fuzz_main.c cjson_read_fuzzer.c) TARGET_LINK_LIBRARIES(fuzz_main cjson) endif() \ No newline at end of file diff --git a/fuzzing/cjson_read_fuzzer.cc b/fuzzing/cjson_read_fuzzer.c similarity index 77% rename from fuzzing/cjson_read_fuzzer.cc rename to fuzzing/cjson_read_fuzzer.c index 4ec4322..b2692ed 100644 --- a/fuzzing/cjson_read_fuzzer.cc +++ b/fuzzing/cjson_read_fuzzer.c @@ -4,9 +4,8 @@ #include "../cJSON.h" -#ifdef __cplusplus -extern "C" -#endif +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); /* required by C89 */ + int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { cJSON *json; @@ -17,6 +16,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) if(size <= offset) return 0; + if(data[size-1] != '\0') return 0; if(data[0] != '1' && data[0] != '0') return 0; if(data[1] != '1' && data[1] != '0') return 0; if(data[2] != '1' && data[2] != '0') return 0; @@ -27,19 +27,9 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) formatted = data[2] == '1' ? 1 : 0; buffered = data[3] == '1' ? 1 : 0; - copied = (unsigned char*)malloc(size); - if(copied == NULL) return 0; - - memcpy(copied, data, size); - copied[size-1] = '\0'; - - json = cJSON_ParseWithOpts((const char*)copied + offset, NULL, require_termination); + json = cJSON_ParseWithOpts((const char*)data + offset, NULL, require_termination); - if(json == NULL) - { - free(copied); - return 0; - } + if(json == NULL) return 0; if(buffered) { @@ -62,11 +52,17 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) if(minify) { + copied = (unsigned char*)malloc(size); + if(copied == NULL) return 0; + + memcpy(copied, data, size); + cJSON_Minify((char*)copied + offset); + + free(copied); } cJSON_Delete(json); - free(copied); return 0; } diff --git a/fuzzing/fuzz_main.c b/fuzzing/fuzz_main.c index e004115..09dc156 100644 --- a/fuzzing/fuzz_main.c +++ b/fuzzing/fuzz_main.c @@ -2,9 +2,7 @@ #include #include -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); /* required by C90 */ - -#include "cjson_read_fuzzer.cc" +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); /* required by C89 */ /* fuzz target entry point, works without libFuzzer */ diff --git a/fuzzing/ossfuzz.sh b/fuzzing/ossfuzz.sh index 8de60e4..fe4bf16 100644 --- a/fuzzing/ossfuzz.sh +++ b/fuzzing/ossfuzz.sh @@ -8,8 +8,8 @@ cd build cmake -DBUILD_SHARED_LIBS=OFF -DENABLE_CJSON_TEST=OFF .. make -j$(nproc) -$CXX $CXXFLAGS -std=c++11 -I. \ - $SRC/cjson/fuzzing/cjson_read_fuzzer.cc \ +$CC $CFLAGS -std=c89 -I. \ + $SRC/cjson/fuzzing/cjson_read_fuzzer.c \ -o $OUT/cjson_read_fuzzer \ $LIB_FUZZING_ENGINE $SRC/cjson/build/libcjson.a -- GitLab