diff options
author | Scott Linder <Scott.Linder@amd.com> | 2020-11-16 14:44:35 +0000 |
---|---|---|
committer | Scott Linder <Scott.Linder@amd.com> | 2020-11-18 23:06:03 +0000 |
commit | 544cb649d7789a4199e8acea6e8a9da1409702b1 (patch) | |
tree | 2a259219ac8cf354189dc955ac63b5606559d81b /llvm/tools/llvm-yaml-parser-fuzzer | |
parent | 132d6d73ea024beab3df99df2ecf4d345995fdfd (diff) | |
download | llvm-544cb649d7789a4199e8acea6e8a9da1409702b1.zip llvm-544cb649d7789a4199e8acea6e8a9da1409702b1.tar.gz llvm-544cb649d7789a4199e8acea6e8a9da1409702b1.tar.bz2 |
[YAMLIO] Add a generic YAML fuzzer harness
This is essentially a clone of the existing fuzzer added in D50839, but
for the whole parser Streamer, and currently only testing for sanitizer
violations.
Differential Revision: https://reviews.llvm.org/D91573
Diffstat (limited to 'llvm/tools/llvm-yaml-parser-fuzzer')
3 files changed, 59 insertions, 0 deletions
diff --git a/llvm/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt b/llvm/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt new file mode 100644 index 0000000..348a8fb --- /dev/null +++ b/llvm/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt @@ -0,0 +1,9 @@ +set(LLVM_LINK_COMPONENTS + Support + FuzzMutate +) + +add_llvm_fuzzer(llvm-yaml-parser-fuzzer + yaml-parser-fuzzer.cpp + DUMMY_MAIN DummyYAMLParserFuzzer.cpp + ) diff --git a/llvm/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp b/llvm/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp new file mode 100644 index 0000000..13f64d6 --- /dev/null +++ b/llvm/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp @@ -0,0 +1,18 @@ +//===--- DummyYAMLParserFuzzer.cpp ----------------------------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// Implementation of main so we can build and test without linking libFuzzer. +// +//===----------------------------------------------------------------------===// + +#include "llvm/FuzzMutate/FuzzerCLI.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); +int main(int argc, char *argv[]) { + return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput); +} diff --git a/llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp b/llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp new file mode 100644 index 0000000..edce19f --- /dev/null +++ b/llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp @@ -0,0 +1,32 @@ +//===-- yaml-parser-fuzzer.cpp - Fuzzer for YAML parser -------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// + +#include "llvm/ADT/StringRef.h" +#include "llvm/Support/YAMLParser.h" + +using namespace llvm; + +static bool isValidYaml(const uint8_t *Data, size_t Size) { + SourceMgr SM; + yaml::Stream Stream(StringRef(reinterpret_cast<const char *>(Data), Size), + SM); + return Stream.validate(); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + std::vector<uint8_t> Input(Data, Data + Size); + + // Ensure we don't crash on byte strings where the only null character is + // one-past-the-end of the actual input to the parser. + Input.erase(std::remove(Input.begin(), Input.end(), 0), Input.end()); + Input.push_back(0); + Input.shrink_to_fit(); + isValidYaml(Input.data(), Input.size() - 1); + + return 0; +} |