From 4173cf968ce54cdd4bfbe394e48d656780604c7a Mon Sep 17 00:00:00 2001 From: Scott Linder Date: Mon, 16 Nov 2020 14:44:35 +0000 Subject: [PATCH] [YAMLIO] Add a generic YAML fuzzer harness This is essentially a clone of the existing fuzzer added in D50839, but for the whole parser Streamer, and currently only testing for sanitizer violations. Differential Revision: https://reviews.llvm.org/D91573 --- tools/llvm-yaml-parser-fuzzer/CMakeLists.txt | 9 ++++++ .../DummyYAMLParserFuzzer.cpp | 18 +++++++++++ .../yaml-parser-fuzzer.cpp | 32 +++++++++++++++++++ 3 files changed, 59 insertions(+) create mode 100644 tools/llvm-yaml-parser-fuzzer/CMakeLists.txt create mode 100644 tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp create mode 100644 tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp diff --git a/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt b/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt new file mode 100644 index 00000000000..348a8fb2a97 --- /dev/null +++ b/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt @@ -0,0 +1,9 @@ +set(LLVM_LINK_COMPONENTS + Support + FuzzMutate +) + +add_llvm_fuzzer(llvm-yaml-parser-fuzzer + yaml-parser-fuzzer.cpp + DUMMY_MAIN DummyYAMLParserFuzzer.cpp + ) diff --git a/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp b/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp new file mode 100644 index 00000000000..13f64d65028 --- /dev/null +++ b/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp @@ -0,0 +1,18 @@ +//===--- DummyYAMLParserFuzzer.cpp ----------------------------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// Implementation of main so we can build and test without linking libFuzzer. +// +//===----------------------------------------------------------------------===// + +#include "llvm/FuzzMutate/FuzzerCLI.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); +int main(int argc, char *argv[]) { + return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput); +} diff --git a/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp b/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp new file mode 100644 index 00000000000..edce19f7b1b --- /dev/null +++ b/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp @@ -0,0 +1,32 @@ +//===-- yaml-parser-fuzzer.cpp - Fuzzer for YAML parser -------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// + +#include "llvm/ADT/StringRef.h" +#include "llvm/Support/YAMLParser.h" + +using namespace llvm; + +static bool isValidYaml(const uint8_t *Data, size_t Size) { + SourceMgr SM; + yaml::Stream Stream(StringRef(reinterpret_cast(Data), Size), + SM); + return Stream.validate(); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + std::vector Input(Data, Data + Size); + + // Ensure we don't crash on byte strings where the only null character is + // one-past-the-end of the actual input to the parser. + Input.erase(std::remove(Input.begin(), Input.end(), 0), Input.end()); + Input.push_back(0); + Input.shrink_to_fit(); + isValidYaml(Input.data(), Input.size() - 1); + + return 0; +}