Add fuzzing by way of ClusterFuzzLite

Signed-off-by: David Korczynski <david@adalogics.com>
2024-09-16 13:49:54 +00:00 · 2023-12-23 01:12:21 -08:00 · 2023-12-23 01:12:21 -08:00 · 828afc3b1e
commit 828afc3b1e
parent c32a20e1ee
6 changed files with 62 additions and 0 deletions
--- a/.clusterfuzzlite/Dockerfile
+++ b/.clusterfuzzlite/Dockerfile
@ -0,0 +1,6 @@
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool
+
+COPY . $SRC/toml11
+COPY .clusterfuzzlite/build.sh $SRC/build.sh
+WORKDIR $SRC/toml11
--- a/.clusterfuzzlite/README.md
+++ b/.clusterfuzzlite/README.md
@ -0,0 +1,3 @@
+# ClusterFuzzLite set up
+
+This folder contains a fuzzing set for [ClusterFuzzLite](https://google.github.io/clusterfuzzlite).
--- a/.clusterfuzzlite/build.sh
+++ b/.clusterfuzzlite/build.sh
@ -0,0 +1,6 @@
+#!/bin/bash -eu
+# Copy fuzzer executable to $OUT/
+$CXX $CFLAGS $LIB_FUZZING_ENGINE \
+  $SRC/toml11/.clusterfuzzlite/parse_fuzzer.cpp \
+  -o $OUT/parse_fuzzer \
+  -I$SRC/toml11/
--- a/.clusterfuzzlite/parse_fuzzer.cpp
+++ b/.clusterfuzzlite/parse_fuzzer.cpp
@ -0,0 +1,16 @@
+
+#include <toml.hpp>
+
+#include <sstream>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  std::string s(reinterpret_cast<const char *>(data), size);
+  std::istringstream iss(s);
+  try {
+    const auto ref = toml::parse(iss);
+  } catch (...) {
+  }
+
+  return 0;
+}
--- a/.clusterfuzzlite/project.yaml
+++ b/.clusterfuzzlite/project.yaml
@ -0,0 +1 @@
+language: c++
--- a/.github/workflows/cflite_pr.yml
+++ b/.github/workflows/cflite_pr.yml
@ -0,0 +1,30 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: [ main ]
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address]
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        sanitizer: ${{ matrix.sanitizer }}
+        language: c++
+        bad-build-check: false
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 240
+        mode: 'code-change'
+        report-unreproducible-crashes: false
+        sanitizer: ${{ matrix.sanitizer }}