diff --git a/llvm/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt b/llvm/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt new file mode 100644 --- /dev/null +++ b/llvm/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt @@ -0,0 +1,9 @@ +set(LLVM_LINK_COMPONENTS + Support + FuzzMutate +) + +add_llvm_fuzzer(llvm-yaml-parser-fuzzer + yaml-parser-fuzzer.cpp + DUMMY_MAIN DummyYAMLParserFuzzer.cpp + ) diff --git a/llvm/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp b/llvm/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp new file mode 100644 --- /dev/null +++ b/llvm/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp @@ -0,0 +1,18 @@ +//===--- DummyYAMLParserFuzzer.cpp ----------------------------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// Implementation of main so we can build and test without linking libFuzzer. +// +//===----------------------------------------------------------------------===// + +#include "llvm/FuzzMutate/FuzzerCLI.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); +int main(int argc, char *argv[]) { + return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput); +} diff --git a/llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp b/llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp new file mode 100644 --- /dev/null +++ b/llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp @@ -0,0 +1,32 @@ +//===-- yaml-parser-fuzzer.cpp - Fuzzer for YAML parser -------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// + +#include "llvm/ADT/StringRef.h" +#include "llvm/Support/YAMLParser.h" + +using namespace llvm; + +static bool isValidYaml(const uint8_t *Data, size_t Size) { + SourceMgr SM; + yaml::Stream Stream(StringRef(reinterpret_cast(Data), Size), + SM); + return Stream.validate(); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + std::vector Input(Data, Data + Size); + + // Ensure we don't crash on byte strings where the only null character is + // one-past-the-end of the actual input to the parser. + Input.erase(std::remove(Input.begin(), Input.end(), 0), Input.end()); + Input.push_back(0); + Input.shrink_to_fit(); + isValidYaml(Input.data(), Input.size() - 1); + + return 0; +}