Add ClusterFuzzLite integration

Signed-off-by: David Korczynski <david@adalogics.com>
2025-02-05 17:05:29 +00:00 · 2024-05-11 07:14:18 -07:00 · 2024-05-11 07:14:18 -07:00 · 85303b8c22
commit 85303b8c22
parent ba29f4eda9
5 changed files with 88 additions and 0 deletions
--- a/.clusterfuzzlite/Dockerfile
+++ b/.clusterfuzzlite/Dockerfile
@ -0,0 +1,8 @@
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool cmake \
+                      pkg-config curl check
+COPY . $SRC/parson
+COPY .clusterfuzzlite/build.sh $SRC/build.sh
+COPY .clusterfuzzlite/*.cpp $SRC/
+COPY .clusterfuzzlite/*.c $SRC/
+WORKDIR parson
--- a/.clusterfuzzlite/build.sh
+++ b/.clusterfuzzlite/build.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+for file in "parson.c"; do
+  $CC $CFLAGS -c ${file}
+done
+
+rm -f ./test*.o
+llvm-ar rcs libfuzz.a *.o
+
+
+$CC $CFLAGS $LIB_FUZZING_ENGINE $SRC/fuzzer.c -Wl,--whole-archive $SRC/parson/libfuzz.a -Wl,--allow-multiple-definition -I$SRC/parson/  -o $OUT/fuzzer
--- a/.clusterfuzzlite/fuzzer.c
+++ b/.clusterfuzzlite/fuzzer.c
@ -0,0 +1,39 @@
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "parson.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    if (size < 1) {
+        return 0;
+    }
+
+    // Creating a fake JSON string from input data
+    char *json_str = (char*)malloc(size + 1);
+    if (json_str == NULL) {
+        return 0;
+    }
+    memcpy(json_str, data, size);
+    json_str[size] = '\0';
+
+    // Creating a fake JSON_Value from the JSON string
+    JSON_Value *json_val = json_parse_string(json_str);
+    if (json_val == NULL) {
+        free(json_str);
+        return 0;
+    }
+
+    // Fake file name
+    const char *file_name = "output.json";
+
+    // Calling the target function with the fake JSON_Value and file name
+    json_serialize_to_file_pretty(json_val, file_name);
+
+    // Cleanup
+    json_value_free(json_val);
+    free(json_str);
+
+    return 0;
+}
--- a/.clusterfuzzlite/project.yaml
+++ b/.clusterfuzzlite/project.yaml
@ -0,0 +1 @@
+language: c
--- a/.github/workflows/cflite_pr.yml
+++ b/.github/workflows/cflite_pr.yml
@ -0,0 +1,30 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: [ master ]
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address]
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        sanitizer: ${{ matrix.sanitizer }}
+        language: c++
+        bad-build-check: false
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 100
+        mode: 'code-change'
+        report-unreproducible-crashes: false
+        sanitizer: ${{ matrix.sanitizer }}