Add simple libfuzzer based test.

This tests the verifier and the parser.

Tested: on Linux.
Bug: 27230459
Change-Id: I3417faba9385dc941199c57a08d8a50c2faec1aa

tests/fuzzer/build_fuzzer.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+git clone https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer
+clang++ -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer
+ar ruv libFuzzer.a Fuzzer*.o
+rm -rf Fuzzer *.o

tests/fuzzer/build_run_parser_test.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+clang++ -fsanitize-coverage=edge -fsanitize=address -std=c++11 -stdlib=libstdc++ -I.. -I../../include flatbuffers_parser_fuzzer.cc ../../src/idl_parser.cpp ../../src/util.cpp libFuzzer.a -o fuzz_parser
+mkdir -p parser_corpus
+cp ../*.json ../*.fbs parser_corpus
+./fuzz_parser parser_corpus

tests/fuzzer/build_run_verifier_test.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+clang++ -fsanitize-coverage=edge -fsanitize=address -std=c++11 -stdlib=libstdc++ -I.. -I../../include flatbuffers_verifier_fuzzer.cc libFuzzer.a -o fuzz_verifier
+mkdir -p verifier_corpus
+cp ../*.mon verifier_corpus
+./fuzz_verifier verifier_corpus

tests/fuzzer/flatbuffers_parser_fuzzer.cc

@@ -0,0 +1,16 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include <stddef.h>
+#include <stdint.h>
+#include <string>
+
+#include "flatbuffers/idl.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  flatbuffers::Parser parser;
+  // Guarantee 0-termination.
+  std::string s(reinterpret_cast<const char *>(data), size);
+  parser.Parse(s.c_str());
+  return 0;
+}

tests/fuzzer/flatbuffers_verifier_corpus/cd8e4aef993fcdebd9583069cd0a5468d254c5c7

@@ -1 +0,0 @@
-š(!!@*YÌø!

tests/fuzzer/flatbuffers_verifier_corpus/fc5d4b9117ba9e87388174aee4f4970bdfe8d066

@@ -1 +0,0 @@
-HH

tests/fuzzer/flatbuffers_verifier_fuzzer.cc

@@ -5,7 +5,7 @@
 #include <stdint.h>
 #include <string>
 
-#include "third_party/flatbuffers/tests/monster_test_generated.h"
+#include "monster_test_generated.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   flatbuffers::Verifier verifier(data, size);