mirror of
https://github.com/google/flatbuffers.git
synced 2026-07-02 05:38:18 +00:00
Updated fuzzer scripts
Point to new Chromium location Also enable UBSan Change-Id: I4ba182e3c6a967ad89090b776d05762fa9ae6e40
This commit is contained in:
@@ -14,7 +14,7 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
git clone https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer
|
git clone https://chromium.googlesource.com/chromium/llvm-project/compiler-rt/lib/fuzzer
|
||||||
clang++ -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer
|
clang++ -c -g -O2 -std=c++11 fuzzer/*.cpp -Ifuzzer
|
||||||
ar ruv libFuzzer.a Fuzzer*.o
|
ar ruv libFuzzer.a Fuzzer*.o
|
||||||
rm -rf Fuzzer *.o
|
rm -rf fuzzer *.o
|
||||||
|
|||||||
@@ -14,7 +14,10 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
clang++ -fsanitize-coverage=edge -fsanitize=address -std=c++11 -stdlib=libstdc++ -I.. -I../../include flatbuffers_parser_fuzzer.cc ../../src/idl_parser.cpp ../../src/util.cpp libFuzzer.a -o fuzz_parser
|
clang++ -fsanitize-coverage=edge -fsanitize=address -fsanitize=undefined \
|
||||||
|
-g -fno-omit-frame-pointer -std=c++11 -stdlib=libstdc++ \
|
||||||
|
-I.. -I../../include flatbuffers_parser_fuzzer.cc ../../src/idl_parser.cpp \
|
||||||
|
../../src/util.cpp libFuzzer.a -o fuzz_parser
|
||||||
mkdir -p parser_corpus
|
mkdir -p parser_corpus
|
||||||
cp ../*.json ../*.fbs parser_corpus
|
cp ../*.json ../*.fbs parser_corpus
|
||||||
./fuzz_parser parser_corpus
|
./fuzz_parser parser_corpus
|
||||||
|
|||||||
@@ -14,7 +14,9 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
clang++ -fsanitize-coverage=edge -fsanitize=address -std=c++11 -stdlib=libstdc++ -I.. -I../../include flatbuffers_verifier_fuzzer.cc libFuzzer.a -o fuzz_verifier
|
clang++ -fsanitize-coverage=edge -fsanitize=address -fsanitize=undefined \
|
||||||
|
-g -fno-omit-frame-pointer -std=c++11 -stdlib=libstdc++ \
|
||||||
|
-I.. -I../../include flatbuffers_verifier_fuzzer.cc libFuzzer.a -o fuzz_verifier
|
||||||
mkdir -p verifier_corpus
|
mkdir -p verifier_corpus
|
||||||
cp ../*.mon verifier_corpus
|
cp ../*.mon verifier_corpus
|
||||||
./fuzz_verifier verifier_corpus
|
./fuzz_verifier verifier_corpus
|
||||||
|
|||||||
@@ -1952,19 +1952,19 @@ void EndianSwapTest() {
|
|||||||
|
|
||||||
void UninitializedVectorTest() {
|
void UninitializedVectorTest() {
|
||||||
flatbuffers::FlatBufferBuilder builder;
|
flatbuffers::FlatBufferBuilder builder;
|
||||||
|
|
||||||
Test *buf = nullptr;
|
Test *buf = nullptr;
|
||||||
auto vector_offset = builder.CreateUninitializedVectorOfStructs<Test>(2, &buf);
|
auto vector_offset = builder.CreateUninitializedVectorOfStructs<Test>(2, &buf);
|
||||||
TEST_NOTNULL(buf);
|
TEST_NOTNULL(buf);
|
||||||
buf[0] = Test(10, 20);
|
buf[0] = Test(10, 20);
|
||||||
buf[1] = Test(30, 40);
|
buf[1] = Test(30, 40);
|
||||||
|
|
||||||
auto required_name = builder.CreateString("myMonster");
|
auto required_name = builder.CreateString("myMonster");
|
||||||
auto monster_builder = MonsterBuilder(builder);
|
auto monster_builder = MonsterBuilder(builder);
|
||||||
monster_builder.add_name(required_name); // required field mandated for monster.
|
monster_builder.add_name(required_name); // required field mandated for monster.
|
||||||
monster_builder.add_test4(vector_offset);
|
monster_builder.add_test4(vector_offset);
|
||||||
builder.Finish(monster_builder.Finish());
|
builder.Finish(monster_builder.Finish());
|
||||||
|
|
||||||
auto p = builder.GetBufferPointer();
|
auto p = builder.GetBufferPointer();
|
||||||
auto uvt = flatbuffers::GetRoot<Monster>(p);
|
auto uvt = flatbuffers::GetRoot<Monster>(p);
|
||||||
TEST_NOTNULL(uvt);
|
TEST_NOTNULL(uvt);
|
||||||
@@ -1978,6 +1978,18 @@ void UninitializedVectorTest() {
|
|||||||
TEST_EQ(test_1->b(), 40);
|
TEST_EQ(test_1->b(), 40);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// For testing any binaries, e.g. from fuzzing.
|
||||||
|
void LoadVerifyBinaryTest() {
|
||||||
|
std::string binary;
|
||||||
|
if (flatbuffers::LoadFile((test_data_path +
|
||||||
|
"fuzzer/your-filename-here").c_str(),
|
||||||
|
true, &binary)) {
|
||||||
|
flatbuffers::Verifier verifier(
|
||||||
|
reinterpret_cast<const uint8_t *>(binary.data()), binary.size());
|
||||||
|
TEST_EQ(VerifyMonsterBuffer(verifier), true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
int main(int /*argc*/, const char * /*argv*/ []) {
|
int main(int /*argc*/, const char * /*argv*/ []) {
|
||||||
// clang-format off
|
// clang-format off
|
||||||
#if defined(FLATBUFFERS_MEMORY_LEAK_TRACKING) && \
|
#if defined(FLATBUFFERS_MEMORY_LEAK_TRACKING) && \
|
||||||
@@ -2021,6 +2033,7 @@ int main(int /*argc*/, const char * /*argv*/ []) {
|
|||||||
ReflectionTest(flatbuf.data(), flatbuf.size());
|
ReflectionTest(flatbuf.data(), flatbuf.size());
|
||||||
ParseProtoTest();
|
ParseProtoTest();
|
||||||
UnionVectorTest();
|
UnionVectorTest();
|
||||||
|
LoadVerifyBinaryTest();
|
||||||
#endif
|
#endif
|
||||||
// clang-format on
|
// clang-format on
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user