BigfootDev/flatbuffers
1
0
Fork 1
mirror of https://github.com/google/flatbuffers.git synced 2026-06-27 05:32:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

[fuzzer] Fix mistakes in the parser and scalar fuzzers. (#6314)

Browse Source 
The flatbuffers::Parser::Parse() isn't an idempotent method for schema parsing.
This commit removes a wrong for-loop that tried to check the same schema twice.
This commit is contained in:
Vladimir Glavnyy
2020-12-08 02:47:33 +07:00
committed by GitHub
parent fc960f3670
commit bc7eb8adeb
2 changed files with 10 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
tests/fuzzer/flatbuffers_parser_fuzzer.cc
View File

@@ -20,9 +20,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// Reserve one byte for Parser flags and one byte for repetition counter. // Reserve one byte for Parser flags and one byte for repetition counter.
if (size < 3) return 0; if (size < 3) return 0;
const uint8_t flags = data[0]; const uint8_t flags = data[0];
// normalize to ascii alphabet (void)data[1]; // reserved
const int extra_rep_number =
std::max(5, (data[1] < '0' ? (data[1] - '0') : 0));
data += 2; data += 2;
size -= 2; // bypass size -= 2; // bypass
@@ -41,23 +39,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// Guarantee 0-termination in the input. // Guarantee 0-termination in the input.
auto parse_input = input.c_str(); auto parse_input = input.c_str();
// The fuzzer can adjust the number repetition if a side-effects have found. // Check Parser.
// Each test should pass at least two times to ensure that the parser doesn't parser.Parse(parse_input);
// have any hidden-states or locale-depended effects. // TODO:
for (auto cnt = 0; cnt < (extra_rep_number + 2); cnt++) { // Need to add additional checks for inputs passed Parse(parse_input) successfully:
// Each even run (0,2,4..) will test locale independed code. // 1. Serialization to bfbs.
auto use_locale = !!OneTimeTestInit::test_locale() && (0 == (cnt % 2)); // 2. Generation of a default object.
// Set new locale. // 3. Verification of the object using reflection.
if (use_locale) { // 3. Printing to json.
FLATBUFFERS_ASSERT(setlocale(LC_ALL, OneTimeTestInit::test_locale()));
}
// Check Parser.
parser.Parse(parse_input);
// Restore locale.
if (use_locale) { FLATBUFFERS_ASSERT(setlocale(LC_ALL, "C")); }
}
return 0; return 0;
} }

2
tests/fuzzer/flatbuffers_scalar_fuzzer.cc
View File

@@ -234,7 +234,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
const uint8_t flags = data[0]; const uint8_t flags = data[0];
// normalize to ascii alphabet // normalize to ascii alphabet
const int extra_rep_number = const int extra_rep_number =
std::max(5, (data[1] < '0' ? (data[1] - '0') : 0)); std::max(5, (data[1] > '0' ? (data[1] - '0') : 0));
data += 2; data += 2;
size -= 2; // bypass size -= 2; // bypass