test/fuzzer: a simple fuzzer using libFuzzer

This commit adds some basic infrastructure for fuzzers, and adds a fuzzer for the CUE sheet parser.

test/fuzzer: a simple fuzzer using libFuzzer
dffd5831 · Max Kellermann · 8358b34e · dffd5831 · dffd5831 · dffd5831
Commit dffd5831 authored Oct 05, 2020 by Max Kellermann
Showing with 48 additions and 0 deletions

meson.build meson.build +12 -0

meson_options.txt meson_options.txt +1 -0

FuzzCueParser.cxx test/fuzzer/FuzzCueParser.cxx +26 -0

meson.build test/fuzzer/meson.build +9 -0

No files found.
--- a/meson.build
+++ b/meson.build
@@ -112,6 +112,13 @@ if get_option('buildtype') != 'debug'
  ]
 endif
+if get_option('fuzzer')
+  fuzzer_flags = ['-fsanitize=fuzzer,address,undefined']
+  add_global_arguments(fuzzer_flags, language: 'cpp')
+  add_global_arguments(fuzzer_flags, language: 'c')
+  add_global_link_arguments(fuzzer_flags, language: 'cpp')
+endif
 add_global_arguments(common_cxxflags + compiler.get_supported_arguments(test_cxxflags), language: 'cpp')
 add_global_arguments(common_cflags + c_compiler.get_supported_arguments(test_cflags), language: 'c')
 add_global_link_arguments(compiler.get_supported_link_arguments(test_ldflags), language: 'cpp')
@@ -502,6 +509,7 @@ mpd = build_target(
    chromaprint_dep,
  ],
  link_args: link_args,
+  build_by_default: not get_option('fuzzer'),
  install: not is_android and not is_haiku,
 )
@@ -542,3 +550,7 @@ subdir('doc')
 if get_option('test')
  subdir('test')
 endif
+if get_option('fuzzer')
+  subdir('test/fuzzer')
+endif
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -17,6 +17,7 @@ option('systemd_user_unit_dir', type: 'string', description: 'systemd user servi
 #
 option('test', type: 'boolean', value: false, description: 'Build the unit tests and debug programs')
+option('fuzzer', type: 'boolean', value: false, description: 'Build fuzzers (requires libFuzzer)')
 #
 # Android

--- a/test/fuzzer/FuzzCueParser.cxx
+++ b/test/fuzzer/FuzzCueParser.cxx
+#include "playlist/cue/CueParser.hxx"
+#include "util/IterableSplitString.hxx"
+#include <string>
+#include <string_view>
+extern "C" {
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+}
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	CueParser parser;
+	const std::string_view src{(const char *)data, size};
+	for (const auto line : IterableSplitString(src, '\n')) {
+		parser.Feed(std::string(line).c_str());
+		parser.Get();
+	}
+	parser.Finish();
+	parser.Get();
+	return 0;
+}
--- a/test/fuzzer/meson.build
+++ b/test/fuzzer/meson.build
+executable(
+  'FuzzCueParser',
+  'FuzzCueParser.cxx',
+  '../../src/playlist/cue/CueParser.cxx',
+  include_directories: inc,
+  dependencies: [
+    tag_dep,
+  ],
+)