tests: New style fuzzing tool for JSON parser

This is a newer version of tests/test-json tool.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/tests/fuzzing/json/Makefile b/tests/fuzzing/json/Makefile
new file mode 100644 (file)
index 0000000..ffa0c5a
--- /dev/null
+++ b/tests/fuzzing/json/Makefile
@@ -0,0 +1,19 @@
+all: json
+include ../rules.include
+
+OBJS += $(SRC)/utils/base64.o
+OBJS += $(SRC)/utils/common.o
+OBJS += $(SRC)/utils/json.o
+OBJS += $(SRC)/utils/os_unix.o
+OBJS += $(SRC)/utils/wpa_debug.o
+OBJS += $(SRC)/utils/wpabuf.o
+
+json: json.o $(OBJS) $(LIBS)
+       $(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
+
+clean:
+       $(MAKE) -C $(SRC) clean
+       $(MAKE) -C $(WPAS_SRC) clean
+       rm -f json *~ *.o *.d ../*~ ../*.o ../*.d
+
+-include $(OBJS:%.o=%.d)

diff --git a/tests/fuzzing/json/corpus/1.json b/tests/fuzzing/json/corpus/1.json
new file mode 100644 (file)
index 0000000..16c8b96
--- /dev/null
+++ b/tests/fuzzing/json/corpus/1.json
@@ -0,0 +1 @@
+{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}

diff --git a/tests/fuzzing/json/corpus/2.json b/tests/fuzzing/json/corpus/2.json
new file mode 100644 (file)
index 0000000..0967ef4
--- /dev/null
+++ b/tests/fuzzing/json/corpus/2.json
@@ -0,0 +1 @@
+{}

diff --git a/tests/fuzzing/json/corpus/3.json b/tests/fuzzing/json/corpus/3.json
new file mode 100644 (file)
index 0000000..573541a
--- /dev/null
+++ b/tests/fuzzing/json/corpus/3.json
@@ -0,0 +1 @@
+0

diff --git a/tests/fuzzing/json/json.c b/tests/fuzzing/json/json.c
new file mode 100644 (file)
index 0000000..af6c5e7
--- /dev/null
+++ b/tests/fuzzing/json/json.c
@@ -0,0 +1,38 @@
+/*
+ * JSON parser - test program
+ * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "utils/json.h"
+#include "../fuzzer-common.h"
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+       struct json_token *root;
+       char *txt;
+       size_t buflen = 10000;
+
+       wpa_fuzzer_set_debug_level();
+
+       root = json_parse((const char *) data, size);
+       if (!root) {
+               wpa_printf(MSG_DEBUG, "JSON parsing failed");
+               return 0;
+       }
+
+       txt = os_zalloc(buflen);
+       if (txt) {
+               json_print_tree(root, txt, buflen);
+               wpa_printf(MSG_DEBUG, "%s", txt);
+               os_free(txt);
+       }
+       json_free(root);
+
+       return 0;
+}