[YAMLIO] Add a generic YAML fuzzer harness

This is essentially a clone of the existing fuzzer added in D50839, but for the whole parser Streamer, and currently only testing for sanitizer violations. Differential Revision: https://reviews.llvm.org/D91573
2020-11-16 14:44:35 +00:00 · 2020-11-16 14:44:35 +00:00 · 544cb649d7
parent 132d6d73ea
commit 544cb649d7
3 changed files with 59 additions and 0 deletions
--- a/llvm/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt
+++ b/llvm/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt
@ -0,0 +1,9 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  FuzzMutate
+)
+
+add_llvm_fuzzer(llvm-yaml-parser-fuzzer
+  yaml-parser-fuzzer.cpp
+  DUMMY_MAIN DummyYAMLParserFuzzer.cpp
+  )
--- a/llvm/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp
+++ b/llvm/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp
@ -0,0 +1,18 @@
+//===--- DummyYAMLParserFuzzer.cpp ----------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// Implementation of main so we can build and test without linking libFuzzer.
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/FuzzMutate/FuzzerCLI.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+int main(int argc, char *argv[]) {
+  return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput);
+}
--- a/llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp
+++ b/llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp
@ -0,0 +1,32 @@
+//===-- yaml-parser-fuzzer.cpp - Fuzzer for YAML parser -------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/YAMLParser.h"
+
+using namespace llvm;
+
+static bool isValidYaml(const uint8_t *Data, size_t Size) {
+  SourceMgr SM;
+  yaml::Stream Stream(StringRef(reinterpret_cast<const char *>(Data), Size),
+                      SM);
+  return Stream.validate();
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  std::vector<uint8_t> Input(Data, Data + Size);
+
+  // Ensure we don't crash on byte strings where the only null character is
+  // one-past-the-end of the actual input to the parser.
+  Input.erase(std::remove(Input.begin(), Input.end(), 0), Input.end());
+  Input.push_back(0);
+  Input.shrink_to_fit();
+  isValidYaml(Input.data(), Input.size() - 1);
+
+  return 0;
+}