Move fuzzer sources to tests/fuzz/src

tests/fuzz/src/fuzzer-parse_bjdata.cpp

@@ -25,12 +25,16 @@ The provided function `LLVMFuzzerTestOneInput` can be used in different fuzzer
 drivers.
 */
 
-#include <iostream>
-#include <sstream>
 #include <nlohmann/json.hpp>
 
 using json = nlohmann::json;
 
+#ifdef __AFL_LEAK_CHECK
+    extern "C" void _exit(int);
+#else
+    #define __AFL_LEAK_CHECK() do {} while(false) // NOLINT(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
+#endif
+
 // see http://llvm.org/docs/LibFuzzer.html
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
@@ -40,6 +44,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         std::vector<uint8_t> vec1(data, data + size);
         json j1 = json::from_bjdata(vec1);
 
+        // parse errors must raise an exception and not silently result in discarded values
+        assert(!j1.is_discarded());
+
         try
         {
             // step 2.1: round trip without adding size annotations to container types
@@ -64,7 +71,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         catch (const json::parse_error&)
         {
             // parsing a BJData serialization must not fail
-            assert(false);
+            __builtin_trap();
         }
     }
     catch (const json::parse_error&)
@@ -80,6 +87,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         // out of range errors may happen if provided sizes are excessive
     }
 
+    // do a leak check if fuzzing with AFL++ and LSAN
+    __AFL_LEAK_CHECK();
+
     // return 0 - non-zero return values are reserved for future use
     return 0;
 }

tests/fuzz/src/fuzzer-parse_bson.cpp

@@ -19,12 +19,16 @@ The provided function `LLVMFuzzerTestOneInput` can be used in different fuzzer
 drivers.
 */
 
-#include <iostream>
-#include <sstream>
 #include <nlohmann/json.hpp>
 
 using json = nlohmann::json;
 
+#ifdef __AFL_LEAK_CHECK
+    extern "C" void _exit(int);
+#else
+    #define __AFL_LEAK_CHECK() do {} while(false) // NOLINT(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
+#endif
+
 // see http://llvm.org/docs/LibFuzzer.html
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
@@ -34,6 +38,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         std::vector<uint8_t> vec1(data, data + size);
         json j1 = json::from_bson(vec1);
 
+        // parse errors must raise an exception and not silently result in discarded values
+        assert(!j1.is_discarded());
+
         if (j1.is_discarded())
         {
             return 0;
@@ -53,7 +60,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         catch (const json::parse_error&)
         {
             // parsing a BSON serialization must not fail
-            assert(false);
+            __builtin_trap();
         }
     }
     catch (const json::parse_error&)
@@ -69,6 +76,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         // out of range errors can occur during parsing, too
     }
 
+    // do a leak check if fuzzing with AFL++ and LSAN
+    __AFL_LEAK_CHECK();
+
     // return 0 - non-zero return values are reserved for future use
     return 0;
 }

tests/fuzz/src/fuzzer-parse_cbor.cpp

@@ -19,12 +19,16 @@ The provided function `LLVMFuzzerTestOneInput` can be used in different fuzzer
 drivers.
 */
 
-#include <iostream>
-#include <sstream>
 #include <nlohmann/json.hpp>
 
 using json = nlohmann::json;
 
+#ifdef __AFL_LEAK_CHECK
+    extern "C" void _exit(int);
+#else
+    #define __AFL_LEAK_CHECK() do {} while(false) // NOLINT(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
+#endif
+
 // see http://llvm.org/docs/LibFuzzer.html
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
@@ -34,6 +38,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         std::vector<uint8_t> vec1(data, data + size);
         json j1 = json::from_cbor(vec1);
 
+        // parse errors must raise an exception and not silently result in discarded values
+        assert(!j1.is_discarded());
+
         try
         {
             // step 2: round trip
@@ -48,7 +55,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         catch (const json::parse_error&)
         {
             // parsing a CBOR serialization must not fail
-            assert(false);
+            __builtin_trap();
         }
     }
     catch (const json::parse_error&)
@@ -64,6 +71,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         // out of range errors can occur during parsing, too
     }
 
+    // do a leak check if fuzzing with AFL++ and LSAN
+    __AFL_LEAK_CHECK();
+
     // return 0 - non-zero return values are reserved for future use
     return 0;
 }

tests/fuzz/src/fuzzer-parse_json.cpp

@@ -20,12 +20,16 @@ The provided function `LLVMFuzzerTestOneInput` can be used in different fuzzer
 drivers.
 */
 
-#include <iostream>
-#include <sstream>
 #include <nlohmann/json.hpp>
 
 using json = nlohmann::json;
 
+#ifdef __AFL_LEAK_CHECK
+    extern "C" void _exit(int);
+#else
+    #define __AFL_LEAK_CHECK() do {} while(false) // NOLINT(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
+#endif
+
 // see http://llvm.org/docs/LibFuzzer.html
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
@@ -34,6 +38,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         // step 1: parse input
         json j1 = json::parse(data, data + size);
 
+        // parse errors must raise an exception and not silently result in discarded values
+        assert(!j1.is_discarded());
+
         try
         {
             // step 2: round trip
@@ -53,7 +60,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         catch (const json::parse_error&)
         {
             // parsing a JSON serialization must not fail
-            assert(false);
+            __builtin_trap();
         }
     }
     catch (const json::parse_error&)
@@ -65,6 +72,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         // out of range errors may happen if provided sizes are excessive
     }
 
+    // do a leak check if fuzzing with AFL++ and LSAN
+    __AFL_LEAK_CHECK();
+
     // return 0 - non-zero return values are reserved for future use
     return 0;
 }

tests/fuzz/src/fuzzer-parse_msgpack.cpp

@@ -19,12 +19,16 @@ The provided function `LLVMFuzzerTestOneInput` can be used in different fuzzer
 drivers.
 */
 
-#include <iostream>
-#include <sstream>
 #include <nlohmann/json.hpp>
 
 using json = nlohmann::json;
 
+#ifdef __AFL_LEAK_CHECK
+    extern "C" void _exit(int);
+#else
+    #define __AFL_LEAK_CHECK() do {} while(false) // NOLINT(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
+#endif
+
 // see http://llvm.org/docs/LibFuzzer.html
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
@@ -34,6 +38,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         std::vector<uint8_t> vec1(data, data + size);
         json j1 = json::from_msgpack(vec1);
 
+        // parse errors must raise an exception and not silently result in discarded values
+        assert(!j1.is_discarded());
+
         try
         {
             // step 2: round trip
@@ -48,7 +55,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         catch (const json::parse_error&)
         {
             // parsing a MessagePack serialization must not fail
-            assert(false);
+            __builtin_trap();
         }
     }
     catch (const json::parse_error&)
@@ -64,6 +71,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         // out of range errors may happen if provided sizes are excessive
     }
 
+    // do a leak check if fuzzing with AFL++ and LSAN
+    __AFL_LEAK_CHECK();
+
     // return 0 - non-zero return values are reserved for future use
     return 0;
 }

tests/fuzz/src/fuzzer-parse_ubjson.cpp

@@ -25,12 +25,16 @@ The provided function `LLVMFuzzerTestOneInput` can be used in different fuzzer
 drivers.
 */
 
-#include <iostream>
-#include <sstream>
 #include <nlohmann/json.hpp>
 
 using json = nlohmann::json;
 
+#ifdef __AFL_LEAK_CHECK
+    extern "C" void _exit(int);
+#else
+    #define __AFL_LEAK_CHECK() do {} while(false) // NOLINT(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
+#endif
+
 // see http://llvm.org/docs/LibFuzzer.html
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
@@ -40,6 +44,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         std::vector<uint8_t> vec1(data, data + size);
         json j1 = json::from_ubjson(vec1);
 
+        // parse errors must raise an exception and not silently result in discarded values
+        assert(!j1.is_discarded());
+
         try
         {
             // step 2.1: round trip without adding size annotations to container types
@@ -64,7 +71,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         catch (const json::parse_error&)
         {
             // parsing a UBJSON serialization must not fail
-            assert(false);
+            __builtin_trap();
         }
     }
     catch (const json::parse_error&)
@@ -80,6 +87,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
         // out of range errors may happen if provided sizes are excessive
     }
 
+    // do a leak check if fuzzing with AFL++ and LSAN
+    __AFL_LEAK_CHECK();
+
     // return 0 - non-zero return values are reserved for future use
     return 0;
 }