From 38cc374f2acc3783c07db54012201a76b5d8fec3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Andr=C3=A9=20Tanner?= <mat@brain-dump.org>
Date: Thu, 14 May 2020 21:09:48 +0200
Subject: test/fuzz: add libfuzzer target for text data structure

This reuses the existing fuzzing driver initially written for afl-fuzz.
As a consequence, quite a bit of stdio code is involved which is probably
not optimal.
---
 fuzz/text-fuzzer.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

(limited to 'fuzz/text-fuzzer.c')

diff --git a/fuzz/text-fuzzer.c b/fuzz/text-fuzzer.c
index ddb132b..c09d7be 100644
--- a/fuzz/text-fuzzer.c
+++ b/fuzz/text-fuzzer.c
@@ -1,5 +1,6 @@
 #include <stddef.h>
 #include <stdbool.h>
+#include <stdlib.h>
 #include <string.h>
 #include <errno.h>
 #include <stdio.h>
@@ -112,8 +113,7 @@ static Cmd commands[] = {
 	['u'] = cmd_undo,
 };
 
-int main(int argc, char *argv[]) {
-	char line[BUFSIZ], *name = (argc == 1) ? NULL : argv[1];
+static int repl(const char *name, FILE *input) {
 	Text *txt = text_load(name);
 	if (!name)
 		name = "-";
@@ -124,9 +124,10 @@ int main(int argc, char *argv[]) {
 
 	printf("Loaded %zu bytes from `%s'\n", text_size(txt), name);
 
+	char line[BUFSIZ];
 	for (;;) {
 		printf("> ");
-		if (!fgets(line, sizeof(line), stdin))
+		if (!fgets(line, sizeof(line), input))
 			break;
 		if (!isatty(0))
 			printf("%s", line);
@@ -147,3 +148,22 @@ int main(int argc, char *argv[]) {
 
 	return 0;
 }
+
+#ifdef LIBFUZZER
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t len) {
+	FILE *input = fmemopen((void*)data, len, "r");
+	if (!input)
+		return 1;
+	int r = repl(NULL, input);
+	fclose(input);
+	return r;
+}
+
+#else
+
+int main(int argc, char *argv[]) {
+	return repl(argc == 1 ? NULL : argv[1], stdin);
+}
+
+#endif /* LIBFUZZER */
-- 
cgit v1.2.3