Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

jackson-core: improve fuzzers (#8178) 

Signed-off-by: AdamKorcz <adam@adalogics.com>
This commit is contained in:
AdamKorcz 2022-08-08 11:38:34 +01:00 committed by GitHub
parent 8a3242a510
commit ac42556473
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 52 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
projects/jackson-core/DataInputFuzzer.java
View File

@ -154,7 +154,7 @@ public class DataInputFuzzer {
}
int typeOfNext = data.consumeInt();
JsonParser jp = jf.createParser(new MockFuzzDataInput(data.consumeRemainingAsString()));
switch (typeOfNext%5) {
switch (typeOfNext%11) {
case 0:
while (jp.nextToken() != null) {
;
@ -175,6 +175,19 @@ public class DataInputFuzzer {
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
Base64Variants b64vs = new Base64Variants();
jp.readBinaryValue(b64vs.MIME, outputStream);
case 5:
String outString = jp.getValueAsString();
case 6:
int outInt = jp.getValueAsInt();
case 7:
Writer writer = new StringWriter();
int len = jp.getText(writer);
case 8:
char[] textChars = jp.getTextCharacters();
case 9:
int textLen = jp.getTextLength();
case 10:
int textOffset = jp.getTextOffset();
}
} catch (IOException | IllegalArgumentException ignored) {
}

41
projects/jackson-core/UTF8GeneratorFuzzer.java
View File

@ -18,6 +18,7 @@ import java.io.ByteArrayOutputStream;
import java.io.ByteArrayInputStream;
import java.io.StringReader;
import java.io.InputStream;
import java.math.BigDecimal;
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import com.fasterxml.jackson.core.Base64Variant;
@ -25,6 +26,7 @@ import com.fasterxml.jackson.core.Base64Variants;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.json.UTF8JsonGenerator;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonGenerator.Feature;
import com.fasterxml.jackson.core.SerializableString;
import com.fasterxml.jackson.core.io.SerializedString;
@ -40,8 +42,28 @@ public class UTF8GeneratorFuzzer {
byte[] b;
Base64Variant b64v;
Feature[] features = new Feature[]{
Feature.AUTO_CLOSE_TARGET,
Feature.AUTO_CLOSE_JSON_CONTENT,
Feature.FLUSH_PASSED_TO_STREAM,
Feature.QUOTE_FIELD_NAMES,
Feature.QUOTE_NON_NUMERIC_NUMBERS,
Feature.ESCAPE_NON_ASCII,
Feature.WRITE_NUMBERS_AS_STRINGS,
Feature.WRITE_BIGDECIMAL_AS_PLAIN,
Feature.STRICT_DUPLICATE_DETECTION,
Feature.IGNORE_UNKNOWN,
};
try {
g = jf.createGenerator(out);
for (int i = 0; i < features.length; i++) {
if (data.consumeBoolean()) {
g.enable(features[i]);
} else {
g.disable(features[i]);
}
}
} catch (IOException ignored) {
return;
}
@ -50,7 +72,7 @@ public class UTF8GeneratorFuzzer {
for (int i = 0; i < numberOfOps%20; i++) {
try {
int apiType = data.consumeInt();
switch(apiType%9) {
switch(apiType%13) {
case 0:
fuzzString = data.consumeString(1000000);
StringReader targetReader = new StringReader(fuzzString);
@ -101,11 +123,24 @@ public class UTF8GeneratorFuzzer {
case 8:
b64v = Base64Variants.getDefaultVariant();
b = data.consumeBytes(1000000);
offset = data.consumeInt();
int l = data.consumeInt();
InputStream targetStream = new ByteArrayInputStream(b);
g.writeStartArray();
g.writeBinary(b64v, targetStream, b.length);
g.writeBinary(b64v, targetStream, l);
g.writeEndArray();
case 9:
String dcString = data.consumeString(10);
BigDecimal BD = new BigDecimal(dcString);
g.writeNumber(BD);
case 10:
int fuzzInt = data.consumeInt();
g.writeNumber(fuzzInt);
case 11:
float fuzzFloat = data.consumeFloat();
g.writeNumber(fuzzFloat);
case 12:
fuzzString = data.consumeString(100000);
g.writeNumber(fuzzString);
}
} catch (IOException | IllegalArgumentException ignored) {
}