integrate the fuzz target from oss-fuzz

this will make it easier to reproduce bugs
2025-02-16 21:59:25 +00:00 · 2021-03-25 10:25:54 +01:00 · 2021-03-25 10:25:54 +01:00 · 0a499cd123
commit 0a499cd123
parent 0b92df971a
3 changed files with 104 additions and 0 deletions
--- a/fuzz/.gitignore
+++ b/fuzz/.gitignore
@ -0,0 +1,3 @@
+artifacts
+corpus
+target
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@ -0,0 +1,24 @@
+
+[package]
+name = "nom-fuzz"
+version = "0.0.0"
+authors = ["David Korczynski <david@adalogics.com>"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.3"
+
+[dependencies.nom]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzz_arithmetic"
+path = "fuzz_targets/fuzz_arithmetic.rs"
--- a/fuzz/fuzz_targets/fuzz_arithmetic.rs
+++ b/fuzz/fuzz_targets/fuzz_arithmetic.rs
@ -0,0 +1,77 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+use std::str;
+
+extern crate nom;
+
+use nom::{
+  branch::alt,
+  bytes::complete::tag,
+  character::complete::char,
+  character::complete::{digit1 as digit, space0 as space},
+  combinator::{map_res, verify},
+  multi::fold_many0,
+  sequence::{delimited, pair},
+  IResult,
+};
+
+use std::str::FromStr;
+
+fn parens(i: &str) -> IResult<&str, i64> {
+      delimited(space, delimited(tag("("), expr, tag(")")), space)(i)
+}
+
+
+fn factor(i: &str) -> IResult<&str, i64> {
+  alt((
+    map_res(delimited(space, digit, space), FromStr::from_str),
+    parens,
+  ))(i)
+}
+
+
+fn term(i: &str) -> IResult<&str, i64> {
+  let (i, init) = factor(i)?;
+
+  fold_many0(
+    alt((
+        pair(char('*'), factor),
+        pair(char('/'), verify(factor, |i| *i != 0)),
+    )),
+    init,
+    |acc, (op, val): (char, i64)| {
+      if op == '*' {
+        acc.saturating_mul(val)
+      } else {
+        acc / val
+      }
+    },
+  )(i)
+}
+
+fn expr(i: &str) -> IResult<&str, i64> {
+  let (i, init) = term(i)?;
+
+  fold_many0(
+    pair(alt((char('+'), char('-'))), term),
+    init,
+    |acc, (op, val): (char, i64)| {
+      if op == '+' {
+        acc.saturating_add(val)
+      } else {
+        acc.saturating_sub(val)
+      }
+    },
+  )(i)
+}
+
+fuzz_target!(|data: &[u8]| {
+    // fuzzed code goes here
+    let temp = match str::from_utf8(data) {
+        Ok(v) => {
+            //println!("v: {}", v);
+            factor(v)
+        },
+        Err(e) => factor("2"),
+    };
+});