File: mruby_proto_fuzzer.cpp

package info (click to toggle)

mruby 3.4.0-2

links: PTS, VCS
area: main
in suites: forky, sid
size: 5,584 kB
sloc: ansic: 51,933; ruby: 29,510; yacc: 7,077; cpp: 517; makefile: 51; sh: 42

file content (45 lines) | stat: -rw-r--r-- 1,064 bytes

parent folder | download | duplicates (4)

#include <string>
#include <iostream>
#include <fstream>

#include <mruby.h>
#include <mruby/compile.h>

#include <src/libfuzzer/libfuzzer_macro.h>
#include <ruby.pb.h>
#include "proto_to_ruby.h"

using namespace ruby_fuzzer;
using namespace std;

int FuzzRB(const uint8_t *Data, size_t size) {
  mrb_value v;
  mrb_state *mrb = mrb_open();
  if (!mrb)
    return 0;

  char *code = (char*)malloc(size+1);
  if (!code)
    return 0;
  memcpy(code, Data, size);
  code[size] = '\0';

  if (const char *dump_path = getenv("PROTO_FUZZER_DUMP_PATH")) {
    // With libFuzzer binary run this to generate an RB file x.rb:
    // PROTO_FUZZER_DUMP_PATH=x.rb ./a.out proto-input
    std::ofstream of(dump_path);
    of.write(code, size);
  }
  std::cout << "\n\n############\n" << code << "\n############\n\n";
  v = mrb_load_string(mrb, code);
  mrb_close(mrb);

  free(code);
  return 0;
}

DEFINE_PROTO_FUZZER(const Function &function) {
  protoConverter converter;
  auto s = converter.FunctionToString(function);
  (void)FuzzRB((const uint8_t*)s.data(), s.size());
}