start fuzzing

2021-06-27 19:57:02 +02:00
parent fd450bb5f6
commit 888922aff3
5 changed files with 18 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@ fix:
 * allow empty template interpolations
 * allow empty templates

+quality:
+* add fuzzing
+
 ## 0.2.0 - 2021-06-26

 feature:
--- a/README.md
+++ b/README.md
@@ -26,8 +26,9 @@ tree-sitter parse --quiet --stat example/real_world_stuff/*/*
 Total parses: 1892; successful parses: 1892; failed parses: 0; success percentage: 100.00%
 ```

-The aim is to build unit testcases from selected failure classes and slowly get to 100%. 
+## Fuzzing

+The directory `fuzz/crashers` contains a set of crashes that were found with fuzzing. To fuzz the parser i used the instrumentation of [tree-sitter](https://github.com/tree-sitter/tree-sitter/tree/master/test/fuzz) 

 ## Todo

@@ -37,3 +38,8 @@ The aim is to build unit testcases from selected failure classes and slowly get
    * [x] add quoted template interpolations
    * [ ] add quoted template directives
  * [x] add heredoc templates
+* [ ] fuzzing
+  * [x] start with fuzzing the parser
+  * [ ] upload fuzzing instrumentation
+  * [ ] document fuzzing process
+  * [ ] add parsing of crashers to CI process
--- a/fuzz/crashers/crash-0d2958a668c04944f12da010e4cd4239cb587114.hcl
+++ b/fuzz/crashers/crash-0d2958a668c04944f12da010e4cd4239cb587114.hcl
--- a/fuzz/crashers/crash-bbabb6816b26bfecdaa9aef4b049f7259aac9954.hcl
+++ b/fuzz/crashers/crash-bbabb6816b26bfecdaa9aef4b049f7259aac9954.hcl
--- a/src/scanner.cc
+++ b/src/scanner.cc
@@ -1,10 +1,10 @@
 #include <tree_sitter/parser.h>

+#include <climits>
 #include <vector>
 #include <string>
 #include <wctype.h>
 #include <assert.h>
-#include <stdio.h>

 namespace {

@@ -40,6 +40,10 @@ public:
  unsigned serialize(char* buf) {
    unsigned size = 0;

+    if (context_stack.size() > CHAR_MAX) {
+      return 0;
+    }
+
    buf[size++] = context_stack.size();
    for (vector<Context>::iterator it = context_stack.begin(); it != context_stack.end(); ++it) {
      if (size + 2 + it->heredoc_identifier.size() >= TREE_SITTER_SERIALIZATION_BUFFER_SIZE) {
@@ -54,12 +58,13 @@ public:
  }

  void deserialize(const char* buf, unsigned n) {
-    unsigned size = 0;
+    context_stack.clear();
+
    if (n == 0) {
      return;
    }
-    context_stack.clear();

+    unsigned size = 0;
    uint8_t context_stack_size = buf[size++];
    for (unsigned j = 0; j < context_stack_size; j++) {
      Context ctx;