From 7662ae37985b31ff3b346c7f63ccc007bf4860a4 Mon Sep 17 00:00:00 2001
From: janschrewe <schrewe@code-intelligence.com>
Date: Mon, 26 Apr 2021 13:55:57 +0200
Subject: [PATCH] Add fuzz target for msgpack tovalue

---
 .../fuzz_targets/msgpack_tovalue.cpp          | 35 +++++++++++++++++++
 .../fuzz_targets/msgpack_tovalue.cpp.yaml     | 27 ++++++++++++++
 .code-intelligence/project.yaml               | 13 +++----
 3 files changed, 69 insertions(+), 6 deletions(-)
 create mode 100644 .code-intelligence/fuzz_targets/msgpack_tovalue.cpp
 create mode 100644 .code-intelligence/fuzz_targets/msgpack_tovalue.cpp.yaml

diff --git a/.code-intelligence/fuzz_targets/msgpack_tovalue.cpp b/.code-intelligence/fuzz_targets/msgpack_tovalue.cpp
new file mode 100644
index 00000000..b1b2c761
--- /dev/null
+++ b/.code-intelligence/fuzz_targets/msgpack_tovalue.cpp
@@ -0,0 +1,35 @@
+#include <iostream>
+#include <stddef.h>
+#include <stdint.h>
+#include <tao/json.hpp>
+
+// extern "C" int FUZZ_INIT_WITH_ARGS(int *argc, char ***argv) {
+extern "C" int FUZZ_INIT()
+{
+   // Add global setup code here - called once before fuzzing starts
+
+   return 0;  // Non-zero return values are reserved for future use.
+}
+
+extern "C" int FUZZ( const char* Data, size_t Size )
+{
+   // process fuzzer input (*Data) and setup local objects necessary to call the function under test
+
+   std::string input( Data, Size );
+
+   try {
+      tao::json::events::limit_nesting_depth< tao::json::events::to_value, 15 > consumer;
+      tao::json::msgpack::events::from_string( consumer, input );
+      const tao::json::value v = std::move( consumer.value );
+   }
+   catch( const tao::pegtl::parse_error& ) {
+   }
+   catch( const std::logic_error& ) {
+   }
+   catch( const std::runtime_error& rtex ) {
+   }
+
+   // reset state and free all locally allocated resources
+
+   return 0;  // Non-zero return values are reserved for future use.
+}
\ No newline at end of file
diff --git a/.code-intelligence/fuzz_targets/msgpack_tovalue.cpp.yaml b/.code-intelligence/fuzz_targets/msgpack_tovalue.cpp.yaml
new file mode 100644
index 00000000..601d43dd
--- /dev/null
+++ b/.code-intelligence/fuzz_targets/msgpack_tovalue.cpp.yaml
@@ -0,0 +1,27 @@
+## The fuzz target type. If unspecified, the type is deduced from the
+## extension of the fuzz target source file.
+type: "c++"
+
+## If set to true, do not use the generic input corpus for this
+## fuzz target.
+# no_initial_corpus: false
+
+## Additional arguments to pass to the compiler during build
+compiler_extra_args:
+  - "-Ibuild/src/example/json"
+  - "-Iinclude"
+  - "-Iexternal/PEGTL/include"
+  - "-Iinclude/tao/json/events"
+  - "-Lbuild/src/example/json"
+  - "-std=c++17"
+
+## Additional arguments to pass to the fuzz target when it is executed
+# run_extra_args:
+
+##### This section is only for Java fuzz targets #####
+
+## Package filters to apply when instrumenting the source code.
+# instrumentation_filters:
+
+## List of jar dependencies needed by the fuzz target
+# jars:
diff --git a/.code-intelligence/project.yaml b/.code-intelligence/project.yaml
index 1609486f..1881651c 100644
--- a/.code-intelligence/project.yaml
+++ b/.code-intelligence/project.yaml
@@ -7,7 +7,7 @@ run_container: "gcr.io/code-intelligence/pegtl-builder-v2"
 
 ## A relative path to the build script that executes inside the container
 ## and builds the project. Relative to the project root directory.
-# build_script: ".code-intelligence/build.sh"
+build_script: ".code-intelligence/build.sh"
 
 ## Paths to the fuzz tests belonging to this test collection
 fuzz_tests:
@@ -16,25 +16,26 @@ fuzz_tests:
   - .code-intelligence/fuzz_targets/json_validation.cpp
   - .code-intelligence/fuzz_targets/msgpack_validation.cpp
   - .code-intelligence/fuzz_targets/ubjson_validation.cpp
+  - .code-intelligence/fuzz_targets/msgpack_tovalue.cpp
 
 ## The sanitizers to use for the fuzz tests in this collection.
 ## By default, only address sanitizer is used.
-# sanitizers:
-#  - address
+sanitizers:
+  - address
 
 ## The fuzzing engines to use for the fuzz tests in this collection.
 ## By default, only libfuzzer is used. Note that because Java and Go
 ## are only supported by libfuzzer, libfuzzer will always be used for
 ## Java and Go fuzz tests, independent of this setting.
-# engines:
-#  - libfuzzer
+engines:
+  - libfuzzer
 
 ## The run time after which the fuzz tests are cancelled and
 ## considered as having passed. Default value is 30 minutes.
 runtime: "30m0s"
 
 ## The number of parallel executions per fuzz test
-# parallel_executions: 1
+parallel_executions: 1
 
 ## If true, do not initialize the seed corpus of the fuzz tests.
 # skip_initial_corpus: false