add fuzzing driver for oss-fuzz

5 files changed, 93 insertions, 0 deletions

diff --git a/Makefile.am b/Makefile.am
index d2f66c4..65664a7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,6 +5,9 @@ SUBDIRS = liblangtag extensions data docs
 if ENABLE_GOBJECT
 SUBDIRS += liblangtag-gobject
 endif
+if BUILD_FUZZERS
+SUBDIRS += fuzz
+endif
 #SUBDIRS += docs tests
 SUBDIRS += tests
 
diff --git a/configure.ac b/configure.ac
index 8970507..b09828d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -367,6 +367,13 @@ fi
 
 AM_CONDITIONAL(ENABLE_UNIT_TEST, test x$use_check != xno)
 
+AC_ARG_ENABLE([fuzzers],
+	[AS_HELP_STRING([--enable-fuzzers], [Build fuzzer(s)])],
+	[enable_fuzzers="$enableval"],
+	[enable_fuzzers=no]
+)
+AM_CONDITIONAL(BUILD_FUZZERS, [test "x$enable_fuzzers" = "xyes"])
+
 dnl ======================================================================
 dnl check another libraries
 dnl ======================================================================
@@ -454,6 +461,7 @@ AC_CONFIG_FILES([
 	docs/Makefile
 	docs/version.xml
 	extensions/Makefile
+	fuzz/Makefile
 	liblangtag/Makefile
 	liblangtag-gobject/Makefile
 	liblangtag.pc
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
new file mode 100644
index 0000000..9ac19d5
--- /dev/null
+++ b/fuzz/.gitignore
@@ -0,0 +1,24 @@
+/*.bak
+/*.lo
+/*.o
+/*.orig
+/*.rej
+/*.tab.c
+/*~
+/.*.sw[nop]
+/.deps
+/.dirstamp
+/.gitignore
+/.libs
+/GPATH
+/GRTAGS
+/GSYMS
+/GTAGS
+/ID
+/Makefile
+/Makefile.in
+/TAGS
+/_libs
+/so_locations
+/tagfuzzer
+/tags
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
new file mode 100644
index 0000000..b1b2776
--- /dev/null
+++ b/fuzz/Makefile.am
@@ -0,0 +1,17 @@
+noinst_PROGRAMS = tagfuzzer
+
+AM_CFLAGS = \
+	-I$(top_srcdir) \
+	-I$(top_srcdir)/liblangtag \
+	$(NULL)
+
+tagfuzzer_LDADD = \
+	$(top_builddir)/liblangtag/liblangtag.la \
+	@MODULE_LIBS@ \
+	$(FUZZER_LIBS) \
+	-lFuzzingEngine
+
+tagfuzzer_SOURCES = \
+	tagfuzzer.c
+
+-include $(top_srcdir)/git.mk
diff --git a/fuzz/tagfuzzer.c b/fuzz/tagfuzzer.c
new file mode 100644
index 0000000..6f220ce
--- /dev/null
+++ b/fuzz/tagfuzzer.c
@@ -0,0 +1,41 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/* 
+ * lt-tag.h
+ * Copyright (C) 2011-2012 Akira TAGOH
+ * 
+ * Authors:
+ *   Akira TAGOH  <akira@tagoh.org>
+ * 
+ * You may distribute under the terms of either the GNU
+ * Lesser General Public License or the Mozilla Public
+ * License, as specified in the README file.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <liblangtag/langtag.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	lt_tag_t *tag = 0;
+	lt_error_t *error = 0;
+	char *string = 0;
+
+	string = malloc(size + 1);
+	memcpy(string, data, size);
+	string[size] = 0;
+
+	lt_tag_parse(tag, string, &error);
+
+	free(string);
+	if (tag)
+		lt_tag_unref(tag);
+	if (error)
+		lt_error_unref(error);
+
+	return 0;
+}