From fc8accad07ad3c5063ffa442a23d9fff6f896791 Mon Sep 17 00:00:00 2001 From: Daniel Lemire Date: Wed, 22 Jan 2025 15:19:03 -0500 Subject: [PATCH 1/2] reduce the scope of the fuzzer --- fuzz/url_pattern.cc | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/fuzz/url_pattern.cc b/fuzz/url_pattern.cc index 0873ea7da..7cfbe2226 100644 --- a/fuzz/url_pattern.cc +++ b/fuzz/url_pattern.cc @@ -6,10 +6,28 @@ #include "ada.cpp" #include "ada.h" +std::string bytesToAlphanumeric(const std::string& source) { + static const char alphanumeric[] = + "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "0123456789"; + + std::string result; + result.reserve(source.size()); + + for (char byte : source) { + int index = static_cast(byte) % (sizeof(alphanumeric) - 1); + result.push_back(alphanumeric[index]); + } + + return result; +} + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fdp(data, size); - std::string source = fdp.ConsumeRandomLengthString(50); - std::string base_source = fdp.ConsumeRandomLengthString(50); + // We do not want to trigger arbitrary regex matching. + std::string source = "/"+ bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)) + "/" + bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)); + std::string base_source = "/"+ bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)) + "/" + bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)); // Without base or options auto result = ada::parse_url_pattern(source, nullptr, nullptr); From 51a73ea4dedafa566a2ccbe6f0296626a34a9bb8 Mon Sep 17 00:00:00 2001 From: Daniel Lemire Date: Wed, 22 Jan 2025 15:21:47 -0500 Subject: [PATCH 2/2] lint --- fuzz/url_pattern.cc | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/fuzz/url_pattern.cc b/fuzz/url_pattern.cc index 7cfbe2226..f7c9da3e6 100644 --- a/fuzz/url_pattern.cc +++ b/fuzz/url_pattern.cc @@ -7,27 +7,31 @@ #include "ada.h" std::string bytesToAlphanumeric(const std::string& source) { - static const char alphanumeric[] = - "abcdefghijklmnopqrstuvwxyz" - "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "0123456789"; + static const char alphanumeric[] = + "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "0123456789"; - std::string result; - result.reserve(source.size()); + std::string result; + result.reserve(source.size()); - for (char byte : source) { - int index = static_cast(byte) % (sizeof(alphanumeric) - 1); - result.push_back(alphanumeric[index]); - } + for (char byte : source) { + int index = static_cast(byte) % (sizeof(alphanumeric) - 1); + result.push_back(alphanumeric[index]); + } - return result; + return result; } -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { FuzzedDataProvider fdp(data, size); // We do not want to trigger arbitrary regex matching. - std::string source = "/"+ bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)) + "/" + bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)); - std::string base_source = "/"+ bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)) + "/" + bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)); + std::string source = + "/" + bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)) + "/" + + bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)); + std::string base_source = + "/" + bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)) + "/" + + bytesToAlphanumeric(fdp.ConsumeRandomLengthString(50)); // Without base or options auto result = ada::parse_url_pattern(source, nullptr, nullptr);