Added fuzzing app

Author: cschreib

.gitignore

@@ -1,3 +1,4 @@
 *.sublime-workspace
 build*/
 .sublime-tests/
+fuzzing/output

CMakeLists.txt

@@ -18,8 +18,9 @@ else()
 endif()
 
 # Components (library is always built).
-set(JSONEXPR_APP   ON  CACHE BOOL "Build command line application.")
+set(JSONEXPR_APP   ON   CACHE BOOL "Build command line application.")
 set(JSONEXPR_TEST  OFF  CACHE BOOL "Build tests.")
+set(JSONEXPR_FUZZ  OFF  CACHE BOOL "Build fuzzing application.")
 
 # Dependencies.
 set(JSONEXPR_USE_SYSTEM_JSON     OFF CACHE BOOL "Use a pre-installed version of nlohmann::json. Else, download.")
@@ -40,3 +41,7 @@ if (JSONEXPR_TEST)
     enable_testing()
     add_subdirectory(tests)
 endif()
+
+if (JSONEXPR_FUZZ)
+    add_subdirectory(fuzzing/runner)
+endif()

fuzzing/README.md

@@ -0,0 +1,26 @@
+# How to run fuzzing
+
+## Install AFL++
+
+```
+docker pull aflplusplus/aflplusplus:latest
+```
+
+## Build with fuzzing instrumentation
+
+From the root of the repo:
+```
+docker run -ti --mount type=tmpfs,destination=/ramdisk --mount type=bind,source=.,destination=/src -e AFL_TMPDIR=/ramdisk -e AFL_USE_ASAN=1 aflplusplus/aflplusplus
+cd /src
+mkdir build_fuzzing
+cd build_fuzzing
+cmake .. -DCMAKE_CXX_COMPILER=afl-clang-fast++ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+make -j12
+```
+
+## Start fuzzing
+
+Within the same container as above:
+```
+afl-fuzz -i fuzzing/input -o fuzzing/output build_fuzzing/fuzzing/runner/jsonexpr-fuzzing-runner @@
+```

fuzzing/input/fuzz.txt

@@ -0,0 +1 @@
+cat.colors[(bee.legs - cat.legs)/2]

fuzzing/runner/CMakeLists.txt

@@ -0,0 +1,9 @@
+cmake_minimum_required(VERSION 3.18)
+
+project(jsonexpr-fuzzing-runner LANGUAGES CXX)
+
+add_executable(jsonexpr-fuzzing-runner
+    ${PROJECT_SOURCE_DIR}/src/main.cpp)
+
+target_link_libraries(jsonexpr-fuzzing-runner PUBLIC jsonexpr::libjsonexpr)
+

fuzzing/runner/src/main.cpp

@@ -0,0 +1,32 @@
+#include "jsonexpr/jsonexpr.hpp"
+
+#include <fstream>
+#include <iostream>
+
+__AFL_FUZZ_INIT();
+
+int main() {
+    jsonexpr::variable_registry vars;
+    jsonexpr::function_registry funcs = jsonexpr::default_functions();
+
+#ifdef __AFL_HAVE_MANUAL_CONTROL
+    __AFL_INIT();
+#endif
+
+    // must be after __AFL_INIT and before __AFL_LOOP!
+    unsigned char* buf = __AFL_FUZZ_TESTCASE_BUF;
+
+    while (__AFL_LOOP(10000)) {
+        // Don't use the macro directly in a call!
+        const int   len        = __AFL_FUZZ_TESTCASE_LEN;
+        const char* expr_chars = reinterpret_cast<char*>(buf);
+
+        const auto expression = std::string_view{expr_chars, expr_chars + len};
+        const auto result     = jsonexpr::evaluate(expression, vars, funcs);
+        if (!result.has_value()) {
+            jsonexpr::format_error(expression, result.error());
+        }
+    }
+
+    return 0;
+}

jsonexpr.sublime-project

@@ -3,6 +3,10 @@
 	[
 		{
 			"path": ".",
+			"folder_exclude_patterns":
+			[
+				"fuzzing/output"
+			]
 		}
 	],
 	"settings":