Initialize project for fuzzing

Author: florianGla

CMakeLists.txt

@@ -46,6 +46,9 @@ if(RAPIDJSON_USE_MEMBERSMAP)
     add_definitions(-DRAPIDJSON_USE_MEMBERSMAP=1)
 endif()
 
+find_package(cifuzz NO_SYSTEM_ENVIRONMENT_PATH)
+enable_fuzz_testing()
+
 find_program(CCACHE_FOUND ccache)
 if(CCACHE_FOUND)
     set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ccache)
@@ -255,3 +258,5 @@ IF(CMAKE_INSTALL_DIR)
     INSTALL(TARGETS RapidJSON EXPORT RapidJSON-targets)
     INSTALL(EXPORT RapidJSON-targets DESTINATION ${CMAKE_INSTALL_DIR})
 ENDIF()
+
+add_subdirectory(cifuzz-spark)

cifuzz-spark/CMakeLists.txt

@@ -0,0 +1,7 @@
+#cifuzz:build-template:begin
+#add_fuzz_test({{ .FuzzTestName }} {{ .FileName }})
+#target_link_libraries({{ .FuzzTestName }} PRIVATE "$<LINK_LIBRARY:WHOLE_ARCHIVE,RapidJSON>")
+#cifuzz:build-template:end
+
+add_fuzz_test(fuzz_test fuzz_test.cpp)
+target_link_libraries(fuzz_test PRIVATE "$<LINK_LIBRARY:WHOLE_ARCHIVE,RapidJSON>")

cifuzz-spark/fuzz_test.cpp

@@ -0,0 +1,82 @@
+#include <assert.h>
+#include <cstdio>
+#include <cstdlib>
+#include <cstring>
+#include <vector>
+#include <cifuzz/cifuzz.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+// RapidJSON includes
+#include "rapidjson/document.h"
+#include "rapidjson/schema.h"
+#include "rapidjson/filereadstream.h"
+#include "rapidjson/error/en.h"
+#include "rapidjson/prettywriter.h"
+#include "rapidjson/stringbuffer.h"
+
+// FUZZ_TEST_SETUP:
+// (No one-time setup needed beyond what is shown)
+FUZZ_TEST_SETUP() {
+  // One-time initialization tasks can be performed here.
+}
+
+FUZZ_TEST(const uint8_t *data, size_t size) {
+  // Initialize FuzzedDataProvider (using a single instance)
+  FuzzedDataProvider fdp(data, size);
+
+  // Consume a string for the schema (limit size to 1024)
+  std::string schemaStr = fdp.ConsumeRandomLengthString(1024);
+  // Consume remaining data for the JSON instance (limit to 8192)
+  std::string jsonStr = fdp.ConsumeRandomLengthString(8192);
+
+  // ----------------------------- //
+  // Set up the Schema using tmpfile
+  // ----------------------------- //
+  FILE* schemaFile = tmpfile();
+  if (!schemaFile) return; // if tmpfile fails, exit
+
+  // Write schema data to file
+  if (!schemaStr.empty()) {
+      fwrite(schemaStr.data(), 1, schemaStr.size(), schemaFile);
+  }
+  rewind(schemaFile);
+
+  // Prepare a buffer, and parse the schema using FileReadStream
+  char buffer[4096];
+  rapidjson::Document d;
+  rapidjson::FileReadStream schemaStream(schemaFile, buffer, sizeof(buffer));
+  d.ParseStream(schemaStream);
+  fclose(schemaFile);
+
+  // Construct the SchemaDocument from the parsed Document
+  rapidjson::SchemaDocument sd(d);
+
+  // --------------------------------- //
+  // Set up JSON instance using tmpfile
+  // --------------------------------- //
+  FILE* jsonFile = tmpfile();
+  if (!jsonFile) return;
+
+  if (!jsonStr.empty()) {
+      fwrite(jsonStr.data(), 1, jsonStr.size(), jsonFile);
+  }
+  rewind(jsonFile);
+
+  // Create a SchemaValidator and Reader.
+  rapidjson::SchemaValidator validator(sd);
+  rapidjson::Reader reader;
+  rapidjson::FileReadStream jsonStream(jsonFile, buffer, sizeof(buffer));
+  reader.Parse(jsonStream, validator);
+  fclose(jsonFile);
+
+  // Call additional API functions to further exercise the interface.
+  volatile bool valid = validator.IsValid();
+  // When invalid, obtain various API outputs
+  if (!valid) {
+      rapidjson::GenericStringBuffer<rapidjson::UTF8<>> sb;
+      validator.GetInvalidSchemaPointer().StringifyUriFragment(sb);
+      validator.GetInvalidDocumentPointer().StringifyUriFragment(sb);
+      rapidjson::PrettyWriter<rapidjson::GenericStringBuffer<rapidjson::UTF8<>>> writer(sb);
+      validator.GetError().Accept(writer);
+  }
+}

cifuzz.yaml

@@ -0,0 +1,64 @@
+## Configuration for a CI Fuzz project
+## Generated on 2025-04-22
+
+## The build system used to build this project. If not set, cifuzz tries to
+## detect the build system automatically.
+## Valid values: "bazel", "cmake", "other"
+build-system: cmake
+
+## Engine used for fuzzing, default is "libfuzzer-clang".
+## Valid values: "libfuzzer-clang", "honggfuzz-clang", "honggfuzz-gcc"
+#engine: libfuzzer-clang
+
+## If the build system type is "other", this command is used to build the fuzz
+## tests.
+#build-command: make my_fuzz_test
+
+## If the build system type is "other", this command is used to list the names
+## of already existing fuzz tests in your project. This allows running all fuzz
+## tests in the project without listing them explicitly, supports fuzz test
+## generation and enables fuzz test completion for commands.
+## The listed names should be separated by whitespace and can't include
+## whitespaces themselves, i.e. 'fuzz_test1 fuzz_test_2 ...'
+#list-fuzz-tests-command: echo my_fuzz_test
+
+## Command-line arguments to pass directly to the build system to use when
+## building fuzz tests.
+#build-system-args:
+# - -DBUILD_TESTS=ON
+
+## Directories containing sample inputs used as seeds for running fuzz tests.
+## For general information on seed corpora, see:
+## https://docs.code-intelligence.com/glossary#seed-corpus
+#seed-corpus-dirs:
+# - path/to/seed-corpus
+
+## Directories containing inputs for calculating coverage. These are used in
+## addition to inputs found in the directory of the fuzz test.
+#corpus-dirs:
+# - path/to/corpus
+
+## File containing input language keywords or other interesting byte sequences
+## used for running fuzz tests.
+## For libFuzzer see: https://llvm.org/docs/LibFuzzer.html#dictionaries
+#dict: path/to/dictionary.dct
+
+## Command-line arguments to pass to the fuzzing engine when running fuzz tests.
+## For libFuzzer see: https://llvm.org/docs/LibFuzzer.html#options
+#engine-args:
+# - -rss_limit_mb=4096
+
+## Maximum time to run all fuzz tests. Default is 10 minutes. The time will be
+## split up evenly between multiple fuzz tests. To keep running indefinitely,
+## set value to 0.
+#max-fuzzing-duration: 30m
+
+## Set to true to print output of the `cifuzz run` command as JSON.
+#print-json: true
+
+## Set to true to disable desktop notifications.
+#no-notifications: true
+
+## Set style for command output.
+## Valid values: "pretty", "plain"
+#style: plain