Add clang fuzzer tester.

2025-07-31 01:42:01 +08:00 · 2020-01-18 20:31:34 +09:00 · 2020-01-18 20:31:34 +09:00 · 28ad4ab7b8
commit 28ad4ab7b8
parent 0227ae5d9b
4 changed files with 92 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -202,6 +202,10 @@ $ ./tester
 $ ./tester_noexcept
 ```

+### Fuzzing tests
+
+See `tests/fuzzer` for details.
+
 ## Third party licenses

 * json.hpp : Licensed under the MIT License <http://opensource.org/licenses/MIT>. Copyright (c) 2013-2017 Niels Lohmann <http://nlohmann.me>.
--- a/tests/fuzzer/README.md
+++ b/tests/fuzzer/README.md
@ -0,0 +1,46 @@
+# Fuzzing test
+
+Do fuzzing test for TinyGLTF API.
+
+## Supported API
+
+* [x] LoadASCIIFromMemory
+* [ ] LoadBinaryFromMemory
+
+## Requirements
+
+* meson
+* clang with fuzzer support(`-fsanitize=fuzzer`. at least clang 8.0 should work)
+
+## Setup
+
+### Ubuntu 18.04
+
+```
+$ sudo apt install clang++-8
+$ sudo apt install libfuzzer-8-dev
+```
+
+Optionally, if you didn't set `update-alternatives` you can set `clang++` to point to `clang++8`
+
+```
+$ sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-8 10
+$ sudo update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-8 10
+```
+
+## How to compile
+
+```
+$ CXX=clang++ CC=clang meson build
+$ cd build
+$ ninja
+```
+
+## How to run
+
+Increase memory limit. e.g. `-rss_limit_mb=50000`
+
+```
+$ ./fuzz_gltf -rss_limit_mb=20000 -jobs 4
+```
+
--- a/tests/fuzzer/fuzz_gltf.cc
+++ b/tests/fuzzer/fuzz_gltf.cc
@ -0,0 +1,33 @@
+#include <cstdint>
+#include <cstring>
+#include <memory>
+#include <vector>
+#include <iostream>
+
+#define STB_IMAGE_IMPLEMENTATION
+#define STB_IMAGE_WRITE_IMPLEMENTATION
+#define TINYGLTF_IMPLEMENTATION
+#include "tiny_gltf.h"
+
+static void parse_intCoding4(const uint8_t *data, size_t size)
+{
+
+  tinygltf::Model model;
+  tinygltf::TinyGLTF ctx;
+  std::string err;
+  std::string warn;
+
+  const char *str = reinterpret_cast<const char *>(data);
+
+  bool ret = ctx.LoadASCIIFromString(&model, &err, &warn, str, size, /* base_dir */"" );
+  (void)ret;
+
+}
+
+extern "C"
+int LLVMFuzzerTestOneInput(std::uint8_t const* data, std::size_t size)
+{
+    parse_intCoding4(data, size);
+    return 0;
+}
+
--- a/tests/fuzzer/meson.build
+++ b/tests/fuzzer/meson.build
@ -0,0 +1,9 @@
+project('fuzz_tinygltf', 'cpp', default_options : ['cpp_std=c++11'])
+
+incdirs = include_directories('../../')
+executable('fuzz_gltf',
+  'fuzz_gltf.cc',
+  include_directories : incdirs,
+  cpp_args : '-fsanitize=address,fuzzer',
+  link_args : '-fsanitize=address,fuzzer' )
+