CDRIVER-5648 fix libfuzzer integration (#1686)

spencerjackson · web-flow · commit 8cc212b0cc9c · 2024-08-13T10:29:10.000-05:00
* Implement and simplify libfuzzer entrypoint

* Structure libbson/CMakeLists.txt to isolate fuzzer definitions

* Rework fuzzer enablement to use a switch
diff --git a/build/cmake/Sanitizers.cmake b/build/cmake/Sanitizers.cmake
@@ -11,6 +11,24 @@ mongo_setting (
          endif()
       ]])
 
+mongo_bool_setting(
+    MONGO_FUZZ "Enable LibFuzzer integration"
+    DEFAULT VALUE OFF
+    VALIDATE CODE [[
+        if (MONGO_FUZZ AND NOT ENABLE_STATIC)
+	    message (FATAL_ERROR "MONGO_FUZZ requires ENABLE_STATIC=ON or ENABLE_STATIC=BUILD_ONLY")
+	endif ()
+    ]]
+)
+
+if (MONGO_FUZZ)
+    set(mongo_fuzz_options "address,undefined,fuzzer-no-link")
+    if (MONGO_SANITIZE AND NOT "${MONGO_SANITIZE}" STREQUAL "${mongo_fuzz_options}")
+        message(WARNING "Overriding user-provided MONGO_SANITIZE options due to MONGO_FUZZ=ON")
+    endif ()
+    set_property (CACHE MONGO_SANITIZE PROPERTY VALUE "${mongo_fuzz_options}")
+endif ()
+
 # Replace commas with semicolons for the genex
 string(REPLACE ";" "," _sanitize "${MONGO_SANITIZE}")
 
diff --git a/src/libbson/CMakeLists.txt b/src/libbson/CMakeLists.txt
@@ -399,6 +399,10 @@ install (EXPORT bson-targets
 include (LegacyPackage)
 include (CPack)
 
+if (MONGO_FUZZ)
+   add_subdirectory(fuzz)
+endif ()
+
 # 8888888b.
 # 888  "Y88b
 # 888    888
diff --git a/src/libbson/fuzz/CMakeLists.txt b/src/libbson/fuzz/CMakeLists.txt
@@ -0,0 +1,4 @@
+add_executable(fuzz_test_init_from_json EXCLUDE_FROM_ALL
+   fuzz_test_init_from_json.c)
+target_link_libraries(fuzz_test_init_from_json PRIVATE bson_static)
+set_property(TARGET fuzz_test_init_from_json APPEND PROPERTY LINK_OPTIONS -fsanitize=fuzzer)
diff --git a/src/libbson/fuzz/fuzz_test_init_from_json.c b/src/libbson/fuzz/fuzz_test_init_from_json.c
@@ -6,16 +6,12 @@
 int
 LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
 {
-   char *nt = malloc (size + 1);
-   memcpy (nt, data, size);
-   nt[size] = '\0';
    bson_error_t error;
 
    bson_t b;
-   if (bson_init_from_json (&b, nt, -1, &error)) {
+   if (bson_init_from_json (&b, (const char *) data, size, &error)) {
       bson_destroy (&b);
    }
 
-   free (nt);
    return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -6,16 +6,12 @@`
`6`	`6`	`int`
`7`	`7`	`LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)`
`8`	`8`	`{`
`9`		`- char *nt = malloc (size + 1);`
`10`		`- memcpy (nt, data, size);`
`11`		`- nt[size] = '\0';`
`12`	`9`	`bson_error_t error;`
`13`	`10`
`14`	`11`	`bson_t b;`
`15`		`- if (bson_init_from_json (&b, nt, -1, &error)) {`
	`12`	`+ if (bson_init_from_json (&b, (const char *) data, size, &error)) {`
`16`	`13`	`bson_destroy (&b);`
`17`	`14`	`}`
`18`	`15`
`19`		`- free (nt);`
`20`	`16`	`return 0;`
`21`	`17`	`}`