2557bdcf39
[100%] Fuzzing libosrm
/tmp/osrm-backend/build/fuzz/driver -max_len=4096 corpus > fuzz-0.log 2>&1
/tmp/osrm-backend/build/fuzz/driver -max_len=4096 corpus > fuzz-1.log 2>&1
/tmp/osrm-backend/build/fuzz/driver -max_len=4096 corpus > fuzz-2.log 2>&1
/tmp/osrm-backend/build/fuzz/driver -max_len=4096 corpus > fuzz-3.log 2>&1
References:
- http://llvm.org/docs/LibFuzzer.html
- http://llvm.org/releases/3.8.0/docs/LibFuzzer.html
- https://github.com/Project-OSRM/osrm-backend/issues/1678
33 lines
967 B
C++
33 lines
967 B
C++
#include "server/api/parameters_parser.hpp"
|
|
|
|
#include "engine/api/base_parameters.hpp"
|
|
#include "engine/api/match_parameters.hpp"
|
|
#include "engine/api/nearest_parameters.hpp"
|
|
#include "engine/api/route_parameters.hpp"
|
|
#include "engine/api/table_parameters.hpp"
|
|
#include "engine/api/tile_parameters.hpp"
|
|
#include "engine/api/trip_parameters.hpp"
|
|
|
|
#include <iterator>
|
|
#include <string>
|
|
|
|
/*
|
|
* First pass at fuzzing the server, without any libosrm setup.
|
|
* Later we want keep state across fuzz testing invocations via:
|
|
*
|
|
* struct State { State() { setup_osrm(); } };
|
|
* static State state;
|
|
*/
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
|
|
{
|
|
std::string in(reinterpret_cast<const char *>(data), size);
|
|
|
|
auto first = begin(in);
|
|
const auto last = end(in);
|
|
|
|
(void)osrm::server::api::parseParameters<osrm::engine::api::RouteParameters>(first, last);
|
|
|
|
return 0; /* Always return zero, sanitizers hard-abort */
|
|
}
|