xref: /freebsd/contrib/libcbor/oss-fuzz/cbor_load_fuzzer.cc (revision 1323ec571215a77ddd21294f0871979d5ad6b992)
1 #include <cstdint>
2 #include <cstdio>
3 
4 #include "cbor.h"
5 
6 void *limited_malloc(size_t size) {
7     if (size > 1 << 24) {
8         return nullptr;
9     }
10     return malloc(size);
11 }
12 
13 struct State {
14     FILE* fout;
15 
16     State() : fout(fopen("/dev/null", "r")) {
17         cbor_set_allocs(limited_malloc, realloc, free);
18     }
19 };
20 
21 static State kState;
22 
23 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
24     cbor_load_result result;
25     cbor_item_t *item = cbor_load(Data, Size, &result);
26     if (result.error.code == CBOR_ERR_NONE) {
27         cbor_describe(item, kState.fout);
28         unsigned char *buffer;
29         size_t buffer_size;
30         cbor_serialize_alloc(item, &buffer, &buffer_size);
31         free(buffer);
32         cbor_item_t *copied = cbor_copy(item);
33         cbor_decref(&copied);
34         cbor_decref(&item);
35     }
36     return 0;
37 }
38