Add fuzz testing harness to smithy-json and fix bug found by it #462
Conversation
| @@ -0,0 +1,7 @@ | |||
|
|
|||
| target | |||
| corpus | |||
There was a problem hiding this comment.
did you mean to exclude corpus here?
There was a problem hiding this comment.
That was the default from cargo fuzz. I force added the seed files, and this ignore should prevent adding any of the libFuzzer generated corpus documents. Whether or not it will be valuable to commit those is open for debate.
| [package] | ||
| name = "smithy-json-fuzz" | ||
| version = "0.0.0" | ||
| authors = ["Automatically generated"] |
|
|
||
| // Error on characters `u16::from_str_radix` would otherwise accept, such as `+` | ||
| for byte in codepoint_str.bytes() { | ||
| match byte { |
There was a problem hiding this comment.
nit, could do
if !matches(byte, b'0'..=b'9' | b'a'..=b'f' | b'A'..=b'F') {
return Err(..)
} There was a problem hiding this comment.
That's much nicer, thanks.
| position: usize, | ||
| } | ||
|
|
||
| impl<'a> RewindingTokenIter<'a> { |
There was a problem hiding this comment.
doesn't really matter, but this could be replaced with https://doc.rust-lang.org/std/iter/struct.Peekable.html
There was a problem hiding this comment.
I wasn't aware of this. Thanks.
| if codepoint_str.bytes().any(|byte| !matches!(byte, b'0'..=b'9' | b'a'..=b'f' | b'A'..=b'F')) { | ||
| return Err(Error::InvalidUnicodeEscape(codepoint_str.into())) | ||
| if codepoint_str | ||
| .bytes() |
There was a problem hiding this comment.
heh, I was going to suggest this, great minds :-)
This is more work towards #161. It adds a fuzz testing harness for testing the token streaming JSON deserializer that looks for panics and also compares valid output against serde_json.
I ran fuzzing with the included corpus, and also with the JSONTestSuite test cases. Fuzzing revealed an issue where
unescape_stringincorrectly accepted\u+04Das a valid JSON Unicode escape sequence, which is fixed in this PR.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.