Add json fuzzer with seed files from #1123 and test suite

...as well as some cases generated in CI from earlier attempts at
fixing this.

1 files changed, 57 insertions, 0 deletions

diff --git a/fuzz/json_fuzzer.cc b/fuzz/json_fuzzer.cc
new file mode 100644
index 00000000..3ac644a7
--- /dev/null
+++ b/fuzz/json_fuzzer.cc
@@ -0,0 +1,57 @@
+#include "qpdf/JSON.hh"
+#include "qpdf/QPDF.hh"
+#include <qpdf/BufferInputSource.hh>
+#include <qpdf/Pl_Discard.hh>
+#include <iostream>
+#include <stdexcept>
+
+class FuzzHelper
+{
+  public:
+    FuzzHelper(unsigned char const* data, size_t size);
+    void run();
+
+  private:
+    void doChecks();
+
+    unsigned char const* data;
+    size_t size;
+};
+
+FuzzHelper::FuzzHelper(unsigned char const* data, size_t size) :
+    data(data),
+    size(size)
+{
+}
+
+void
+FuzzHelper::doChecks()
+{
+    try {
+        JSON::parse(std::string(reinterpret_cast<char const*>(data), size));
+    } catch (std::runtime_error& e) {
+        std::cerr << "runtime_error parsing json: " << e.what() << std::endl;
+    }
+    QPDF q;
+    Buffer buf(const_cast<unsigned char*>(data), size);
+    auto is = std::make_shared<BufferInputSource>("json", &buf);
+    q.createFromJSON(is);
+}
+
+void
+FuzzHelper::run()
+{
+    try {
+        doChecks();
+    } catch (std::runtime_error const& e) {
+        std::cerr << "runtime_error: " << e.what() << std::endl;
+    }
+}
+
+extern "C" int
+LLVMFuzzerTestOneInput(unsigned char const* data, size_t size)
+{
+    FuzzHelper f(data, size);
+    f.run();
+    return 0;
+}