commit - 847e5e0c0468c53cbfe65257ca2e97a476f1c4ca
commit + 9c1e684d39556ea137a5d65c5718474db273f07a
blob - 90eccf89659a3ad8d61d57a8d8d745e8e8514ffd
blob + 6a8b5b6a1d4677e703abb00940aa4415db5f83bd
--- test/fuzz/CMakeLists.txt
+++ test/fuzz/CMakeLists.txt
add_executable(mp_datetime_fuzzer mp_datetime_fuzzer.c)
target_link_libraries(mp_datetime_fuzzer PUBLIC core fuzzer_config)
+add_subdirectory(lua51)
+set(LUA51_INCLUDE_DIR ${PROJECT_SOURCE_DIR}/test/fuzz/lua51)
+set(LUA51_LIBRARIES ${PROJECT_BINARY_DIR}/test/fuzz/lua51/libliblua51.so)
+add_executable(luaL_loadbuffer_fuzzer luaL_loadbuffer.c)
+target_link_libraries(luaL_loadbuffer_fuzzer PUBLIC ${LUAJIT_LIBRARIES} ${LUA51_LIBRARIES} fuzzer_config)
+target_include_directories(luaL_loadbuffer_fuzzer PUBLIC ${LUAJIT_INCLUDE_DIRS} ${LUA51_INCLUDE_DIR})
+add_dependencies(luaL_loadbuffer_fuzzer libluajit liblua51)
+
set(fuzzing_binaries csv_fuzzer
datetime_parse_full_fuzzer
datetime_strptime_fuzzer
http_parser_fuzzer
+ luaL_loadbuffer_fuzzer
mp_datetime_fuzzer
swim_proto_member_fuzzer
swim_proto_meta_fuzzer
blob - /dev/null
blob + 2e44090caa336013f920995b57c32deb2bc5f88e (mode 644)
--- /dev/null
+++ test/fuzz/lua51/CMakeLists.txt
+find_package(Lua 5.1 REQUIRED)
+message(STATUS "Found Lua ${LUA_VERSION_STRING}")
+set(LIBLUA51_SOURCES lua51.c)
+add_library(liblua51 SHARED ${LIBLUA51_SOURCES})
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99 -fPIC -fstrict-aliasing")
+target_include_directories(liblua51 PRIVATE
+ ${LUA_INCLUDE_DIR}
+)
+target_link_libraries(liblua51 PRIVATE
+ ${LUA_LIBRARIES}
+)
+target_compile_options(liblua51 PRIVATE
+ -Wall
+ -Wextra
+ -Wpedantic
+ -Wno-unused-parameter
+ -g
+)
blob - /dev/null
blob + c4b8edf0b18dabd58fc4189196f523bd66e43254 (mode 644)
--- /dev/null
+++ test/fuzz/lua51/lua51.c
+#include <lua.h>
+#include <lualib.h>
+#include <lauxlib.h>
+
+/*
+#define func_def_2(func_name, type1, type2) \
+ int \
+ lua51##func_name(type1 arg1, type2 arg2) { \
+ return func_name(arg1, arg2); \
+ }
+
+func_def_2(luaL_dostring, struct lua_State *, const char *)
+*/
+
+lua_State *lua51_luaL_newstate(void) {
+ return luaL_newstate();
+}
+
+int lua51_luaL_dostring(lua_State *L, const char *str) {
+ return luaL_dostring(L, str);
+}
+
+/*
+void lua51_luaL_openlibs(lua_State *L) {
+ luaL_openlibs(L);
+}
+*/
+
+int lua51_luaL_loadbuffer(lua_State *L, const char *buff, size_t sz, const char *name) {
+ return luaL_loadbuffer(L, buff, sz, name);
+}
+
+int lua51_lua_pcall(lua_State *L, int nargs, int nresults, int errfunc) {
+ return lua_pcall(L, nargs, nresults, errfunc);
+}
+
+void lua51_lua_pop(lua_State *L, int n) {
+ lua_pop(L, n);
+}
+
+void lua51_lua_settop(lua_State *L, int index) {
+ lua_settop(L, index);
+
+}
blob - /dev/null
blob + 0428a589b1f619d078d14e40be68fcb53b7f6490 (mode 644)
--- /dev/null
+++ test/fuzz/lua51/lua51.h
+#ifndef LUA51_H_
+#define LUA51_H_
+
+typedef struct lua_State lua51_lua_State;
+lua51_lua_State * lua51_luaL_newstate(void);
+int lua51_luaL_dostring(lua51_lua_State *L, const char *str);
+void lua51_luaL_openlibs(lua51_lua_State *L);
+int lua51_luaL_loadbuffer(lua51_lua_State *L, const char *buff, size_t sz, const char *name);
+int lua51_lua_pcall(lua51_lua_State *L, int nargs, int nresults, int errfunc);
+void lua51_lua_settop(lua51_lua_State *L, int index);
+
+#endif /* LUA51_H_ */
blob - /dev/null
blob + 3b46889a277a0d3c4e677c2f04ff2252b46e3ea4 (mode 644)
--- /dev/null
+++ test/fuzz/luaL_loadbuffer.c
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <lua.h>
+#include <lualib.h>
+#include <lauxlib.h>
+#include <assert.h>
+
+#define TEST_ORACLE_LUA51 1
+
+#ifdef TEST_ORACLE_LUA51
+#include "lua51.h"
+#endif /* TEST_ORACLE_LUA51 */
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ lua_State *L = luaL_newstate();
+ if (!L) {
+ return 0;
+ }
+ luaL_openlibs(L);
+ // Make compiler really aggressive,
+ // see https://luajit.org/running.html
+ // and https://luajit.org/ext_c_api.html
+ luaL_dostring(L, "jit.opt.start('hotloop=1')");
+ luaL_dostring(L, "jit.opt.start('hotexit=1')");
+ luaL_dostring(L, "jit.opt.start('recunroll=1')");
+ luaL_dostring(L, "jit.opt.start('callunroll=1')");
+ int rc_jit = luaL_loadbuffer(L, (const char *)data, size, "fuzz_test");
+ if (rc_jit == 0)
+ rc_jit = lua_pcall(L, 0, 0, 0);
+ lua_settop(L, 0);
+ lua_close(L);
+
+ /* JIT-compilation is disabled */
+
+ L = luaL_newstate();
+ if (!L) {
+ return 0;
+ }
+ luaL_openlibs(L);
+ // https://luajit.org/ext_jit.html
+ luaL_dostring(L, "jit.off(true, true)");
+ int rc_jitoff = luaL_loadbuffer(L, (const char *)data, size, "fuzz_test");
+ if (rc_jitoff == 0)
+ rc_jitoff = lua_pcall(L, 0, 0, 0);
+ //printf("rc_jit %d, rc_jitoff %d\n", rc_jit, rc_jitoff);
+ assert(rc_jit == rc_jitoff);
+ lua_settop(L, 0);
+ /*lua_close(L);*/
+
+#ifdef TEST_ORACLE_LUA51
+ /* PUC Rio Lua 5.1 */
+ lua51_lua_State *LUA51_L = lua51_luaL_newstate();
+ luaL_openlibs(LUA51_L);
+ int rc_lua51 = lua51_luaL_loadbuffer(LUA51_L, (const char *)data, size, "lua51");
+ if (rc_lua51 == 0)
+ rc_lua51 = lua51_lua_pcall(LUA51_L, 0, 0, 0);
+ lua51_lua_settop(LUA51_L, 0);
+ /* lua_close(LUA51_L); */
+ //printf("rc_lua51 %d, rc_jitoff %d\n", rc_lua51, rc_jitoff);
+ assert(rc_lua51 == rc_jitoff);
+#endif /* TEST_ORACLE_LUA51 */
+
+ return 0;
+}
