1 files changed, 29 insertions, 11 deletions

diff --git a/Firestore/Example/FuzzTests/FSTFuzzTestsPrincipal.mm b/Firestore/Example/FuzzTests/FSTFuzzTestsPrincipal.mm
index 0d832c0..7acb8b5 100644
--- a/Firestore/Example/FuzzTests/FSTFuzzTestsPrincipal.mm
+++ b/Firestore/Example/FuzzTests/FSTFuzzTestsPrincipal.mm
@@ -29,15 +29,16 @@ namespace {
 // Fuzz-test the deserialization process in Firestore. The Serializer reads raw
 // bytes and converts them to a model object.
 void FuzzTestDeserialization(const uint8_t *data, size_t size) {
-  DatabaseId database_id{"project", DatabaseId::kDefault};
-  Serializer serializer{database_id};
-
-  @try {
-    serializer.DecodeFieldValue(data, size);
-  } @catch (...) {
-    // Caught exceptions are ignored because the input might be malformed and
-    // the deserialization might throw an error as intended. Fuzzing focuses on
-    // runtime errors that are detected by the sanitizers.
+  Serializer serializer{DatabaseId{"project", DatabaseId::kDefault}};
+
+  @autoreleasepool {
+    @try {
+      serializer.DecodeFieldValue(data, size);
+    } @catch (...) {
+      // Caught exceptions are ignored because the input might be malformed and
+      // the deserialization might throw an error as intended. Fuzzing focuses on
+      // runtime errors that are detected by the sanitizers.
+    }
   }
 }
 
@@ -50,10 +51,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
 // Simulates calling the main() function of libFuzzer (FuzzerMain.cpp).
 int RunFuzzTestingMain() {
+  // Get dictionary file path from resources and convert to a program argument.
+  NSString *plugins_path = [[NSBundle mainBundle] builtInPlugInsPath];
+
+  NSString *dict_location =
+      @"Firestore_FuzzTests_iOS.xctest/FuzzingResources/Serializer/serializer.dictionary";
+  NSString *dict_path = [plugins_path stringByAppendingPathComponent:dict_location];
+  const char *dict_arg = [[NSString stringWithFormat:@"-dict=%@", dict_path] UTF8String];
+
+  // Get corpus and convert to a program argument.
+  NSString *corpus_location = @"FuzzTestsCorpus";
+  NSString *corpus_path = [plugins_path stringByAppendingPathComponent:corpus_location];
+  const char *corpus_arg = [corpus_path UTF8String];
+
   // Arguments to libFuzzer main() function should be added to this array,
-  // e.g., dictionaries, corpus, number of runs, jobs, etc.
+  // e.g., dictionaries, corpus, number of runs, jobs, etc. The FuzzerDriver of
+  // libFuzzer expects the non-const argument 'char ***argv' and it does not
+  // modify it throughout the method.
   char *program_args[] = {
-      const_cast<char *>("RunFuzzTestingMain")  // First arg is program name.
+      const_cast<char *>("RunFuzzTestingMain"),  // First arg is program name.
+      const_cast<char *>(dict_arg),              // Dictionary arg.
+      const_cast<char *>(corpus_arg)             // Corpus must be the last arg.
   };
   char **argv = program_args;
   int argc = sizeof(program_args) / sizeof(program_args[0]);