From 37edbc694d9e46c64de5263960cbcdf3e65bd6f9 Mon Sep 17 00:00:00 2001 From: Mina Farid Date: Tue, 3 Jul 2018 13:40:50 -0400 Subject: Fuzz test Serializer to decode FieldValue (#1485) --- Firestore/Example/FuzzTests/FSTFuzzTestsPrincipal.mm | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/Firestore/Example/FuzzTests/FSTFuzzTestsPrincipal.mm b/Firestore/Example/FuzzTests/FSTFuzzTestsPrincipal.mm index 038e687..0d832c0 100644 --- a/Firestore/Example/FuzzTests/FSTFuzzTestsPrincipal.mm +++ b/Firestore/Example/FuzzTests/FSTFuzzTestsPrincipal.mm @@ -18,8 +18,10 @@ #include "LibFuzzer/FuzzerDefs.h" +#include "Firestore/core/src/firebase/firestore/model/database_id.h" #include "Firestore/core/src/firebase/firestore/remote/serializer.h" +using firebase::firestore::model::DatabaseId; using firebase::firestore::remote::Serializer; namespace { @@ -27,7 +29,16 @@ namespace { // Fuzz-test the deserialization process in Firestore. The Serializer reads raw // bytes and converts them to a model object. void FuzzTestDeserialization(const uint8_t *data, size_t size) { - // TODO(minafarid): fuzz-test Serializer. + DatabaseId database_id{"project", DatabaseId::kDefault}; + Serializer serializer{database_id}; + + @try { + serializer.DecodeFieldValue(data, size); + } @catch (...) { + // Caught exceptions are ignored because the input might be malformed and + // the deserialization might throw an error as intended. Fuzzing focuses on + // runtime errors that are detected by the sanitizers. + } } // Contains the code to be fuzzed. Called by the fuzzing library with -- cgit v1.2.3