add fuzzing poc

Author: rdementi

tests/CMakeLists.txt

@@ -17,3 +17,14 @@ if(UNIX)
     endif(LINUX)
 
 endif(UNIX)
+
+if(FUZZ)
+    add_executable(urltest-fuzz urltest-fuzz.cpp)
+    # TODO add_executable(pcm-sensor-server-fuzz pcm-sensor-server-fuzz.cpp)
+    set(FUZZER_OPTIONS "-fsanitize=fuzzer,address -fprofile-instr-generate -fcoverage-mapping")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${FUZZER_OPTIONS}")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${FUZZER_OPTIONS}")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${FUZZER_OPTIONS}")
+    target_link_libraries(urltest-fuzz Threads::Threads PCM_STATIC)
+    # TODO: target_link_libraries(pcm-sensor-server-fuzz Threads::Threads PCM_STATIC)
+endif()

tests/fuzz.sh

@@ -0,0 +1,7 @@
+
+CC=`which clang` CXX=`which clang++` cmake ..  -DCMAKE_BUILD_TYPE=Debug -DFUZZ=1 && mkdir corpus &&
+make urltest-fuzz &&
+bin/tests/urltest-fuzz -max_total_time=30 corpus &&
+llvm-profdata merge -sparse default.profraw -o default.profdata &&
+llvm-cov report --summary-only  ./bin/tests/urltest-fuzz -instr-profile=default.profdata
+

tests/urltest-fuzz.cpp

@@ -0,0 +1,25 @@
+#define UNIT_TEST 1
+
+#include "../src/pcm-sensor-server.cpp"
+
+#undef UNIT_TEST
+
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+       try
+       {
+               std::string buf(reinterpret_cast<const char*>(data), size);
+               buf.push_back('\0');
+               URL x = URL::parse(buf.c_str());
+       }
+       catch (std::runtime_error & )
+       {
+               // catch recognized malformed input (thrown as runtime_error in the URL::parse)
+               // do not catch any other errors or exceptions to let them be reported
+               // by libFuzzer
+       }
+
+       return 0;
+}
+