1 // From https://svn.boost.org/trac10/ticket/12818
2 // This fuzz target can likely be enhanced to exercise more code.
3 // The ideal place for this fuzz target is the boost repository.
4 #ifdef DEBUG
5 #include <iostream>
6 #endif
7 
8 #include <boost/regex.hpp>
9 #include <fuzzer/FuzzedDataProvider.h>
10 
11 namespace {
assertPostConditions(boost::match_results<std::string::const_iterator> const & match,boost::regex const & e)12   void assertPostConditions(boost::match_results<std::string::const_iterator> const& match, boost::regex const& e)
13   {
14     // See https://www.boost.org/doc/libs/1_71_0/libs/regex/doc/html/boost_regex/ref/regex_match.html
15     assert(match.size() == e.mark_count() + 1);
16     assert(!match.empty());
17     assert(!match.prefix().matched);
18     assert(!match.suffix().matched);
19   }
20 }
21 
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)22 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
23   FuzzedDataProvider fuzzed_data(Data, Size);
24   // First value is length of the regex string
25   size_t regex_length = fuzzed_data.ConsumeIntegral<uint8_t>();
26   // Second value is regexp string whose length is `regex_length`
27   std::string regex_string = fuzzed_data.ConsumeBytesAsString(regex_length);
28   boost::regex e(regex_string);
29   // Last value is the text to be matched
30   std::string text = fuzzed_data.ConsumeRemainingBytesAsString();
31 
32 #ifdef DEBUG
33     std::cout << "Regexp string: " << regex_string << "Size: " << regex_string.size() << std::endl;
34     std::cout << "Text: " << text << "Size: " << text.size() << std::endl;
35 #endif
36 
37   try {
38     boost::match_results<std::string::const_iterator> what;
39     bool match = boost::regex_match(text, what, e,
40                        boost::match_default | boost::match_partial);
41     if (match)
42       assertPostConditions(what, e);
43   }
44   catch (const std::runtime_error &) {
45   }
46   return 0;
47 }
48