Merge pull request #257 from boostorg/fuzzing

Add fuzzing of `try_scientific_to_int` to CI

Author: Flamefire

.github/workflows/ci.yml

@@ -128,6 +128,8 @@ jobs:
           # https://github.com/llvm/llvm-project/issues/59827: disabled 2b/23 for clang-17 with libstdc++13 in 24.04
           - { compiler: clang-17,  cxxstd: '11,14,17,20',    os: ubuntu-24.04 }
           - { compiler: clang-18,  cxxstd: '11,14,17,20,23,2c', os: ubuntu-24.04 }
+          - { name: Run code fuzzer, fuzzing: yes,
+              compiler: clang-18,  cxxstd: '20',             os: ubuntu-24.04, variant: debug, link: static }
 
           # libc++
           - { compiler: clang-6.0, cxxstd: '11,14',       os: ubuntu-22.04, container: 'ubuntu:18.04', stdlib: libc++, install: 'clang-6.0 libc++-dev libc++abi-dev' }
@@ -296,7 +298,8 @@ jobs:
           # More entries can be added in the same way, see the B2_ARGS assignment in ci/enforce.sh for the possible keys.
           # B2_DEFINES: ${{matrix.defines}}
           # Variables set here (to non-empty) will override the top-level environment variables, e.g.
-          # B2_VARIANT: ${{matrix.variant}}
+          B2_VARIANT: ${{matrix.variant}}
+          B2_LINK: ${{matrix.link}}
           B2_UBSAN: ${{matrix.ubsan}}
         run: source ci/github/install.sh
 
@@ -368,6 +371,11 @@ jobs:
           COVERITY_SCAN_NOTIFICATION_EMAIL: ${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}
           COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
 
+      - name: Run fuzzing
+        if: matrix.fuzzing
+        run: B2_TARGETS="libs/$SELF/fuzzing" ci/build.sh
+        env: {B2_FLAGS: -a}
+
   windows:
     defaults:
       run:

fuzzing/Jamfile

@@ -0,0 +1,81 @@
+# Copyright (c) 2024 Matt Borland
+# Copyright (c) 2025 Alexander Grund
+#
+# Distributed under the Boost Software License, Version 1.0.
+# https://www.boost.org/LICENSE_1_0.txt.
+
+
+import common ;
+import path ;
+import python ;
+import regex ;
+import toolset ;
+
+path-constant HERE : . ;
+
+local all_fuzzers = [ regex.replace-list
+    [ glob "fuzz_*.cpp" ] : ".cpp" : ""
+] ;
+
+if ! [ python.configured ]
+{
+    using python ;
+}
+
+.make-corpus-script = $(HERE)/make-corpus.py ;
+
+rule make-corpus ( target : sources + : properties * )
+{
+    RUNNER on $(target) = [ path.native $(.make-corpus-script) ] ;
+}
+actions make-corpus
+{
+    "$(PYTHON:E=python)" "$(RUNNER)" "$(<)" "$(>)"
+}
+toolset.flags $(__name__).make-corpus PYTHON <python.interpreter> ;
+
+for local fuzzer in $(all_fuzzers)
+{
+    local fuzz_time = 60 ;
+    local corpus = /tmp/corpus/$(fuzzer) ;
+    local min_corpus = /tmp/mincorpus/$(fuzzer) ;
+    local seed_corpus = $(HERE)/seedcorpus/$(fuzzer) ;
+    local seed_files = [ glob "$(seed_corpus)/*" ] ;
+
+    # Create the output corpus directories
+    make $(corpus) : $(seed_files) : make-corpus : <dependency>$(.make-corpus-script) ;
+    make $(min_corpus) : : common.MkDir ;
+
+    # Build the fuzzer
+    exe $(fuzzer)
+        :
+            $(fuzzer).cpp
+        : requirements
+            <debug-symbols>on
+            <optimization>speed
+            <address-sanitizer>on
+            <undefined-sanitizer>norecover
+            <cxxflags>-fsanitize=fuzzer
+            <linkflags>-fsanitize=fuzzer
+            <library>/boost/locale//boost_locale
+    ;
+
+    # Run the fuzzer for a short while
+    run $(fuzzer)
+        : <testing.arg>"$(corpus) -max_total_time=$(fuzz_time)"
+        : target-name $(fuzzer)-fuzzing
+        : requirements
+            <dependency>$(corpus)
+    ;
+
+    # Minimize the corpus
+    run $(fuzzer)
+        : <testing.arg>"$(min_corpus) $(corpus) -merge=1"
+        : target-name $(fuzzer)-minimize-corpus
+        : requirements
+            <dependency>$(fuzzer)-fuzzing
+            <dependency>$(corpus)
+            <dependency>$(min_corpus)
+    ;
+}
+

fuzzing/fuzz_scientific_to_int.cpp

@@ -0,0 +1,36 @@
+//
+// Copyright (c) 2025 Alexander Grund
+//
+// Distributed under the Boost Software License, Version 1.0.
+// https://www.boost.org/LICENSE_1_0.txt
+
+#include "../src/util/numeric_conversion.hpp"
+
+#include <boost/core/detail/string_view.hpp>
+#include <cstdint>
+#include <exception>
+#include <iostream>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size)
+{
+    const boost::core::string_view sv{reinterpret_cast<const char*>(data), size};
+    using boost::locale::util::try_scientific_to_int;
+    try {
+        uint8_t u8{};
+        try_scientific_to_int(sv, u8);
+
+        uint16_t u16{};
+        try_scientific_to_int(sv, u16);
+
+        uint32_t u32{};
+        try_scientific_to_int(sv, u32);
+
+        uint8_t u64{};
+        try_scientific_to_int(sv, u64);
+    } catch(...) {
+        std::cerr << "Error with '" << sv << "' (size " << size << ')' << std::endl;
+        std::terminate();
+    }
+
+    return 0;
+}

fuzzing/make-corpus.py

@@ -0,0 +1,29 @@
+#!/bin/env python
+
+import os
+import sys
+
+
+def get_samples(input_files):
+    for file_name in input_files:
+        if not os.path.isfile(file_name):
+            raise RuntimeError("Not a file: " + file_name)
+        with open(file_name, 'r') as input_file:
+            yield from input_file
+
+
+def process_files(output_folder, input_files):
+    if not os.path.exists(output_folder):
+        os.makedirs(output_folder)
+
+    for i, sample in enumerate(get_samples(input_files)):
+        with open(os.path.join(output_folder, str(i) + ".txt"), 'w') as output_file:
+            output_file.write(sample)
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 3:
+        print("Usage: python script.py <output_folder> <input_file1> [<input_file2> ...]")
+        sys.exit(1)
+
+    process_files(output_folder=sys.argv[1], input_files=sys.argv[2:])

fuzzing/seedcorpus/fuzz_scientific_to_int/input.txt

@@ -0,0 +1,173 @@
+1
+1E0
+0.1E1
+0.01E2
+0.001E3
+10
+10E0
+1E1
+0.1E2
+0.01E3
+100
+1E2
+10E1
+0.1E3
+0.01E4
+123
+1.23E2
+12.3E1
+123E0
+0.123E3
+0
+0E0
+0.0E1
+0.000E3
+255
+255E0
+2.55E2
+25.5E1
+0.255E3
+50
+5E1
+0.5E2
+0.05E3
+450
+4.5E2
+45E1
+0.45E3
+-50
+-5E1
+-0.5E2
+-0.05E3
+250
+2.5E2
+25E1
+250E0
+0.25E3
+2.5E+2
+-700
+-7E2
+-70E1
+-700E0
+-0.7E3
+1234
+1.234E3
+123.4E1
+1234E0
+12.34E2
+0.01234E5
+123000
+123E3
+1.23E5
+12.3E4
+0.000123E9
+-0.0005E0
+-0.005E1
+-0.05E2
+-5E-4
+9999
+9.999E3
+99.99E2
+999.9E1
+9999E0
+1.5
+1.5E0
+0.15E1
+0.015E2
+-1
+-1E0
+-0.1E1
+-0.01E2
+-10
+-10E0
+-1E1
+-0.1E2
+-100
+-1E2
+-10E1
+-100E0
+45
+4.5E1
+0.45E2
+5678
+5.678E3
+56.78E2
+567.8E1
+5678E0
+999000
+9.99E5
+99.9E4
+999E3
+9990E2
+200
+2E2
+20E1
+200E0
+2.0E+2
+2147483648
+2.147483648E9
+4294967296
+4.294967296E9
+10000000000
+1E10
+18446744074.073709551615E9
+9223372036854775808
+9.223372036854775808E18
+100000000000
+1E11
+1000000000000
+1E12
+1234567890123
+1.234567890123E12
+9876543210000
+9.87654321E12
+9999999999999
+9.999999999999E12
+99999999999999
+9.9999999999999E13
+100000000000000
+1E14
+123456789012345
+1.23456789012345E14
+987654321098765
+9.87654321098765E14
+1000000000000000
+1E15
+1844674400000000000
+1.8446744E18
+9000000000000000000
+9E18
+9990000000000000000
+9.99E18
+10000000000000000000
+1E19
+12345678900000000000
+1.23456789E19
+9876543210000000000
+9.87654321E18
+18440000000000000000
+1.844E19
+900000000000000
+9E14
+1844674400000000
+1.8446744E15
+1844674407000000000
+1.844674407E18
+12300000000000000000
+1.23E19
+18446744073700000000
+1.84467440737E19
+9999999999999999999
+9.999999999999999999E18
+1844674400000000000
+1.8446744E15
+10.5E18
+100.0000E18
+5E
+15E
+225E
+5E-
+15E-
+225E-
+5e1
+5.5e1