From 28c2bfbe8ca67575b4ab4aa086c31ce3552c0c7a Mon Sep 17 00:00:00 2001
From: Noah Hellman <noah@hllmn.net>
Date: Wed, 1 Feb 2023 17:44:42 +0100
Subject: [PATCH] add afl fuzz target

---
 Cargo.lock           | 274 +++++++++++++++++++++++++++++++++++++++++++
 Cargo.toml           |   5 +
 Makefile             |  30 +++++
 tests/afl/Cargo.toml |  12 ++
 tests/afl/in/all.dj  |  35 ++++++
 tests/afl/src/gen.rs |  11 ++
 6 files changed, 367 insertions(+)
 create mode 100644 tests/afl/Cargo.toml
 create mode 100644 tests/afl/in/all.dj
 create mode 100644 tests/afl/src/gen.rs

diff --git a/Cargo.lock b/Cargo.lock
index 0306aa9..24d805e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2,6 +2,280 @@
 # It is not intended for manual editing.
 version = 3
 
+[[package]]
+name = "afl"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c0f4180b6d7095a1c3130f1aadead4ece7fb3094dc724c701adb30a92a95228"
+dependencies = [
+ "cc",
+ "clap",
+ "libc",
+ "rustc_version",
+ "xdg",
+]
+
+[[package]]
+name = "ansi_term"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
+dependencies = [
+ "winapi",
+]
+
+[[package]]
+name = "atty"
+version = "0.2.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
+dependencies = [
+ "hermit-abi",
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "bitflags"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+
+[[package]]
+name = "cc"
+version = "1.0.79"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "clap"
+version = "2.34.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
+dependencies = [
+ "ansi_term",
+ "atty",
+ "bitflags",
+ "strsim",
+ "textwrap",
+ "unicode-width",
+ "vec_map",
+]
+
+[[package]]
+name = "dirs"
+version = "4.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059"
+dependencies = [
+ "dirs-sys",
+]
+
+[[package]]
+name = "dirs-sys"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6"
+dependencies = [
+ "libc",
+ "redox_users",
+ "winapi",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi",
+]
+
+[[package]]
+name = "hermit-abi"
+version = "0.1.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "jotdown"
 version = "0.1.0"
+
+[[package]]
+name = "jotdown-afl"
+version = "0.1.0"
+dependencies = [
+ "afl",
+ "jotdown",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.139"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79"
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.51"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d727cae5b39d21da60fa540906919ad737832fe0b1c165da3a34d6548c849d6"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "redox_syscall"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "redox_users"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b"
+dependencies = [
+ "getrandom",
+ "redox_syscall",
+ "thiserror",
+]
+
+[[package]]
+name = "rustc_version"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
+dependencies = [
+ "semver",
+]
+
+[[package]]
+name = "semver"
+version = "1.0.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "58bc9567378fc7690d6b2addae4e60ac2eeea07becb2c64b9f218b53865cba2a"
+
+[[package]]
+name = "strsim"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"
+
+[[package]]
+name = "syn"
+version = "1.0.107"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "textwrap"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060"
+dependencies = [
+ "unicode-width",
+]
+
+[[package]]
+name = "thiserror"
+version = "1.0.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a9cd18aa97d5c45c6603caea1da6628790b37f7a34b6ca89522331c5180fed0"
+dependencies = [
+ "thiserror-impl",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "1.0.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc"
+
+[[package]]
+name = "unicode-width"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
+
+[[package]]
+name = "vec_map"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
+
+[[package]]
+name = "wasi"
+version = "0.11.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
+[[package]]
+name = "xdg"
+version = "2.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c4583db5cbd4c4c0303df2d15af80f0539db703fa1c68802d4cbbd2dd0f88f6"
+dependencies = [
+ "dirs",
+]
diff --git a/Cargo.toml b/Cargo.toml
index b5c3f97..ab560fe 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -18,6 +18,11 @@ exclude = [
     "tests",
 ]
 
+[workspace]
+members = [
+    "tests/afl",
+]
+
 [features]
 suite = [] # test suite
 suite_bench = [] # bench test suite
diff --git a/Makefile b/Makefile
index 5f1b281..2ac12b7 100644
--- a/Makefile
+++ b/Makefile
@@ -25,6 +25,35 @@ bench:
 		ln -fs ../modules/djot.js/bench/$$f benches/$$f; \
 	done
 
+AFL_TARGET?=gen
+AFL_JOBS?=1
+AFL_TARGET_CRASH?=crashes
+
+afl:
+	rm -rf tests/afl/out
+	(cd tests/afl && \
+		cargo afl build --release --config profile.release.debug-assertions=true && \
+		(AFL_NO_UI=1 cargo afl fuzz -i in -o out -Mm ../../target/release/${AFL_TARGET} &) && \
+		for i in $$(seq $$((${AFL_JOBS} - 1))); do \
+			AFL_NO_UI=1 cargo afl fuzz -i in -o out -Ss$$i ../../target/release/${AFL_TARGET} & \
+		done; \
+		trap - EXIT;\
+		cat) # keep process alive for trap
+
+afl_crash:
+	set +e; \
+	for f in $$(find tests/afl/out -path '*/${AFL_TARGET_CRASH}/id*'); do \
+		echo "cat $$f | RUST_BACKTRACE=1 cargo run"; \
+		out=$$(cat $$f | RUST_BACKTRACE=1 cargo run 2>&1); \
+		if [ $$? -ne 0 ]; then \
+			echo; \
+			echo "FAIL"; \
+			echo "$$out"; \
+			echo "cat $$f | RUST_BACKTRACE=1 cargo run"; \
+			exit 1; \
+		fi; \
+	done
+
 clean:
 	cargo clean
 	git submodule deinit -f --all
@@ -33,3 +62,4 @@ clean:
 	rm -f tests/bench/*.dj
 	(cd tests/bench && make clean)
 	rm -f benches/*.dj
+	rm -rf tests/afl/out
diff --git a/tests/afl/Cargo.toml b/tests/afl/Cargo.toml
new file mode 100644
index 0000000..91530e3
--- /dev/null
+++ b/tests/afl/Cargo.toml
@@ -0,0 +1,12 @@
+[package]
+name = "jotdown-afl"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+afl = "0.11"
+jotdown = { path = "../../" }
+
+[[bin]]
+name = "gen"
+path = "src/gen.rs"
diff --git a/tests/afl/in/all.dj b/tests/afl/in/all.dj
new file mode 100644
index 0000000..621e885
--- /dev/null
+++ b/tests/afl/in/all.dj
@@ -0,0 +1,35 @@
+{.class}
+{#id}
+{attr=value}
+# heading
+
+## sub heading
+
+para
+
+::: div-class
+
+- list item
+
+    - indented list item
+
+```lang
+code block
+```
+
+:::
+
+> blockquote
+> > inner
+> > inner
+> outer
+
+[tag]: url
+[^footnote]: description
+
+inline `verbatim` _emphasis_, *strong*, ^sup^, ~sub~, {-del-}, {+ins+} \
+[link][], [text][tag], [text](url), ![alt text](src), <https://example.com>,
+<mail@example.com>, {=mark=}, 'single', "double", $`inline`, $$`display`
+{%comment%}, [span of text]{with=some .attributes}, $`<em>raw html</em>`{=html}
+
+- * - * - * -
diff --git a/tests/afl/src/gen.rs b/tests/afl/src/gen.rs
new file mode 100644
index 0000000..4ef4cc8
--- /dev/null
+++ b/tests/afl/src/gen.rs
@@ -0,0 +1,11 @@
+use afl::fuzz;
+
+fn main() {
+    fuzz!(|data: &[u8]| {
+        if let Ok(s) = std::str::from_utf8(data) {
+            let p = jotdown::Parser::new(s);
+            let mut output = String::new();
+            jotdown::html::push(p, &mut output);
+        }
+    });
+}