From 0dbb5392b8f31d501e3bb34056ad6f13d2538fa3 Mon Sep 17 00:00:00 2001 From: Gabriel Rasskin Date: Tue, 14 Jul 2020 11:07:12 -0700 Subject: [PATCH 1/3] Increase complexity of arg_def_fuzz @mihaimaruseac --- .../fuzzing/consume_leading_digits_fuzz.cc | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc b/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc index d49bc1f2110..cb000888c02 100644 --- a/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc +++ b/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc @@ -18,21 +18,26 @@ limitations under the License. #include "tensorflow/core/platform/str_util.h" #include "tensorflow/core/platform/stringpiece.h" +#include + // This is a fuzzer for tensorflow::str_util::ConsumeLeadingDigits namespace { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - uint8_t *byte_data = const_cast(data); - char *char_data = reinterpret_cast(byte_data); + FuzzedDataProvider fuzzed_data(data, size); - tensorflow::StringPiece sp(char_data, size); - tensorflow::uint64 val; + while (fuzzed_data.remaining_bytes() > 0) { + std::string s = fuzzed_data.ConsumeRandomLengthString(5); + tensorflow::StringPiece sp(s); + tensorflow::uint64 val; - const bool leading_digits = - tensorflow::str_util::ConsumeLeadingDigits(&sp, &val); - if (leading_digits) { - assert(val >= 0); + const bool leading_digits = tensorflow::str_util::ConsumeLeadingDigits(&sp, &val); + const char lead_char_consume_digits = *(sp.data()); + if (leading_digits) { + assert(lead_char_consume_digits < '0' && lead_char_consume_digits > '9'); + assert(val >= 0); + } } return 0; From 003aff6323fea2f9b5328f640569a5e3af7480a7 Mon Sep 17 00:00:00 2001 From: Gabriel Rasskin Date: Tue, 14 Jul 2020 18:32:41 +0000 Subject: [PATCH 2/3] Change size of random string Co-authored-by: Mihai Maruseac --- tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc b/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc index cb000888c02..6edf349ff26 100644 --- a/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc +++ b/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc @@ -28,7 +28,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fuzzed_data(data, size); while (fuzzed_data.remaining_bytes() > 0) { - std::string s = fuzzed_data.ConsumeRandomLengthString(5); + std::string s = fuzzed_data.ConsumeRandomLengthString(25); tensorflow::StringPiece sp(s); tensorflow::uint64 val; From 09599b6e7bf0add9a8e49da078f66e0420ccd95c Mon Sep 17 00:00:00 2001 From: Mihai Maruseac Date: Tue, 14 Jul 2020 18:37:14 +0000 Subject: [PATCH 3/3] Update tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc --- tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc b/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc index 6edf349ff26..ef2d83c0ffc 100644 --- a/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc +++ b/tensorflow/security/fuzzing/consume_leading_digits_fuzz.cc @@ -35,7 +35,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { const bool leading_digits = tensorflow::str_util::ConsumeLeadingDigits(&sp, &val); const char lead_char_consume_digits = *(sp.data()); if (leading_digits) { - assert(lead_char_consume_digits < '0' && lead_char_consume_digits > '9'); + assert(lead_char_consume_digits < '0' || lead_char_consume_digits > '9'); assert(val >= 0); } }