beltoforion / muparserx

A C++ Library for Parsing Expressions with Strings, Complex Numbers, Vectors, Matrices and more.
http://beltoforion.de/en/muparserx
BSD 2-Clause "Simplified" License
135 stars 60 forks source link

Add fuzzing by way of ClusterFuzzLite #128

Closed DavidKorczynski closed 10 months ago

DavidKorczynski commented 10 months ago

This adds fuzzing by way of ClusterFuzzLite, which is a GitHub action that will perform a short amount of fuzzing for new PRs. The goal is to use fuzzing to catch bugs that may be introduced by new PRs.

I added a fuzzer that targets ParserX::Eval parsing logic, and currently set the timeout of CFLite to 180 seconds. CFLite will flag if the fuzzer finds any issues in the code introduced by a PR.

To reproduce this set up the way ClusterFuzzLite does it (by way of OSS-Fuzz) you can do:

git clone https://github.com/google/oss-fuzz
git clone https://github.com/DavidKorczynski/muparserx
cd muparserx
git checkout clusterfuzzlite

# Build the fuzzers in .clusterfuzzlite
python3 ../oss-fuzz/infra/helper.py build_fuzzers --external $PWD

# Run the fuzzer for 10 seconds
python3 ../oss-fuzz/infra/helper.py run_fuzzer --external $PWD parser_fuzzer-- -max_total_time=10
beltoforion commented 10 months ago

I'll give it a try.