diff options
-rw-r--r-- | src/mongo/db/storage/SConscript | 10 | ||||
-rw-r--r-- | src/mongo/db/storage/key_string_to_bson_fuzzer.cpp | 126 |
2 files changed, 136 insertions, 0 deletions
diff --git a/src/mongo/db/storage/SConscript b/src/mongo/db/storage/SConscript index 4f4b8f2e43e..3e66269ca93 100644 --- a/src/mongo/db/storage/SConscript +++ b/src/mongo/db/storage/SConscript @@ -432,3 +432,13 @@ env.Library( ], ) +env.CppLibfuzzerTest( + target='key_string_to_bson_fuzzer', + source=[ + 'key_string_to_bson_fuzzer.cpp', + ], + LIBDEPS=[ + 'key_string', + '$BUILD_DIR/mongo/base', + ], +) diff --git a/src/mongo/db/storage/key_string_to_bson_fuzzer.cpp b/src/mongo/db/storage/key_string_to_bson_fuzzer.cpp new file mode 100644 index 00000000000..1b34c79790d --- /dev/null +++ b/src/mongo/db/storage/key_string_to_bson_fuzzer.cpp @@ -0,0 +1,126 @@ +/** + * Copyright (C) 2019-present MongoDB, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Server Side Public License, version 1, + * as published by MongoDB, Inc. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Server Side Public License for more details. + * + * You should have received a copy of the Server Side Public License + * along with this program. If not, see + * <http://www.mongodb.com/licensing/server-side-public-license>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the Server Side Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#include "mongo/db/storage/key_string.h" +#include "mongo/bson/bson_validate.h" + +const mongo::Ordering kAllAscending = mongo::Ordering::make(mongo::BSONObj()); +const mongo::Ordering kOneDescending = mongo::Ordering::make(BSON("a" << -1)); +const auto kV1 = mongo::KeyString::Version::V1; +const auto kV0 = mongo::KeyString::Version::V0; + +uint8_t getZeroType(char val) { + using mongo::KeyString; + switch (val % 10) { + case 0: + return KeyString::TypeBits::kInt; + case 1: + return KeyString::TypeBits::kDouble; + case 2: + return KeyString::TypeBits::kLong; + case 3: + return KeyString::TypeBits::kNegativeDoubleZero; + case 4: + return KeyString::TypeBits::kDecimalZero0xxx; + case 5: + return KeyString::TypeBits::kDecimalZero1xxx; + case 6: + return KeyString::TypeBits::kDecimalZero2xxx; + case 7: + return KeyString::TypeBits::kDecimalZero3xxx; + case 8: + return KeyString::TypeBits::kDecimalZero4xxx; + case 9: + return KeyString::TypeBits::kDecimalZero5xxx; + default: + return 0x00; + } +} + +extern "C" int LLVMFuzzerTestOneInput(const char* Data, size_t Size) { + if (Size < 4) + return 0; + + const auto version = Data[0] % 2 == 0 ? kV0 : kV1; + const auto ord = Data[1] % 2 == 0 ? kAllAscending : kOneDescending; + + mongo::KeyString::TypeBits tb(version); + + const auto len = Data[2]; + if (len > Size - 3) + return 0; + // Data[2] defines the number of types to append to the TypeBits + // Data[3 + i] defines which types have to be added + for (int i = 0; i < len; i++) { + char randomType = Data[3 + i] & 0xf; + char randomZeroType = (Data[3 + i] & 0xf0) >> 4; + switch (randomType % 9) { + case 0: + tb.appendString(); + break; + case 1: + tb.appendSymbol(); + break; + case 2: + tb.appendNumberInt(); + break; + case 3: + tb.appendNumberLong(); + break; + case 4: + tb.appendNumberDouble(); + break; + case 5: + tb.appendNumberDecimal(); + break; + case 6: + tb.appendZero(getZeroType(randomZeroType)); + break; + case 7: + tb.appendDecimalZero(getZeroType(randomZeroType)); + break; + case 8: + tb.appendDecimalExponent(getZeroType(randomZeroType)); + break; + default: + break; + } + } + + try { + mongo::BSONObj obj = + mongo::KeyString::toBsonSafe(&Data[2 + len], Size - (2 + len), ord, tb); + // We want to make sure the generated BSON is valid + invariant(mongo::validateBSON(obj.objdata(), obj.objsize(), mongo::BSONVersion::kLatest)); + } catch (const mongo::AssertionException&) { + // We need to catch exceptions caused by invalid inputs + } + + return 0; +} |