Shared helper functions and types for infix FFI fuzzing harnesses. More...

#include "common/infix_internals.h"
#include <infix/infix.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

Include dependency graph for fuzz_helpers.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes
struct	fuzzer_input
	A helper structure to safely consume bytes from the fuzzer's input buffer. More...

Macros
#define	MAX_RECURSION_DEPTH 32

#define	MAX_MEMBERS 16

#define	MAX_ARRAY_ELEMENTS 128

#define	MAX_TYPES_IN_POOL 16

#define	MAX_ARGS_IN_SIGNATURE 16

#define	MAX_TOTAL_FUZZ_FIELDS 256

#define	DEFINE_CONSUME_T(type)
	A macro to create a type-safe consumer for any given Plain Old Data (POD) type.

Functions
static const uint8_t *	consume_bytes (fuzzer_input *in, size_t n)
	Safely consume 'n' bytes from the input buffer.

infix_type *	generate_random_type (infix_arena_t arena, fuzzer_input in, int depth, size_t *total_fields)
	Recursively generates a randomized infix_type from the fuzzer's input data, allocating all objects from the provided arena.

Detailed Description

Shared helper functions and types for infix FFI fuzzing harnesses.

This source code is dual-licensed under the Artistic License 2.0 or the MIT License. You may choose to use this code under the terms of either license.

SPDX-License-Identifier: (Artistic-2.0 OR MIT)

The documentation blocks within this file are licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).

SPDX-License-Identifier: CC-BY-4.0

This header provides the common infrastructure needed to build fuzzers for the infix library, including a structure for managing fuzzer input and a powerful recursive generator for creating complex, randomized infix_type objects. By centralizing this logic, individual fuzzing harnesses can be kept clean and focused on their specific targets.

Macro Definition Documentation

◆ DEFINE_CONSUME_T

#define DEFINE_CONSUME_T ( type )

Value:

    static inline bool consume_##type(fuzzer_input * in, type * out) { \
        const uint8_t * bytes = consume_bytes(in, sizeof(type));       \
        if (!bytes)                                                    \
            return false;                                              \
        memcpy(out, bytes, sizeof(type));                              \
        return true;                                                   \
    }

A macro to create a type-safe consumer for any given Plain Old Data (POD) type.

This macro generates a static inline function consume_<type>() that safely reads bytes from the fuzzer input and copies them into the provided output variable.

◆ MAX_ARGS_IN_SIGNATURE

#define MAX_ARGS_IN_SIGNATURE 16

◆ MAX_ARRAY_ELEMENTS

#define MAX_ARRAY_ELEMENTS 128

◆ MAX_MEMBERS

#define MAX_MEMBERS 16

◆ MAX_RECURSION_DEPTH

#define MAX_RECURSION_DEPTH 32

◆ MAX_TOTAL_FUZZ_FIELDS

#define MAX_TOTAL_FUZZ_FIELDS 256

◆ MAX_TYPES_IN_POOL

#define MAX_TYPES_IN_POOL 16

Function Documentation

◆ consume_bytes()

static const uint8_t * consume_bytes	(	fuzzer_input *	in,
		size_t	n
	)

inlinestatic

Safely consume 'n' bytes from the input buffer.

This is a security-critical helper. It checks if enough data is available before advancing the pointer, preventing the fuzzer from reading out of bounds.

Parameters

in	A pointer to the fuzzer_input struct.
n	The number of bytes to consume.

Returns: A pointer to the consumed bytes, or NULL if insufficient data.

◆ generate_random_type()

infix_type * generate_random_type	(	infix_arena_t *	arena,
		fuzzer_input *	in,
		int	depth,
		size_t *	total_fields
	)

Recursively generates a randomized infix_type from the fuzzer's input data, allocating all objects from the provided arena.