library-fuzzers/json_decode.py at 2cf3a3a0e2a504cc4d2d8a5f758159e39eb21aca · python/library-fuzzers · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
from fuzzeddataprovider import FuzzedDataProvider
import json

LOADS = 0
DECODER_DECODE = 1
DECODER_RAW_DECODE = 2


# Fuzzes the _json C module's decoding paths (Modules/_json.c).
# Exercises json.loads(), JSONDecoder.decode(), and
# JSONDecoder.raw_decode() with fuzzed byte input decoded as latin-1.
def FuzzerRunOne(FuzzerInput):
    if len(FuzzerInput) < 1 or len(FuzzerInput) > 0x100000:
        return
    fdp = FuzzedDataProvider(FuzzerInput)
    target = fdp.ConsumeIntInRange(DECODER_DECODE, DECODER_RAW_DECODE)
    n = (
        fdp.ConsumeIntInRange(1, min(fdp.remaining_bytes(), 10000))
        if fdp.remaining_bytes() > 0
        else 0
    )
    if n == 0:
        return
    s = fdp.ConsumeBytes(n).decode("latin-1")
    try:
        if target == DECODER_DECODE:
            dec = json.JSONDecoder()
            dec.decode(s)
        elif target == DECODER_RAW_DECODE:
            dec = json.JSONDecoder()
            dec.raw_decode(s)
    except (json.JSONDecodeError, ValueError, RecursionError):
        pass
    except Exception:
        pass