Add fuzzer for json_decode module

Author: AdamKorcz

Makefile

@@ -1,8 +1,8 @@
-all : fuzzer-html fuzzer-email fuzzer-httpclient fuzzer-json fuzzer-difflib fuzzer-csv fuzzer-decode fuzzer-ast fuzzer-tarfile fuzzer-tarfile-hypothesis fuzzer-zipfile fuzzer-zipfile-hypothesis fuzzer-re fuzzer-configparser fuzzer-tomllib fuzzer-plistlib fuzzer-xml fuzzer-zoneinfo
+all : fuzzer-html fuzzer-email fuzzer-httpclient fuzzer-json fuzzer-difflib fuzzer-csv fuzzer-decode fuzzer-ast fuzzer-tarfile fuzzer-tarfile-hypothesis fuzzer-zipfile fuzzer-zipfile-hypothesis fuzzer-re fuzzer-configparser fuzzer-tomllib fuzzer-plistlib fuzzer-xml fuzzer-zoneinfo fuzzer-json-decode
 
 PYTHON_CONFIG_PATH=$(CPYTHON_INSTALL_PATH)/bin/python3-config
 CXXFLAGS += $(shell $(PYTHON_CONFIG_PATH) --cflags)
-LDFLAGS += -rdynamic $(shell $(PYTHON_CONFIG_PATH) --ldflags --embed)
+LDFLAGS += -rdynamic $(shell $(PYTHON_CONFIG_PATH) --ldflags --embed) $(CPYTHON_MODLIBS) -Wl,--allow-multiple-definition
 
 fuzzer-html:
 	clang++ $(CXXFLAGS) $(LIB_FUZZING_ENGINE) -std=c++17 fuzzer.cpp -DPYTHON_HARNESS_PATH="\"html.py\"" -ldl $(LDFLAGS) -o fuzzer-html
@@ -40,3 +40,6 @@ fuzzer-xml:
 	clang++ $(CXXFLAGS) $(LIB_FUZZING_ENGINE) -std=c++17 fuzzer.cpp -DPYTHON_HARNESS_PATH="\"xml.py\"" -ldl $(LDFLAGS) -o fuzzer-xml
 fuzzer-zoneinfo:
 	clang++ $(CXXFLAGS) $(LIB_FUZZING_ENGINE) -std=c++17 fuzzer.cpp -DPYTHON_HARNESS_PATH="\"zoneinfo.py\"" -ldl $(LDFLAGS) -o fuzzer-zoneinfo
+
+fuzzer-json-decode:
+	clang++ $(CXXFLAGS) $(LIB_FUZZING_ENGINE) -std=c++17 fuzzer.cpp -DPYTHON_HARNESS_PATH="\"json_decode.py\"" -ldl $(LDFLAGS) -o fuzzer-json-decode

fuzz_targets.txt

@@ -7,6 +7,7 @@ email email.py
 html html.py
 httpclient httpclient.py
 json json.py
+json-decode json_decode.py
 plistlib plist.py
 re re.py
 tarfile tarfile.py

json_decode.py

@@ -0,0 +1,35 @@
+from fuzzeddataprovider import FuzzedDataProvider
+import json
+
+LOADS = 0
+DECODER_DECODE = 1
+DECODER_RAW_DECODE = 2
+
+
+# Fuzzes the _json C module's decoding paths (Modules/_json.c).
+# Exercises json.loads(), JSONDecoder.decode(), and
+# JSONDecoder.raw_decode() with fuzzed byte input decoded as latin-1.
+def FuzzerRunOne(FuzzerInput):
+    if len(FuzzerInput) < 1 or len(FuzzerInput) > 0x100000:
+        return
+    fdp = FuzzedDataProvider(FuzzerInput)
+    target = fdp.ConsumeIntInRange(DECODER_DECODE, DECODER_RAW_DECODE)
+    n = (
+        fdp.ConsumeIntInRange(1, min(fdp.remaining_bytes(), 10000))
+        if fdp.remaining_bytes() > 0
+        else 0
+    )
+    if n == 0:
+        return
+    s = fdp.ConsumeBytes(n).decode("latin-1")
+    try:
+        if target == DECODER_DECODE:
+            dec = json.JSONDecoder()
+            dec.decode(s)
+        elif target == DECODER_RAW_DECODE:
+            dec = json.JSONDecoder()
+            dec.raw_decode(s)
+    except (json.JSONDecodeError, ValueError, RecursionError):
+        pass
+    except Exception:
+        pass