Merge branch 'main' of https://github.com/Asmod4n/mruby-cbor

Author: Asmod4n

fuzz/bintest/mruby-cbor-fuzzer.rb

@@ -14,8 +14,9 @@
     "-dict=#{DICT_FILE}",
     "-jobs=7",
     "-artifact_prefix=#{findings_dir}/",
-    "-max_len=4096",
-     "-ignore_ooms=0"
+    "-max_len=65536",
+     "-ignore_ooms=0",
+     "-use_value_profile=1"
   ]
 
   Dir.chdir(findings_dir) do
@@ -30,9 +31,16 @@
     end
   end
 
-  sleep 0.1 until (0..6).all? { |n| File.exist?(File.join(findings_dir, "fuzz-#{n}.log")) }
+  sleep 2
+  actual_workers = Dir[File.join(findings_dir, 'fuzz-*.log')].map { |f|
+    File.basename(f)[/\d+/].to_i
+  }.sort
 
-  threads = (0..6).map do |n|
+  $stderr.puts "Detected #{actual_workers.size} workers: #{actual_workers.inspect}"
+
+  sleep 0.1 until actual_workers.all? { |n| File.exist?(File.join(findings_dir, "fuzz-#{n}.log")) }
+
+  threads = actual_workers.map do |n|
     log = File.join(findings_dir, "fuzz-#{n}.log")
     Thread.new do
       File.open(log) do |f|
@@ -46,17 +54,17 @@
   end
 
   loop do
-    done = (0..6).count do |n|
+    done = actual_workers.count do |n|
       log = File.join(findings_dir, "fuzz-#{n}.log")
       File.exist?(log) && File.read(log) =~ /Done \d+|SUMMARY:/
     end
-    break if done == 16
+    break if done == actual_workers.size
     sleep 5
   end
 
   threads.each(&:kill)
 
-  crashes = (0..6).select do |n|
+  crashes = actual_workers.select do |n|
     log = File.join(findings_dir, "fuzz-#{n}.log")
     File.exist?(log) && File.read(log).include?('SUMMARY:')
   end

fuzz/cbor.dict

@@ -107,3 +107,36 @@
 "\xfb\x7f\xf8\x00\x00\x00\x00\x00\x00"
 "\xfb\xff\xf0\x00\x00\x00\x00\x00\x00"
 "\xfb\x80\x00\x00\x00\x00\x00\x00\x00"
+
+"\xc2\x41\x01"
+"\xc3\x41\x01"
+"\xd8\x1c\x81\x00"
+"\xd8\x1d\x82\x00\x01"
+"\xd8\x1d\x82\x41\x00\x42\x00\x00"
+
+"\xd8\x1c\x01"
+"\xd8\x1d\x00"
+"\xd8\x1d\x01"
+"\xd8\x1d\xff"
+
+"\x81\x81\x81\x80"
+"\xa1\x01\xa1\x01\xa0"
+"\x82\x01\x82\x02\x80"
+
+"\xa1\x61\x61\x01"
+"\xa1\x41\x00\x01"
+"\xa1\xf4\x01"
+"\xa1\xf6\x01"
+
+"\xc2\x49\x01\x00\x00\x00\x00\x00\x00\x00\x00"
+"\xc3\x49\x01\x00\x00\x00\x00\x00\x00\x00\x00"
+
+"\xf9\x00\x01"
+"\xfa\x00\x00\x00\x01"
+"\xfb\x00\x00\x00\x00\x00\x00\x00\x01"
+
+"\xff"
+"\x5f\xff"
+"\x7f\xff"
+"\x9f\xff"
+"\xbf\xff"

fuzz/corpus/0268479914bd55512652da856b4334ad7ec13f73

@@ -0,0 +1 @@
+�;���ꍍ��;��fi����;����ꍍ��;����f�rf��;���ꍍ��;��W��f��&;���ꍍ��;��������;����rf��;�������;���r����;����?���&;�������	;�����]�;����n���;������:

fuzz/corpus/03d447007db50c84d30bb8b95d1aa2c487594a07

@@ -0,0 +1 @@
+�C��

fuzz/corpus/041de68d7fea63d4ccf0f50a9beef23425e5b444

@@ -0,0 +1 @@
+��OE��۸�