// libFuzzer harness for the SECS-II decoder. // // Feed arbitrary bytes to secs2::decode and assert no crash, no // UB, no ASan-flagged memory error. Coverage-guided fuzzing // explores edges that hand-written tests can't predict. // // Build: cmake -S . -B build-fuzz -G Ninja -DSECSGEM_FUZZ=ON // Run: build-fuzz/fuzz_secs2_decode -max_total_time=300 -max_len=65536 #include #include #include #include "secsgem/secs2/codec.hpp" extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // The decoder is expected to throw secs2::CodecError on malformed // input — that's the contract. Any other exception type, or a // segfault / ASan flag, is a bug. try { std::vector bytes(data, data + size); auto item = secsgem::secs2::decode(bytes); (void)item; } catch (const secsgem::secs2::CodecError&) { // expected: well-defined failure path } catch (...) { // anything else escaping is a hardening bug — crash so libFuzzer // captures the input. __builtin_trap(); } return 0; }