Merge branch 'master' of github.com:fuzzitdev/jsfuzz

Yevgeny Pats · Yevgeny Pats · commit be1d84041338 · 2019-11-21T08:58:35.000+02:00
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+
+github: yevgenypats
+
diff --git a/README.md b/README.md
@@ -148,5 +148,6 @@ any unnecessary work is done.
 * [js-yaml: Crash/TypeError](https://github.com/nodeca/js-yaml/issues/525)
 * [asciidoctor: Hang/DoS](https://github.com/asciidoctor/asciidoctor/issues/3472)
 * [deanm/omggif: Crash/TypeError](https://github.com/deanm/omggif/issues/41)
+* [Leonidas-from-XIV/node-xml2js: Crash/TypeError](https://github.com/Leonidas-from-XIV/node-xml2js/issues/544)
 
 **Feel free to add bugs that you found with jsfuzz to this list via pull-request**
diff --git a/src/corpus.ts b/src/corpus.ts
@@ -13,9 +13,11 @@ export class Corpus {
     private corpusPath: string | undefined;
     private maxInputSize: number;
     private seedLength: number;
+    private readonly onlyAscii: boolean;
 
-    constructor(dir: string[]) {
+    constructor(dir: string[], onlyAscii: boolean) {
         this.inputs = [];
+        this.onlyAscii = onlyAscii;
         this.maxInputSize = 4096;
         for (let i of dir) {
             if (!fs.existsSync(i)) {
@@ -106,6 +108,16 @@ export class Corpus {
         }
     }
 
+    toAscii(buf: Buffer) {
+        let x;
+        for (let i = 0; i < buf.length; i++) {
+            x = buf[i] & 127;
+            if ((x < 0x20 || x > 0x7E) && x !== 0x09 && (x < 0xA || x > 0xD)) {
+                buf[i] = 0x20;
+            }
+        }
+    }
+
     mutate(buf: Buffer) {
         let res = Buffer.allocUnsafe(buf.length);
         buf.copy(res, 0, 0, buf.length);
@@ -341,6 +353,11 @@ export class Corpus {
         if (res.length > this.maxInputSize) {
             res = res.slice(0, this.maxInputSize)
         }
+
+        if (this.onlyAscii) {
+            this.toAscii(res);
+        }
+
         return res;
     }
 }
diff --git a/src/fuzzer.ts b/src/fuzzer.ts
@@ -33,16 +33,19 @@ export class Fuzzer {
     private regression: boolean;
     private verse: Verse | null;
     private readonly versifier: boolean;
+    private readonly onlyAscii: boolean;
 
     constructor(target: string,
                 dir: string[],
                 exactArtifactPath: string,
                 rssLimitMb: number,
                 timeout: number,
                 regression: boolean,
+                onlyAscii: boolean,
                 versifier: boolean) {
         this.target = target;
-        this.corpus = new Corpus(dir);
+        this.corpus = new Corpus(dir, onlyAscii);
+        this.onlyAscii = onlyAscii;
         this.versifier = versifier;
         this.verse = null;
         this.total_executions = 0;
diff --git a/src/index.ts b/src/index.ts
@@ -10,6 +10,7 @@ function startFuzzer(argv: any) {
         argv.rssLimitMb,
         argv.timeout,
         argv.regression,
+        argv.onlyAscii,
         argv.versifier);
     fuzzer.start()
 }
@@ -56,5 +57,10 @@ require('yargs')
         description: 'use versifier algorithm (good for text based protocols)',
         default: true,
     })
+    .option('only-ascii', {
+        type: 'boolean',
+        description: 'generate only ASCII (isprint+isspace) inputs',
+        default: false,
+    })
     .help()
     .argv;

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +# These are supported funding model platforms
++
 +github: yevgenypats
++