Merge pull request #536 from syoyo/copilot/implement-gltf-parser-unit-tester

Add intensive parser unit tester and LLVM fuzzer for tinygltf_json.h backend

.gitignore

@@ -1,4 +1,5 @@
 # CMake
+/build/
 CMakeCache.txt
 CMakeFiles
 CMakeScripts
@@ -68,6 +69,7 @@ imgui.ini
 loader_example
 tests/tester
 tests/tester_noexcept
+tests/tester_intensive_customjson
 tests/issue-97.gltf
 tests/issue-261.gltf
 tests/issue-495-external.gltf

CMakeLists.txt

@@ -56,6 +56,15 @@ if (TINYGLTF_BUILD_TESTS)
   )
   target_compile_definitions(tester_customjson PRIVATE TINYGLTF_USE_CUSTOM_JSON)
   add_test(NAME tester_customjson COMMAND tester_customjson WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests)
+
+  # Intensive parser tests for the custom JSON backend
+  add_executable(tester_intensive_customjson tests/tester_intensive_customjson.cc)
+  target_include_directories(tester_intensive_customjson PRIVATE
+    ${CMAKE_CURRENT_SOURCE_DIR}
+    ${CMAKE_CURRENT_SOURCE_DIR}/tests
+  )
+  target_compile_definitions(tester_intensive_customjson PRIVATE TINYGLTF_USE_CUSTOM_JSON)
+  add_test(NAME tester_intensive_customjson COMMAND tester_intensive_customjson WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests)
 endif (TINYGLTF_BUILD_TESTS)
 
 #

tests/Makefile

@@ -4,3 +4,4 @@
 all: ../tiny_gltf.h
 	clang++  -I../ $(EXTRA_CXXFLAGS) -std=c++11 -g -O0 -o tester tester.cc
 	clang++ -DTINYGLTF_NOEXCEPTION -I../ $(EXTRA_CXXFLAGS) -std=c++11 -g -O0 -o tester_noexcept tester.cc
+	clang++ -DTINYGLTF_USE_CUSTOM_JSON -I../ $(EXTRA_CXXFLAGS) -std=c++11 -g -O0 -o tester_intensive_customjson tester_intensive_customjson.cc

tests/fuzzer/README.md

@@ -4,9 +4,14 @@ Do fuzzing test for TinyGLTF API.
 
 ## Supported API
 
-* [x] LoadASCIIFromMemory
+* [x] LoadASCIIFromString
 * [ ] LoadBinaryFromMemory
 
+### Custom JSON backend (`tinygltf_json.h`)
+
+* [x] LoadASCIIFromString
+* [x] LoadBinaryFromMemory
+
 ## Requirements
 
 * meson
@@ -36,11 +41,17 @@ $ cd build
 $ ninja
 ```
 
+This builds two fuzzers:
+
+* `fuzz_gltf` – default nlohmann/json backend
+* `fuzz_gltf_customjson` – custom `tinygltf_json.h` backend (tests both ASCII and binary parsing paths)
+
 ## How to run
 
 Increase memory limit. e.g. `-rss_limit_mb=50000`
 
 ```
 $ ./fuzz_gltf -rss_limit_mb=20000 -jobs 4
+$ ./fuzz_gltf_customjson -rss_limit_mb=20000 -jobs 4
 ```
 

tests/fuzzer/fuzz_gltf_customjson.cc

@@ -0,0 +1,76 @@
+/*
+ * LLVM libFuzzer harness for tinygltf with the custom JSON backend
+ * (tinygltf_json.h).
+ *
+ * Exercises:
+ *   1. LoadASCIIFromString  – glTF JSON parsing
+ *   2. LoadBinaryFromMemory – GLB binary parsing
+ *
+ * Build (clang with libFuzzer):
+ *   clang++ -std=c++11 -fsanitize=address,fuzzer \
+ *           -DTINYGLTF_USE_CUSTOM_JSON           \
+ *           -I../../ fuzz_gltf_customjson.cc      \
+ *           -o fuzz_gltf_customjson
+ *
+ * Run:
+ *   ./fuzz_gltf_customjson -rss_limit_mb=20000 -jobs 4
+ */
+
+#include <cstdint>
+#include <cstring>
+
+#define STB_IMAGE_IMPLEMENTATION
+#define STB_IMAGE_WRITE_IMPLEMENTATION
+#define TINYGLTF_IMPLEMENTATION
+#ifndef TINYGLTF_USE_CUSTOM_JSON
+#define TINYGLTF_USE_CUSTOM_JSON
+#endif
+#include "tiny_gltf.h"
+
+/* Fuzz the ASCII (JSON) parser path */
+static void fuzz_ascii(const uint8_t *data, size_t size) {
+  tinygltf::Model model;
+  tinygltf::TinyGLTF ctx;
+  std::string err;
+  std::string warn;
+
+  const char *str = reinterpret_cast<const char *>(data);
+
+  bool ret =
+      ctx.LoadASCIIFromString(&model, &err, &warn, str,
+                              static_cast<unsigned int>(size), /* base_dir */ "");
+  (void)ret;
+}
+
+/* Fuzz the binary (GLB) parser path */
+static void fuzz_binary(const uint8_t *data, size_t size) {
+  tinygltf::Model model;
+  tinygltf::TinyGLTF ctx;
+  std::string err;
+  std::string warn;
+
+  bool ret = ctx.LoadBinaryFromMemory(&model, &err, &warn, data,
+                                      static_cast<unsigned int>(size),
+                                      /* base_dir */ "");
+  (void)ret;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  if (size == 0) return 0;
+
+  /* Use the lowest bit of the first byte to select the parse path.
+   * The remaining bits are left for the fuzzer engine to explore;
+   * additional paths (e.g. LoadASCIIFromFile, check_sections flags)
+   * can be added here in the future using more selector bits. */
+  uint8_t selector = data[0];
+  const uint8_t *payload = data + 1;
+  size_t payload_size = size - 1;
+
+  if (selector & 1) {
+    fuzz_binary(payload, payload_size);
+  } else {
+    fuzz_ascii(payload, payload_size);
+  }
+
+  return 0;
+}

tests/fuzzer/meson.build

@@ -7,3 +7,9 @@ executable('fuzz_gltf',
   cpp_args : '-fsanitize=address,fuzzer',
   link_args : '-fsanitize=address,fuzzer' )
 
+executable('fuzz_gltf_customjson',
+  'fuzz_gltf_customjson.cc',
+  include_directories : incdirs,
+  cpp_args : ['-fsanitize=address,fuzzer', '-DTINYGLTF_USE_CUSTOM_JSON'],
+  link_args : '-fsanitize=address,fuzzer' )
+