Scarfski/tinygltf
1
0
Fork 0
mirror of https://github.com/syoyo/tinygltf.git synced 2026-06-08 03:03:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
copilot/sub-pr-537-yet-again
tinygltf/tests/v3/fuzzer
History
Syoyo Fujita 2c7bf2c932 Fix fuzzer-found bugs, add libFuzzer harness for v3 
Add tests/v3/fuzzer/ with libFuzzer harness covering all four parse
paths (auto-detect, JSON, GLB, float32 mode) with ASan+UBSan.

Fix two bugs found by 10+ hours of fuzzing (~23M iterations):

1. UB: (int64_t)inf in cj_parse_number when extreme exponents like
   22222222e222222 produce infinity. Add cj_dbl_to_i64() that clamps
   inf/NaN/out-of-range values before casting.

2. Null deref in tg3__parse_string when glTF array elements are not
   JSON objects (e.g. "scenes": [[3]]). Add is_object() validation
   in TG3__PARSE_ARRAY_SIMPLE and TG3__PARSE_ARRAY_IDX macros.

Verified clean: 5.8M additional runs with zero crashes after fixes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-21 04:10:25 +09:00
..
fuzz_gltf_v3.cc
Fix fuzzer-found bugs, add libFuzzer harness for v3
2026-03-21 04:10:25 +09:00
Makefile
Fix fuzzer-found bugs, add libFuzzer harness for v3
2026-03-21 04:10:25 +09:00