add oss-fuzz support

see https://github.com/google/oss-fuzz/pull/2381

the history of the fuzz branch is long and messy and
is difficult to rebase on top of the current master.

Squashed commit of the following:

commit b9d6db50010e185d0af2590a35472e9334102248
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Jun 29 21:50:34 2019 +0200

    update exception with a more accurate description

commit f3fbaf60cc80c7f57fa95962dc0069b10c3d3e61
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Jun 29 21:34:55 2019 +0200

    fix missing flags in reproduce build

commit 40a17bec7a1ad724203577842a254ca9c42da388
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Jun 29 21:22:48 2019 +0200

    move check for large precision values closer to where needed

commit ef6e23e1f52d639c5aec1a1e713157cec380a8c3
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 28 20:55:34 2019 +0200

    simplify the fuzzer build script

commit eadee6e0557be6df695e80f0f2717046a29846e0
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 28 20:47:54 2019 +0200

    minimize source code pollution

commit 1ece6416438f199c164ee9aa89f42ad1f21a4985
Merge: f404079b 037b84f2
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 28 20:22:52 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

    # Conflicts:
    #	CMakeLists.txt

commit f404079b4e00e51b0d5a4c9218cbe7afb350b777
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 28 20:20:52 2019 +0200

    make named_arg write into a string or a memory_buffer

    this makes the fuzzer consistent with the others.

commit 545dbe136817eef9e734c32991a324874a51bb4a
Author: Paul Dreik <github@pauldreik.se>
Date:   Thu Jun 20 06:34:17 2019 +0200

    tidy up extra newlines, missing std:: etc.

commit 2d816ef2b13fc2a46c0df76a91f7912bd7196087
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:49:08 2019 +0200

    update unit test to handle expected result following review comment

commit a5b9a26808d0165acd2edc4c3baabf9bff40d8bd
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:40:06 2019 +0200

    update build script to reflect changes after review

commit 8411cb78984f76c74bca273c0bb18918e084e711
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:39:39 2019 +0200

    review comment: clarify what the .gitignore is for

commit 18d9e7bb43d98568fe491e076106e4fa29070b33
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:36:56 2019 +0200

    review comment: don't touch root .gitignore

commit 7683d7faa116a6e261da824ec6c1a6a75689841b
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:35:40 2019 +0200

    review comment: condiionally include main.cpp

commit be0bdaeb27b0c1914cc0b0fd85c2b3bcc6fd2245
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:31:28 2019 +0200

    review comment: drop commented out code not working on travis

commit 013429812d7fb745eec146296623ea245c4848b4
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:30:26 2019 +0200

    review comment: renumber case labels

    the old ones were to be able to reuse the corpus, let's drop it

commit f66fe7bead4a71978f21d9e47a8f3f9e4935fccd
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:06:47 2019 +0200

    review comment: libfmt->fmt

commit 4a4ddb654dd5b90646cd7e6ff45318c17b66dc9f
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:05:32 2019 +0200

    reuse fmt_safe_duration_cast

commit 0a1679411a8bd77c2ff34e1cd572307c92e12040
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:02:48 2019 +0200

    review comment: name convention, better name

    C was for "chrono duration"

commit 63084cac00b798c636e0dc13207df46a5c4539f6
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 20:00:50 2019 +0200

    reuse earlier extract fmt_safe_... function

commit b23388d4d7f919163ead9a9e9bdd50d14daf80b7
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 19:58:55 2019 +0200

    review comment: don't output inf.inf

commit 6f861f1d89d2127bbe2446d176d59a354665cc15
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 19:57:00 2019 +0200

    review comment: extract function for invoking safe_duration_cast

commit df19bc87ccff77d4bedf54fa3d3992f78ef699bd
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 19:47:30 2019 +0200

    review comment: leftover garbage

commit 84eea802efb1164c4f2a83b2e480a7c5bdf4e921
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 19:45:22 2019 +0200

    review comment: turn cmake option into macro for SAFE_DURATION_CAST

    decided to have it on by default

commit c3a159498c2544a52662cd03d23d5a1d00537bba
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 19:40:14 2019 +0200

    review comment: extra newline

commit aa556875c5161d817c347ff984dad171c7a35df9
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 19:38:49 2019 +0200

    review comment: file name convention

commit 4102d82c455324bda4ccd64072eab86b3f0ecebf
Merge: 28add37d 4912cff6
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 17 16:29:29 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 28add37df3944cbaa00f614e8063210a6d83c17c
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 21:44:06 2019 +0200

    disable check to pass travis

commit 4119378aedfd3e4063058e8f1f03c29d9f44d5e8
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 21:32:39 2019 +0200

    add missing include

commit ba2efb82f20d6ecb5e49a8c6ced96a7febedc175
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 21:04:41 2019 +0200

    try working around build issue on travis

commit 380671a2cb6e52f2b7d5eaad409d491baba5b7e6
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 20:22:41 2019 +0200

    write positive infinity without sign

commit fd72b9adace17e00c46aae24e061bf14c3af6bb1
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 20:20:50 2019 +0200

    remove leftover from merge

commit 1ae3128be2c53914e4c840d12e1b02c59758c378
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 20:14:45 2019 +0200

    format to buffer instead of string

commit 1d83a561244c2fe81231d17e911c6eb24c87cac4
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 19:50:19 2019 +0200

    fix warnings

commit a33b45a7bb5cf70eb3ef1cd95908282621195f1f
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 19:43:46 2019 +0200

    refactor and fix warnings

commit 02afb12dd5b05804a1a8b55e1b9fb7e3de593e84
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 19:17:27 2019 +0200

    use fixed size input

commit 35f84c8cf20efb18a137efecd10dcdc6bcebf7b5
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 19:07:43 2019 +0200

    factor out main into a separate file

commit a23b7a198ba739dd813897901855c98441e6f29b
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 18:56:40 2019 +0200

    refactor

commit 9a3f4cfb3bc32a304a1a49b8ff24fbc2f924266c
Merge: 7842582a 12f46838
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri Jun 14 18:20:03 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

    # Conflicts:
    #	include/fmt/chrono.h

commit 7842582a0089c24a5d44bbb2d156beb732bb7b58
Merge: 90cab5aa cbbee1b3
Author: Paul Dreik <github@pauldreik.se>
Date:   Thu Jun 13 10:41:34 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 90cab5aa023271a3a746cf9c60dd613b4546ca10
Merge: 8feb8a3f e5422db4
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed Jun 12 18:49:08 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 8feb8a3fe20da043a8303e59b1580b4b2862cc57
Merge: e9fabac1 87fbc6f7
Author: Paul Dreik <github@pauldreik.se>
Date:   Tue Jun 11 19:18:35 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit e9fabac1dd6d710fec1b30ca51dc953f57f2f9f5
Merge: eaff9316 e1a67b52
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 10 22:38:36 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit eaff93166402ff9a16a9ab0fab1081104f4f06b8
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 22:29:01 2019 +0200

    drop old crashes

commit 7f861e481abb7367bd187c92fe202e25d36d0dd0
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 21:47:30 2019 +0200

    build fuzzers as part of the linux clang 6 build

commit 42c339066dce148723f452d4a94487a6ac80637f
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 21:42:12 2019 +0200

    travis has old libs

commit 9264e3ac82582a941eba3501301dee1468175c08
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 21:33:26 2019 +0200

    more travis workarounds

commit c6eed3adaf6cf65d440dd58c88a034f61c55114f
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 21:27:49 2019 +0200

    travis workaround

commit 5e230d6240841dbc67f0c08ace3a1c24defea54f
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 21:15:36 2019 +0200

    fix constexpr issues

commit cc5fc033479c769a8ac19115aef48020c532c943
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 21:11:13 2019 +0200

    add a fuzzer build

commit 3997375296eca0d0455e0935ef3aed8b010ecf2d
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 20:53:04 2019 +0200

    fix minor documentation errors

commit 1572411261abd5c0756ff2998ab707f1131d4fdf
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 20:49:25 2019 +0200

    polish the documentation

commit 9e5274437cfc3e9c82131c14cf7f3a0abdb10025
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 20:32:45 2019 +0200

    remove unused headers

commit 4b2492a5e037d3153de342ef7f2729b69e8f5dce
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 20:28:12 2019 +0200

    clang format

commit a0004ebb417bce5a24c15ea65a0f3741e45b8480
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 20:27:02 2019 +0200

    format also void*

commit 820142ee2076ae17fea25857c41a1ecdca4a8521
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 20:12:21 2019 +0200

    improve two_args with lessons learnt from the others

commit 7b8fd7f5123fccf78b600c69ca25d025582c095e
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 20:11:18 2019 +0200

    improve function names

commit 641bf36a7a061abf6a02d5e31f3adeb33b079f43
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 20:07:29 2019 +0200

    clang format

commit 7975c0c3cbe19a7159336ad8fcb170fa6259b1cb
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 20:06:02 2019 +0200

    apply lessons learned from chrono fuzzer on sprintf

commit 972124c9f921f8ef786f99c294f556bb7dd9b9ee
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 19:55:49 2019 +0200

    format to buffer instead of string

commit 7b015c692364d1e087a59dfe83dda1b8f8fd2991
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 19:50:25 2019 +0200

    apply lessons learned from the chrono fuzzer at one_arg

commit daa8ea95dd71704e367b760fa6605f5a7cac6890
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 19:41:17 2019 +0200

    renumber cases

commit a667365d0e0f3eb0bc6d6f2cfee5e128a6574aee
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 19:38:06 2019 +0200

    clang format

commit e0e361b8a3594c43e131d661a28381613a186c2b
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 19:36:35 2019 +0200

    disable fuzzing by default

commit ccb4274ab246ee1fe3becb2b73432179a8a5fe6f
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 19:36:25 2019 +0200

    refresh named_arg with lessons learnt from the chrono fuzzer

commit 60da706d4ef35c18eb967bf4ba8d395ef05a9c61
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 19:36:00 2019 +0200

    fix build error

commit e361bfc24246d7c7e91f5e45209eda2f22689d98
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 19:00:11 2019 +0200

    add comment about formatting to string vs. memory buffer

commit 74c0ed062d34eae1786ca699886ad4f3bccc7fd1
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 18:51:23 2019 +0200

    try to use better names

commit 4efea36f77020eecf3c7826f891417f94aedf6f4
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 18:46:07 2019 +0200

    fix clang build error

commit 03cdd2e4631ad302dde3e1048671d3bb08956096
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 18:44:21 2019 +0200

    drop workarounds fixed upstream

commit e936829ebbd97ed2e6f8c5f595b414c0982f2e4d
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 18:41:02 2019 +0200

    move the fuzzers into the test/ subdirectory

commit 2967765698259764c1f06966a7cdefbc5365e5f2
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 18:30:03 2019 +0200

    revert temporary tests handled upstream

commit 749c5027b0eab3d90d8fbfb6e55ee313a7f7dfe4
Merge: dee69088 5d9100fa
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 17:49:00 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit dee690881bd33bb77bee1d5ffce643e8bef84a33
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 17:40:37 2019 +0200

    keep documentation comment formatted properly

commit 87d2c99487eef586ce54d432697f384cbe7a50e1
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 17:36:12 2019 +0200

    switch to fmt constexpr macros

commit c23fa59139c425a3dfa2e5eeaeb3269c251c90d1
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 17:30:22 2019 +0200

    clang format

commit 9e58207e9b24a8cc90c721277405b409dd61740d
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 17:27:03 2019 +0200

    get rid of safe_duration_cast submodule

    replaced with an embedded miniature version

commit a4d36eac46e5db45ded96f80f84986f4f76ea0ec
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Jun 9 17:25:00 2019 +0200

    add safe_duration_cast into fmt

commit 7d5b0ecef37722c40952251c88d74a2552221d84
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Jun 8 22:39:33 2019 +0200

    mark #1194 as fixed

commit ee91514ecf7a8788f2081996db85eef50d7cd57b
Merge: 60569117 4faadff0
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Jun 8 22:25:37 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 6056911784bc86e6caf56a61fd64142f113d531e
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed Jun 5 09:58:30 2019 +0200

    format to small size buffer instead of string

commit 9f006097255c239188840b589f6e39cbb4476481
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed Jun 5 09:45:23 2019 +0200

    switch to fmt::string_view and workaround reported bug

commit 387de0d9440852fac974ff165b2555d54e2380da
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed Jun 5 06:26:15 2019 +0200

    ignore build directories

commit 55da271c5bb3c11a239c4e46570b6741803ce329
Merge: 3716491e c264e641
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed Jun 5 06:12:36 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 3716491ec51c34a918834857c67300eea180ba02
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 3 07:03:29 2019 +0200

    fix UB in on_second

commit 2740241b13b7417a4dae655f825ea5a551ffe7ba
Merge: 1c258402 d54e64b3
Author: Paul Dreik <github@pauldreik.se>
Date:   Mon Jun 3 06:37:18 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

    # Conflicts:
    #	include/fmt/chrono.h

commit 1c258402a4bd03f390e0256fa9475cc5187d37f9
Merge: ca9596d1 f57227a1
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Jun 1 08:01:58 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit ca9596d1c91b0315b407ce2c4b3e9e5ba1aeb640
Merge: 1c274cfd d07cc202
Author: Paul Dreik <github@pauldreik.se>
Date:   Thu May 30 19:42:33 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 1c274cfd4112138bfc59dd16f58022016128fe85
Author: Paul Dreik <github@pauldreik.se>
Date:   Thu May 30 08:12:10 2019 +0200

    make it easier for the chrono fuzzer to explore

    using a fixed size makes the cases cross pollinate
    each other better.

    the execution speed is much higher as well

commit f0d7cccdc70c98576b7129428c416e7c9e68a8aa
Author: Paul Dreik <github@pauldreik.se>
Date:   Thu May 30 07:36:21 2019 +0200

    add a build adapted for analysis of fuzzing performance

commit 56f7cf3fa979de415174a10b18221727e3138b7b
Author: Paul Dreik <github@pauldreik.se>
Date:   Thu May 30 06:25:10 2019 +0200

    allow negative values again

commit a77a5fc505bbeab1cfa36be16d40f7799689317a
Author: Paul Dreik <github@pauldreik.se>
Date:   Thu May 30 05:45:55 2019 +0200

    fix UB on signed int overflow in chrono_formatter constructor

    see https://github.com/fmtlib/fmt/issues/1179

commit b6a592720be520b58ed2f2d8668ffc6c8b71f0f7
Merge: 492a2046 30bce6c1
Author: Paul Dreik <github@pauldreik.se>
Date:   Thu May 30 05:26:30 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

    # Conflicts:
    #	include/fmt/chrono.h

commit 492a204623c3c4bbf04c9d47d69979d3a484959c
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 21:36:00 2019 +0200

    fix bad assert

commit 0ae68b03fbb0e80e292a01f529d5cd7e76349907
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 21:35:49 2019 +0200

    add unsigned types for chrono fuzzing

commit 2753d7db76645e8847ff2110c5e98f5c8de4a6b9
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 20:25:21 2019 +0200

    use C++17

commit bc12742f098ec8b513985daedc57faa518203eb0
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 19:44:59 2019 +0200

    add symlink for safe_duration_cast

commit 67201d2639b93736768e109d73b3e9ccc9401c48
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 19:40:40 2019 +0200

    turn on safe duration cast for the fuzzer builds

commit 31a70080a63a5213594e4b4e6a33e7e315cf756e
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 19:32:52 2019 +0200

    clang format

commit 981e30c5782d04453ece1b31e887da4f29268370
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 19:30:19 2019 +0200

    reduce maximum allocation size

commit 7ba51da81de7ecbc5498a22dc29de5b0648bcad2
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 19:30:01 2019 +0200

    make nan unit test pass

commit 95b4b9c28a589c30727826dd4e1367bebfad5894
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 18:39:08 2019 +0200

    special case nan and inf

commit 2673c965506e51d150c005340698a6e15d98aaba
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 16:40:11 2019 +0200

    build a fast fuzzer, for making coverage fast

commit db52b62612fd7ea3ceeaee05584fd8cb83e54a35
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 16:39:48 2019 +0200

    add safe duration cast as submodule

commit c8a028faec5d91728472f5de01ea8b1766fb929d
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 16:00:26 2019 +0200

    enable chrono fuzzing for non-negative values

commit de3555cc573e561691858ca16586f8b45a3ae703
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 13:06:35 2019 +0200

    try start using safe duration cast

commit 5c3245118c3debcb3f6f69c04c2c32d48449ee16
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 09:59:34 2019 +0200

    add failing test

commit 3a565d3b091c29210e24042f86869fecafb70914
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 09:59:09 2019 +0200

    fix cmake option type (should be string, not bool)

commit 61c67564207a13992b1c69d95614b2c4aec5df86
Merge: 63e7b9e3 bb254d14
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 29 07:03:42 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 63e7b9e32c714c594d019ef463c9c40a3510a2f2
Merge: 7dd1d80f 5e7bdf1b
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri May 17 19:17:20 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 7dd1d80f3a32465d0fa13ce733bff8686a5b0bad
Merge: 2c9aa5a3 2a9e8b52
Author: Paul Dreik <github@pauldreik.se>
Date:   Tue May 14 19:38:32 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 2c9aa5a31e64af25f8bb4afa8134258822532d3e
Merge: 16a442c8 2c77562b
Author: Paul Dreik <github@pauldreik.se>
Date:   Tue May 14 06:33:16 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 16a442c864dbdce70c22b4a859dba5e3b5edaf35
Merge: b1d70b61 f4dfd6e3
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 12 15:24:31 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

    # Conflicts:
    #	include/fmt/chrono.h

commit b1d70b6144c7a61e580eb44ec7d1bdd2368f5531
Author: Paul Dreik <github@pauldreik.se>
Date:   Fri May 10 08:52:57 2019 +0200

    prevent excessive time (found by oss-fuzz)

    the following triggered this:
    std::string message =
          fmt::format("\377{:.214718908}\377", fmt::arg("/\0", 0.f));

    there are probably more places with calls to fill_n which could be checked

commit 9a91093a6b20fd22afd6739f5dcba3b00f6f8eaf
Merge: 7de0fdec e9bab6d0
Author: Paul Dreik <github@pauldreik.se>
Date:   Thu May 9 06:06:32 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

    # Conflicts:
    #	include/fmt/chrono.h

commit 7de0fdec38270f2d0302413904a5ef1b13d47177
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 20:08:53 2019 +0200

    clang format

commit bb375e1ca10eb3cc2c6684bf698ad4738ab7eb10
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 19:47:10 2019 +0200

    seems to pass the unit test now (except for the nan stuff from victor)

commit 786b4b7351bc8e305ad7e68d11ca6b542f66d456
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 19:25:23 2019 +0200

    add assert triggering data, and unit test

commit 2790e480b81ec83d00315aa69407fe71b8c4c637
Merge: fa859a05 ca978b3d
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 18:42:51 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit fa859a05c2c3abef263166f3a44cdbaa3122d642
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 18:18:54 2019 +0200

    add crash

commit 1f6e341b1c4bc966a44c7a98b63f22bd65958d0b
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 18:18:27 2019 +0200

    assert floating point is finite internally

commit 50877748d08a0f4433af4f1213c5bc9021e76e7a
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 17:32:03 2019 +0200

    invoke undefined behaviour inside chrono

commit bac7ac4149f2d001f7b36236e1710484674d029b
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 17:31:35 2019 +0200

    refactor the fuzzer build script

commit b19c4cd84a0c8b6d4a7beb281ad881156173ce78
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 16:25:11 2019 +0200

    add one more crash

commit 7607592e06ebaa189dc180441fa1863430e0938e
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 16:24:05 2019 +0200

    add crashing input

commit b059a98b27b40cd284e08a54493c25363d743557
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 16:21:25 2019 +0200

    trigger undefined behaviour with NaN durations

commit 7cce33250282b397c00159e6809125f5fc1c0190
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 16:20:51 2019 +0200

    add asan only fuzzer

commit 757319a4e30978d8661b3be8f75937266071b413
Merge: a574b21c c1d430e6
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun May 5 06:34:59 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

    # Conflicts:
    #	test/chrono-test.cc

commit a574b21c840339abef5e4ad33612b6efac6ad54b
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat May 4 12:54:13 2019 +0200

    disable chrono fuzzing for now

    it triggers integer overflow and is not trivial to solve.

commit ff17322bceba53e0c2d9ebcf3756115ad148195e
Merge: d6a59851 29c10fbf
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat May 4 07:29:39 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit d6a598511c7dc0c208c2d688b2943b0d7c092029
Merge: 663b1592 4a4d72f9
Author: Paul Dreik <github@pauldreik.se>
Date:   Wed May 1 20:44:16 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

    # Conflicts:
    #	test/chrono-test.cc

commit 663b159235f8ae5f58fe80bb02d49bfa392056b0
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 22:36:07 2019 +0200

    add crash case (triggers assertion)

commit 082a5cb226142ea30b415d4231cea9425748741a
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 21:44:19 2019 +0200

    add const

commit b8d70919ea6be0d2e4c58ef82887496f55125ba9
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 21:29:43 2019 +0200

    provoke assertion

    fmt/include/fmt/core.h:246:
    typename std::make_unsigned<_Tp>::type fmt::v5::internal::to_unsigned(Int)
    [with Int = long int;
     typename std::make_unsigned<_Tp>::type = long unsigned int]:
    Assertion `(value >= 0) && "negative value"' failed.

commit e1966013af4eb7febf047d4629cc6236a6aae0e3
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 20:46:16 2019 +0200

    add more crashes

commit 1394ae3fe915319ce7dc63d6a9dc820a29c9539e
Merge: 89338cad 4c721e3a
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 17:16:14 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 89338cad4eed9441644ec8c5f1687b511c829ea4
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 09:40:32 2019 +0200

    add notes on how to reproduce crashes

commit 7dc3e4c7223617da274c4cccb9cf5459d0510e0b
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 09:28:20 2019 +0200

    add crashes from chrono duration

commit b62e8bc783134c2d15ebf0372c8a61b41624e6b1
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 09:26:53 2019 +0200

    rename fuzzer

commit 7f4ab2b80d072fe3ad96e37e45f3fa807a85c99f
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 09:15:38 2019 +0200

    clang format

commit a6cc2a35a9799e88b9ed89e578b7aefd9b09ad09
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 09:12:04 2019 +0200

    add chrono duration fuzzer

commit 682713c9a61d52b46e95fdb7d970a8733f77ce88
Merge: 8b934b37 8d8ea21c
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 28 08:07:56 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 8b934b37161d1389de603ced6560982507bb7ae5
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Apr 27 10:23:44 2019 +0200

    clang format

commit 793d97b9af33269f5628094f547f9771e968e3f2
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Apr 27 10:23:17 2019 +0200

    tighten memory allocation

commit e2301f2430b15c9817433206597ef82c990f49a0
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Apr 27 10:19:56 2019 +0200

    clean up and set license (BSD 2-clause simplified, same as fmt)

commit e64c3fb35719afa644dee1f9f17829cace6e17ff
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Apr 27 10:04:23 2019 +0200

    clean up and add afl

commit ab46241206aaf46759fd3f292ee4a1088b652d15
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Apr 27 09:54:48 2019 +0200

    drop c++17 requirement

commit 20c01e1acf330c8a28192f55b16efeebddb72ab0
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Apr 27 09:25:19 2019 +0200

    initial oss-fuzz compatible version

commit 6cbd91a37cf36a1d0e994bb16cf44a12622f7dca
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Apr 27 08:42:51 2019 +0200

    initial commit of fuzzers from https://github.com/pauldreik/fuzzfmt

commit eaddfb16d86ef1c259b737e2aab40145b0c956a6
Merge: e37d7db3 134904c8
Author: Paul Dreik <github@pauldreik.se>
Date:   Sat Apr 27 08:38:19 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit e37d7db3b938c82f569d71e6bb00bd1bf8394db7
Merge: 99b2e08b bd516e34
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 21 17:28:06 2019 +0200

    Merge remote-tracking branch 'upstream/master' into fuzz

commit 99b2e08b6bef25b793df5ef07621c9c4402587de
Author: Paul Dreik <github@pauldreik.se>
Date:   Sun Apr 21 10:30:56 2019 +0200

    stop high memory use when fuzzing
This commit is contained in:
Paul Dreik 2019-06-30 09:11:13 +02:00 committed by Victor Zverovich
parent 037b84f214
commit 9d97201ede
19 changed files with 1360 additions and 12 deletions

View File

@ -65,8 +65,8 @@ matrix:
- env: BUILD=Release STANDARD=14 - env: BUILD=Release STANDARD=14
compiler: clang compiler: clang
os: osx os: osx
# clang 6.0 on Linux with C++14 # clang 6.0 on Linux with C++14 (builds the fuzzers as well)
- env: COMPILER=clang++-6.0 BUILD=Debug STANDARD=14 - env: COMPILER=clang++-6.0 BUILD=Debug STANDARD=14 ENABLE_FUZZING=1
compiler: clang compiler: clang
addons: addons:
apt: apt:

View File

@ -41,6 +41,7 @@ option(FMT_WERROR "Halt the compilation with an error on compiler warnings."
option(FMT_DOC "Generate the doc target." ${MASTER_PROJECT}) option(FMT_DOC "Generate the doc target." ${MASTER_PROJECT})
option(FMT_INSTALL "Generate the install target." ${MASTER_PROJECT}) option(FMT_INSTALL "Generate the install target." ${MASTER_PROJECT})
option(FMT_TEST "Generate the test target." ${MASTER_PROJECT}) option(FMT_TEST "Generate the test target." ${MASTER_PROJECT})
option(FMT_FUZZ "Generate the fuzz target." OFF)
project(FMT CXX) project(FMT CXX)
@ -151,7 +152,7 @@ endfunction()
# Define the fmt library, its includes and the needed defines. # Define the fmt library, its includes and the needed defines.
add_headers(FMT_HEADERS chrono.h color.h core.h format.h format-inl.h locale.h add_headers(FMT_HEADERS chrono.h color.h core.h format.h format-inl.h locale.h
ostream.h prepare.h printf.h ranges.h) ostream.h prepare.h printf.h ranges.h safe-duration-cast.h)
set(FMT_SOURCES src/format.cc) set(FMT_SOURCES src/format.cc)
if (HAVE_OPEN) if (HAVE_OPEN)
add_headers(FMT_HEADERS posix.h) add_headers(FMT_HEADERS posix.h)
@ -190,6 +191,9 @@ if (BUILD_SHARED_LIBS)
endif () endif ()
target_compile_definitions(fmt PRIVATE FMT_EXPORT INTERFACE FMT_SHARED) target_compile_definitions(fmt PRIVATE FMT_EXPORT INTERFACE FMT_SHARED)
endif () endif ()
if (FMT_SAFE_DURATION_CAST)
target_compile_definitions(fmt PUBLIC FMT_SAFE_DURATION_CAST)
endif()
add_library(fmt-header-only INTERFACE) add_library(fmt-header-only INTERFACE)
add_library(fmt::fmt-header-only ALIAS fmt-header-only) add_library(fmt::fmt-header-only ALIAS fmt-header-only)
@ -271,6 +275,11 @@ if (FMT_TEST)
add_subdirectory(test) add_subdirectory(test)
endif () endif ()
# control fuzzing independent of the unit tests
if (FMT_FUZZ)
add_subdirectory(test/fuzzing)
endif ()
set(gitignore ${PROJECT_SOURCE_DIR}/.gitignore) set(gitignore ${PROJECT_SOURCE_DIR}/.gitignore)
if (MASTER_PROJECT AND EXISTS ${gitignore}) if (MASTER_PROJECT AND EXISTS ${gitignore})
# Get the list of ignored files from .gitignore. # Get the list of ignored files from .gitignore.

View File

@ -16,6 +16,15 @@
#include <locale> #include <locale>
#include <sstream> #include <sstream>
// enable safe chrono durations, unless explicitly disabled
#ifndef FMT_SAFE_DURATION_CAST
# define FMT_SAFE_DURATION_CAST 1
#endif
#if FMT_SAFE_DURATION_CAST
# include "safe-duration-cast.h"
#endif
FMT_BEGIN_NAMESPACE FMT_BEGIN_NAMESPACE
// Prevents expansion of a preceding token as a function-style macro. // Prevents expansion of a preceding token as a function-style macro.
@ -385,6 +394,15 @@ inline bool isnan(T value) {
return std::isnan(value); return std::isnan(value);
} }
template <typename T, FMT_ENABLE_IF(std::is_integral<T>::value)>
inline bool isfinite(T) {
return true;
}
template <typename T, FMT_ENABLE_IF(std::is_floating_point<T>::value)>
inline bool isfinite(T value) {
return std::isfinite(value);
}
// Convers value to int and checks that it's in the range [0, upper). // Convers value to int and checks that it's in the range [0, upper).
template <typename T, FMT_ENABLE_IF(std::is_integral<T>::value)> template <typename T, FMT_ENABLE_IF(std::is_integral<T>::value)>
inline int to_nonnegative_int(T value, int upper) { inline int to_nonnegative_int(T value, int upper) {
@ -421,12 +439,40 @@ template <typename T> struct make_unsigned_or_unchanged<T, true> {
using type = typename std::make_unsigned<T>::type; using type = typename std::make_unsigned<T>::type;
}; };
#if FMT_SAFE_DURATION_CAST
// throwing version of safe_duration_cast
template <typename To, typename FromRep, typename FromPeriod>
To fmt_safe_duration_cast(std::chrono::duration<FromRep, FromPeriod> from) {
int ec;
To to= safe_duration_cast::safe_duration_cast<To>(from,ec);
if (ec) {
FMT_THROW(format_error("cannot format duration"));
}
return to;
}
#endif
template <typename Rep, typename Period, template <typename Rep, typename Period,
FMT_ENABLE_IF(std::is_integral<Rep>::value)> FMT_ENABLE_IF(std::is_integral<Rep>::value)>
inline std::chrono::duration<Rep, std::milli> get_milliseconds( inline std::chrono::duration<Rep, std::milli> get_milliseconds(
std::chrono::duration<Rep, Period> d) { std::chrono::duration<Rep, Period> d) {
// this may overflow and/or the result may not fit in the
// target type.
#if FMT_SAFE_DURATION_CAST
using CommonSecondsType =
typename std::common_type<decltype(d), std::chrono::seconds>::type;
const auto d_as_common = fmt_safe_duration_cast<CommonSecondsType>(d);
const auto d_as_whole_seconds =
fmt_safe_duration_cast<std::chrono::seconds>(d_as_common);
// this conversion should be nonproblematic
const auto diff = d_as_common - d_as_whole_seconds;
const auto ms =
fmt_safe_duration_cast<std::chrono::duration<Rep, std::milli>>(diff);
return ms;
#else
auto s = std::chrono::duration_cast<std::chrono::seconds>(d); auto s = std::chrono::duration_cast<std::chrono::seconds>(d);
return std::chrono::duration_cast<std::chrono::milliseconds>(d - s); return std::chrono::duration_cast<std::chrono::milliseconds>(d - s);
#endif
} }
template <typename Rep, typename Period, template <typename Rep, typename Period,
@ -476,8 +522,35 @@ struct chrono_formatter {
val = -val; val = -val;
negative = true; negative = true;
} }
// this may overflow and/or the result may not fit in the
// target type.
#if FMT_SAFE_DURATION_CAST
// might need checked conversion (rep!=Rep)
auto tmpval = std::chrono::duration<rep, Period>(val);
s = fmt_safe_duration_cast<seconds>(tmpval);
#else
s = std::chrono::duration_cast<seconds>( s = std::chrono::duration_cast<seconds>(
std::chrono::duration<rep, Period>(val)); std::chrono::duration<rep, Period>(val));
#endif
}
// returns true if nan or inf, writes to out.
bool handle_nan_inf() {
if (isfinite(val)) {
return false;
}
if (isnan(val)) {
write_nan();
return true;
}
// must be +-inf
if (val > 0) {
write_pinf();
} else {
write_ninf();
}
return true;
} }
Rep hour() const { return static_cast<Rep>(mod((s.count() / 3600), 24)); } Rep hour() const { return static_cast<Rep>(mod((s.count() / 3600), 24)); }
@ -517,6 +590,8 @@ struct chrono_formatter {
} }
void write_nan() { std::copy_n("nan", 3, out); } void write_nan() { std::copy_n("nan", 3, out); }
void write_pinf() { std::copy_n("inf", 3, out); }
void write_ninf() { std::copy_n("-inf", 4, out); }
void format_localized(const tm& time, const char* format) { void format_localized(const tm& time, const char* format) {
if (isnan(val)) return write_nan(); if (isnan(val)) return write_nan();
@ -549,6 +624,10 @@ struct chrono_formatter {
void on_tz_name() {} void on_tz_name() {}
void on_24_hour(numeric_system ns) { void on_24_hour(numeric_system ns) {
if (handle_nan_inf()) {
return;
}
if (ns == numeric_system::standard) return write(hour(), 2); if (ns == numeric_system::standard) return write(hour(), 2);
auto time = tm(); auto time = tm();
time.tm_hour = to_nonnegative_int(hour(), 24); time.tm_hour = to_nonnegative_int(hour(), 24);
@ -556,6 +635,10 @@ struct chrono_formatter {
} }
void on_12_hour(numeric_system ns) { void on_12_hour(numeric_system ns) {
if (handle_nan_inf()) {
return;
}
if (ns == numeric_system::standard) return write(hour12(), 2); if (ns == numeric_system::standard) return write(hour12(), 2);
auto time = tm(); auto time = tm();
time.tm_hour = to_nonnegative_int(hour12(), 12); time.tm_hour = to_nonnegative_int(hour12(), 12);
@ -563,6 +646,10 @@ struct chrono_formatter {
} }
void on_minute(numeric_system ns) { void on_minute(numeric_system ns) {
if (handle_nan_inf()) {
return;
}
if (ns == numeric_system::standard) return write(minute(), 2); if (ns == numeric_system::standard) return write(minute(), 2);
auto time = tm(); auto time = tm();
time.tm_min = to_nonnegative_int(minute(), 60); time.tm_min = to_nonnegative_int(minute(), 60);
@ -570,9 +657,21 @@ struct chrono_formatter {
} }
void on_second(numeric_system ns) { void on_second(numeric_system ns) {
if (handle_nan_inf()) {
return;
}
if (ns == numeric_system::standard) { if (ns == numeric_system::standard) {
write(second(), 2); write(second(), 2);
auto ms = get_milliseconds(std::chrono::duration<Rep, Period>(val)); #if FMT_SAFE_DURATION_CAST
// convert rep->Rep
using duration_rep = std::chrono::duration<rep, Period>;
using duration_Rep = std::chrono::duration<Rep, Period>;
auto tmpval = fmt_safe_duration_cast<duration_Rep>(duration_rep{val});
#else
auto tmpval = std::chrono::duration<Rep, Period>(val);
#endif
auto ms = get_milliseconds(tmpval);
if (ms != std::chrono::milliseconds(0)) { if (ms != std::chrono::milliseconds(0)) {
*out++ = '.'; *out++ = '.';
write(ms.count(), 3); write(ms.count(), 3);
@ -584,9 +683,21 @@ struct chrono_formatter {
format_localized(time, "%OS"); format_localized(time, "%OS");
} }
void on_12_hour_time() { format_localized(time(), "%r"); } void on_12_hour_time() {
if (handle_nan_inf()) {
return;
}
format_localized(time(), "%r");
}
void on_24_hour_time() { void on_24_hour_time() {
if (handle_nan_inf()) {
*out++ = ':';
handle_nan_inf();
return;
}
write(hour(), 2); write(hour(), 2);
*out++ = ':'; *out++ = ':';
write(minute(), 2); write(minute(), 2);
@ -595,12 +706,24 @@ struct chrono_formatter {
void on_iso_time() { void on_iso_time() {
on_24_hour_time(); on_24_hour_time();
*out++ = ':'; *out++ = ':';
if (handle_nan_inf()) {
return;
}
write(second(), 2); write(second(), 2);
} }
void on_am_pm() { format_localized(time(), "%p"); } void on_am_pm() {
if (handle_nan_inf()) {
return;
}
format_localized(time(), "%p");
}
void on_duration_value() { void on_duration_value() {
if (handle_nan_inf()) {
return;
}
write_sign(); write_sign();
out = format_chrono_duration_value(out, val, precision); out = format_chrono_duration_value(out, val, precision);
} }

View File

@ -244,6 +244,11 @@ template <> FMT_FUNC int count_digits<4>(internal::fallback_uintptr n) {
template <typename T> template <typename T>
int format_float(char* buf, std::size_t size, const char* format, int precision, int format_float(char* buf, std::size_t size, const char* format, int precision,
T value) { T value) {
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
if (precision > 100000) {
throw std::runtime_error("fuzz mode - avoid large allocation inside snprintf");
}
#endif
// Suppress the warning about nonliteral format string. // Suppress the warning about nonliteral format string.
auto snprintf_ptr = FMT_SNPRINTF; auto snprintf_ptr = FMT_SNPRINTF;
return precision < 0 ? snprintf_ptr(buf, size, format, value) return precision < 0 ? snprintf_ptr(buf, size, format, value)

View File

@ -398,6 +398,11 @@ class basic_memory_buffer : private Allocator, public internal::buffer<T> {
template <typename T, std::size_t SIZE, typename Allocator> template <typename T, std::size_t SIZE, typename Allocator>
void basic_memory_buffer<T, SIZE, Allocator>::grow(std::size_t size) { void basic_memory_buffer<T, SIZE, Allocator>::grow(std::size_t size) {
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
if (size > 1000) {
throw std::runtime_error("fuzz mode - won't grow that much");
}
#endif
std::size_t old_capacity = this->capacity(); std::size_t old_capacity = this->capacity();
std::size_t new_capacity = old_capacity + old_capacity / 2; std::size_t new_capacity = old_capacity + old_capacity / 2;
if (size > new_capacity) new_capacity = size; if (size > new_capacity) new_capacity = size;
@ -1065,6 +1070,11 @@ It grisu_prettify(const char* digits, int size, int exp, It it,
int num_zeros = (std::max)(params.num_digits - full_exp, 1); int num_zeros = (std::max)(params.num_digits - full_exp, 1);
if (params.trailing_zeros) { if (params.trailing_zeros) {
*it++ = static_cast<Char>('.'); *it++ = static_cast<Char>('.');
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
if (num_zeros > 1000) {
throw std::runtime_error("fuzz mode - avoiding excessive cpu use");
}
#endif
it = std::fill_n(it, num_zeros, static_cast<Char>('0')); it = std::fill_n(it, num_zeros, static_cast<Char>('0'));
} }
} else if (full_exp > 0) { } else if (full_exp > 0) {

View File

@ -0,0 +1,279 @@
/*
* For conversion between std::chrono::durations without undefined
* behaviour or erroneous results.
* This is a stripped down version of duration_cast, for inclusion in fmt.
* See https://github.com/pauldreik/safe_duration_cast
*
* Copyright Paul Dreik 2019
*
* This file is licensed under the fmt license, see format.h
*/
#include <chrono>
#include <cmath>
#include <limits>
#include <type_traits>
#include "format.h"
FMT_BEGIN_NAMESPACE
namespace safe_duration_cast {
/**
* converts From to To, without loss. If the dynamic value of from
* can't be converted to To without loss, ec is set.
*/
template <typename To, typename From,
FMT_ENABLE_IF(!std::is_same<From, To>::value)>
FMT_CONSTEXPR To lossless_integral_conversion(const From from, int& ec) {
ec = 0;
using F = std::numeric_limits<From>;
using T = std::numeric_limits<To>;
static_assert(F::is_integer, "From must be integral");
static_assert(T::is_integer, "To must be integral");
if (F::is_signed == T::is_signed) {
// A and B are both signed, or both unsigned.
if (F::digits <= T::digits) {
// From fits in To without any problem
} else {
// From does not always fit in To, resort to a dynamic check.
if (from < T::min() || from > T::max()) {
// outside range.
ec = 1;
return {};
}
}
}
if (F::is_signed && !T::is_signed) {
// From may be negative, not allowed!
if (from < 0) {
ec = 1;
return {};
}
// From is positive. Can it always fit in To?
if (F::digits <= T::digits) {
// yes, From always fits in To.
} else {
// from may not fit in To, we have to do a dynamic check
if (from > T::max()) {
ec = 1;
return {};
}
}
}
if (!F::is_signed && T::is_signed) {
// can from be held in To?
if (F::digits < T::digits) {
// yes, From always fits in To.
} else {
// from may not fit in To, we have to do a dynamic check
if (from > T::max()) {
// outside range.
ec = 1;
return {};
}
}
}
// reaching here means all is ok for lossless conversion.
return static_cast<To>(from);
} // function
template <typename To, typename From,
FMT_ENABLE_IF(std::is_same<From, To>::value)>
FMT_CONSTEXPR To lossless_integral_conversion(const From from, int& ec) {
ec = 0;
return from;
} // function
// clang-format off
/**
* converts From to To if possible, otherwise ec is set.
*
* input | output
* ---------------------------------|---------------
* NaN | NaN
* Inf | Inf
* normal, fits in output | converted (possibly lossy)
* normal, does not fit in output | ec is set
* subnormal | best effort
* -Inf | -Inf
*/
// clang-format on
template <typename To, typename From,
FMT_ENABLE_IF(!std::is_same<From, To>::value)>
FMT_CONSTEXPR To safe_float_conversion(const From from, int& ec) {
ec = 0;
using T = std::numeric_limits<To>;
static_assert(std::is_floating_point<From>::value, "From must be floating");
static_assert(std::is_floating_point<To>::value, "To must be floating");
// catch the only happy case
if (std::isfinite(from)) {
if (from >= T::lowest() && from <= T::max()) {
return static_cast<To>(from);
}
// not within range.
ec = 1;
return {};
}
// nan and inf will be preserved
return static_cast<To>(from);
} // function
template <typename To, typename From,
FMT_ENABLE_IF(std::is_same<From, To>::value)>
FMT_CONSTEXPR To safe_float_conversion(const From from, int& ec) {
ec = 0;
static_assert(std::is_floating_point<From>::value, "From must be floating");
return from;
}
/**
* safe duration cast between integral durations
*/
template <typename To, typename FromRep, typename FromPeriod,
FMT_ENABLE_IF(std::is_integral<FromRep>::value),
FMT_ENABLE_IF(std::is_integral<typename To::rep>::value)>
To safe_duration_cast(std::chrono::duration<FromRep, FromPeriod> from,
int& ec) {
using From = std::chrono::duration<FromRep, FromPeriod>;
ec = 0;
// the basic idea is that we need to convert from count() in the from type
// to count() in the To type, by multiplying it with this:
using Factor = std::ratio_divide<typename From::period, typename To::period>;
static_assert(Factor::num > 0, "num must be positive");
static_assert(Factor::den > 0, "den must be positive");
// the conversion is like this: multiply from.count() with Factor::num
// /Factor::den and convert it to To::rep, all this without
// overflow/underflow. let's start by finding a suitable type that can hold
// both To, From and Factor::num
using IntermediateRep =
typename std::common_type<typename From::rep, typename To::rep,
decltype(Factor::num)>::type;
// safe conversion to IntermediateRep
IntermediateRep count =
lossless_integral_conversion<IntermediateRep>(from.count(), ec);
if (ec) {
return {};
}
// multiply with Factor::num without overflow or underflow
if (Factor::num != 1) {
constexpr auto max1 =
std::numeric_limits<IntermediateRep>::max() / Factor::num;
if (count > max1) {
ec = 1;
return {};
}
constexpr auto min1 =
std::numeric_limits<IntermediateRep>::min() / Factor::num;
if (count < min1) {
ec = 1;
return {};
}
count *= Factor::num;
}
// this can't go wrong, right? den>0 is checked earlier.
if (Factor::den != 1) {
count /= Factor::den;
}
// convert to the to type, safely
using ToRep = typename To::rep;
const ToRep tocount = lossless_integral_conversion<ToRep>(count, ec);
if (ec) {
return {};
}
return To{tocount};
}
/**
* safe duration_cast between floating point durations
*/
template <typename To, typename FromRep, typename FromPeriod,
FMT_ENABLE_IF(std::is_floating_point<FromRep>::value),
FMT_ENABLE_IF(std::is_floating_point<typename To::rep>::value)>
To safe_duration_cast(std::chrono::duration<FromRep, FromPeriod> from,
int& ec) {
using From = std::chrono::duration<FromRep, FromPeriod>;
ec = 0;
if (std::isnan(from.count())) {
// nan in, gives nan out. easy.
return To{std::numeric_limits<typename To::rep>::quiet_NaN()};
}
// maybe we should also check if from is denormal, and decide what to do about
// it.
// +-inf should be preserved.
if (std::isinf(from.count())) {
return To{from.count()};
}
// the basic idea is that we need to convert from count() in the from type
// to count() in the To type, by multiplying it with this:
using Factor = std::ratio_divide<typename From::period, typename To::period>;
static_assert(Factor::num > 0, "num must be positive");
static_assert(Factor::den > 0, "den must be positive");
// the conversion is like this: multiply from.count() with Factor::num
// /Factor::den and convert it to To::rep, all this without
// overflow/underflow. let's start by finding a suitable type that can hold
// both To, From and Factor::num
using IntermediateRep =
typename std::common_type<typename From::rep, typename To::rep,
decltype(Factor::num)>::type;
// force conversion of From::rep -> IntermediateRep to be safe,
// even if it will never happen be narrowing in this context.
IntermediateRep count =
safe_float_conversion<IntermediateRep>(from.count(), ec);
if (ec) {
return {};
}
// multiply with Factor::num without overflow or underflow
if (Factor::num != 1) {
constexpr auto max1 =
std::numeric_limits<IntermediateRep>::max() / Factor::num;
if (count > max1) {
ec = 1;
return {};
}
constexpr auto min1 =
std::numeric_limits<IntermediateRep>::lowest() / Factor::num;
if (count < min1) {
ec = 1;
return {};
}
count *= Factor::num;
}
// this can't go wrong, right? den>0 is checked earlier.
if (Factor::den != 1) {
count /= Factor::den;
}
// convert to the to type, safely
using ToRep = typename To::rep;
const ToRep tocount = safe_float_conversion<ToRep>(count, ec);
if (ec) {
return {};
}
return To{tocount};
}
} // namespace safe_duration_cast
FMT_END_NAMESPACE

View File

@ -83,19 +83,24 @@ install_dir = os.path.join(fmt_dir, "_install")
build_dir = os.path.join(fmt_dir, "_build") build_dir = os.path.join(fmt_dir, "_build")
test_build_dir = os.path.join(fmt_dir, "_build_test") test_build_dir = os.path.join(fmt_dir, "_build_test")
# Configure library. # Configure the library.
makedirs_if_not_exist(build_dir) makedirs_if_not_exist(build_dir)
cmake_flags = [ cmake_flags = [
'-DCMAKE_INSTALL_PREFIX=' + install_dir, '-DCMAKE_BUILD_TYPE=' + build, '-DCMAKE_INSTALL_PREFIX=' + install_dir, '-DCMAKE_BUILD_TYPE=' + build,
'-DCMAKE_CXX_STANDARD=' + standard '-DCMAKE_CXX_STANDARD=' + standard
] ]
# make sure the fuzzers still compile
if 'ENABLE_FUZZING' in os.environ:
cmake_flags += ['-DFMT_FUZZ=ON', '-DFMT_FUZZ_LINKMAIN=On']
check_call(['cmake', '-DFMT_DOC=OFF', '-DFMT_PEDANTIC=ON', '-DFMT_WERROR=ON', fmt_dir] + check_call(['cmake', '-DFMT_DOC=OFF', '-DFMT_PEDANTIC=ON', '-DFMT_WERROR=ON', fmt_dir] +
cmake_flags, cwd=build_dir) cmake_flags, cwd=build_dir)
# Build library. # Build the library.
check_call(['make', '-j4'], cwd=build_dir) check_call(['cmake', '--build','.'], cwd=build_dir)
# Test library. # Test the library.
env = os.environ.copy() env = os.environ.copy()
env['CTEST_OUTPUT_ON_FAILURE'] = '1' env['CTEST_OUTPUT_ON_FAILURE'] = '1'
if call(['make', 'test'], env=env, cwd=build_dir): if call(['make', 'test'], env=env, cwd=build_dir):
@ -103,7 +108,7 @@ if call(['make', 'test'], env=env, cwd=build_dir):
print(f.read()) print(f.read())
sys.exit(-1) sys.exit(-1)
# Install library. # Install the library.
check_call(['make', 'install'], cwd=build_dir) check_call(['make', 'install'], cwd=build_dir)
# Test installation. # Test installation.

View File

@ -327,7 +327,7 @@ TEST(ChronoTest, SpecialDurations) {
fmt::format("{:%S}", std::chrono::duration<double>(1e20)).substr(0, 3)); fmt::format("{:%S}", std::chrono::duration<double>(1e20)).substr(0, 3));
auto nan = std::numeric_limits<double>::quiet_NaN(); auto nan = std::numeric_limits<double>::quiet_NaN();
EXPECT_EQ( EXPECT_EQ(
"nan nan nan nan.nan nan:nan nan", "nan nan nan nan nan:nan nan",
fmt::format("{:%I %H %M %S %R %r}", std::chrono::duration<double>(nan))); fmt::format("{:%I %H %M %S %R %r}", std::chrono::duration<double>(nan)));
fmt::format("{:%S}", fmt::format("{:%S}",
std::chrono::duration<float, std::atto>(1.79400457e+31f)); std::chrono::duration<float, std::atto>(1.79400457e+31f));

3
test/fuzzing/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
# ignore artifacts from the build.sh script
build-*/

View File

@ -0,0 +1,38 @@
# Copyright (c) 2019, Paul Dreik
# License: see LICENSE.rst in the fmt root directory
# settings this links in a main. useful for reproducing,
# kcov, gdb, afl, valgrind.
# (note that libFuzzer can also reproduce, just pass it the files)
option(FMT_FUZZ_LINKMAIN "enables the reproduce mode, instead of libFuzzer" On)
#for oss-fuzz - insert $LIB_FUZZING_ENGINE into the link flags, but only for
#the fuzz targets, otherwise the cmake configuration step fails.
set(FMT_FUZZ_LDFLAGS "" CACHE STRING "LDFLAGS for the fuzz targets")
#find all fuzzers.
set(SOURCES
chrono_duration.cpp
named_arg.cpp
one_arg.cpp
sprintf.cpp
two_args.cpp
)
macro(implement_fuzzer sourcefile)
get_filename_component(basename ${sourcefile} NAME_WE)
set(name fuzzer_${basename})
add_executable(${name} ${sourcefile} fuzzer_common.h)
if(FMT_FUZZ_LINKMAIN)
target_sources(${name} PRIVATE main.cpp)
endif()
target_link_libraries(${name} PRIVATE fmt)
if(FMT_FUZZ_LDFLAGS)
target_link_libraries(${name} PRIVATE ${FMT_FUZZ_LDFLAGS})
endif()
target_compile_features(${name} PRIVATE cxx_generic_lambdas)
endmacro()
foreach(X IN ITEMS ${SOURCES})
implement_fuzzer(${X})
endforeach()

34
test/fuzzing/README.md Normal file
View File

@ -0,0 +1,34 @@
# FMT Fuzzer
Fuzzing has revealed [several bugs](https://github.com/fmtlib/fmt/issues?&q=is%3Aissue+fuzz) in fmt. It is a part of the continous fuzzing at [oss-fuzz](https://github.com/google/oss-fuzz)
The source code is modified to make the fuzzing possible without locking up on resource exhaustion:
```cpp
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
if(spec.precision>100000) {
throw std::runtime_error("fuzz mode - avoiding large precision");
}
#endif
```
This macro is the defacto standard for making fuzzing practically possible, see [the libFuzzer documentation](https://llvm.org/docs/LibFuzzer.html#fuzzer-friendly-build-mode).
## Running the fuzzers locally
There is a [helper script](build.sh) to build the fuzzers, which has only been tested on Debian and Ubuntu linux so far. There should be no problems fuzzing on Windows (using clang>=8) or on Mac, but the script will probably not work out of the box.
Something along
```sh
mkdir build
cd build
export CXX=clang++
export CXXFLAGS="-fsanitize=fuzzer-no-link -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION= -g"
cmake .. -DFMT_SAFE_DURATION_CAST=On -DFMT_FUZZ=On -DFMT_FUZZ_LINKMAIN=Off -DFMT_FUZZ_LDFLAGS="-fsanitize=fuzzer"
cmake --build .
```
should work to build the fuzzers for all platforms which clang supports.
Execute a fuzzer with for instance
```sh
cd build
export UBSAN_OPTIONS=halt_on_error=1
mkdir out_chrono
bin/fuzzer_chrono_duration out_chrono
```

110
test/fuzzing/build.sh Executable file
View File

@ -0,0 +1,110 @@
#!/bin/sh
#
# Creates fuzzer builds of various kinds
# - reproduce mode (no fuzzing, just enables replaying data through the fuzzers)
# - oss-fuzz emulated mode (makes sure a simulated invocation by oss-fuzz works)
# - libFuzzer build (you will need clang)
# - afl build (you will need afl)
#
#
# Copyright (c) 2019 Paul Dreik
#
# License: see LICENSE.rst in the fmt root directory
set -e
me=$(basename $0)
root=$(readlink -f "$(dirname "$0")/../..")
echo $me: root=$root
here=$(pwd)
CXXFLAGSALL="-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION= -g"
CMAKEFLAGSALL="$root -GNinja -DCMAKE_BUILD_TYPE=Debug -DFMT_DOC=Off -DFMT_TEST=Off -DFMT_FUZZ=On -DCMAKE_CXX_STANDARD=17"
#builds the fuzzers as one would do if using afl or just making
#binaries for reproducing.
builddir=$here/build-fuzzers-reproduce
mkdir -p $builddir
cd $builddir
CXX="ccache g++" CXXFLAGS="$CXXFLAGSALL" cmake \
$CMAKEFLAGSALL
cmake --build $builddir
#for performance analysis of the fuzzers
builddir=$here/build-fuzzers-perfanalysis
mkdir -p $builddir
cd $builddir
CXX="ccache g++" CXXFLAGS="$CXXFLAGSALL -g" cmake \
$CMAKEFLAGSALL \
-DFMT_FUZZ_LINKMAIN=On \
-DCMAKE_BUILD_TYPE=Release
cmake --build $builddir
#builds the fuzzers as oss-fuzz does
builddir=$here/build-fuzzers-ossfuzz
mkdir -p $builddir
cd $builddir
CXX="clang++" \
CXXFLAGS="$CXXFLAGSALL -fsanitize=fuzzer-no-link" cmake \
cmake $CMAKEFLAGSALL \
-DFMT_FUZZ_LINKMAIN=Off \
-DFMT_FUZZ_LDFLAGS="-fsanitize=fuzzer"
cmake --build $builddir
#builds fuzzers for local fuzzing with libfuzzer with asan+usan
builddir=$here/build-fuzzers-libfuzzer
mkdir -p $builddir
cd $builddir
CXX="clang++" \
CXXFLAGS="$CXXFLAGSALL -fsanitize=fuzzer-no-link,address,undefined" cmake \
cmake $CMAKEFLAGSALL \
-DFMT_FUZZ_LINKMAIN=Off \
-DFMT_FUZZ_LDFLAGS="-fsanitize=fuzzer"
cmake --build $builddir
#builds fuzzers for local fuzzing with libfuzzer with asan only
builddir=$here/build-fuzzers-libfuzzer-addr
mkdir -p $builddir
cd $builddir
CXX="clang++" \
CXXFLAGS="$CXXFLAGSALL -fsanitize=fuzzer-no-link,undefined" cmake \
cmake $CMAKEFLAGSALL \
-DFMT_FUZZ_LINKMAIN=Off \
-DFMT_FUZZ_LDFLAGS="-fsanitize=fuzzer"
cmake --build $builddir
#builds a fast fuzzer for making coverage fast
builddir=$here/build-fuzzers-fast
mkdir -p $builddir
cd $builddir
CXX="clang++" \
CXXFLAGS="$CXXFLAGSALL -fsanitize=fuzzer-no-link -O3" cmake \
cmake $CMAKEFLAGSALL \
-DFMT_FUZZ_LINKMAIN=Off \
-DFMT_FUZZ_LDFLAGS="-fsanitize=fuzzer" \
-DCMAKE_BUILD_TYPE=Release
cmake --build $builddir
#builds fuzzers for local fuzzing with afl
builddir=$here/build-fuzzers-afl
mkdir -p $builddir
cd $builddir
CXX="afl-g++" \
CXXFLAGS="$CXXFLAGSALL -fsanitize=address,undefined" \
cmake $CMAKEFLAGSALL \
-DFMT_FUZZ_LINKMAIN=On
cmake --build $builddir
echo $me: all good

View File

@ -0,0 +1,152 @@
// Copyright (c) 2019, Paul Dreik
// License: see LICENSE.rst in the fmt root directory
#include <fmt/chrono.h>
#include <cstdint>
#include <limits>
#include <stdexcept>
#include <type_traits>
#include <vector>
#include "fuzzer_common.h"
template <typename Item, typename Ratio>
void invoke_inner(fmt::string_view formatstring, const Item item) {
const std::chrono::duration<Item, Ratio> value(item);
try {
#if FMT_FUZZ_FORMAT_TO_STRING
std::string message = fmt::format(formatstring, value);
#else
fmt::memory_buffer buf;
fmt::format_to(buf, formatstring, value);
#endif
} catch (std::exception& /*e*/) {
}
}
// Item is the underlying type for duration (int, long etc)
template <typename Item>
void invoke_outer(const uint8_t* Data, std::size_t Size, const int scaling) {
// always use a fixed location of the data
using fmt_fuzzer::Nfixed;
constexpr auto N = sizeof(Item);
static_assert(N <= Nfixed, "fixed size is too small");
if (Size <= Nfixed + 1) {
return;
}
const Item item = fmt_fuzzer::assignFromBuf<Item>(Data);
// fast forward
Data += Nfixed;
Size -= Nfixed;
// Data is already allocated separately in libFuzzer so reading past
// the end will most likely be detected anyway
const auto formatstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size);
// doit_impl<Item,std::yocto>(buf.data(),item);
// doit_impl<Item,std::zepto>(buf.data(),item);
switch (scaling) {
case 1:
invoke_inner<Item, std::atto>(formatstring, item);
break;
case 2:
invoke_inner<Item, std::femto>(formatstring, item);
break;
case 3:
invoke_inner<Item, std::pico>(formatstring, item);
break;
case 4:
invoke_inner<Item, std::nano>(formatstring, item);
break;
case 5:
invoke_inner<Item, std::micro>(formatstring, item);
break;
case 6:
invoke_inner<Item, std::milli>(formatstring, item);
break;
case 7:
invoke_inner<Item, std::centi>(formatstring, item);
break;
case 8:
invoke_inner<Item, std::deci>(formatstring, item);
break;
case 9:
invoke_inner<Item, std::deca>(formatstring, item);
break;
case 10:
invoke_inner<Item, std::kilo>(formatstring, item);
break;
case 11:
invoke_inner<Item, std::mega>(formatstring, item);
break;
case 12:
invoke_inner<Item, std::giga>(formatstring, item);
break;
case 13:
invoke_inner<Item, std::tera>(formatstring, item);
break;
case 14:
invoke_inner<Item, std::peta>(formatstring, item);
break;
case 15:
invoke_inner<Item, std::exa>(formatstring, item);
}
// doit_impl<Item,std::zeta>(buf.data(),item);
// doit_impl<Item,std::yotta>(buf.data(),item);
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) {
if (Size <= 4) {
return 0;
}
const auto representation = Data[0];
const auto scaling = Data[1];
Data += 2;
Size -= 2;
switch (representation) {
case 1:
invoke_outer<char>(Data, Size, scaling);
break;
case 2:
invoke_outer<unsigned char>(Data, Size, scaling);
break;
case 3:
invoke_outer<signed char>(Data, Size, scaling);
break;
case 4:
invoke_outer<short>(Data, Size, scaling);
break;
case 5:
invoke_outer<unsigned short>(Data, Size, scaling);
break;
case 6:
invoke_outer<int>(Data, Size, scaling);
break;
case 7:
invoke_outer<unsigned int>(Data, Size, scaling);
break;
case 8:
invoke_outer<long>(Data, Size, scaling);
break;
case 9:
invoke_outer<unsigned long>(Data, Size, scaling);
break;
case 10:
invoke_outer<float>(Data, Size, scaling);
break;
case 11:
invoke_outer<double>(Data, Size, scaling);
break;
case 12:
invoke_outer<long double>(Data, Size, scaling);
break;
default:
break;
}
return 0;
}

View File

@ -0,0 +1,71 @@
#ifndef FUZZER_COMMON_H
#define FUZZER_COMMON_H
// Copyright (c) 2019, Paul Dreik
// License: see LICENSE.rst in the fmt root directory
#include <cstring> // memcpy
#include <type_traits> // trivially copyable
#include <cstdint> // std::uint8_t
// one can format to either a string, or a buf. buf is faster,
// but one may be interested in formatting to a string instead to
// verify it works as intended. to avoid a combinatoric explosion,
// select this at compile time instead of dynamically from the fuzz data
#define FMT_FUZZ_FORMAT_TO_STRING 0
// if fmt is given a buffer that is separately allocated,
// chances that address sanitizer detects out of bound reads is
// much higher. However, it slows down the fuzzing.
#define FMT_FUZZ_SEPARATE_ALLOCATION 1
// To let the the fuzzer mutation be efficient at cross pollinating
// between different types, use a fixed size format.
// The same bit pattern, interpreted as another type,
// is likely interesting.
// For this, we must know the size of the largest possible type in use.
// There are some problems on travis, claiming Nfixed is not a constant expression
// which seems to be an issue with older versions of libstdc++
#if _GLIBCXX_RELEASE >= 7
# include <algorithm>
namespace fmt_fuzzer {
constexpr auto Nfixed = std::max(sizeof(long double), sizeof(std::intmax_t));
}
#else
namespace fmt_fuzzer {
constexpr auto Nfixed=16;
}
#endif
namespace fmt_fuzzer {
// view data as a c char pointer.
template <typename T>
inline const char* as_chars(const T* data) {
return static_cast<const char*>(static_cast<const void*>(data));
}
// view data as a byte pointer
template <typename T>
inline const std::uint8_t* as_bytes(const T* data) {
return static_cast<const std::uint8_t*>(static_cast<const void*>(data));
}
// blits bytes from Data to form an (assumed trivially constructible) object
// of type Item
template <class Item>
inline Item assignFromBuf(const std::uint8_t* Data) {
Item item{};
std::memcpy(&item, Data, sizeof(Item));
return item;
}
// reads a boolean value by looking at the first byte from Data
template <> inline bool assignFromBuf<bool>(const std::uint8_t* Data) {
return !!Data[0];
}
} // namespace fmt_fuzzer
#endif // FUZZER_COMMON_H

21
test/fuzzing/main.cpp Normal file
View File

@ -0,0 +1,21 @@
#include <cassert>
#include <fstream>
#include <sstream>
#include <vector>
#include "fuzzer_common.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size);
int main(int argc, char* argv[]) {
for (int i = 1; i < argc; ++i) {
std::ifstream in(argv[i]);
assert(in);
in.seekg(0, std::ios_base::end);
const auto pos = in.tellg();
assert(pos>=0);
in.seekg(0, std::ios_base::beg);
std::vector<char> buf(static_cast<std::size_t>(pos));
in.read(buf.data(), static_cast<long>(buf.size()));
assert(in.gcount() == pos);
LLVMFuzzerTestOneInput(fmt_fuzzer::as_bytes(buf.data()), buf.size());
}
}

129
test/fuzzing/named_arg.cpp Normal file
View File

@ -0,0 +1,129 @@
// Copyright (c) 2019, Paul Dreik
// License: see LICENSE.rst in the fmt root directory
#include <fmt/chrono.h>
#include <fmt/core.h>
#include <cstdint>
#include <stdexcept>
#include <type_traits>
#include <vector>
#include "fuzzer_common.h"
template <typename Item1>
void invoke_fmt(const uint8_t* Data, std::size_t Size, unsigned int argsize) {
constexpr auto N1 = sizeof(Item1);
static_assert (N1<=fmt_fuzzer::Nfixed,"Nfixed too small");
if (Size <= fmt_fuzzer::Nfixed) {
return;
}
const Item1 item1 = fmt_fuzzer::assignFromBuf<Item1>(Data);
Data += fmt_fuzzer::Nfixed;
Size -= fmt_fuzzer::Nfixed;
// how many chars should be used for the argument name?
if (argsize <= 0 || argsize >= Size) {
return;
}
// allocating buffers separately is slower, but increases chances
// of detecting memory errors
#if FMT_FUZZ_SEPARATE_ALLOCATION
std::vector<char> argnamebuffer(argsize);
std::memcpy(argnamebuffer.data(), Data, argsize);
auto argname = fmt::string_view(argnamebuffer.data(), argsize);
#else
auto argname = fmt::string_view(fmt_fuzzer::as_chars(Data), argsize);
#endif
Data += argsize;
Size -= argsize;
#if FMT_FUZZ_SEPARATE_ALLOCATION
// allocates as tight as possible, making it easier to catch buffer overruns.
std::vector<char> fmtstringbuffer(Size);
std::memcpy(fmtstringbuffer.data(), Data, Size);
auto fmtstring = fmt::string_view(fmtstringbuffer.data(), Size);
#else
auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size);
#endif
#if FMT_FUZZ_FORMAT_TO_STRING
std::string message = fmt::format(fmtstring, fmt::arg(argname, item1));
#else
fmt::memory_buffer outbuf;
fmt::format_to(outbuf, fmtstring, fmt::arg(argname, item1));
#endif
}
// for dynamic dispatching to an explicit instantiation
template <typename Callback> void invoke(int index, Callback callback) {
switch (index) {
case 0:
callback(bool{});
break;
case 1:
callback(char{});
break;
case 2:
using sc = signed char;
callback(sc{});
break;
case 3:
using uc = unsigned char;
callback(uc{});
break;
case 4:
callback(short{});
break;
case 5:
using us = unsigned short;
callback(us{});
break;
case 6:
callback(int{});
break;
case 7:
callback(unsigned{});
break;
case 8:
callback(long{});
break;
case 9:
using ul = unsigned long;
callback(ul{});
break;
case 10:
callback(float{});
break;
case 11:
callback(double{});
break;
case 12:
using LD = long double;
callback(LD{});
break;
}
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) {
if (Size <= 3) {
return 0;
}
// switch types depending on the first byte of the input
const auto first = Data[0] & 0x0F;
const unsigned int second = (Data[0] & 0xF0) >> 4;
Data++;
Size--;
auto outerfcn = [=](auto param1) {
invoke_fmt<decltype(param1)>(Data, Size, second);
};
try {
invoke(first, outerfcn);
} catch (std::exception& /*e*/) {
}
return 0;
}

131
test/fuzzing/one_arg.cpp Normal file
View File

@ -0,0 +1,131 @@
// Copyright (c) 2019, Paul Dreik
// License: see LICENSE.rst in the fmt root directory
#include <fmt/core.h>
#include <cstdint>
#include <stdexcept>
#include <type_traits>
#include <vector>
#include <fmt/chrono.h>
#include "fuzzer_common.h"
using fmt_fuzzer::Nfixed;
template <typename Item>
void invoke_fmt(const uint8_t* Data, std::size_t Size) {
constexpr auto N = sizeof(Item);
static_assert (N<=Nfixed,"Nfixed is too small");
if (Size <= Nfixed) {
return;
}
const Item item = fmt_fuzzer::assignFromBuf<Item>(Data);
Data += Nfixed;
Size -= Nfixed;
#if FMT_FUZZ_SEPARATE_ALLOCATION
// allocates as tight as possible, making it easier to catch buffer overruns.
std::vector<char> fmtstringbuffer(Size);
std::memcpy(fmtstringbuffer.data(), Data, Size);
auto fmtstring = fmt::string_view(fmtstringbuffer.data(), Size);
#else
auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size);
#endif
#if FMT_FUZZ_FORMAT_TO_STRING
std::string message = fmt::format(fmtstring, item);
#else
fmt::memory_buffer message;
fmt::format_to(message, fmtstring, item);
#endif
}
void invoke_fmt_time(const uint8_t* Data, std::size_t Size) {
using Item = std::time_t;
constexpr auto N = sizeof(Item);
static_assert (N<=Nfixed,"Nfixed too small");
if (Size <= Nfixed) {
return;
}
const Item item = fmt_fuzzer::assignFromBuf<Item>(Data);
Data += Nfixed;
Size -= Nfixed;
#if FMT_FUZZ_SEPARATE_ALLOCATION
// allocates as tight as possible, making it easier to catch buffer overruns.
std::vector<char> fmtstringbuffer(Size);
std::memcpy(fmtstringbuffer.data(), Data, Size);
auto fmtstring = fmt::string_view(fmtstringbuffer.data(), Size);
#else
auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size);
#endif
auto* b = std::localtime(&item);
if (b) {
#if FMT_FUZZ_FORMAT_TO_STRING
std::string message = fmt::format(fmtstring, *b);
#else
fmt::memory_buffer message;
fmt::format_to(message, fmtstring, *b);
#endif
}
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) {
if (Size <= 3) {
return 0;
}
const auto first = Data[0];
Data++;
Size--;
try {
switch (first) {
case 0:
invoke_fmt<bool>(Data, Size);
break;
case 1:
invoke_fmt<char>(Data, Size);
break;
case 2:
invoke_fmt<unsigned char>(Data, Size);
break;
case 3:
invoke_fmt<signed char>(Data, Size);
break;
case 4:
invoke_fmt<short>(Data, Size);
break;
case 5:
invoke_fmt<unsigned short>(Data, Size);
break;
case 6:
invoke_fmt<int>(Data, Size);
break;
case 7:
invoke_fmt<unsigned int>(Data, Size);
break;
case 8:
invoke_fmt<long>(Data, Size);
break;
case 9:
invoke_fmt<unsigned long>(Data, Size);
break;
case 10:
invoke_fmt<float>(Data, Size);
break;
case 11:
invoke_fmt<double>(Data, Size);
break;
case 12:
invoke_fmt<long double>(Data, Size);
break;
case 13:
invoke_fmt_time(Data, Size);
break;
default:
break;
}
} catch (std::exception& /*e*/) {
}
return 0;
}

116
test/fuzzing/sprintf.cpp Normal file
View File

@ -0,0 +1,116 @@
// Copyright (c) 2019, Paul Dreik
// License: see LICENSE.rst in the fmt root directory
#include <fmt/format.h>
#include <fmt/printf.h>
#include <cstdint>
#include <stdexcept>
#include "fuzzer_common.h"
using fmt_fuzzer::Nfixed;
template <typename Item1, typename Item2>
void invoke_fmt(const uint8_t* Data, std::size_t Size) {
constexpr auto N1 = sizeof(Item1);
constexpr auto N2 = sizeof(Item2);
static_assert(N1 <= Nfixed, "size1 exceeded");
static_assert(N2 <= Nfixed, "size2 exceeded");
if (Size <= Nfixed + Nfixed) {
return;
}
Item1 item1 = fmt_fuzzer::assignFromBuf<Item1>(Data);
Data += Nfixed;
Size -= Nfixed;
Item2 item2 = fmt_fuzzer::assignFromBuf<Item2>(Data);
Data += Nfixed;
Size -= Nfixed;
auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size);
#if FMT_FUZZ_FORMAT_TO_STRING
std::string message = fmt::format(fmtstring, item1, item2);
#else
fmt::memory_buffer message;
fmt::format_to(message, fmtstring, item1, item2);
#endif
}
// for dynamic dispatching to an explicit instantiation
template <typename Callback> void invoke(int index, Callback callback) {
switch (index) {
case 0:
callback(bool{});
break;
case 1:
callback(char{});
break;
case 2:
using sc = signed char;
callback(sc{});
break;
case 3:
using uc = unsigned char;
callback(uc{});
break;
case 4:
callback(short{});
break;
case 5:
using us = unsigned short;
callback(us{});
break;
case 6:
callback(int{});
break;
case 7:
callback(unsigned{});
break;
case 8:
callback(long{});
break;
case 9:
using ul = unsigned long;
callback(ul{});
break;
case 10:
callback(float{});
break;
case 11:
callback(double{});
break;
case 12:
using LD = long double;
callback(LD{});
break;
case 13:
using ptr = void*;
callback(ptr{});
break;
}
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) {
if (Size <= 3) {
return 0;
}
// switch types depending on the first byte of the input
const auto first = Data[0] & 0x0F;
const auto second = (Data[0] & 0xF0) >> 4;
Data++;
Size--;
auto outer = [=](auto param1) {
auto inner = [=](auto param2) {
invoke_fmt<decltype(param1), decltype(param2)>(Data, Size);
};
invoke(second, inner);
};
try {
invoke(first, outer);
} catch (std::exception& /*e*/) {
}
return 0;
}

112
test/fuzzing/two_args.cpp Normal file
View File

@ -0,0 +1,112 @@
// Copyright (c) 2019, Paul Dreik
// License: see LICENSE.rst in the fmt root directory
#include <fmt/format.h>
#include <cstdint>
#include <stdexcept>
#include <type_traits>
#include "fuzzer_common.h"
constexpr auto Nfixed=fmt_fuzzer::Nfixed;
template <typename Item1, typename Item2>
void invoke_fmt(const uint8_t* Data, std::size_t Size) {
constexpr auto N1 = sizeof(Item1);
constexpr auto N2 = sizeof(Item2);
static_assert(N1 <= Nfixed, "size1 exceeded");
static_assert(N2 <= Nfixed, "size2 exceeded");
if (Size <= Nfixed + Nfixed) {
return;
}
const Item1 item1=fmt_fuzzer::assignFromBuf<Item1>(Data);
Data += Nfixed;
Size -= Nfixed;
const Item2 item2=fmt_fuzzer::assignFromBuf<Item2>(Data);
Data += Nfixed;
Size -= Nfixed;
auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size);
#if FMT_FUZZ_FORMAT_TO_STRING
std::string message = fmt::format(fmtstring, item1, item2);
#else
fmt::memory_buffer message;
fmt::format_to(message, fmtstring, item1, item2);
#endif
}
// for dynamic dispatching to an explicit instantiation
template <typename Callback> void invoke(int index, Callback callback) {
switch (index) {
case 0:
callback(bool{});
break;
case 1:
callback(char{});
break;
case 2:
using sc = signed char;
callback(sc{});
break;
case 3:
using uc = unsigned char;
callback(uc{});
break;
case 4:
callback(short{});
break;
case 5:
using us = unsigned short;
callback(us{});
break;
case 6:
callback(int{});
break;
case 7:
callback(unsigned{});
break;
case 8:
callback(long{});
break;
case 9:
using ul = unsigned long;
callback(ul{});
break;
case 10:
callback(float{});
break;
case 11:
callback(double{});
break;
case 12:
using LD = long double;
callback(LD{});
break;
}
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) {
if (Size <= 3) {
return 0;
}
// switch types depending on the first byte of the input
const auto first = Data[0] & 0x0F;
const auto second = (Data[0] & 0xF0) >> 4;
Data++;
Size--;
auto outer = [=](auto param1) {
auto inner = [=](auto param2) {
invoke_fmt<decltype(param1), decltype(param2)>(Data, Size);
};
invoke(second, inner);
};
try {
invoke(first, outer);
} catch (std::exception& /*e*/) {
}
return 0;
}