diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index 71d2b5f2f..df9b6b58d 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -2,6 +2,7 @@ INCLUDE_DIRECTORIES(${WT_SOURCE_DIR}/src) ADD_EXECUTABLE(fuzz-cgi fuzz-cgi.C) ADD_EXECUTABLE(fuzz-css fuzz-css.C) +ADD_EXECUTABLE(fuzz-datetime fuzz-datetime.C) ADD_EXECUTABLE(fuzz-eval fuzz-eval.C) ADD_EXECUTABLE(fuzz-http fuzz-http.C) ADD_EXECUTABLE(fuzz-json fuzz-json.C) @@ -10,6 +11,7 @@ ADD_EXECUTABLE(fuzz-xml fuzz-xml.C) TARGET_LINK_LIBRARIES(fuzz-cgi PRIVATE wt $ENV{LIB_FUZZING_ENGINE}) TARGET_LINK_LIBRARIES(fuzz-css PRIVATE wt $ENV{LIB_FUZZING_ENGINE}) +TARGET_LINK_LIBRARIES(fuzz-datetime PRIVATE wt $ENV{LIB_FUZZING_ENGINE}) TARGET_LINK_LIBRARIES(fuzz-eval PRIVATE wt $ENV{LIB_FUZZING_ENGINE}) TARGET_LINK_LIBRARIES(fuzz-http PRIVATE wt wthttp $ENV{LIB_FUZZING_ENGINE}) TARGET_LINK_LIBRARIES(fuzz-json PRIVATE wt $ENV{LIB_FUZZING_ENGINE}) diff --git a/fuzz/fuzz-datetime.C b/fuzz/fuzz-datetime.C new file mode 100644 index 000000000..72297772e --- /dev/null +++ b/fuzz/fuzz-datetime.C @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2026 Emweb bv, Herent, Belgium. + * + * See the LICENSE file for terms of use. + */ + +#include +#include +#include + +#include "Wt/WString.h" +#include "Wt/WDate.h" +#include "Wt/WTime.h" +#include "Wt/WDateTime.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + if (size < 1) + return 0; + + // First byte splits the remaining bytes into a format string and a value + // string, so both the format parser and the value parser get fuzzed. + std::size_t formatLen = data[0] % size; + std::string format(reinterpret_cast(data + 1), formatLen); + std::string value(reinterpret_cast(data + 1 + formatLen), + size - 1 - formatLen); + + Wt::WString f = Wt::WString::fromUTF8(format); + Wt::WString v = Wt::WString::fromUTF8(value); + + try { Wt::WDateTime::fromString(v, f); } catch (...) {} + try { Wt::WDate::fromString(v, f); } catch (...) {} + try { Wt::WTime::fromString(v, f); } catch (...) {} + try { Wt::WDateTime::fromString(v); } catch (...) {} + + return 0; +} diff --git a/fuzz/fuzz-datetime_seed_corpus.zip b/fuzz/fuzz-datetime_seed_corpus.zip new file mode 100644 index 000000000..f5f56ec4b Binary files /dev/null and b/fuzz/fuzz-datetime_seed_corpus.zip differ