Devin comments added, asked Devin to verify that Serialization matches original input, as well

pmeredit · pmeredit · commit 17654e8a9feb · 2024-12-11T17:11:31.000-05:00
diff --git a/fuzz/fuzz_targets/malformed_length.rs b/fuzz/fuzz_targets/malformed_length.rs
@@ -1,5 +1,15 @@
+//! BSON Document Length Field Fuzzer
+//!
+//! This fuzz test focuses on finding security vulnerabilities related to BSON document length
+//! fields. It specifically targets:
+//! - Integer overflow/underflow in length calculations
+//! - Malformed length fields that could cause buffer overruns
+//! - Mismatches between declared and actual document sizes
+//! - Memory allocation issues with large or invalid lengths
+
 #![no_main]
-#[macro_use] extern crate libfuzzer_sys;
+#[macro_use]
+extern crate libfuzzer_sys;
 extern crate bson;
 use bson::RawDocument;
 
diff --git a/fuzz/fuzz_targets/serialization.rs b/fuzz/fuzz_targets/serialization.rs
@@ -1,3 +1,4 @@
+//! Document serialization consistency
 #![no_main]
 #[macro_use]
 extern crate libfuzzer_sys;
@@ -48,6 +49,25 @@ fuzz_target!(|buf: &[u8]| {
                 }
             }
         }
-        let _ = doc_buf.into_bytes();
+        let output_bytes = doc_buf.into_bytes();
+        if let Ok(reserialized_doc) = RawDocument::from_bytes(&output_bytes) {
+            assert_eq!(doc.as_bytes().len(), reserialized_doc.as_bytes().len());
+            let orig_elements: Vec<_> = doc.iter_elements().flatten().collect();
+            let reser_elements: Vec<_> = reserialized_doc.iter_elements().flatten().collect();
+            assert_eq!(
+                orig_elements.len(),
+                reser_elements.len(),
+                "Document element count mismatch"
+            );
+            for (orig, reser) in orig_elements.iter().zip(reser_elements.iter()) {
+                assert_eq!(orig.key(), reser.key(), "Key mismatch");
+                assert_eq!(
+                    orig.value(),
+                    reser.value(),
+                    "Value mismatch for key {}",
+                    orig.key()
+                );
+            }
+        }
     }
 });
diff --git a/fuzz/fuzz_targets/string_handling.rs b/fuzz/fuzz_targets/string_handling.rs
@@ -1,3 +1,4 @@
+//! Ensure correctness of UTF-8 and string parsing
 #![no_main]
 #[macro_use]
 extern crate libfuzzer_sys;
diff --git a/fuzz/fuzz_targets/type_markers.rs b/fuzz/fuzz_targets/type_markers.rs
@@ -1,3 +1,4 @@
+//! BSON type marker validation
 #![no_main]
 #[macro_use]
 extern crate libfuzzer_sys;

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+//! Ensure correctness of UTF-8 and string parsing`
`1`	`2`	`#![no_main]`
`2`	`3`	`#[macro_use]`
`3`	`4`	`extern crate libfuzzer_sys;`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+//! BSON type marker validation`
`1`	`2`	`#![no_main]`
`2`	`3`	`#[macro_use]`
`3`	`4`	`extern crate libfuzzer_sys;`