Raise TypeError if fuzz target returns invalid type

trailofbits · Jan 24, 2024 · 732963f · 732963f
1 parent 5530928
commit 732963f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/ext/cruzzy/cruzzy.c b/ext/cruzzy/cruzzy.c
@@ -40,6 +40,13 @@ static int proc_caller(const uint8_t *data, size_t size)
         return 0;
     }
 
+    if (!FIXNUM_P(result)) {
+        rb_raise(
+            rb_eTypeError,
+            "fuzz target function did not return an integer or nil"
+        );
+    }
+
     return NUM2INT(result);
 }
 

diff --git a/test/test_ruzzy.rb b/test/test_ruzzy.rb
@@ -28,6 +28,19 @@ def test_c_dummy_test_one_input_lambda
     assert_equal(result, expected)
   end
 
+  def test_c_dummy_test_one_input_invalid_return
+    omit("This test calls LLVMFuzzerRunDriver, which we don't have a good harness for yet")
+
+    dummy_test_one_input = lambda do |data|
+      Ruzzy.c_dummy_test_one_input(data)
+      'not an integer or nil'
+    end
+
+    assert_raise(TypeError) do
+      Ruzzy.fuzz(dummy_test_one_input)
+    end
+  end
+
   def test_fuzz_without_proc
     assert_raise(RuntimeError) do
       Ruzzy.fuzz('not a proc')