Add fuzzing infrastructure with cargo-fuzz

.github/workflows/fuzz.yml

@@ -0,0 +1,60 @@
+# SPDX-FileCopyrightText: 2025 RAprogramm <andrey.rozanov.vl@gmail.com>
+# SPDX-License-Identifier: MIT
+
+name: Fuzzing
+
+on:
+  schedule:
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  fuzz:
+    name: Fuzz Testing
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      actions: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - fuzz_new_from_strings
+          - fuzz_from_cstrings
+          - fuzz_pointer_operations
+          - fuzz_try_from
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust nightly
+        uses: dtolnay/rust-toolchain@nightly
+        with:
+          components: llvm-tools-preview
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          key: fuzz-${{ matrix.target }}
+
+      - name: Install cargo-fuzz
+        uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-fuzz
+
+      - name: Run fuzzer
+        run: cargo fuzz run ${{ matrix.target }} -- -max_total_time=300
+        env:
+          RUST_BACKTRACE: 1
+
+      - name: Upload artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz-artifacts-${{ matrix.target }}
+          path: fuzz/artifacts/${{ matrix.target }}

REUSE.toml

@@ -4,7 +4,7 @@ SPDX-PackageSupplier = "RAprogramm <andrey.rozanov.vl@gmail.com>"
 SPDX-PackageDownloadLocation = "https://github.com/RAprogramm/cstring-array"
 
 [[annotations]]
-path = ["Cargo.toml", "Cargo.lock", ".gitignore", ".rustfmt.toml", "REUSE.toml", "codecov.yml", ".config/nextest.toml", "cliff.toml", "CHANGELOG.md", "CONTRIBUTING.md", "SECURITY.md", ".github/ISSUE_TEMPLATE/*.yml", ".github/PULL_REQUEST_TEMPLATE.md"]
+path = ["Cargo.toml", "Cargo.lock", ".gitignore", ".rustfmt.toml", "REUSE.toml", "codecov.yml", ".config/nextest.toml", "cliff.toml", "CHANGELOG.md", "CONTRIBUTING.md", "SECURITY.md", ".github/ISSUE_TEMPLATE/*.yml", ".github/PULL_REQUEST_TEMPLATE.md", ".github/workflows/*.yml", "fuzz/Cargo.toml"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2025 RAprogramm <andrey.rozanov.vl@gmail.com>"
 SPDX-License-Identifier = "CC0-1.0"
@@ -20,3 +20,9 @@ path = "examples/*.rs"
 precedence = "aggregate"
 SPDX-FileCopyrightText = "2025 RAprogramm <andrey.rozanov.vl@gmail.com>"
 SPDX-License-Identifier = "MIT"
+
+[[annotations]]
+path = "fuzz/fuzz_targets/*.rs"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2025 RAprogramm <andrey.rozanov.vl@gmail.com>"
+SPDX-License-Identifier = "MIT"

fuzz/.gitignore

@@ -0,0 +1,4 @@
+target
+corpus
+artifacts
+coverage

fuzz/Cargo.toml

@@ -0,0 +1,49 @@
+[package]
+name = "cstring-array-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2024"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+
+[dependencies.cstring-array]
+path = ".."
+
+[[bin]]
+name = "fuzz_target_1"
+path = "fuzz_targets/fuzz_target_1.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz_new_from_strings"
+path = "fuzz_targets/fuzz_new_from_strings.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz_from_cstrings"
+path = "fuzz_targets/fuzz_from_cstrings.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz_pointer_operations"
+path = "fuzz_targets/fuzz_pointer_operations.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "fuzz_try_from"
+path = "fuzz_targets/fuzz_try_from.rs"
+test = false
+doc = false
+bench = false

fuzz/fuzz_targets/fuzz_from_cstrings.rs

@@ -0,0 +1,22 @@
+// SPDX-FileCopyrightText: 2025 RAprogramm <andrey.rozanov.vl@gmail.com>
+// SPDX-License-Identifier: MIT
+
+#![no_main]
+
+use std::ffi::CString;
+
+use cstring_array::CStringArray;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    if let Ok(input) = std::str::from_utf8(data) {
+        let cstrings: Result<Vec<CString>, _> =
+            input.split('\n').take(10000).map(CString::new).collect();
+
+        if let Ok(cstrings) = cstrings {
+            if !cstrings.is_empty() {
+                let _ = CStringArray::from_cstrings(cstrings);
+            }
+        }
+    }
+});

fuzz/fuzz_targets/fuzz_new_from_strings.rs

@@ -0,0 +1,18 @@
+// SPDX-FileCopyrightText: 2025 RAprogramm <andrey.rozanov.vl@gmail.com>
+// SPDX-License-Identifier: MIT
+
+#![no_main]
+
+use cstring_array::CStringArray;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    if let Ok(input) = std::str::from_utf8(data) {
+        let strings: Vec<String> =
+            input.split('\n').take(10000).map(String::from).collect();
+
+        if !strings.is_empty() {
+            let _ = CStringArray::new(strings);
+        }
+    }
+});

fuzz/fuzz_targets/fuzz_pointer_operations.rs

@@ -0,0 +1,41 @@
+// SPDX-FileCopyrightText: 2025 RAprogramm <andrey.rozanov.vl@gmail.com>
+// SPDX-License-Identifier: MIT
+
+#![no_main]
+
+use std::ffi::CStr;
+
+use cstring_array::CStringArray;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    if data.len() < 2 {
+        return;
+    }
+
+    let num_strings = (data[0] as usize % 100) + 1;
+    let index = data[1] as usize;
+
+    let strings: Vec<String> = (0..num_strings).map(|i| format!("string_{}", i)).collect();
+
+    if let Ok(array) = CStringArray::new(strings) {
+        let _ = array.len();
+        let _ = array.is_empty();
+        let ptr = array.as_ptr();
+
+        unsafe {
+            for i in 0..array.len() {
+                let cstr_ptr = *ptr.offset(i as isize);
+                if !cstr_ptr.is_null() {
+                    let _ = CStr::from_ptr(cstr_ptr);
+                }
+            }
+        }
+
+        let _ = array.get(index);
+
+        for s in array.iter() {
+            let _ = s.to_str();
+        }
+    }
+});

fuzz/fuzz_targets/fuzz_try_from.rs

@@ -0,0 +1,29 @@
+// SPDX-FileCopyrightText: 2025 RAprogramm <andrey.rozanov.vl@gmail.com>
+// SPDX-License-Identifier: MIT
+
+#![no_main]
+
+use std::{convert::TryFrom, ffi::CString};
+
+use cstring_array::CStringArray;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    if let Ok(input) = std::str::from_utf8(data) {
+        let strings: Vec<&str> = input.split('\n').take(1000).collect();
+
+        if !strings.is_empty() {
+            let _ = CStringArray::try_from(strings.clone());
+
+            let owned: Vec<String> = strings.iter().map(|s| s.to_string()).collect();
+            let _ = CStringArray::try_from(owned);
+
+            let cstrings: Result<Vec<CString>, _> =
+                strings.iter().map(|s| CString::new(*s)).collect();
+
+            if let Ok(cstrings) = cstrings {
+                let _ = CStringArray::try_from(cstrings);
+            }
+        }
+    }
+});