|  | @@ -38,13 +38,52 @@
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  #include "src/core/lib/json/json.h"
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | +static size_t g_total_size = 0;
 | 
	
		
			
				|  |  | +static gpr_allocation_functions g_old_allocs;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +void *guard_malloc(size_t size) {
 | 
	
		
			
				|  |  | +  size_t *ptr;
 | 
	
		
			
				|  |  | +  g_total_size += size;
 | 
	
		
			
				|  |  | +  ptr = g_old_allocs.malloc(size + sizeof(size));
 | 
	
		
			
				|  |  | +  *ptr++ = size;
 | 
	
		
			
				|  |  | +  return ptr;
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +void *guard_realloc(void *ptr, size_t size) {
 | 
	
		
			
				|  |  | +  size_t *ptr = vptr;
 | 
	
		
			
				|  |  | +  --ptr;
 | 
	
		
			
				|  |  | +  g_total_size -= *ptr;
 | 
	
		
			
				|  |  | +  ptr = g_old_allocs.realloc(ptr, size + sizeof(size));
 | 
	
		
			
				|  |  | +  g_total_size += size;
 | 
	
		
			
				|  |  | +  *ptr++ = size;
 | 
	
		
			
				|  |  | +  return ptr;
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +void *guard_free(void *vptr) {
 | 
	
		
			
				|  |  | +  size_t *ptr = vptr;
 | 
	
		
			
				|  |  | +  --ptr;
 | 
	
		
			
				|  |  | +  g_total_size -= *ptr;
 | 
	
		
			
				|  |  | +  g_old_allocs.free(ptr);
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +struct gpr_allocation_functions g_guard_allocs = {
 | 
	
		
			
				|  |  | +  guard_malloc,
 | 
	
		
			
				|  |  | +  guard_realloc,
 | 
	
		
			
				|  |  | +  guard_free
 | 
	
		
			
				|  |  | +};
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 | 
	
		
			
				|  |  | -  char *s = gpr_malloc(size);
 | 
	
		
			
				|  |  | +  char *s;
 | 
	
		
			
				|  |  | +  g_old_allocs = gpr_get_allocation_functions();
 | 
	
		
			
				|  |  | +  gpr_set_allocation_functions(g_guard_allocs);
 | 
	
		
			
				|  |  | +  s = gpr_malloc(size);
 | 
	
		
			
				|  |  |    memcpy(s, data, size);
 | 
	
		
			
				|  |  |    grpc_json *x;
 | 
	
		
			
				|  |  |    if ((x = grpc_json_parse_string_with_len(s, size))) {
 | 
	
		
			
				|  |  |      grpc_json_destroy(x);
 | 
	
		
			
				|  |  |    }
 | 
	
		
			
				|  |  |    gpr_free(s);
 | 
	
		
			
				|  |  | +  gpr_set_allocation_functions(g_old_allocs);
 | 
	
		
			
				|  |  | +  GPR_ASSERT(g_total_size == 0);
 | 
	
		
			
				|  |  |    return 0;
 | 
	
		
			
				|  |  |  }
 |