Add fuzz targets for custom Block, Mark, and Content serde (#90)

gvonness-apolitical · web-flow · commit 1ad97ed3ce3e · 2026-02-16T16:04:46.000Z
The hand-written Serialize/Deserialize impls from PR #87 are the most complex recent addition. These fuzz targets exercise all type dispatch paths with arbitrary input to catch panics or unexpected behavior in the custom deserialization logic.
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -36,3 +36,24 @@ path = "fuzz_targets/manifest_parser.rs"
 test = false
 doc = false
 bench = false
+
+[[bin]]
+name = "block_parser"
+path = "fuzz_targets/block_parser.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "mark_parser"
+path = "fuzz_targets/mark_parser.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "content_parser"
+path = "fuzz_targets/content_parser.rs"
+test = false
+doc = false
+bench = false
diff --git a/fuzz/fuzz_targets/block_parser.rs b/fuzz/fuzz_targets/block_parser.rs
@@ -0,0 +1,17 @@
+//! Fuzz target for Block deserialization.
+//!
+//! This target tests the custom `Deserialize` impl for `Block` which
+//! dispatches on the `"type"` field to construct the correct variant.
+//! Exercises all 20+ block type code paths with arbitrary JSON input.
+
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    // Try parsing as a single Block
+    let _ = serde_json::from_slice::<cdx_core::content::Block>(data);
+
+    // Also try parsing as a Vec<Block> (nested children)
+    let _ = serde_json::from_slice::<Vec<cdx_core::content::Block>>(data);
+});
diff --git a/fuzz/fuzz_targets/content_parser.rs b/fuzz/fuzz_targets/content_parser.rs
@@ -0,0 +1,15 @@
+//! Fuzz target for Content deserialization.
+//!
+//! This target tests parsing of the full `Content` structure which
+//! contains a version field and a blocks array. Exercises the complete
+//! content deserialization pipeline including nested blocks and text
+//! nodes with marks.
+
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    // Try parsing as a full Content structure
+    let _ = serde_json::from_slice::<cdx_core::content::Content>(data);
+});
diff --git a/fuzz/fuzz_targets/mark_parser.rs b/fuzz/fuzz_targets/mark_parser.rs
@@ -0,0 +1,18 @@
+//! Fuzz target for Mark deserialization.
+//!
+//! This target tests the custom `Deserialize` impl for `Mark` which
+//! handles both simple string marks (e.g., `"bold"`) and complex object
+//! marks (e.g., `{"type": "link", "href": "..."}`). Exercises all 15+
+//! mark type code paths with arbitrary input.
+
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    // Try parsing as a single Mark
+    let _ = serde_json::from_slice::<cdx_core::content::Mark>(data);
+
+    // Also try parsing as a Vec<Mark> (text node marks array)
+    let _ = serde_json::from_slice::<Vec<cdx_core::content::Mark>>(data);
+});
