add the fuzzer from oss-fuzz and a test that exercises it

fuzz/unpack_pack_fuzzer.cc

@@ -0,0 +1,21 @@
+#include <msgpack.hpp>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  try {
+    // NOTE(derwolfe): by default the limits are set at 2^32-1 length. I'm
+    // setting these at far smaller values to avoid OOMs
+    const int test_limit = 10000;
+    msgpack::object_handle unpacked = msgpack::unpack(reinterpret_cast<const char *>(data),
+                                                      size,
+                                                      nullptr,
+                                                      nullptr,
+                                                      msgpack::unpack_limit(test_limit,
+                                                                            test_limit,
+                                                                            test_limit,
+                                                                            test_limit));
+    msgpack::sbuffer sbuf;
+    msgpack::pack(sbuf, unpacked.get());
+  } catch (...) {
+  }
+  return 0;
+}

test/CMakeLists.txt

@@ -37,6 +37,9 @@ LIST (APPEND check_PROGRAMS
     version.cpp
     visitor.cpp
     zone.cpp
+
+    # fuzzer tests
+    fuzz_unpack_pack_fuzzer.cpp
 )
 
 IF (MSGPACK_BOOST)

test/fuzz_unpack_pack_fuzzer.cpp

@@ -0,0 +1,10 @@
+#include <gtest/gtest.h>
+
+#include "../fuzz/unpack_pack_fuzzer.cc"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+TEST(FUZZ_UNPACK_PACK_FUZZER, works)
+{
+  EXPECT_EQ(0, LLVMFuzzerTestOneInput(0, 0));
+}