From 5467b4180b68b3e7318adec1e15ce3ffd23b25c9 Mon Sep 17 00:00:00 2001 From: disconnect3d Date: Thu, 30 Nov 2023 16:48:42 +0100 Subject: [PATCH] add fuzzing --- meson.build | 13 +++++++++++++ src/fuzzing/fuzz_util_string_length.c | 26 +++++++++++++++++++++++++ src/fuzzing/fuzz_wordsplit.c | 28 +++++++++++++++++++++++++++ src/fuzzing/meson.build | 3 +++ src/pacman/util.c | 2 +- src/pacman/util.h | 1 + 6 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 src/fuzzing/fuzz_util_string_length.c create mode 100644 src/fuzzing/fuzz_wordsplit.c create mode 100644 src/fuzzing/meson.build diff --git a/meson.build b/meson.build index f4935e76..38b51661 100644 --- a/meson.build +++ b/meson.build @@ -305,6 +305,8 @@ subdir('src/pacman') subdir('src/util') subdir('scripts') +subdir('src/fuzzing') + # Internationalization if get_option('i18n') i18n = import('i18n') @@ -398,6 +400,17 @@ executable( install : true, ) +# Note: this target must be built with clang! +executable( + 'fuzz_wordsplit', + fuzzing_sources, + include_directories : includes, + link_with : [libcommon], + dependencies : [], + c_args : ['-fsanitize=fuzzer,address', '-ggdb'], + link_args : ['-fsanitize=fuzzer,address', '-ggdb'], +) + foreach wrapper : script_wrappers cdata = configuration_data() cdata.set_quoted('BASH', BASH.full_path()) diff --git a/src/fuzzing/fuzz_util_string_length.c b/src/fuzzing/fuzz_util_string_length.c new file mode 100644 index 00000000..f7761434 --- /dev/null +++ b/src/fuzzing/fuzz_util_string_length.c @@ -0,0 +1,26 @@ +#define _XOPEN_SOURCE +#include +#include +#include +#include +#include + +#include "util.h" + +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); + +static int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + if (Size == 0) + return 0; + + // Prepare a null terminated string + char* cstring = malloc(Size+1); + memcpy(cstring, Data, Size); + cstring[Size] = 0; + + string_length(cstring); + + free(cstring); + + return 0; +} \ No newline at end of file diff --git a/src/fuzzing/fuzz_wordsplit.c b/src/fuzzing/fuzz_wordsplit.c new file mode 100644 index 00000000..06c0fc48 --- /dev/null +++ b/src/fuzzing/fuzz_wordsplit.c @@ -0,0 +1,28 @@ +#define _XOPEN_SOURCE +#include +#include +#include +#include +#include + +#include "util-common.h" + +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); + +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + if (Size == 0) + return 0; + + // Prepare a null terminated string + char* cstring = malloc(Size+1); + memcpy(cstring, Data, Size); + cstring[Size] = 0; + + char** ptr = wordsplit(cstring); + if (ptr) + free(ptr); + + free(cstring); + + return 0; +} diff --git a/src/fuzzing/meson.build b/src/fuzzing/meson.build new file mode 100644 index 00000000..e7f02a28 --- /dev/null +++ b/src/fuzzing/meson.build @@ -0,0 +1,3 @@ +fuzzing_sources = files(''' + fuzz_wordsplit.c +'''.split()) diff --git a/src/pacman/util.c b/src/pacman/util.c index 5d42a6e9..a41c9e5e 100644 --- a/src/pacman/util.c +++ b/src/pacman/util.c @@ -449,7 +449,7 @@ static char *concat_list(alpm_list_t *lst, formatfn fn) return output; } -static size_t string_length(const char *s) +size_t string_length(const char *s) { int len; wchar_t *wcstr; diff --git a/src/pacman/util.h b/src/pacman/util.h index 52e79915..d8f7f5f2 100644 --- a/src/pacman/util.h +++ b/src/pacman/util.h @@ -47,6 +47,7 @@ typedef struct _pm_target_t { int is_explicit; } pm_target_t; +size_t string_length(const char *s); void trans_init_error(void); /* flags is a bitfield of alpm_transflag_t flags */ int trans_init(int flags, int check_valid);