From ee1d49b8a64397cb9b067661af9f12596f817ef1 Mon Sep 17 00:00:00 2001
From: disconnect3d <dominik.b.czarnota@gmail.com>
Date: Mon, 4 Dec 2023 16:38:39 +0100
Subject: [PATCH] add parseconfigfile fuzzer

---
 meson.build                        | 13 ++++++---
 src/fuzzing/fuzz_parseconfigfile.c | 43 ++++++++++++++++++++++++++++++
 src/fuzzing/fuzz_string_length.c   |  3 ---
 src/fuzzing/fuzz_wordsplit.c       |  2 --
 src/fuzzing/meson.build            |  4 +++
 5 files changed, 57 insertions(+), 8 deletions(-)
 create mode 100644 src/fuzzing/fuzz_parseconfigfile.c

diff --git a/meson.build b/meson.build
index f880f3a4..b04e0970 100644
--- a/meson.build
+++ b/meson.build
@@ -402,7 +402,7 @@ executable(
   install : true,
 )
 
-# Note: this target must be built with clang!
+# Note: fuzz targets below must be built with Clang compiler
 executable(
     'fuzz_wordsplit',
     fuzz_wordsplit_sources,
@@ -413,7 +413,6 @@ executable(
     link_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer'],
 )
 
-# Note: this target must be built with clang!
 executable(
     'fuzz_string_length',
     [fuzz_string_length_sources, pacman_sources],
@@ -423,7 +422,6 @@ executable(
     c_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer', '-DFUZZING_PACMAN'],
     link_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer'],
 )
-# Note: this target must be built with clang!
 executable(
     'fuzz_alpm_extract_keyid',
     [fuzz_alpm_extract_keyid_sources, pacman_sources],
@@ -433,6 +431,15 @@ executable(
     c_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer', '-DFUZZING_PACMAN'],
     link_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer'],
 )
+executable(
+    'fuzz_parseconfigfile',
+    [fuzz_parseconfigfile_sources, pacman_sources],
+    include_directories : includes,
+    link_with : [libalpm_a],
+    dependencies : [],
+    c_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer', '-DFUZZING_PACMAN'],
+    link_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer'],
+)
 
 foreach wrapper : script_wrappers
   cdata = configuration_data()
diff --git a/src/fuzzing/fuzz_parseconfigfile.c b/src/fuzzing/fuzz_parseconfigfile.c
new file mode 100644
index 00000000..4746141d
--- /dev/null
+++ b/src/fuzzing/fuzz_parseconfigfile.c
@@ -0,0 +1,43 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#define _GNU_SOURCE         /* See feature_test_macros(7) */
+#include <sys/mman.h>
+#include <unistd.h>
+
+// TODO/FIXME: Fix the util.h include
+//#include "conf.h"
+// And remove that function header from here
+int parseconfigfile(const char *s);
+extern void *config;
+void *config_new(void);
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+// TODO/FIXME: This fuzzer should always be run from a chroot
+// without any other files in it; otherwise the configfile may refer
+// to other files
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    static void* config_object = 0;
+
+    // TODO/FIXME: The harness needs to be run with -detect_leaks=0
+    // because the config object here is detected as a leak
+    if (!config_object) {
+        config = config_object = config_new();
+    }
+
+    if (Size == 0)
+        return 0;
+
+    int fd = memfd_create("input", 0);
+    write(fd, Data, Size);
+
+    char path[64] = {0};
+    sprintf(path, "/proc/self/fd/%d", fd);
+
+    parseconfigfile(path);
+
+    close(fd);
+
+    return 0;
+}
diff --git a/src/fuzzing/fuzz_string_length.c b/src/fuzzing/fuzz_string_length.c
index f6dac010..8991b476 100644
--- a/src/fuzzing/fuzz_string_length.c
+++ b/src/fuzzing/fuzz_string_length.c
@@ -1,9 +1,6 @@
-#define _XOPEN_SOURCE
 #include <stdio.h>
 #include <stdlib.h>
-#include <stdint.h>
 #include <string.h>
-#include <wchar.h>
 
 // TODO/FIXME: Fix the util.h include
 //#include "util.h"
diff --git a/src/fuzzing/fuzz_wordsplit.c b/src/fuzzing/fuzz_wordsplit.c
index 2e4b41ce..e2e10210 100644
--- a/src/fuzzing/fuzz_wordsplit.c
+++ b/src/fuzzing/fuzz_wordsplit.c
@@ -2,8 +2,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
-#include <string.h>
-#include <wchar.h>
 
 #include "util-common.h"
 
diff --git a/src/fuzzing/meson.build b/src/fuzzing/meson.build
index 9fe120b7..9a8555c2 100644
--- a/src/fuzzing/meson.build
+++ b/src/fuzzing/meson.build
@@ -9,3 +9,7 @@ fuzz_string_length_sources = files('''
 fuzz_alpm_extract_keyid_sources = files('''
   fuzz_alpm_extract_keyid.c
 '''.split())
+
+fuzz_parseconfigfile_sources = files('''
+  fuzz_parseconfigfile.c
+'''.split())
\ No newline at end of file