add parseconfigfile fuzzer

meson.build

@@ -402,7 +402,7 @@ executable(
   install : true,
 )
 
-# Note: this target must be built with clang!
+# Note: fuzz targets below must be built with Clang compiler
 executable(
     'fuzz_wordsplit',
     fuzz_wordsplit_sources,
@@ -413,7 +413,6 @@ executable(
     link_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer'],
 )
 
-# Note: this target must be built with clang!
 executable(
     'fuzz_string_length',
     [fuzz_string_length_sources, pacman_sources],
@@ -423,7 +422,6 @@ executable(
     c_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer', '-DFUZZING_PACMAN'],
     link_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer'],
 )
-# Note: this target must be built with clang!
 executable(
     'fuzz_alpm_extract_keyid',
     [fuzz_alpm_extract_keyid_sources, pacman_sources],
@@ -433,6 +431,15 @@ executable(
     c_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer', '-DFUZZING_PACMAN'],
     link_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer'],
 )
+executable(
+    'fuzz_parseconfigfile',
+    [fuzz_parseconfigfile_sources, pacman_sources],
+    include_directories : includes,
+    link_with : [libalpm_a],
+    dependencies : [],
+    c_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer', '-DFUZZING_PACMAN'],
+    link_args : ['-fsanitize=fuzzer,address', '-ggdb', '-O0', '-fno-omit-frame-pointer'],
+)
 
 foreach wrapper : script_wrappers
   cdata = configuration_data()

src/fuzzing/fuzz_parseconfigfile.c

@@ -0,0 +1,43 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#define _GNU_SOURCE         /* See feature_test_macros(7) */
+#include <sys/mman.h>
+#include <unistd.h>
+
+// TODO/FIXME: Fix the util.h include
+//#include "conf.h"
+// And remove that function header from here
+int parseconfigfile(const char *s);
+extern void *config;
+void *config_new(void);
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+// TODO/FIXME: This fuzzer should always be run from a chroot
+// without any other files in it; otherwise the configfile may refer
+// to other files
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    static void* config_object = 0;
+
+    // TODO/FIXME: The harness needs to be run with -detect_leaks=0
+    // because the config object here is detected as a leak
+    if (!config_object) {
+        config = config_object = config_new();
+    }
+
+    if (Size == 0)
+        return 0;
+
+    int fd = memfd_create("input", 0);
+    write(fd, Data, Size);
+
+    char path[64] = {0};
+    sprintf(path, "/proc/self/fd/%d", fd);
+
+    parseconfigfile(path);
+
+    close(fd);
+
+    return 0;
+}

src/fuzzing/fuzz_string_length.c

@@ -1,9 +1,6 @@
-#define _XOPEN_SOURCE
 #include <stdio.h>
 #include <stdlib.h>
-#include <stdint.h>
 #include <string.h>
-#include <wchar.h>
 
 // TODO/FIXME: Fix the util.h include
 //#include "util.h"

src/fuzzing/fuzz_wordsplit.c

@@ -2,8 +2,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
-#include <string.h>
-#include <wchar.h>
 
 #include "util-common.h"
 

src/fuzzing/meson.build

@@ -9,3 +9,7 @@ fuzz_string_length_sources = files('''
 fuzz_alpm_extract_keyid_sources = files('''
   fuzz_alpm_extract_keyid.c
 '''.split())
+
+fuzz_parseconfigfile_sources = files('''
+  fuzz_parseconfigfile.c
+'''.split())