aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2024-01-25 23:44:54 -0500
committerSam James <sam@gentoo.org>2024-08-09 11:06:17 +0100
commitdcd8f6a8a98c8af7e8749fe80478d42b2eeed37d (patch)
treeea274500c905f23a5688fcc9ddc9ec2a168ec7aa
parentdumpelf: limit note name display (diff)
downloadpax-utils-dcd8f6a8a98c8af7e8749fe80478d42b2eeed37d.tar.gz
pax-utils-dcd8f6a8a98c8af7e8749fe80478d42b2eeed37d.tar.bz2
pax-utils-dcd8f6a8a98c8af7e8749fe80478d42b2eeed37d.zip
fuzz-ar: fuzzer for the archive parsing API
Signed-off-by: Mike Frysinger <vapier@gentoo.org> (cherry picked from commit 4bfa4576e7b64b16937f71094641ec0f39ee47c7) Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r--fuzz-ar.c46
-rw-r--r--meson.build17
2 files changed, 63 insertions, 0 deletions
diff --git a/fuzz-ar.c b/fuzz-ar.c
new file mode 100644
index 0000000..360194f
--- /dev/null
+++ b/fuzz-ar.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2024 Gentoo Foundation
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * Copyright 2024 Mike Frysinger - <vapier@gentoo.org>
+ */
+
+/* Fuzz the ar interface. */
+
+const char argv0[] = "fuzz-ar";
+
+#include "paxinc.h"
+
+static int fd;
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+ (void)argc;
+ (void)argv;
+
+ fd = memfd_create("fuzz-input.a", MFD_CLOEXEC);
+ if (fd == -1)
+ errp("memfd_create() failed");
+ return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (ftruncate(fd, size) != 0)
+ errp("ftruncate(%i, %zu) failed", fd, size);
+ if (pwrite(fd, data, size, 0) != (ssize_t)size)
+ errp("pwrite() failed");
+ if (lseek(fd, 0, SEEK_SET) != 0)
+ errp("lseek() failed");
+
+ int afd = dup(fd);
+ archive_handle *ar = ar_open_fd("fuzz-input.a", afd, 0);
+ if (ar == NULL) {
+ close(afd);
+ return 0;
+ }
+ while (ar_next(ar) != NULL)
+ continue;
+
+ return 0;
+}
diff --git a/meson.build b/meson.build
index 64fcc14..6de7a30 100644
--- a/meson.build
+++ b/meson.build
@@ -171,5 +171,22 @@ if do_tests and get_option('use_fuzzing')
'-print_final_stats',
]
)
+
+ fuzz_ar = executable('fuzz-ar',
+ common_src + ['fuzz-ar.c'],
+ override_options : [
+ 'buildtype=debug',
+ ],
+ c_args : fuzz_flags,
+ link_args : fuzz_flags,
+ install : false
+ )
+ test('fuzz-ar', fuzz_ar,
+ args : [
+ '-close_fd_mask=3',
+ '-max_total_time=10',
+ '-print_final_stats=1',
+ ]
+ )
endif
endif