powerel9
/
systemd
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
12 MiB
 
 
Tree: 21d0440b3b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '21d0440b3b'
${ noResults }
systemd/SOURCES/0102-fuzz-no-longer-skip-em...

187 lines
5.8 KiB
Raw Blame History

From 0235f9ea3d221aba513f4b6215418bf554e02791 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 3 Jan 2022 12:31:07 +0000
Subject: [PATCH] fuzz: no longer skip empty files
Empty files and empty strings seem to have triggered various
issues in the past so it seems they shouldn't be ignore by the
fuzzers just because fmemopen can't handle them.
Prompted by https://github.com/systemd/systemd/pull/21939#issuecomment-1003113669
(cherry picked from commit 5df66d7d68006615abb4c4d3b1ebad545af4dd72)
Related: #2087652
---
src/core/fuzz-unit-file.c | 6 +-----
src/fuzz/fuzz-env-file.c | 5 ++---
src/fuzz/fuzz-hostname-setup.c | 6 +-----
src/fuzz/fuzz-json.c | 6 +-----
src/fuzz/fuzz.h | 9 +++++++++
src/nspawn/fuzz-nspawn-oci.c | 6 +-----
src/nspawn/fuzz-nspawn-settings.c | 6 +-----
7 files changed, 16 insertions(+), 28 deletions(-)
diff --git a/src/core/fuzz-unit-file.c b/src/core/fuzz-unit-file.c
index aef29f4cf7..780dd3988d 100644
--- a/src/core/fuzz-unit-file.c
+++ b/src/core/fuzz-unit-file.c
@@ -2,7 +2,6 @@
#include "conf-parser.h"
#include "fd-util.h"
-#include "fileio.h"
#include "fuzz.h"
#include "install.h"
#include "load-fragment.h"
@@ -22,10 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
const char *name;
long offset;
- if (size == 0)
- return 0;
-
- f = fmemopen_unlocked((char*) data, size, "re");
+ f = data_to_file(data, size);
assert_se(f);
if (read_line(f, LINE_MAX, &p) < 0)
diff --git a/src/fuzz/fuzz-env-file.c b/src/fuzz/fuzz-env-file.c
index e0dac260b0..3b3e625608 100644
--- a/src/fuzz/fuzz-env-file.c
+++ b/src/fuzz/fuzz-env-file.c
@@ -4,7 +4,6 @@
#include "alloc-util.h"
#include "env-file.h"
-#include "fileio.h"
#include "fd-util.h"
#include "fuzz.h"
#include "strv.h"
@@ -13,10 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_fclose_ FILE *f = NULL;
_cleanup_strv_free_ char **rl = NULL, **rlp = NULL;
- if (size == 0 || size > 65535)
+ if (size > 65535)
return 0;
- f = fmemopen_unlocked((char*) data, size, "re");
+ f = data_to_file(data, size);
assert_se(f);
/* We don't want to fill the logs with messages about parse errors.
diff --git a/src/fuzz/fuzz-hostname-setup.c b/src/fuzz/fuzz-hostname-setup.c
index b8d36da54a..d7c23eef12 100644
--- a/src/fuzz/fuzz-hostname-setup.c
+++ b/src/fuzz/fuzz-hostname-setup.c
@@ -2,7 +2,6 @@
#include "alloc-util.h"
#include "fd-util.h"
-#include "fileio.h"
#include "fuzz.h"
#include "hostname-setup.h"
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_fclose_ FILE *f = NULL;
_cleanup_free_ char *ret = NULL;
- if (size == 0)
- return 0;
-
- f = fmemopen_unlocked((char*) data, size, "re");
+ f = data_to_file(data, size);
assert_se(f);
/* We don't want to fill the logs with messages about parse errors.
diff --git a/src/fuzz/fuzz-json.c b/src/fuzz/fuzz-json.c
index f9a0e818c4..ad7460c6fd 100644
--- a/src/fuzz/fuzz-json.c
+++ b/src/fuzz/fuzz-json.c
@@ -1,7 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "alloc-util.h"
-#include "fileio.h"
#include "fd-util.h"
#include "fuzz.h"
#include "json.h"
@@ -12,10 +11,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_fclose_ FILE *f = NULL, *g = NULL;
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
- if (size == 0)
- return 0;
-
- f = fmemopen_unlocked((char*) data, size, "re");
+ f = data_to_file(data, size);
assert_se(f);
if (json_parse_file(f, NULL, 0, &v, NULL, NULL) < 0)
diff --git a/src/fuzz/fuzz.h b/src/fuzz/fuzz.h
index 579b0eed73..d7cbb0bb16 100644
--- a/src/fuzz/fuzz.h
+++ b/src/fuzz/fuzz.h
@@ -4,5 +4,14 @@
#include <stddef.h>
#include <stdint.h>
+#include "fileio.h"
+
/* The entry point into the fuzzer */
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static inline FILE* data_to_file(const uint8_t *data, size_t size) {
+ if (size == 0)
+ return fopen("/dev/null", "re");
+ else
+ return fmemopen_unlocked((char*) data, size, "re");
+}
diff --git a/src/nspawn/fuzz-nspawn-oci.c b/src/nspawn/fuzz-nspawn-oci.c
index cfebf65c00..91f2a81dfc 100644
--- a/src/nspawn/fuzz-nspawn-oci.c
+++ b/src/nspawn/fuzz-nspawn-oci.c
@@ -2,7 +2,6 @@
#include "alloc-util.h"
#include "fd-util.h"
-#include "fileio.h"
#include "fuzz.h"
#include "nspawn-oci.h"
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_fclose_ FILE *f = NULL;
_cleanup_(settings_freep) Settings *s = NULL;
- if (size == 0)
- return 0;
-
- f = fmemopen_unlocked((char*) data, size, "re");
+ f = data_to_file(data, size);
assert_se(f);
/* We don't want to fill the logs with messages about parse errors.
diff --git a/src/nspawn/fuzz-nspawn-settings.c b/src/nspawn/fuzz-nspawn-settings.c
index bd98ed26e8..6b91e1506e 100644
--- a/src/nspawn/fuzz-nspawn-settings.c
+++ b/src/nspawn/fuzz-nspawn-settings.c
@@ -2,7 +2,6 @@
#include "alloc-util.h"
#include "fd-util.h"
-#include "fileio.h"
#include "fuzz.h"
#include "nspawn-settings.h"
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_fclose_ FILE *f = NULL;
_cleanup_(settings_freep) Settings *s = NULL;
- if (size == 0)
- return 0;
-
- f = fmemopen_unlocked((char*) data, size, "re");
+ f = data_to_file(data, size);
assert_se(f);
/* We don't want to fill the logs with messages about parse errors.