From: Evgeny Vereshchagin Date: Mon, 10 Aug 2020 22:24:41 +0000 (+0000) Subject: tests: add a fuzz target calling fdisk_script_read_file X-Git-Tag: v2.37-rc1~524 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b62ec52e8f21cac2ad784e87571ce1d7f86431f5;p=thirdparty%2Futil-linux.git tests: add a fuzz target calling fdisk_script_read_file It has already found a couple of issues mentioned in https://github.com/karelzak/util-linux/issues/1023#issuecomment-671910621 --- diff --git a/libfdisk/src/Makemodule.am b/libfdisk/src/Makemodule.am index d273551a2d..3615c9f52e 100644 --- a/libfdisk/src/Makemodule.am +++ b/libfdisk/src/Makemodule.am @@ -95,6 +95,18 @@ test_fdisk_script_CFLAGS = $(libfdisk_tests_cflags) test_fdisk_script_LDFLAGS = $(libfdisk_tests_ldflags) test_fdisk_script_LDADD = $(libfdisk_tests_ldadd) +if FUZZING_ENGINE +check_PROGRAMS += test_fdisk_script_fuzz + +# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#Requirements +nodist_EXTRA_test_fdisk_script_fuzz_SOURCES = dummy.cxx + +test_fdisk_script_fuzz_SOURCES = libfdisk/src/script.c +test_fdisk_script_fuzz_CFLAGS = -DFUZZ_TARGET $(libfdisk_la_CFLAGS) $(NO_UNUSED_WARN_CFLAGS) +test_fdisk_script_fuzz_LDFLAGS = $(libfdisk_tests_ldflags) +test_fdisk_script_fuzz_LDADD = $(libfdisk_tests_ldadd) $(LIB_FUZZING_ENGINE) +endif + test_fdisk_version_SOURCES = libfdisk/src/version.c test_fdisk_version_CFLAGS = $(libfdisk_tests_cflags) test_fdisk_version_LDFLAGS = $(libfdisk_tests_ldflags) diff --git a/libfdisk/src/script.c b/libfdisk/src/script.c index 76c8cbbcfe..051fa326e9 100644 --- a/libfdisk/src/script.c +++ b/libfdisk/src/script.c @@ -4,6 +4,10 @@ #include "carefulputc.h" #include "mangle.h" +#ifdef FUZZ_TARGET +#include "fuzz.h" +#endif + /** * SECTION: script * @title: Script @@ -1523,6 +1527,42 @@ int fdisk_apply_script(struct fdisk_context *cxt, struct fdisk_script *dp) return rc; } +#ifdef FUZZ_TARGET +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + char name[] = "/tmp/test-script-fuzz.XXXXXX"; + int fd; + ssize_t n; + struct fdisk_script *dp; + struct fdisk_context *cxt; + FILE *f; + + fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC); + assert(fd >= 0); + + n = write(fd, data, size); + assert(n == (ssize_t) size); + + f = fopen(name, "r"); + assert(f); + + cxt = fdisk_new_context(); + dp = fdisk_new_script(cxt); + + fdisk_script_read_file(dp, f); + fclose(f); + + fdisk_script_write_file(dp, stdout); + fdisk_unref_script(dp); + fdisk_unref_context(cxt); + + close(fd); + unlink(name); + + return 0; +} +#endif + #ifdef TEST_PROGRAM static int test_dump(struct fdisk_test *ts, int argc, char *argv[]) { diff --git a/tests/commands.sh b/tests/commands.sh index 869671a877..e09fe5e40f 100644 --- a/tests/commands.sh +++ b/tests/commands.sh @@ -11,6 +11,7 @@ TS_HELPER_LIBFDISK_GPT="${ts_helpersdir}test_fdisk_gpt" TS_HELPER_LIBFDISK_MKPART="${ts_helpersdir}sample-fdisk-mkpart" TS_HELPER_LIBMOUNT_CONTEXT="${ts_helpersdir}test_mount_context" TS_HELPER_LIBFDISK_MKPART_FULLSPEC="${ts_helpersdir}sample-fdisk-mkpart-fullspec" +TS_HELPER_LIBFDISK_SCRIPT_FUZZ="${ts_helpersdir}test_fdisk_script_fuzz" TS_HELPER_LIBMOUNT_LOCK="${ts_helpersdir}test_mount_lock" TS_HELPER_LIBMOUNT_OPTSTR="${ts_helpersdir}test_mount_optstr" TS_HELPER_LIBMOUNT_TABDIFF="${ts_helpersdir}test_mount_tab_diff" diff --git a/tests/ts/fuzzers/test_fdisk_script_fuzz b/tests/ts/fuzzers/test_fdisk_script_fuzz new file mode 100755 index 0000000000..6b7af42d4d --- /dev/null +++ b/tests/ts/fuzzers/test_fdisk_script_fuzz @@ -0,0 +1,26 @@ +#!/bin/bash + +# This file is part of util-linux. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +TS_TOPDIR="${0%/*}/../.." +TS_DESC="test_fdisk_script_fuzz" + +. $TS_TOPDIR/functions.sh +ts_init "$*" + +ts_check_test_command "$TS_HELPER_LIBFDISK_SCRIPT_FUZZ" + +mkdir -p ${TS_OUTPUT}_workdir +ts_run $TS_HELPER_LIBFDISK_SCRIPT_FUZZ ${TS_OUTPUT}_workdir ${TS_SCRIPT}_files -max_total_time=10 >$TS_OUTPUT 2>$TS_ERRLOG + +ts_finalize diff --git a/tests/ts/fuzzers/test_fdisk_script_fuzz_files/crash-8ae1c667bed4b4b864f62e78cded81d5083177eb b/tests/ts/fuzzers/test_fdisk_script_fuzz_files/crash-8ae1c667bed4b4b864f62e78cded81d5083177eb new file mode 100644 index 0000000000..66aafba132 --- /dev/null +++ b/tests/ts/fuzzers/test_fdisk_script_fuzz_files/crash-8ae1c667bed4b4b864f62e78cded81d5083177eb @@ -0,0 +1 @@ +Id=tÎ] \ No newline at end of file diff --git a/tests/ts/fuzzers/test_fdisk_script_fuzz_files/crash-d216dfd17039a189c3858d78fbcf588695439b3b b/tests/ts/fuzzers/test_fdisk_script_fuzz_files/crash-d216dfd17039a189c3858d78fbcf588695439b3b new file mode 100644 index 0000000000..5805924a12 --- /dev/null +++ b/tests/ts/fuzzers/test_fdisk_script_fuzz_files/crash-d216dfd17039a189c3858d78fbcf588695439b3b @@ -0,0 +1 @@ +0z \ No newline at end of file diff --git a/tests/ts/fuzzers/test_fdisk_script_fuzz_files/github-1015-1 b/tests/ts/fuzzers/test_fdisk_script_fuzz_files/github-1015-1 new file mode 100644 index 0000000000..1827bdf7b0 Binary files /dev/null and b/tests/ts/fuzzers/test_fdisk_script_fuzz_files/github-1015-1 differ diff --git a/tests/ts/fuzzers/test_fdisk_script_fuzz_files/github-1015-2 b/tests/ts/fuzzers/test_fdisk_script_fuzz_files/github-1015-2 new file mode 100644 index 0000000000..961ac8ae9b --- /dev/null +++ b/tests/ts/fuzzers/test_fdisk_script_fuzz_files/github-1015-2 @@ -0,0 +1,2 @@ +:=0M +, diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh index f3a61d0dcf..588d4aa66a 100755 --- a/tools/oss-fuzz.sh +++ b/tools/oss-fuzz.sh @@ -18,7 +18,7 @@ export OUT=${OUT:-$(pwd)/out} mkdir -p $OUT ./autogen.sh -./configure --disable-all-programs --enable-last --enable-fuzzing-engine --enable-libmount --enable-libblkid +./configure --disable-all-programs --enable-libuuid --enable-libfdisk --enable-last --enable-fuzzing-engine --enable-libmount --enable-libblkid make -j$(nproc) V=1 check-programs for d in "$(dirname $0)"/../tests/ts/fuzzers/test_*_fuzz_files; do