fuzz: no longer skip empty files

Empty files and empty strings seem to have triggered various
issues in the past so it seems they shouldn't be ignore by the
fuzzers just because fmemopen can't handle them.

Prompted by https://github.com/systemd/systemd/pull/21939#issuecomment-1003113669

diff --git a/src/core/fuzz-unit-file.c b/src/core/fuzz-unit-file.c
index aef29f4cf71c6becea7f1e2c902bddfdc460dae9..780dd3988da0dfa3d973c9af0b18ef275b8a2ee5 100644 (file)
--- a/src/core/fuzz-unit-file.c
+++ b/src/core/fuzz-unit-file.c
@@ -2,7 +2,6 @@
 
 #include "conf-parser.h"
 #include "fd-util.h"
-#include "fileio.h"
 #include "fuzz.h"
 #include "install.h"
 #include "load-fragment.h"
@@ -22,10 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         const char *name;
         long offset;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         if (read_line(f, LINE_MAX, &p) < 0)

diff --git a/src/fuzz/fuzz-env-file.c b/src/fuzz/fuzz-env-file.c
index e0dac260b00ed6f61b6cd07873fbb66991c48933..3b3e6256089d9fff35e1dcef52fe4e62df45cda0 100644 (file)
--- a/src/fuzz/fuzz-env-file.c
+++ b/src/fuzz/fuzz-env-file.c
@@ -4,7 +4,6 @@
 
 #include "alloc-util.h"
 #include "env-file.h"
-#include "fileio.h"
 #include "fd-util.h"
 #include "fuzz.h"
 #include "strv.h"
@@ -13,10 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_strv_free_ char **rl = NULL, **rlp =  NULL;
 
-        if (size == 0 || size > 65535)
+        if (size > 65535)
                 return 0;
 
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         /* We don't want to fill the logs with messages about parse errors.

diff --git a/src/fuzz/fuzz-hostname-setup.c b/src/fuzz/fuzz-hostname-setup.c
index b8d36da54a6980d53448c4743f80ead6acfebf0c..d7c23eef12a8eea4e88191976aa590550f2b7c8f 100644 (file)
--- a/src/fuzz/fuzz-hostname-setup.c
+++ b/src/fuzz/fuzz-hostname-setup.c
@@ -2,7 +2,6 @@
 
 #include "alloc-util.h"
 #include "fd-util.h"
-#include "fileio.h"
 #include "fuzz.h"
 #include "hostname-setup.h"
 
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_free_ char *ret = NULL;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         /* We don't want to fill the logs with messages about parse errors.

diff --git a/src/fuzz/fuzz-json.c b/src/fuzz/fuzz-json.c
index f9a0e818c4b29214c34c0f3a41f33fd0c5edb7c8..ad7460c6fd7f965ba1ea1839ec4d9e1fa27857f0 100644 (file)
--- a/src/fuzz/fuzz-json.c
+++ b/src/fuzz/fuzz-json.c
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "alloc-util.h"
-#include "fileio.h"
 #include "fd-util.h"
 #include "fuzz.h"
 #include "json.h"
@@ -12,10 +11,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL, *g = NULL;
         _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         if (json_parse_file(f, NULL, 0, &v, NULL, NULL) < 0)

diff --git a/src/fuzz/fuzz.h b/src/fuzz/fuzz.h
index 579b0eed730d625c01c86f38509c85687c3c83b4..d7cbb0bb1649f4231e552d26417ff15d8a44c81c 100644 (file)
--- a/src/fuzz/fuzz.h
+++ b/src/fuzz/fuzz.h
@@ -4,5 +4,14 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include "fileio.h"
+
 /* The entry point into the fuzzer */
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static inline FILE* data_to_file(const uint8_t *data, size_t size) {
+        if (size == 0)
+                return fopen("/dev/null", "re");
+        else
+                return fmemopen_unlocked((char*) data, size, "re");
+}

diff --git a/src/nspawn/fuzz-nspawn-oci.c b/src/nspawn/fuzz-nspawn-oci.c
index cfebf65c003efefa131ff326dc661ab47a9f1ca0..91f2a81dfc327d43ed2b2df287e3c471ef1af84c 100644 (file)
--- a/src/nspawn/fuzz-nspawn-oci.c
+++ b/src/nspawn/fuzz-nspawn-oci.c
@@ -2,7 +2,6 @@
 
 #include "alloc-util.h"
 #include "fd-util.h"
-#include "fileio.h"
 #include "fuzz.h"
 #include "nspawn-oci.h"
 
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_(settings_freep) Settings *s = NULL;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         /* We don't want to fill the logs with messages about parse errors.

diff --git a/src/nspawn/fuzz-nspawn-settings.c b/src/nspawn/fuzz-nspawn-settings.c
index bd98ed26e8f8de8ee35adf63ae67f45e42c689ef..6b91e1506eb0e58f242c20d64117420c37cafff9 100644 (file)
--- a/src/nspawn/fuzz-nspawn-settings.c
+++ b/src/nspawn/fuzz-nspawn-settings.c
@@ -2,7 +2,6 @@
 
 #include "alloc-util.h"
 #include "fd-util.h"
-#include "fileio.h"
 #include "fuzz.h"
 #include "nspawn-settings.h"
 
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_(settings_freep) Settings *s = NULL;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         /* We don't want to fill the logs with messages about parse errors.