From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Sat, 5 Aug 2023 02:30:24 +0000 (+1200)
Subject: lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t*
X-Git-Tag: tevent-0.16.0~1091
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c81f349354cffdf6cfd3f2983634a85da474543;p=thirdparty%2Fsamba.git

lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t*

We have been using `uint8_t *`, which works fine as far as
linking goes, but leads fuzz target developers to sometimes
forget why they can't just modify the passed in string instead of
copying it for modification (e.g. to NUL-terminate).

REF: https://llvm.org/docs/LibFuzzer.html#fuzz-target

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/fuzzing/fuzz_cli_credentials_parse_string.c b/lib/fuzzing/fuzz_cli_credentials_parse_string.c
index b71ef357309..0b0f97af261 100644
--- a/lib/fuzzing/fuzz_cli_credentials_parse_string.c
+++ b/lib/fuzzing/fuzz_cli_credentials_parse_string.c
@@ -25,7 +25,7 @@ char buf[MAX_LENGTH + 1];
 const enum credentials_obtained obtained = CRED_UNINITIALISED;
 
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	TALLOC_CTX *mem_ctx = NULL;
 	struct cli_credentials *credentials = NULL;
diff --git a/lib/fuzzing/fuzz_dcerpc_parse_binding.c b/lib/fuzzing/fuzz_dcerpc_parse_binding.c
index 6eb3c15454d..dcbf4404b10 100644
--- a/lib/fuzzing/fuzz_dcerpc_parse_binding.c
+++ b/lib/fuzzing/fuzz_dcerpc_parse_binding.c
@@ -24,7 +24,7 @@
 char buf[MAX_LENGTH + 1];
 
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	TALLOC_CTX *mem_ctx = NULL;
 	struct dcerpc_binding *binding = NULL;
diff --git a/lib/fuzzing/fuzz_ldap_decode.c b/lib/fuzzing/fuzz_ldap_decode.c
index e3bcf7b9d0a..be286ea0cfe 100644
--- a/lib/fuzzing/fuzz_ldap_decode.c
+++ b/lib/fuzzing/fuzz_ldap_decode.c
@@ -27,7 +27,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	return 0;
 }
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	TALLOC_CTX *mem_ctx = talloc_init(__FUNCTION__);
 	struct asn1_data *asn1;
diff --git a/lib/fuzzing/fuzz_ldb_dn_explode.c b/lib/fuzzing/fuzz_ldb_dn_explode.c
index e024212301b..0e1560e345e 100644
--- a/lib/fuzzing/fuzz_ldb_dn_explode.c
+++ b/lib/fuzzing/fuzz_ldb_dn_explode.c
@@ -23,7 +23,7 @@
 #define MAX_LENGTH (2 * 1024 * 1024 - 1)
 char buf[MAX_LENGTH + 1] = {0};
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	struct ldb_dn *dn = NULL;
 	struct ldb_context *ldb = ldb_init(NULL, NULL);
diff --git a/lib/fuzzing/fuzz_ldb_ldif_read.c b/lib/fuzzing/fuzz_ldb_ldif_read.c
index f44e1ea5c43..3c48b6a2878 100644
--- a/lib/fuzzing/fuzz_ldb_ldif_read.c
+++ b/lib/fuzzing/fuzz_ldb_ldif_read.c
@@ -23,7 +23,7 @@
 #define MAX_LENGTH (2 * 1024 * 1024 - 1)
 char buf[MAX_LENGTH + 1] = {0};
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	struct ldb_ldif *ldif = NULL;
 	const char *s = NULL;
diff --git a/lib/fuzzing/fuzz_ldb_parse_binary_decode.c b/lib/fuzzing/fuzz_ldb_parse_binary_decode.c
index feb26e28c82..ac2e436a843 100644
--- a/lib/fuzzing/fuzz_ldb_parse_binary_decode.c
+++ b/lib/fuzzing/fuzz_ldb_parse_binary_decode.c
@@ -34,7 +34,7 @@ static char * possibly_truncate(uint8_t *input, size_t len)
 }
 
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	TALLOC_CTX *mem_ctx = talloc_init(__FUNCTION__);
 	struct ldb_val val = {0};
diff --git a/lib/fuzzing/fuzz_ldb_parse_control.c b/lib/fuzzing/fuzz_ldb_parse_control.c
index c78222c3c85..722d9f9a6de 100644
--- a/lib/fuzzing/fuzz_ldb_parse_control.c
+++ b/lib/fuzzing/fuzz_ldb_parse_control.c
@@ -23,7 +23,7 @@
 #define MAX_LENGTH (2 * 1024 * 1024 - 1)
 char buf[MAX_LENGTH + 1] = {0};
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	struct ldb_control *control = NULL;
 	struct ldb_context *ldb = ldb_init(NULL, NULL);
diff --git a/lib/fuzzing/fuzz_ldb_parse_tree.c b/lib/fuzzing/fuzz_ldb_parse_tree.c
index e22dd776110..1e649401d53 100644
--- a/lib/fuzzing/fuzz_ldb_parse_tree.c
+++ b/lib/fuzzing/fuzz_ldb_parse_tree.c
@@ -26,7 +26,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	return 0;
 }
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	TALLOC_CTX *mem_ctx = talloc_init(__FUNCTION__);
 	struct ldb_parse_tree *tree;
diff --git a/lib/fuzzing/fuzz_lzxpress.c b/lib/fuzzing/fuzz_lzxpress.c
index 61ce9e6f9c0..ddc7aa0cd68 100644
--- a/lib/fuzzing/fuzz_lzxpress.c
+++ b/lib/fuzzing/fuzz_lzxpress.c
@@ -25,7 +25,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	return 0;
 }
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	static uint8_t output[1024 * 1024] = {0};
 
diff --git a/lib/fuzzing/fuzz_lzxpress_compress.c b/lib/fuzzing/fuzz_lzxpress_compress.c
index 39e909da8aa..9e5c6474bc7 100644
--- a/lib/fuzzing/fuzz_lzxpress_compress.c
+++ b/lib/fuzzing/fuzz_lzxpress_compress.c
@@ -25,7 +25,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	return 0;
 }
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	static uint8_t output[1024 * 1024] = {0};
 
diff --git a/lib/fuzzing/fuzz_lzxpress_huffman_compress.c b/lib/fuzzing/fuzz_lzxpress_huffman_compress.c
index d92131d3a8b..165244ca8bf 100644
--- a/lib/fuzzing/fuzz_lzxpress_huffman_compress.c
+++ b/lib/fuzzing/fuzz_lzxpress_huffman_compress.c
@@ -29,7 +29,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 
 #define MAX_SIZE (1024 * 1024)
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	static uint8_t *output;
 	size_t output_len;
diff --git a/lib/fuzzing/fuzz_lzxpress_huffman_decompress.c b/lib/fuzzing/fuzz_lzxpress_huffman_decompress.c
index da3a101ca1a..d475ff63cf2 100644
--- a/lib/fuzzing/fuzz_lzxpress_huffman_decompress.c
+++ b/lib/fuzzing/fuzz_lzxpress_huffman_decompress.c
@@ -28,7 +28,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 
 static uint8_t output[1024 * 1024] = {0};
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	size_t target_len;
 	if (len < 4) {
diff --git a/lib/fuzzing/fuzz_lzxpress_huffman_round_trip.c b/lib/fuzzing/fuzz_lzxpress_huffman_round_trip.c
index b59be438ee9..adb8fbfd88d 100644
--- a/lib/fuzzing/fuzz_lzxpress_huffman_round_trip.c
+++ b/lib/fuzzing/fuzz_lzxpress_huffman_round_trip.c
@@ -28,7 +28,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 }
 
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
         /*
 	 * we allow compressed to be 25% bigger than decompressed.
diff --git a/lib/fuzzing/fuzz_lzxpress_round_trip.c b/lib/fuzzing/fuzz_lzxpress_round_trip.c
index ac38368527e..a4043c258b9 100644
--- a/lib/fuzzing/fuzz_lzxpress_round_trip.c
+++ b/lib/fuzzing/fuzz_lzxpress_round_trip.c
@@ -25,7 +25,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	return 0;
 }
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	static uint8_t compressed[1024 * 1280] = {0};
 	static uint8_t decompressed[1024 * 1024] = {0};
diff --git a/lib/fuzzing/fuzz_ndr_X.c b/lib/fuzzing/fuzz_ndr_X.c
index 3c0fe062d96..a3d7199edc9 100644
--- a/lib/fuzzing/fuzz_ndr_X.c
+++ b/lib/fuzzing/fuzz_ndr_X.c
@@ -150,7 +150,7 @@ static void ndr_print_nothing(struct ndr_print *ndr, const char *format, ...)
 }
 
 
-int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	uint8_t type;
 	int pull_push_print_flags;
 	uint16_t fuzz_packet_flags, function;
diff --git a/lib/fuzzing/fuzz_nmblib_parse_packet.c b/lib/fuzzing/fuzz_nmblib_parse_packet.c
index 85dd823e51c..c8a2d035ef7 100644
--- a/lib/fuzzing/fuzz_nmblib_parse_packet.c
+++ b/lib/fuzzing/fuzz_nmblib_parse_packet.c
@@ -26,7 +26,7 @@
 char buf[MAX_LENGTH + 1];
 
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	struct packet_struct *p = NULL;
 	struct in_addr ip = {
diff --git a/lib/fuzzing/fuzz_oLschema2ldif.c b/lib/fuzzing/fuzz_oLschema2ldif.c
index 873e8f1ccc7..3bff8cff578 100644
--- a/lib/fuzzing/fuzz_oLschema2ldif.c
+++ b/lib/fuzzing/fuzz_oLschema2ldif.c
@@ -29,7 +29,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	return 0;
 }
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	TALLOC_CTX *mem_ctx;
 	struct conv_options opt;
diff --git a/lib/fuzzing/fuzz_parse_lpq_entry.c b/lib/fuzzing/fuzz_parse_lpq_entry.c
index 720cc9b51c0..3537ce5bc06 100644
--- a/lib/fuzzing/fuzz_parse_lpq_entry.c
+++ b/lib/fuzzing/fuzz_parse_lpq_entry.c
@@ -28,7 +28,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 #define MAX_LENGTH (1024 * 1024)
 char line[MAX_LENGTH + 1];
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	enum printing_types printing_type;
 	print_queue_struct pq_buf = {0};
diff --git a/lib/fuzzing/fuzz_reg_parse.c b/lib/fuzzing/fuzz_reg_parse.c
index a061cd6294b..bbc62ead79a 100644
--- a/lib/fuzzing/fuzz_reg_parse.c
+++ b/lib/fuzzing/fuzz_reg_parse.c
@@ -31,7 +31,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	return 0;
 }
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	const reg_parse_callback cb = {0};
 
diff --git a/lib/fuzzing/fuzz_regfio.c b/lib/fuzzing/fuzz_regfio.c
index c4ced88801b..588efb0afdd 100644
--- a/lib/fuzzing/fuzz_regfio.c
+++ b/lib/fuzzing/fuzz_regfio.c
@@ -36,7 +36,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	return 0;
 }
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	REGF_FILE* regfile;
 	REGF_NK_REC *nk, *subkey;
diff --git a/lib/fuzzing/fuzz_sddl_access_check.c b/lib/fuzzing/fuzz_sddl_access_check.c
index 438ca026656..0c936efdba6 100644
--- a/lib/fuzzing/fuzz_sddl_access_check.c
+++ b/lib/fuzzing/fuzz_sddl_access_check.c
@@ -63,7 +63,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 }
 
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	TALLOC_CTX *mem_ctx = NULL;
 	struct security_descriptor *sd = NULL;
diff --git a/lib/fuzzing/fuzz_sddl_parse.c b/lib/fuzzing/fuzz_sddl_parse.c
index b6c48fb7ca5..1f8c32c595b 100644
--- a/lib/fuzzing/fuzz_sddl_parse.c
+++ b/lib/fuzzing/fuzz_sddl_parse.c
@@ -32,7 +32,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 }
 
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	TALLOC_CTX *mem_ctx = NULL;
 	struct security_descriptor *sd1 = NULL;
diff --git a/lib/fuzzing/fuzz_security_token_vs_descriptor.c b/lib/fuzzing/fuzz_security_token_vs_descriptor.c
index 925c54672d5..f9b2552503e 100644
--- a/lib/fuzzing/fuzz_security_token_vs_descriptor.c
+++ b/lib/fuzzing/fuzz_security_token_vs_descriptor.c
@@ -28,7 +28,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 }
 
 
-int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
 {
 	TALLOC_CTX *mem_ctx = NULL;
 	struct security_token_descriptor_fuzzing_pair p = {0};
diff --git a/lib/fuzzing/fuzz_stable_sort.c b/lib/fuzzing/fuzz_stable_sort.c
index 032a2a676fe..e2195cb0498 100644
--- a/lib/fuzzing/fuzz_stable_sort.c
+++ b/lib/fuzzing/fuzz_stable_sort.c
@@ -46,7 +46,7 @@ CMP_FN(uint64_t)
 
 #define MAX_SIZE (1024 * 1024)
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	TALLOC_CTX *mem_ctx = NULL;
 	samba_compare_fn_t fn;
diff --git a/lib/fuzzing/fuzz_stable_sort_r.c b/lib/fuzzing/fuzz_stable_sort_r.c
index 0808b8fa43c..68be73b3f48 100644
--- a/lib/fuzzing/fuzz_stable_sort_r.c
+++ b/lib/fuzzing/fuzz_stable_sort_r.c
@@ -38,7 +38,7 @@ static int cmp_int8(int8_t *a, int8_t *b, int8_t *c)
 
 #define MAX_SIZE (1024 * 1024)
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	size_t i;
 	int8_t buf2[MAX_SIZE];
diff --git a/lib/fuzzing/fuzz_tiniparser.c b/lib/fuzzing/fuzz_tiniparser.c
index 6908f1815d7..a5c9310b9e7 100644
--- a/lib/fuzzing/fuzz_tiniparser.c
+++ b/lib/fuzzing/fuzz_tiniparser.c
@@ -25,7 +25,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	return 0;
 }
 
-int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
 	FILE *fp = NULL;
 	struct tiniparser_dictionary *d = NULL;
diff --git a/lib/fuzzing/fuzzing.h b/lib/fuzzing/fuzzing.h
index 67e49c3fbe0..0d3cb7099b9 100644
--- a/lib/fuzzing/fuzzing.h
+++ b/lib/fuzzing/fuzzing.h
@@ -25,6 +25,6 @@
 
 /* Prototypes for fuzzing interface */
 int LLVMFuzzerInitialize(int *argc, char ***argv);
-int LLVMFuzzerTestOneInput(uint8_t * buf, size_t len);
+int LLVMFuzzerTestOneInput(const uint8_t * buf, size_t len);
 
 #endif /* _SAMBA_FUZZING_H */