From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 3 Jan 2022 12:31:07 +0000 (+0000)
Subject: fuzz: no longer skip empty files
X-Git-Tag: v251-rc1~602
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5df66d7d68006615abb4c4d3b1ebad545af4dd72;p=thirdparty%2Fsystemd.git

fuzz: no longer skip empty files

Empty files and empty strings seem to have triggered various
issues in the past so it seems they shouldn't be ignore by the
fuzzers just because fmemopen can't handle them.

Prompted by https://github.com/systemd/systemd/pull/21939#issuecomment-1003113669
---

diff --git a/src/core/fuzz-unit-file.c b/src/core/fuzz-unit-file.c
index aef29f4cf71..780dd3988da 100644
--- a/src/core/fuzz-unit-file.c
+++ b/src/core/fuzz-unit-file.c
@@ -2,7 +2,6 @@
 
 #include "conf-parser.h"
 #include "fd-util.h"
-#include "fileio.h"
 #include "fuzz.h"
 #include "install.h"
 #include "load-fragment.h"
@@ -22,10 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         const char *name;
         long offset;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         if (read_line(f, LINE_MAX, &p) < 0)
diff --git a/src/fuzz/fuzz-env-file.c b/src/fuzz/fuzz-env-file.c
index e0dac260b00..3b3e6256089 100644
--- a/src/fuzz/fuzz-env-file.c
+++ b/src/fuzz/fuzz-env-file.c
@@ -4,7 +4,6 @@
 
 #include "alloc-util.h"
 #include "env-file.h"
-#include "fileio.h"
 #include "fd-util.h"
 #include "fuzz.h"
 #include "strv.h"
@@ -13,10 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_strv_free_ char **rl = NULL, **rlp =  NULL;
 
-        if (size == 0 || size > 65535)
+        if (size > 65535)
                 return 0;
 
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         /* We don't want to fill the logs with messages about parse errors.
diff --git a/src/fuzz/fuzz-hostname-setup.c b/src/fuzz/fuzz-hostname-setup.c
index b8d36da54a6..d7c23eef12a 100644
--- a/src/fuzz/fuzz-hostname-setup.c
+++ b/src/fuzz/fuzz-hostname-setup.c
@@ -2,7 +2,6 @@
 
 #include "alloc-util.h"
 #include "fd-util.h"
-#include "fileio.h"
 #include "fuzz.h"
 #include "hostname-setup.h"
 
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_free_ char *ret = NULL;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         /* We don't want to fill the logs with messages about parse errors.
diff --git a/src/fuzz/fuzz-json.c b/src/fuzz/fuzz-json.c
index f9a0e818c4b..ad7460c6fd7 100644
--- a/src/fuzz/fuzz-json.c
+++ b/src/fuzz/fuzz-json.c
@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "alloc-util.h"
-#include "fileio.h"
 #include "fd-util.h"
 #include "fuzz.h"
 #include "json.h"
@@ -12,10 +11,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL, *g = NULL;
         _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         if (json_parse_file(f, NULL, 0, &v, NULL, NULL) < 0)
diff --git a/src/fuzz/fuzz.h b/src/fuzz/fuzz.h
index 579b0eed730..d7cbb0bb164 100644
--- a/src/fuzz/fuzz.h
+++ b/src/fuzz/fuzz.h
@@ -4,5 +4,14 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include "fileio.h"
+
 /* The entry point into the fuzzer */
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static inline FILE* data_to_file(const uint8_t *data, size_t size) {
+        if (size == 0)
+                return fopen("/dev/null", "re");
+        else
+                return fmemopen_unlocked((char*) data, size, "re");
+}
diff --git a/src/nspawn/fuzz-nspawn-oci.c b/src/nspawn/fuzz-nspawn-oci.c
index cfebf65c003..91f2a81dfc3 100644
--- a/src/nspawn/fuzz-nspawn-oci.c
+++ b/src/nspawn/fuzz-nspawn-oci.c
@@ -2,7 +2,6 @@
 
 #include "alloc-util.h"
 #include "fd-util.h"
-#include "fileio.h"
 #include "fuzz.h"
 #include "nspawn-oci.h"
 
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_(settings_freep) Settings *s = NULL;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         /* We don't want to fill the logs with messages about parse errors.
diff --git a/src/nspawn/fuzz-nspawn-settings.c b/src/nspawn/fuzz-nspawn-settings.c
index bd98ed26e8f..6b91e1506eb 100644
--- a/src/nspawn/fuzz-nspawn-settings.c
+++ b/src/nspawn/fuzz-nspawn-settings.c
@@ -2,7 +2,6 @@
 
 #include "alloc-util.h"
 #include "fd-util.h"
-#include "fileio.h"
 #include "fuzz.h"
 #include "nspawn-settings.h"
 
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_(settings_freep) Settings *s = NULL;
 
-        if (size == 0)
-                return 0;
-
-        f = fmemopen_unlocked((char*) data, size, "re");
+        f = data_to_file(data, size);
         assert_se(f);
 
         /* We don't want to fill the logs with messages about parse errors.