From: Arthur Chan <arthur.chan@adalogics.com>
Date: Mon, 15 Jun 2026 15:47:06 +0000 (+0100)
Subject: OSS-Fuzz: Add new fuzzer targets fdisk cmd
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87c71b9e3482d4f70f7c5fbabfeccdd4edf06b92;p=thirdparty%2Futil-linux.git

OSS-Fuzz: Add new fuzzer targets fdisk cmd

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
---

diff --git a/libfdisk/src/Makemodule.am b/libfdisk/src/Makemodule.am
index d678f917f..26d8e7154 100644
--- a/libfdisk/src/Makemodule.am
+++ b/libfdisk/src/Makemodule.am
@@ -105,6 +105,16 @@ test_fdisk_script_fuzz_SOURCES = libfdisk/src/script.c
 test_fdisk_script_fuzz_CFLAGS = -DFUZZ_TARGET $(libfdisk_la_CFLAGS)
 test_fdisk_script_fuzz_LDFLAGS = $(libfdisk_tests_ldflags) $(PTHREAD_LIBS)
 test_fdisk_script_fuzz_LDADD = $(libfdisk_tests_ldadd) $(LIB_FUZZING_ENGINE)
+
+check_PROGRAMS += test_fdisk_fuzz
+
+# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#Requirements
+nodist_EXTRA_test_fdisk_fuzz_SOURCES = dummy.cxx
+
+test_fdisk_fuzz_SOURCES = libfdisk/src/fuzz.c
+test_fdisk_fuzz_CFLAGS = -DFUZZ_TARGET $(libfdisk_la_CFLAGS)
+test_fdisk_fuzz_LDFLAGS = $(libfdisk_tests_ldflags) $(PTHREAD_LIBS)
+test_fdisk_fuzz_LDADD = $(libfdisk_tests_ldadd) $(LIB_FUZZING_ENGINE)
 endif
 
 test_fdisk_version_SOURCES = libfdisk/src/version.c
diff --git a/libfdisk/src/fuzz.c b/libfdisk/src/fuzz.c
new file mode 100644
index 000000000..ff271bb8d
--- /dev/null
+++ b/libfdisk/src/fuzz.c
@@ -0,0 +1,59 @@
+#include "fdiskP.h"
+#include "fuzz.h"
+
+#include <stdlib.h>
+#include <unistd.h>
+
+static int process_file(const char *name)
+{
+    int rc = -1;
+    struct fdisk_context *cxt = fdisk_new_context();
+    if (cxt != NULL) {
+        if (fdisk_assign_device(cxt, name, 1) == 0) {
+            struct fdisk_table *tb = NULL;
+            if (fdisk_get_partitions(cxt, &tb) == 0 && tb != NULL) {
+                size_t i, n = fdisk_table_get_nents(tb);
+                for (i = 0; i < n; i++)
+                    fdisk_table_get_partition(tb, i);
+                fdisk_unref_table(tb);
+            }
+            fdisk_deassign_device(cxt, 1);
+            rc = 0;
+        }
+        fdisk_unref_context(cxt);
+    }
+    return rc;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    int fd;
+    char name[] = "/tmp/test-fdisk-fuzz.XXXXXX";
+
+    fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC);
+    if (fd == -1)
+        err(EXIT_FAILURE, "mkostemp() failed");
+
+    if (write(fd, data, size) != (ssize_t)size)
+        goto out;
+
+    process_file(name);
+out:
+    close(fd);
+    unlink(name);
+    return 0;
+}
+
+#ifndef FUZZ_TARGET
+int main(int argc, char **argv)
+{
+    for (int i = 1; i < argc; i++) {
+        printf("%s ", argv[i]);
+        if (process_file(argv[i]) == 0)
+            printf(" OK\n");
+        else
+            printf(" FAILED\n");
+
+    }
+}
+#endif
diff --git a/tests/commands.sh b/tests/commands.sh
index 5ca1636b7..12fe5afb0 100644
--- a/tests/commands.sh
+++ b/tests/commands.sh
@@ -19,6 +19,7 @@ TS_HELPER_LIBFDISK_MKPART="${ts_helpersdir}sample-fdisk-mkpart"
 TS_HELPER_LIBMOUNT_CONTEXT="${ts_helpersdir}test_mount_context"
 TS_HELPER_LIBFDISK_MKPART_FULLSPEC="${ts_helpersdir}sample-fdisk-mkpart-fullspec"
 TS_HELPER_LIBFDISK_SCRIPT_FUZZ="${ts_helpersdir}test_fdisk_script_fuzz"
+TS_HELPER_LIBFDISK_FUZZ="${ts_helpersdir}test_fdisk_fuzz"
 TS_HELPER_LIBLASTLOG2_DLOPEN="${ts_helpersdir}test_lastlog2_dlopen"
 TS_HELPER_LIBLASTLOG2_PAM_LASTLOG2_OUTPUT="${ts_helpersdir}test_lastlog2_pam_lastlog2_output"
 TS_HELPER_LIBLASTLOG2_REMOVE_ENTRY="${ts_helpersdir}test_lastlog2_remove_entry"
diff --git a/tests/ts/fuzzers/test_fdisk_fuzz b/tests/ts/fuzzers/test_fdisk_fuzz
new file mode 100755
index 000000000..bfad77449
--- /dev/null
+++ b/tests/ts/fuzzers/test_fdisk_fuzz
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+# This file is part of util-linux.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+TS_TOPDIR="${0%/*}/../.."
+TS_DESC="test_fdisk_fuzz"
+
+. "$TS_TOPDIR"/functions.sh
+ts_init "$*"
+
+ts_check_test_command "$TS_HELPER_LIBFDISK_FUZZ"
+
+ASAN_RT_PATH="$(ts_get_asan_rt_path "$TS_HELPER_LIBFDISK_FUZZ")"
+[ -n "$ASAN_RT_PATH" ] && export LD_PRELOAD="$ASAN_RT_PATH:$LD_PRELOAD"
+
+mkdir -p ${TS_OUTPUT}_workdir
+ts_run $TS_HELPER_LIBFDISK_FUZZ ${TS_OUTPUT}_workdir ${TS_SCRIPT}_files -max_total_time=10 >"$TS_OUTPUT" 2>"$TS_ERRLOG"
+
+ts_finalize
diff --git a/tests/ts/fuzzers/test_fdisk_fuzz_files/dos-mbr b/tests/ts/fuzzers/test_fdisk_fuzz_files/dos-mbr
new file mode 100644
index 000000000..8a769f18b
Binary files /dev/null and b/tests/ts/fuzzers/test_fdisk_fuzz_files/dos-mbr differ