From: Mrmaxmeier <3913977+Mrmaxmeier@users.noreply.github.com> Date: Wed, 12 Jun 2024 18:57:20 +0000 (+0200) Subject: Fuzzing: Expose `DONT_FAIL_ON_CRC_ERROR` as a CMake option and honor it in the rar5... X-Git-Tag: v3.7.5~42 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bea3a56118b4b4e5ac652f94685b80d3d1b82611;p=thirdparty%2Flibarchive.git Fuzzing: Expose `DONT_FAIL_ON_CRC_ERROR` as a CMake option and honor it in the rar5 decoder (#2229) Hey, the fuzzing infrastructure over at OSSFuzz builds libarchive with the CMake option `-DDONT_FAIL_ON_CRC_ERROR=1`. https://github.com/google/oss-fuzz/blob/e4643b64b3af4932bff23bb87afdfbac2a301969/projects/libarchive/build.sh#L35 This, unfortunatly, does not do anything since it's never been defined as an option. Building the fuzzers with CRC checks disabled should improve fuzzing efficacy a bunch. Thanks! --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 3c86789c8..7bfaf4cfa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2173,6 +2173,11 @@ IF(APPLE) ADD_DEFINITIONS(-Wno-deprecated-declarations) ENDIF(APPLE) +OPTION(DONT_FAIL_ON_CRC_ERROR "Ignore CRC errors during parsing (For fuzzing)" OFF) +IF(DONT_FAIL_ON_CRC_ERROR) + ADD_DEFINITIONS(-DDONT_FAIL_ON_CRC_ERROR=1) +ENDIF(DONT_FAIL_ON_CRC_ERROR) + IF(ENABLE_TEST) ADD_CUSTOM_TARGET(run_all_tests) ENDIF(ENABLE_TEST) diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c index e06effe8b..bd5a02179 100644 --- a/libarchive/archive_read_support_format_rar5.c +++ b/libarchive/archive_read_support_format_rar5.c @@ -2229,10 +2229,12 @@ static int process_base_block(struct archive_read* a, /* Verify the CRC32 of the header data. */ computed_crc = (uint32_t) crc32(0, p, (int) hdr_size); if(computed_crc != hdr_crc) { +#ifndef DONT_FAIL_ON_CRC_ERROR archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Header CRC error"); return ARCHIVE_FATAL; +#endif } /* If the checksum is OK, we proceed with parsing. */