From 749519609891a54ebcbaf773a8ce9dd1621436c3 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 4 May 2021 18:40:15 +0200
Subject: [PATCH] oss-fuzz: add basic cgroup_init()/cgroup_exit() fuzzing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/tests/Makefile.am            | 12 ++++++--
 src/tests/fuzz-lxc-cgroup-init.c | 50 ++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 src/tests/fuzz-lxc-cgroup-init.c

diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index fa1cdebfb..09a704978 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -809,8 +809,16 @@ fuzz_lxc_define_load_CXXFLAGS = $(AM_CFLAGS)
 fuzz_lxc_define_load_LDFLAGS = $(AM_LDFLAGS) -static
 fuzz_lxc_define_load_LDADD = $(LDADD) $(LIB_FUZZING_ENGINE)
 
-bin_PROGRAMS += fuzz-lxc-config-read \
-	        fuzz-lxc-define-load
+nodist_EXTRA_fuzz_lxc_cgroup_init_SOURCES = dummy.cxx
+fuzz_lxc_cgroup_init_SOURCES = fuzz-lxc-cgroup-init.c
+fuzz_lxc_cgroup_init_CFLAGS = $(AM_CFLAGS)
+fuzz_lxc_cgroup_init_CXXFLAGS = $(AM_CFLAGS)
+fuzz_lxc_cgroup_init_LDFLAGS = $(AM_LDFLAGS) -static
+fuzz_lxc_cgroup_init_LDADD = $(LDADD) $(LIB_FUZZING_ENGINE)
+
+bin_PROGRAMS += fuzz-lxc-cgroup-init \
+		fuzz-lxc-config-read \
+		fuzz-lxc-define-load
 
 bin_SCRIPTS += lxc-test-fuzzers
 endif
diff --git a/src/tests/fuzz-lxc-cgroup-init.c b/src/tests/fuzz-lxc-cgroup-init.c
new file mode 100644
index 000000000..4e4053229
--- /dev/null
+++ b/src/tests/fuzz-lxc-cgroup-init.c
@@ -0,0 +1,50 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "cgroups/cgroup.h"
+#include "conf.h"
+#include "confile.h"
+#include "lxctest.h"
+#include "utils.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+	int fd = -1;
+	char tmpf[] = "/tmp/fuzz-lxc-cgroup-init-XXXXXX";
+	struct lxc_conf *conf = NULL;
+	int ret;
+	struct cgroup_ops *ops;
+
+	/*
+	 * 100Kb should probably be enough to trigger all the issues
+	 * we're interested in without any timeouts
+	 */
+	if (size > 102400)
+		return 0;
+
+	fd = lxc_make_tmpfile(tmpf, false);
+	lxc_test_assert_abort(fd >= 0);
+	lxc_write_nointr(fd, data, size);
+	close(fd);
+
+	conf = lxc_conf_init();
+	lxc_test_assert_abort(conf);
+
+	/* Test cgroup_init() with valid config. */
+	ops = cgroup_init(conf);
+	cgroup_exit(ops);
+
+	ret = lxc_config_read(tmpf, conf, false);
+	if (ret == 0) {
+		/* Test cgroup_init() with likely garbage config. */
+		ops = cgroup_init(conf);
+		cgroup_exit(ops);
+	}
+	lxc_conf_free(conf);
+
+	(void) unlink(tmpf);
+
+	return 0;
+}
+
-- 
2.47.2