From: Jan Janssen <medhefgo@web.de>
Date: Fri, 23 Sep 2022 08:07:25 +0000 (+0200)
Subject: fuzz: Add fuzzer for some efi string functions
X-Git-Tag: v252-rc1~89^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ac37f132a1f5f00d35632d2ae1618b94d993ac61;p=thirdparty%2Fsystemd.git

fuzz: Add fuzzer for some efi string functions
---

diff --git a/src/boot/efi/fuzz-efi-string.c b/src/boot/efi/fuzz-efi-string.c
new file mode 100644
index 00000000000..4d4d01f0269
--- /dev/null
+++ b/src/boot/efi/fuzz-efi-string.c
@@ -0,0 +1,40 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "alloc-util.h"
+#include "efi-string.h"
+#include "fuzz.h"
+#include "utf8.h"
+
+static char16_t *memdup_str16(const uint8_t *data, size_t size) {
+        char16_t *ret = memdup(data, size);
+        assert_se(ret);
+        ret[size / sizeof(char16_t) - 1] = '\0';
+        return ret;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        if (outside_size_range(size, sizeof(size_t), 1024 * 1024))
+                return 0;
+
+        size_t len, len2;
+        memcpy(&len, data, sizeof(len));
+        data += sizeof(len);
+        size -= sizeof(len);
+
+        len2 = size - len;
+        if (len > size || len < sizeof(char16_t) || len2 < sizeof(char16_t))
+                return 0;
+
+        const char *tail8 = NULL;
+        _cleanup_free_ char *str8 = ASSERT_SE_PTR(memdup_suffix0(data, size));
+        DO_NOT_OPTIMIZE(parse_number8(str8, &(uint64_t){ 0 }, size % 2 == 0 ? NULL : &tail8));
+
+        const char16_t *tail16 = NULL;
+        _cleanup_free_ char16_t *str16 = memdup_str16(data, size);
+        DO_NOT_OPTIMIZE(parse_number16(str16, &(uint64_t){ 0 }, size % 2 == 0 ? NULL : &tail16));
+
+        _cleanup_free_ char16_t *pattern = memdup_str16(data, len), *haystack = memdup_str16(data + len, len2);
+        DO_NOT_OPTIMIZE(efi_fnmatch(pattern, haystack));
+
+        return 0;
+}
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 3bb0827f8cb..e0cd4ebad99 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -420,6 +420,7 @@ if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64']
         ]
         fuzzers += [
                 [files('fuzz-bcd.c', 'bcd.c', 'efi-string.c')],
+                [files('fuzz-efi-string.c', 'efi-string.c')],
         ]
 endif