/src/binutils-gdb/binutils/fuzz_objdump.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

/*
 * We convert objdump.c into a header file to make convenient for fuzzing.
 * We do this for several of the binutils applications when creating
 * the binutils fuzzers.
 */
#include "fuzz_objdump.h"

void objdump_reset() {
  process_links = true;
  do_follow_links = true;
  dump_section_contents = true;
  dump_section_headers = true;
  dump_private_headers = true;
  dump_ar_hdrs = true;
  dump_dwarf_section_info = true;
  // We must call both dwarf_select_sections_by_letters and dwarf_select_sections_all
  // since dwarf_select_sections_all does not set do_debug_lines |= FLAG_DEBUG_LINES_DECODED;
  dwarf_select_sections_by_letters("L");
  dwarf_select_sections_all ();
  dump_debugging = true;

  dump_stab_section_info = true;
  disassemble_all = true;
}

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
  char filename[256];
  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
  FILE *fp = fopen(filename, "wb");
  if (!fp) {
    return 0;
  }
  fwrite(data, size, 1, fp);
  fclose(fp);

  program_name = filename;

  objdump_reset();

  // These flags contain a large set of calls to bfd_fatal (which calls
  // exit), so to enable fuzzing of objdump with a fuzzer that lives for
  // a longer period of time (more than 10 seconds) define
  // OBJDUMP_SAFE
#ifndef OBJDUMP_SAFE
  dump_reloc_info = true;
  // ctf section and reloc are simply too quick to exit and disrupts
  // fuzzing too much. Will leave this commented out for now.
  //dump_dynamic_reloc_info = true;
  //dump_ctf_section_info = true;
  disassemble = true;
#endif

  // Main fuzz entrypoint in objdump.c
  display_file(filename, NULL, true);

  unlink(filename);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		/*
14		* We convert objdump.c into a header file to make convenient for fuzzing.
15		* We do this for several of the binutils applications when creating
16		* the binutils fuzzers.
17		*/
18		#include "fuzz_objdump.h"
19
20	39.1k	void objdump_reset() {
21	39.1k	process_links = true;
22	39.1k	do_follow_links = true;
23	39.1k	dump_section_contents = true;
24	39.1k	dump_section_headers = true;
25	39.1k	dump_private_headers = true;
26	39.1k	dump_ar_hdrs = true;
27	39.1k	dump_dwarf_section_info = true;
28		// We must call both dwarf_select_sections_by_letters and dwarf_select_sections_all
29		// since dwarf_select_sections_all does not set do_debug_lines \|= FLAG_DEBUG_LINES_DECODED;
30	39.1k	dwarf_select_sections_by_letters("L");
31	39.1k	dwarf_select_sections_all ();
32	39.1k	dump_debugging = true;
33
34	39.1k	dump_stab_section_info = true;
35	39.1k	disassemble_all = true;
36	39.1k	}
37
38		int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
39		int
40		LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
41	81.2k	{
42	81.2k	char filename[256];
43	81.2k	sprintf(filename, "/tmp/libfuzzer.%d", getpid());
44	81.2k	FILE *fp = fopen(filename, "wb");
45	81.2k	if (!fp) {
46	0	return 0;
47	0	}
48	81.2k	fwrite(data, size, 1, fp);
49	81.2k	fclose(fp);
50
51	81.2k	program_name = filename;
52
53	81.2k	objdump_reset();
54
55		// These flags contain a large set of calls to bfd_fatal (which calls
56		// exit), so to enable fuzzing of objdump with a fuzzer that lives for
57		// a longer period of time (more than 10 seconds) define
58		// OBJDUMP_SAFE
59	81.2k	#ifndef OBJDUMP_SAFE
60	81.2k	dump_reloc_info = true;
61		// ctf section and reloc are simply too quick to exit and disrupts
62		// fuzzing too much. Will leave this commented out for now.
63		//dump_dynamic_reloc_info = true;
64		//dump_ctf_section_info = true;
65	81.2k	disassemble = true;
66	81.2k	#endif
67
68		// Main fuzz entrypoint in objdump.c
69	81.2k	display_file(filename, NULL, true);
70
71	81.2k	unlink(filename);
72	81.2k	return 0;
73	81.2k	}

Coverage Report

Created: 2023-08-28 06:31