/src/cups/ossfuzz/fuzz_array.c

Source
//
// Array fuzz program for CUPS.
//
// Copyright © 2020-2024 by OpenPrinting.
// Copyright © 2007-2014 by Apple Inc.
// Copyright © 1997-2006 by Easy Software Products.
//
// Licensed under Apache License v2.0.  See the file "LICENSE" for more
// information.
//

#include "string-private.h"
#include "debug-private.h"
#include "cups.h"
#include "dir.h"
#include "test-internal.h"

//
// Local functions...
//

// static double  get_seconds(void);
// static int load_words(const char *filename, cups_array_t *array);

typedef struct {
    char* str1;
    char* str2;
} FuzzArray;

extern void generate_fuzz_array_data(const unsigned char *data, size_t size, FuzzArray *outData);
extern void free_fuzz_array_data(FuzzArray *data);

// fuzz entry point
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
  int   i;      // Looping var
  cups_array_t  *array,     // Test array
    *dup_array;   // Duplicate array
  int   status;     // Exit status
  char    *text;      // Text from array
  // int string_size;
  char    *saved[32];   // Saved entries

  // No errors so far...
  status = 0;

  if (Size < 4) {
    return 0; 
  }

  FuzzArray fuzzInput;
  generate_fuzz_array_data(Data, Size, &fuzzInput);
  char* first_string = fuzzInput.str1;
  char* second_string = fuzzInput.str2;

  // cupsArrayNew()
  array = cupsArrayNew3((cups_array_func_t)_cupsArrayStrcmp, (void *)first_string, NULL, 0, (cups_acopy_cb_t)_cupsArrayStrdup, (cups_afree_cb_t)_cupsArrayFree);

  if (!array)
  {
    printf("returned NULL, expected pointer");
    abort();
  }

  // cupsArrayGetUserData()
  if (cupsArrayGetUserData(array) != first_string)
  {
    printf("returned %p instead of %p", cupsArrayGetUserData(array), first_string);
    abort();
  }

  // cupsArrayAdd()
  if (!cupsArrayAdd(array, second_string))
  {
    printf("Add String Error");
    abort();
  }

  // cupsArrayGetCount()
  cupsArrayGetCount(array);

  // cupsArrayGetFirst()
  text = (char *)cupsArrayGetFirst(array);
  if (text == NULL)
  {
    printf("Error Reading");
  }

  // cupsArrayGetNext()
  text = (char *)cupsArrayGetNext(array);
  if (text == NULL)
  {
    printf("Error Reading");
  }

  // cupsArrayGetLast()
  text = (char *)cupsArrayGetLast(array);
  if (text == NULL)
  {
    printf("Error Reading");
  }

  // cupsArrayGetPrev()
  text = (char *)cupsArrayGetPrev(array);
  if (text == NULL)
  {
    printf("Error Reading");
  }

  // cupsArrayFind()
  text = (char *)cupsArrayFind(array, second_string);
  if (text == NULL)
  {
    printf("Error Finding");
  }

  // cupsArrayGetCurrent()
  text = (char *)cupsArrayGetCurrent(array);
  if (text == NULL)
  {
    printf("Error Finding");
  }

  // cupsArrayDup()
  dup_array = cupsArrayDup(array);

  // cupsArrayRemove()
  if (!cupsArrayRemove(array, first_string))
  {
    printf("Error Finding");
  }

  // cupsArrayClear()
  cupsArrayClear(array);
  if (cupsArrayGetCount(array) != 0)
    {
        printf("Error Clearing");
  }

  // Test save/restore...
  for (i = 0, text = (char *)cupsArrayGetFirst(array); i < 32; i ++, text = (char *)cupsArrayGetNext(array))
  {
    saved[i] = text;

    if (!cupsArraySave(array))
      break;
  }

  while (i > 0)
  {
    i --;

    text = cupsArrayRestore(array);
    if (text != saved[i])
      break;
  }

  // Delete the arrays...
  cupsArrayDelete(array);
  cupsArrayDelete(dup_array);

  free(first_string);
  free(second_string);

  if (status != 0) {
    abort();
  }

  return 0;
}

Line	Count	Source
1		//
2		// Array fuzz program for CUPS.
3		//
4		// Copyright © 2020-2024 by OpenPrinting.
5		// Copyright © 2007-2014 by Apple Inc.
6		// Copyright © 1997-2006 by Easy Software Products.
7		//
8		// Licensed under Apache License v2.0. See the file "LICENSE" for more
9		// information.
10		//
11
12		#include "string-private.h"
13		#include "debug-private.h"
14		#include "cups.h"
15		#include "dir.h"
16		#include "test-internal.h"
17
18		//
19		// Local functions...
20		//
21
22		// static double get_seconds(void);
23		// static int load_words(const char filename, cups_array_t array);
24
25		typedef struct {
26		char* str1;
27		char* str2;
28		} FuzzArray;
29
30		extern void generate_fuzz_array_data(const unsigned char data, size_t size, FuzzArray outData);
31		extern void free_fuzz_array_data(FuzzArray *data);
32
33		// fuzz entry point
34	122	int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
35	122	int i; // Looping var
36	122	cups_array_t *array, // Test array
37	122	*dup_array; // Duplicate array
38	122	int status; // Exit status
39	122	char *text; // Text from array
40		// int string_size;
41	122	char *saved[32]; // Saved entries
42
43		// No errors so far...
44	122	status = 0;
45
46	122	if (Size < 4) {
47	2	return 0;
48	2	}
49
50	120	FuzzArray fuzzInput;
51	120	generate_fuzz_array_data(Data, Size, &fuzzInput);
52	120	char* first_string = fuzzInput.str1;
53	120	char* second_string = fuzzInput.str2;
54
55		// cupsArrayNew()
56	120	array = cupsArrayNew3((cups_array_func_t)_cupsArrayStrcmp, (void *)first_string, NULL, 0, (cups_acopy_cb_t)_cupsArrayStrdup, (cups_afree_cb_t)_cupsArrayFree);
57
58	120	if (!array)
59	0	{
60	0	printf("returned NULL, expected pointer");
61	0	abort();
62	0	}
63
64		// cupsArrayGetUserData()
65	120	if (cupsArrayGetUserData(array) != first_string)
66	0	{
67	0	printf("returned %p instead of %p", cupsArrayGetUserData(array), first_string);
68	0	abort();
69	0	}
70
71		// cupsArrayAdd()
72	120	if (!cupsArrayAdd(array, second_string))
73	0	{
74	0	printf("Add String Error");
75	0	abort();
76	0	}
77
78		// cupsArrayGetCount()
79	120	cupsArrayGetCount(array);
80
81		// cupsArrayGetFirst()
82	120	text = (char *)cupsArrayGetFirst(array);
83	120	if (text == NULL)
84	0	{
85	0	printf("Error Reading");
86	0	}
87
88		// cupsArrayGetNext()
89	120	text = (char *)cupsArrayGetNext(array);
90	120	if (text == NULL)
91	120	{
92	120	printf("Error Reading");
93	120	}
94
95		// cupsArrayGetLast()
96	120	text = (char *)cupsArrayGetLast(array);
97	120	if (text == NULL)
98	0	{
99	0	printf("Error Reading");
100	0	}
101
102		// cupsArrayGetPrev()
103	120	text = (char *)cupsArrayGetPrev(array);
104	120	if (text == NULL)
105	120	{
106	120	printf("Error Reading");
107	120	}
108
109		// cupsArrayFind()
110	120	text = (char *)cupsArrayFind(array, second_string);
111	120	if (text == NULL)
112	0	{
113	0	printf("Error Finding");
114	0	}
115
116		// cupsArrayGetCurrent()
117	120	text = (char *)cupsArrayGetCurrent(array);
118	120	if (text == NULL)
119	0	{
120	0	printf("Error Finding");
121	0	}
122
123		// cupsArrayDup()
124	120	dup_array = cupsArrayDup(array);
125
126		// cupsArrayRemove()
127	120	if (!cupsArrayRemove(array, first_string))
128	80	{
129	80	printf("Error Finding");
130	80	}
131
132		// cupsArrayClear()
133	120	cupsArrayClear(array);
134	120	if (cupsArrayGetCount(array) != 0)
135	0	{
136	0	printf("Error Clearing");
137	0	}
138
139		// Test save/restore...
140	3.96k	for (i = 0, text = (char )cupsArrayGetFirst(array); i < 32; i ++, text = (char )cupsArrayGetNext(array))
141	3.84k	{
142	3.84k	saved[i] = text;
143
144	3.84k	if (!cupsArraySave(array))
145	0	break;
146	3.84k	}
147
148	3.96k	while (i > 0)
149	3.84k	{
150	3.84k	i --;
151
152	3.84k	text = cupsArrayRestore(array);
153	3.84k	if (text != saved[i])
154	0	break;
155	3.84k	}
156
157		// Delete the arrays...
158	120	cupsArrayDelete(array);
159	120	cupsArrayDelete(dup_array);
160
161	120	free(first_string);
162	120	free(second_string);
163
164	120	if (status != 0) {
165	0	abort();
166	0	}
167
168	120	return 0;
169	120	}

Coverage Report

Created: 2025-10-13 06:26