/src/flac/oss-fuzz/tool_metaflac.c
Line | Count | Source |
1 | | /* fuzzer_tool_flac |
2 | | * Copyright (C) 2023-2025 Xiph.Org Foundation |
3 | | * |
4 | | * Redistribution and use in source and binary forms, with or without |
5 | | * modification, are permitted provided that the following conditions |
6 | | * are met: |
7 | | * |
8 | | * - Redistributions of source code must retain the above copyright |
9 | | * notice, this list of conditions and the following disclaimer. |
10 | | * |
11 | | * - Redistributions in binary form must reproduce the above copyright |
12 | | * notice, this list of conditions and the following disclaimer in the |
13 | | * documentation and/or other materials provided with the distribution. |
14 | | * |
15 | | * - Neither the name of the Xiph.org Foundation nor the names of its |
16 | | * contributors may be used to endorse or promote products derived from |
17 | | * this software without specific prior written permission. |
18 | | * |
19 | | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
20 | | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
21 | | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
22 | | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR |
23 | | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
24 | | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
25 | | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
26 | | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF |
27 | | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
28 | | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
29 | | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
30 | | */ |
31 | | |
32 | | #include <stdio.h> |
33 | | #include <stdlib.h> |
34 | | #include <string.h> /* for memcpy */ |
35 | | #define FUZZ_TOOL_METAFLAC |
36 | | #define fprintf(...) |
37 | | #define printf(...) |
38 | | #include "../src/metaflac/main.c" |
39 | | #include "common.h" |
40 | | |
41 | | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); |
42 | | |
43 | | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) |
44 | 12.5k | { |
45 | 12.5k | size_t size_left = size; |
46 | 12.5k | size_t arglen; |
47 | 12.5k | char * argv[64]; |
48 | 12.5k | char exename[] = "metaflac"; |
49 | 12.5k | char filename[] = "/tmp/fuzzXXXXXX"; |
50 | 12.5k | char filename_stdin[] = "/tmp/fuzzXXXXXX"; |
51 | 12.5k | int numarg = 0, maxarg; |
52 | 12.5k | int file_to_fuzz; |
53 | 12.5k | int tmp_stdout, tmp_stdin; |
54 | 12.5k | fpos_t pos_stdout; |
55 | 12.5k | bool use_stdin = false; |
56 | | |
57 | 12.5k | share__opterr = 0; |
58 | 12.5k | share__optind = 0; |
59 | | |
60 | 12.5k | allowed_filename = NULL; |
61 | | |
62 | | |
63 | 12.5k | if(size < 2) |
64 | 1 | return 0; |
65 | | |
66 | 12.5k | maxarg = data[0] & 15; |
67 | 12.5k | use_stdin = data[0] & 16; |
68 | 12.5k | size_left--; |
69 | | |
70 | 12.5k | argv[0] = exename; |
71 | 12.5k | numarg++; |
72 | | |
73 | | /* Check whether input is zero delimited */ |
74 | 59.3k | while((arglen = strnlen((char *)data+(size-size_left),size_left)) < size_left && numarg < maxarg) { |
75 | 46.8k | argv[numarg++] = (char *)data+(size-size_left); |
76 | 46.8k | size_left -= arglen + 1; |
77 | 46.8k | } |
78 | | |
79 | | /* Create file to feed directly */ |
80 | 12.5k | file_to_fuzz = mkstemp(filename); |
81 | 12.5k | if (file_to_fuzz < 0) |
82 | 0 | abort(); |
83 | 12.5k | if(use_stdin) { |
84 | 1.15k | write(file_to_fuzz,data+(size-size_left),size_left/2); |
85 | 1.15k | size_left -= size_left/2; |
86 | 1.15k | } |
87 | 11.4k | else |
88 | 11.4k | write(file_to_fuzz,data+(size-size_left),size_left); |
89 | 12.5k | close(file_to_fuzz); |
90 | | |
91 | 12.5k | argv[numarg++] = filename; |
92 | | |
93 | 12.5k | allowed_filename = filename; |
94 | | |
95 | | /* Create file to feed to stdin */ |
96 | 12.5k | if(use_stdin) { |
97 | 1.15k | file_to_fuzz = mkstemp(filename_stdin); |
98 | 1.15k | if (file_to_fuzz < 0) |
99 | 0 | abort(); |
100 | 1.15k | write(file_to_fuzz,data+(size-size_left),size_left); |
101 | 1.15k | close(file_to_fuzz); |
102 | 1.15k | } |
103 | | |
104 | | /* redirect stdout */ |
105 | 12.5k | fflush(stdout); |
106 | 12.5k | fgetpos(stdout,&pos_stdout); |
107 | 12.5k | tmp_stdout = dup(fileno(stdout)); |
108 | 12.5k | freopen("/dev/null","w",stdout); |
109 | | |
110 | | /* redirect stdin */ |
111 | 12.5k | tmp_stdin = dup(fileno(stdin)); |
112 | 12.5k | if(use_stdin) |
113 | 1.15k | freopen(filename_stdin,"r",stdin); |
114 | 11.4k | else { |
115 | 11.4k | freopen("/dev/null","r",stdin); |
116 | 11.4k | argv[numarg++] = filename; |
117 | 11.4k | } |
118 | | |
119 | 12.5k | main_to_fuzz(numarg,argv); |
120 | | |
121 | | /* restore stdout */ |
122 | 12.5k | fflush(stdout); |
123 | 12.5k | dup2(tmp_stdout, fileno(stdout)); |
124 | 12.5k | close(tmp_stdout); |
125 | 12.5k | clearerr(stdout); |
126 | 12.5k | fsetpos(stdout,&pos_stdout); |
127 | | |
128 | | /* restore stdin */ |
129 | 12.5k | dup2(tmp_stdin, fileno(stdin)); |
130 | 12.5k | close(tmp_stdin); |
131 | 12.5k | clearerr(stdin); |
132 | | |
133 | 12.5k | unlink(filename); |
134 | | |
135 | 12.5k | if(use_stdin) |
136 | 1.15k | unlink(filename_stdin); |
137 | | |
138 | 12.5k | return 0; |
139 | 12.5k | } |
140 | | |