/src/libarchive_fuzzer.cc

Source
// Copyright 2016 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include <stddef.h>
#include <stdint.h>
#include <vector>

#include "archive.h"

struct Buffer {
  const uint8_t *buf;
  size_t len;
};

ssize_t reader_callback(struct archive *a, void *client_data,
                        const void **block) {
  Buffer *buffer = reinterpret_cast<Buffer *>(client_data);
  *block = buffer->buf;
  ssize_t len = buffer->len;
  buffer->len = 0;
  return len;
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
  int ret;
  ssize_t r;
  struct archive *a = archive_read_new();

  archive_read_support_filter_all(a);
  archive_read_support_format_all(a);

  Buffer buffer = {buf, len};
  archive_read_open(a, &buffer, NULL, reader_callback, NULL);

  std::vector<uint8_t> data_buffer(getpagesize(), 0);
  struct archive_entry *entry;
  while(1) {
    ret = archive_read_next_header(a, &entry);
    if (ret == ARCHIVE_EOF || ret == ARCHIVE_FATAL)
      break;
    if (ret == ARCHIVE_RETRY)
      continue;
    while ((r = archive_read_data(a, data_buffer.data(),
            data_buffer.size())) > 0)
      ;
    if (r == ARCHIVE_FATAL)
      break;
  }

  archive_read_free(a);
  return 0;
}

Line	Count	Source
1		// Copyright 2016 Google Inc.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// http://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14		//
15		////////////////////////////////////////////////////////////////////////////////
16		#include <stddef.h>
17		#include <stdint.h>
18		#include <vector>
19
20		#include "archive.h"
21
22		struct Buffer {
23		const uint8_t *buf;
24		size_t len;
25		};
26
27		ssize_t reader_callback(struct archive a, void client_data,
28	538	const void **block) {
29	538	Buffer buffer = reinterpret_cast<Buffer >(client_data);
30	538	*block = buffer->buf;
31	538	ssize_t len = buffer->len;
32	538	buffer->len = 0;
33	538	return len;
34	538	}
35
36	384	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
37	384	int ret;
38	384	ssize_t r;
39	384	struct archive *a = archive_read_new();
40
41	384	archive_read_support_filter_all(a);
42	384	archive_read_support_format_all(a);
43
44	384	Buffer buffer = {buf, len};
45	384	archive_read_open(a, &buffer, NULL, reader_callback, NULL);
46
47	384	std::vector<uint8_t> data_buffer(getpagesize(), 0);
48	384	struct archive_entry *entry;
49	1.76M	while(1) {
50	1.76M	ret = archive_read_next_header(a, &entry);
51	1.76M	if (ret == ARCHIVE_EOF \|\| ret == ARCHIVE_FATAL)
52	314	break;
53	1.76M	if (ret == ARCHIVE_RETRY)
54	1.68M	continue;
55	175k	while ((r = archive_read_data(a, data_buffer.data(),
56	175k	data_buffer.size())) > 0)
57	94.7k	;
58	80.8k	if (r == ARCHIVE_FATAL)
59	70	break;
60	80.8k	}
61
62	384	archive_read_free(a);
63	384	return 0;
64	384	}

Coverage Report

Created: 2022-08-02 06:15