/src/libcups/ossfuzz/fuzzipp.c

Source (jump to first uncovered line)
/*
   Copyright The libcups Developers.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/

#include "file.h"
#include "string-private.h"
#include "ipp-private.h"
#include "test-internal.h"
#include <spawn.h>
#include <sys/wait.h>

typedef struct _ippdata_t
{
  size_t  rpos,     // Read position
    wused,      // Bytes used
    wsize;      // Max size of buffer
  ipp_uchar_t *wbuffer;   // Buffer
} _ippdata_t;

ssize_t write_cb(_ippdata_t *data, ipp_uchar_t *buffer, size_t bytes);

// 'write_cb()' - Write data into a buffer.
ssize_t         // O - Number of bytes written
write_cb(_ippdata_t   *data,    // I - Data
         ipp_uchar_t *buffer,   // I - Buffer to write
   size_t      bytes)   // I - Number of bytes to write
{
  size_t  count;      // Number of bytes

  // Loop until all bytes are written...
  if ((count = data->wsize - data->wused) > bytes)
    count = bytes;

  memcpy(data->wbuffer + data->wused, buffer, count);
  data->wused += count;

  // Return the number of bytes written...
  return ((ssize_t)count);
}

extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size){

    if (Size == 0 || Size > 262144) {
      return 0;  // Handle empty input gracefully
    } // Handle large input gracefully (limiting to 262144 bytes for now

    int status = 0;
    cups_file_t *fp;
    ipp_state_t state;
    ipp_t *request;
    ipp_uchar_t buffer[262144];

    request = ippNewRequest(IPP_OP_PRINT_JOB);  // Create a new IPP request (operation type is IPP_OP_PRINT_JOB
    _ippdata_t  ippdata;
    ippdata.wused = 0;
    ippdata.wsize = sizeof(buffer);
    ippdata.wbuffer = buffer;

    // create new ipp

    while ((state = ippWriteIO(&ippdata, (ipp_io_cb_t)write_cb, 1, NULL,
                               request)) != IPP_STATE_DATA)
    {
      if (state == IPP_STATE_ERROR)
  break;
    }
    if (state != IPP_STATE_DATA)
    {
      status = 1;
    }
    
    ippDelete(request);

    // testing writing
    memcpy((char *)ippdata.wbuffer, (char *)Data, Size);
    ippdata.wused = Size;

    const char *filename = "/tmp/tmp.ipp";

    if ((fp = cupsFileOpen(filename, "w")) == NULL)
      {
        return 1;
      }

    cupsFileWrite(fp, (char *)buffer, ippdata.wused);
    cupsFileClose(fp);

    // Testing Reading
    if ((fp = cupsFileOpen(filename, "r")) == NULL)
    {
      return 1;
    }

    request = ippNew();

    do
    {
      state = ippReadIO(fp, (ipp_io_cb_t)cupsFileRead, 1, NULL, request);
    }
    while (state == IPP_STATE_ATTRIBUTE);

    cupsFileClose(fp);

    fp = cupsFileOpen("/dev/null", "w");

    ippSetState(request, IPP_STATE_IDLE);

    do
    {
      state = ippWriteIO(fp, (ipp_io_cb_t)cupsFileWrite, 1, NULL, request);
    }
    while (state == IPP_STATE_ATTRIBUTE);

    cupsFileClose(fp);
    ippDelete(request);

    // clean up file
    unlink(filename);
    return status;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		Copyright The libcups Developers.
3		Licensed under the Apache License, Version 2.0 (the "License");
4		you may not use this file except in compliance with the License.
5		You may obtain a copy of the License at
6		http://www.apache.org/licenses/LICENSE-2.0
7		Unless required by applicable law or agreed to in writing, software
8		distributed under the License is distributed on an "AS IS" BASIS,
9		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10		See the License for the specific language governing permissions and
11		limitations under the License.
12		*/
13
14		#include "file.h"
15		#include "string-private.h"
16		#include "ipp-private.h"
17		#include "test-internal.h"
18		#include <spawn.h>
19		#include <sys/wait.h>
20
21		typedef struct _ippdata_t
22		{
23		size_t rpos, // Read position
24		wused, // Bytes used
25		wsize; // Max size of buffer
26		ipp_uchar_t *wbuffer; // Buffer
27		} _ippdata_t;
28
29		ssize_t write_cb(_ippdata_t data, ipp_uchar_t buffer, size_t bytes);
30
31		// 'write_cb()' - Write data into a buffer.
32		ssize_t // O - Number of bytes written
33		write_cb(_ippdata_t *data, // I - Data
34		ipp_uchar_t *buffer, // I - Buffer to write
35		size_t bytes) // I - Number of bytes to write
36	10.7k	{
37	10.7k	size_t count; // Number of bytes
38
39		// Loop until all bytes are written...
40	10.7k	if ((count = data->wsize - data->wused) > bytes)
41	10.7k	count = bytes;
42
43	10.7k	memcpy(data->wbuffer + data->wused, buffer, count);
44	10.7k	data->wused += count;
45
46		// Return the number of bytes written...
47	10.7k	return ((ssize_t)count);
48	10.7k	}
49
50	2.70k	extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size){
51
52	2.70k	if (Size == 0 \|\| Size > 262144) {
53	5	return 0; // Handle empty input gracefully
54	5	} // Handle large input gracefully (limiting to 262144 bytes for now
55
56	2.69k	int status = 0;
57	2.69k	cups_file_t *fp;
58	2.69k	ipp_state_t state;
59	2.69k	ipp_t *request;
60	2.69k	ipp_uchar_t buffer[262144];
61
62	2.69k	request = ippNewRequest(IPP_OP_PRINT_JOB); // Create a new IPP request (operation type is IPP_OP_PRINT_JOB
63	2.69k	_ippdata_t ippdata;
64	2.69k	ippdata.wused = 0;
65	2.69k	ippdata.wsize = sizeof(buffer);
66	2.69k	ippdata.wbuffer = buffer;
67
68		// create new ipp
69
70	2.69k	while ((state = ippWriteIO(&ippdata, (ipp_io_cb_t)write_cb, 1, NULL,
71	2.69k	request)) != IPP_STATE_DATA)
72	0	{
73	0	if (state == IPP_STATE_ERROR)
74	0	break;
75	0	}
76	2.69k	if (state != IPP_STATE_DATA)
77	0	{
78	0	status = 1;
79	0	}
80
81	2.69k	ippDelete(request);
82
83		// testing writing
84	2.69k	memcpy((char )ippdata.wbuffer, (char )Data, Size);
85	2.69k	ippdata.wused = Size;
86
87	2.69k	const char *filename = "/tmp/tmp.ipp";
88
89	2.69k	if ((fp = cupsFileOpen(filename, "w")) == NULL)
90	0	{
91	0	return 1;
92	0	}
93
94	2.69k	cupsFileWrite(fp, (char *)buffer, ippdata.wused);
95	2.69k	cupsFileClose(fp);
96
97		// Testing Reading
98	2.69k	if ((fp = cupsFileOpen(filename, "r")) == NULL)
99	0	{
100	0	return 1;
101	0	}
102
103	2.69k	request = ippNew();
104
105	2.69k	do
106	2.69k	{
107	2.69k	state = ippReadIO(fp, (ipp_io_cb_t)cupsFileRead, 1, NULL, request);
108	2.69k	}
109	2.69k	while (state == IPP_STATE_ATTRIBUTE);
110
111	2.69k	cupsFileClose(fp);
112
113	2.69k	fp = cupsFileOpen("/dev/null", "w");
114
115	2.69k	ippSetState(request, IPP_STATE_IDLE);
116
117	2.69k	do
118	2.69k	{
119	2.69k	state = ippWriteIO(fp, (ipp_io_cb_t)cupsFileWrite, 1, NULL, request);
120	2.69k	}
121	2.69k	while (state == IPP_STATE_ATTRIBUTE);
122
123	2.69k	cupsFileClose(fp);
124	2.69k	ippDelete(request);
125
126		// clean up file
127	2.69k	unlink(filename);
128	2.69k	return status;
129	2.69k	}

Coverage Report

Created: 2024-11-04 06:16