/src/libdwarf/fuzz/fuzz_rng.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "dwarf.h"
#include "libdwarf.h"

/* Every return from this after dwarf_init_b()
    has to call 
    dwarf_finish(dbg);
    close(fuzz_fd);
    unlink(filename);
to avoid memory leaks (and close the fd, of course). */

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  char filename[256];
  sprintf(filename, "/tmp/libfuzzer.%d", getpid());

  FILE *fp = fopen(filename, "wb");
  if (!fp) {
    return 0;
  }
  fwrite(data, size, 1, fp);
  fclose(fp);

  int fuzz_fd = 0;
  Dwarf_Ptr errarg = 0;
  Dwarf_Handler errhand = 0;
  Dwarf_Error *errp = NULL;
  Dwarf_Debug dbg = 0;

  fuzz_fd = open(filename, O_RDONLY);
  if (fuzz_fd != -1) {
    dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
    Dwarf_Unsigned count = 0;
    int res = 0;
    Dwarf_Unsigned i = 0;

    res = dwarf_load_rnglists(dbg, &count, errp);
    if (res == DW_DLV_OK) {
      for (i = 0; i < count; ++i) {
        Dwarf_Unsigned header_offset = 0;
        Dwarf_Small offset_size = 0;
        Dwarf_Small extension_size = 0;
        unsigned version = 0;
        Dwarf_Small address_size = 0;
        Dwarf_Small segment_selector_size = 0;
        Dwarf_Unsigned offset_entry_count = 0;
        Dwarf_Unsigned offset_of_offset_array = 0;
        Dwarf_Unsigned offset_of_first_rangeentry = 0;
        Dwarf_Unsigned offset_past_last_rangeentry = 0;

        res = dwarf_get_rnglist_context_basics(
            dbg, i, &header_offset, &offset_size, &extension_size, &version,
            &address_size, &segment_selector_size, &offset_entry_count,
            &offset_of_offset_array, &offset_of_first_rangeentry,
            &offset_past_last_rangeentry, errp);

        Dwarf_Unsigned e = 0;
        unsigned colmax = 4;
        unsigned col = 0;
        Dwarf_Unsigned global_offset_of_value = 0;

        for (; e < offset_entry_count; ++e) {
          Dwarf_Unsigned value = 0;
          int resc = 0;

          resc = dwarf_get_rnglist_offset_index_value(
              dbg, i, e, &value, &global_offset_of_value, errp);
          if (resc != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return resc;
          }
          col++;
          if (col == colmax) {
            col = 0;
          }
        }

        Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
        Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
        int rese = 0;
        Dwarf_Unsigned ct = 0;

        for (; curoffset < endoffset; ++ct) {
          unsigned entrylen = 0;
          unsigned code = 0;
          Dwarf_Unsigned v1 = 0;
          Dwarf_Unsigned v2 = 0;
          rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
                                       &code, &v1, &v2, errp);
          if (rese != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return rese;
          }
          curoffset += entrylen;
          if (curoffset > endoffset) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return DW_DLV_ERROR;
          }
        }
      }
    }
    dwarf_finish(dbg);
    close(fuzz_fd);
  }
  unlink(filename);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12		#include <fcntl.h>
13		#include <stdint.h>
14		#include <stdio.h>
15		#include <stdlib.h>
16		#include <string.h>
17		#include <sys/stat.h>
18		#include <sys/types.h>
19		#include <unistd.h>
20		#include "dwarf.h"
21		#include "libdwarf.h"
22
23		/* Every return from this after dwarf_init_b()
24		has to call
25		dwarf_finish(dbg);
26		close(fuzz_fd);
27		unlink(filename);
28		to avoid memory leaks (and close the fd, of course). */
29
30	8.30k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
31	8.30k	char filename[256];
32	8.30k	sprintf(filename, "/tmp/libfuzzer.%d", getpid());
33
34	8.30k	FILE *fp = fopen(filename, "wb");
35	8.30k	if (!fp) {
36	0	return 0;
37	0	}
38	8.30k	fwrite(data, size, 1, fp);
39	8.30k	fclose(fp);
40
41	8.30k	int fuzz_fd = 0;
42	8.30k	Dwarf_Ptr errarg = 0;
43	8.30k	Dwarf_Handler errhand = 0;
44	8.30k	Dwarf_Error *errp = NULL;
45	8.30k	Dwarf_Debug dbg = 0;
46
47	8.30k	fuzz_fd = open(filename, O_RDONLY);
48	8.30k	if (fuzz_fd != -1) {
49	8.30k	dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
50	8.30k	Dwarf_Unsigned count = 0;
51	8.30k	int res = 0;
52	8.30k	Dwarf_Unsigned i = 0;
53
54	8.30k	res = dwarf_load_rnglists(dbg, &count, errp);
55	8.30k	if (res == DW_DLV_OK) {
56	240	for (i = 0; i < count; ++i) {
57	223	Dwarf_Unsigned header_offset = 0;
58	223	Dwarf_Small offset_size = 0;
59	223	Dwarf_Small extension_size = 0;
60	223	unsigned version = 0;
61	223	Dwarf_Small address_size = 0;
62	223	Dwarf_Small segment_selector_size = 0;
63	223	Dwarf_Unsigned offset_entry_count = 0;
64	223	Dwarf_Unsigned offset_of_offset_array = 0;
65	223	Dwarf_Unsigned offset_of_first_rangeentry = 0;
66	223	Dwarf_Unsigned offset_past_last_rangeentry = 0;
67
68	223	res = dwarf_get_rnglist_context_basics(
69	223	dbg, i, &header_offset, &offset_size, &extension_size, &version,
70	223	&address_size, &segment_selector_size, &offset_entry_count,
71	223	&offset_of_offset_array, &offset_of_first_rangeentry,
72	223	&offset_past_last_rangeentry, errp);
73
74	223	Dwarf_Unsigned e = 0;
75	223	unsigned colmax = 4;
76	223	unsigned col = 0;
77	223	Dwarf_Unsigned global_offset_of_value = 0;
78
79	2.38k	for (; e < offset_entry_count; ++e) {
80	2.15k	Dwarf_Unsigned value = 0;
81	2.15k	int resc = 0;
82
83	2.15k	resc = dwarf_get_rnglist_offset_index_value(
84	2.15k	dbg, i, e, &value, &global_offset_of_value, errp);
85	2.15k	if (resc != DW_DLV_OK) {
86	0	dwarf_finish(dbg);
87	0	close(fuzz_fd);
88	0	unlink(filename);
89	0	return resc;
90	0	}
91	2.15k	col++;
92	2.15k	if (col == colmax) {
93	507	col = 0;
94	507	}
95	2.15k	}
96
97	223	Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
98	223	Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
99	223	int rese = 0;
100	223	Dwarf_Unsigned ct = 0;
101
102	5.14k	for (; curoffset < endoffset; ++ct) {
103	5.01k	unsigned entrylen = 0;
104	5.01k	unsigned code = 0;
105	5.01k	Dwarf_Unsigned v1 = 0;
106	5.01k	Dwarf_Unsigned v2 = 0;
107	5.01k	rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
108	5.01k	&code, &v1, &v2, errp);
109	5.01k	if (rese != DW_DLV_OK) {
110	98	dwarf_finish(dbg);
111	98	close(fuzz_fd);
112	98	unlink(filename);
113	98	return rese;
114	98	}
115	4.92k	curoffset += entrylen;
116	4.92k	if (curoffset > endoffset) {
117	0	dwarf_finish(dbg);
118	0	close(fuzz_fd);
119	0	unlink(filename);
120	0	return DW_DLV_ERROR;
121	0	}
122	4.92k	}
123	223	}
124	115	}
125	8.20k	dwarf_finish(dbg);
126	8.20k	close(fuzz_fd);
127	8.20k	}
128	8.20k	unlink(filename);
129	8.20k	return 0;
130	8.30k	}

Coverage Report

Created: 2023-06-07 07:08