/src/libdwarf/fuzz/fuzz_rng.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <fcntl.h> /* open() O_RDONLY O_BINARY */
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "dwarf.h"
#include "libdwarf.h"

#ifndef O_BINARY
#define O_BINARY 0
#endif


/* Every return from this after dwarf_init_b()
    has to call
    dwarf_finish(dbg);
    close(fuzz_fd);
    unlink(filename);
to avoid memory leaks (and close the fd, of course). */

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  char filename[256];
  sprintf(filename, "/tmp/libfuzzer.%d", getpid());

  FILE *fp = fopen(filename, "wb");
  if (!fp) {
    return 0;
  }
  fwrite(data, size, 1, fp);
  fclose(fp);

  int fuzz_fd = 0;
  Dwarf_Ptr errarg = 0;
  Dwarf_Handler errhand = 0;
  Dwarf_Error *errp = NULL;
  Dwarf_Debug dbg = 0;

  fuzz_fd = open(filename, O_RDONLY|O_BINARY);
  if (fuzz_fd != -1) {
    dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
    Dwarf_Unsigned count = 0;
    int res = 0;
    Dwarf_Unsigned i = 0;

    res = dwarf_load_rnglists(dbg, &count, errp);
    if (res == DW_DLV_OK) {
      for (i = 0; i < count; ++i) {
        Dwarf_Unsigned header_offset = 0;
        Dwarf_Small offset_size = 0;
        Dwarf_Small extension_size = 0;
        unsigned version = 0;
        Dwarf_Small address_size = 0;
        Dwarf_Small segment_selector_size = 0;
        Dwarf_Unsigned offset_entry_count = 0;
        Dwarf_Unsigned offset_of_offset_array = 0;
        Dwarf_Unsigned offset_of_first_rangeentry = 0;
        Dwarf_Unsigned offset_past_last_rangeentry = 0;

        res = dwarf_get_rnglist_context_basics(
            dbg, i, &header_offset, &offset_size, &extension_size, &version,
            &address_size, &segment_selector_size, &offset_entry_count,
            &offset_of_offset_array, &offset_of_first_rangeentry,
            &offset_past_last_rangeentry, errp);

        Dwarf_Unsigned e = 0;
        unsigned colmax = 4;
        unsigned col = 0;
        Dwarf_Unsigned global_offset_of_value = 0;

        for (; e < offset_entry_count; ++e) {
          Dwarf_Unsigned value = 0;
          int resc = 0;

          resc = dwarf_get_rnglist_offset_index_value(
              dbg, i, e, &value, &global_offset_of_value, errp);
          if (resc != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return resc;
          }
          col++;
          if (col == colmax) {
            col = 0;
          }
        }

        Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
        Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
        int rese = 0;
        Dwarf_Unsigned ct = 0;

        for (; curoffset < endoffset; ++ct) {
          unsigned entrylen = 0;
          unsigned code = 0;
          Dwarf_Unsigned v1 = 0;
          Dwarf_Unsigned v2 = 0;
          rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
                                       &code, &v1, &v2, errp);
          if (rese != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return rese;
          }
          curoffset += entrylen;
          if (curoffset > endoffset) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return DW_DLV_ERROR;
          }
        }
      }
    }
    dwarf_finish(dbg);
    close(fuzz_fd);
  }
  unlink(filename);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12		#include <fcntl.h> /* open() O_RDONLY O_BINARY */
13		#include <stdint.h>
14		#include <stdio.h>
15		#include <stdlib.h>
16		#include <string.h>
17		#include <sys/stat.h>
18		#include <sys/types.h>
19		#include <unistd.h>
20		#include "dwarf.h"
21		#include "libdwarf.h"
22
23		#ifndef O_BINARY
24	8.99k	#define O_BINARY 0
25		#endif
26
27
28		/* Every return from this after dwarf_init_b()
29		has to call
30		dwarf_finish(dbg);
31		close(fuzz_fd);
32		unlink(filename);
33		to avoid memory leaks (and close the fd, of course). */
34
35	8.99k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
36	8.99k	char filename[256];
37	8.99k	sprintf(filename, "/tmp/libfuzzer.%d", getpid());
38
39	8.99k	FILE *fp = fopen(filename, "wb");
40	8.99k	if (!fp) {
41	0	return 0;
42	0	}
43	8.99k	fwrite(data, size, 1, fp);
44	8.99k	fclose(fp);
45
46	8.99k	int fuzz_fd = 0;
47	8.99k	Dwarf_Ptr errarg = 0;
48	8.99k	Dwarf_Handler errhand = 0;
49	8.99k	Dwarf_Error *errp = NULL;
50	8.99k	Dwarf_Debug dbg = 0;
51
52	8.99k	fuzz_fd = open(filename, O_RDONLY\|O_BINARY);
53	8.99k	if (fuzz_fd != -1) {
54	8.99k	dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
55	8.99k	Dwarf_Unsigned count = 0;
56	8.99k	int res = 0;
57	8.99k	Dwarf_Unsigned i = 0;
58
59	8.99k	res = dwarf_load_rnglists(dbg, &count, errp);
60	8.99k	if (res == DW_DLV_OK) {
61	1.09k	for (i = 0; i < count; ++i) {
62	1.02k	Dwarf_Unsigned header_offset = 0;
63	1.02k	Dwarf_Small offset_size = 0;
64	1.02k	Dwarf_Small extension_size = 0;
65	1.02k	unsigned version = 0;
66	1.02k	Dwarf_Small address_size = 0;
67	1.02k	Dwarf_Small segment_selector_size = 0;
68	1.02k	Dwarf_Unsigned offset_entry_count = 0;
69	1.02k	Dwarf_Unsigned offset_of_offset_array = 0;
70	1.02k	Dwarf_Unsigned offset_of_first_rangeentry = 0;
71	1.02k	Dwarf_Unsigned offset_past_last_rangeentry = 0;
72
73	1.02k	res = dwarf_get_rnglist_context_basics(
74	1.02k	dbg, i, &header_offset, &offset_size, &extension_size, &version,
75	1.02k	&address_size, &segment_selector_size, &offset_entry_count,
76	1.02k	&offset_of_offset_array, &offset_of_first_rangeentry,
77	1.02k	&offset_past_last_rangeentry, errp);
78
79	1.02k	Dwarf_Unsigned e = 0;
80	1.02k	unsigned colmax = 4;
81	1.02k	unsigned col = 0;
82	1.02k	Dwarf_Unsigned global_offset_of_value = 0;
83
84	7.31k	for (; e < offset_entry_count; ++e) {
85	6.28k	Dwarf_Unsigned value = 0;
86	6.28k	int resc = 0;
87
88	6.28k	resc = dwarf_get_rnglist_offset_index_value(
89	6.28k	dbg, i, e, &value, &global_offset_of_value, errp);
90	6.28k	if (resc != DW_DLV_OK) {
91	0	dwarf_finish(dbg);
92	0	close(fuzz_fd);
93	0	unlink(filename);
94	0	return resc;
95	0	}
96	6.28k	col++;
97	6.28k	if (col == colmax) {
98	1.36k	col = 0;
99	1.36k	}
100	6.28k	}
101
102	1.02k	Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
103	1.02k	Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
104	1.02k	int rese = 0;
105	1.02k	Dwarf_Unsigned ct = 0;
106
107	6.75k	for (; curoffset < endoffset; ++ct) {
108	5.78k	unsigned entrylen = 0;
109	5.78k	unsigned code = 0;
110	5.78k	Dwarf_Unsigned v1 = 0;
111	5.78k	Dwarf_Unsigned v2 = 0;
112	5.78k	rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
113	5.78k	&code, &v1, &v2, errp);
114	5.78k	if (rese != DW_DLV_OK) {
115	59	dwarf_finish(dbg);
116	59	close(fuzz_fd);
117	59	unlink(filename);
118	59	return rese;
119	59	}
120	5.72k	curoffset += entrylen;
121	5.72k	if (curoffset > endoffset) {
122	0	dwarf_finish(dbg);
123	0	close(fuzz_fd);
124	0	unlink(filename);
125	0	return DW_DLV_ERROR;
126	0	}
127	5.72k	}
128	1.02k	}
129	126	}
130	8.94k	dwarf_finish(dbg);
131	8.94k	close(fuzz_fd);
132	8.94k	}
133	8.94k	unlink(filename);
134	8.94k	return 0;
135	8.99k	}

Coverage Report

Created: 2024-07-27 06:07