/src/libdwarf/fuzz/fuzz_rng.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <fcntl.h> /* open() O_RDONLY O_BINARY */
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "dwarf.h"
#include "libdwarf.h"

#ifndef O_BINARY
#define O_BINARY 0
#endif


/* Every return from this after dwarf_init_b()
    has to call
    dwarf_finish(dbg);
    close(fuzz_fd);
    unlink(filename);
to avoid memory leaks (and close the fd, of course). */

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  char filename[256];
  sprintf(filename, "/tmp/libfuzzer.%d", getpid());

  FILE *fp = fopen(filename, "wb");
  if (!fp) {
    return 0;
  }
  fwrite(data, size, 1, fp);
  fclose(fp);

  int fuzz_fd = 0;
  Dwarf_Ptr errarg = 0;
  Dwarf_Handler errhand = 0;
  Dwarf_Error *errp = NULL;
  Dwarf_Debug dbg = 0;

  fuzz_fd = open(filename, O_RDONLY|O_BINARY);
  if (fuzz_fd != -1) {
    dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
    Dwarf_Unsigned count = 0;
    int res = 0;
    Dwarf_Unsigned i = 0;

    res = dwarf_load_rnglists(dbg, &count, errp);
    if (res == DW_DLV_OK) {
      for (i = 0; i < count; ++i) {
        Dwarf_Unsigned header_offset = 0;
        Dwarf_Small offset_size = 0;
        Dwarf_Small extension_size = 0;
        unsigned version = 0;
        Dwarf_Small address_size = 0;
        Dwarf_Small segment_selector_size = 0;
        Dwarf_Unsigned offset_entry_count = 0;
        Dwarf_Unsigned offset_of_offset_array = 0;
        Dwarf_Unsigned offset_of_first_rangeentry = 0;
        Dwarf_Unsigned offset_past_last_rangeentry = 0;

        res = dwarf_get_rnglist_context_basics(
            dbg, i, &header_offset, &offset_size, &extension_size, &version,
            &address_size, &segment_selector_size, &offset_entry_count,
            &offset_of_offset_array, &offset_of_first_rangeentry,
            &offset_past_last_rangeentry, errp);

        Dwarf_Unsigned e = 0;
        unsigned colmax = 4;
        unsigned col = 0;
        Dwarf_Unsigned global_offset_of_value = 0;

        for (; e < offset_entry_count; ++e) {
          Dwarf_Unsigned value = 0;
          int resc = 0;

          resc = dwarf_get_rnglist_offset_index_value(
              dbg, i, e, &value, &global_offset_of_value, errp);
          if (resc != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return resc;
          }
          col++;
          if (col == colmax) {
            col = 0;
          }
        }

        Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
        Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
        int rese = 0;
        Dwarf_Unsigned ct = 0;

        for (; curoffset < endoffset; ++ct) {
          unsigned entrylen = 0;
          unsigned code = 0;
          Dwarf_Unsigned v1 = 0;
          Dwarf_Unsigned v2 = 0;
          rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
                                       &code, &v1, &v2, errp);
          if (rese != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return rese;
          }
          curoffset += entrylen;
          if (curoffset > endoffset) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return DW_DLV_ERROR;
          }
        }
      }
    }
    dwarf_finish(dbg);
    close(fuzz_fd);
  }
  unlink(filename);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12		#include <fcntl.h> /* open() O_RDONLY O_BINARY */
13		#include <stdint.h>
14		#include <stdio.h>
15		#include <stdlib.h>
16		#include <string.h>
17		#include <sys/stat.h>
18		#include <sys/types.h>
19		#include <unistd.h>
20		#include "dwarf.h"
21		#include "libdwarf.h"
22
23		#ifndef O_BINARY
24	9.07k	#define O_BINARY 0
25		#endif
26
27
28		/* Every return from this after dwarf_init_b()
29		has to call
30		dwarf_finish(dbg);
31		close(fuzz_fd);
32		unlink(filename);
33		to avoid memory leaks (and close the fd, of course). */
34
35	9.07k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
36	9.07k	char filename[256];
37	9.07k	sprintf(filename, "/tmp/libfuzzer.%d", getpid());
38
39	9.07k	FILE *fp = fopen(filename, "wb");
40	9.07k	if (!fp) {
41	0	return 0;
42	0	}
43	9.07k	fwrite(data, size, 1, fp);
44	9.07k	fclose(fp);
45
46	9.07k	int fuzz_fd = 0;
47	9.07k	Dwarf_Ptr errarg = 0;
48	9.07k	Dwarf_Handler errhand = 0;
49	9.07k	Dwarf_Error *errp = NULL;
50	9.07k	Dwarf_Debug dbg = 0;
51
52	9.07k	fuzz_fd = open(filename, O_RDONLY\|O_BINARY);
53	9.07k	if (fuzz_fd != -1) {
54	9.07k	dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
55	9.07k	Dwarf_Unsigned count = 0;
56	9.07k	int res = 0;
57	9.07k	Dwarf_Unsigned i = 0;
58
59	9.07k	res = dwarf_load_rnglists(dbg, &count, errp);
60	9.07k	if (res == DW_DLV_OK) {
61	2.78k	for (i = 0; i < count; ++i) {
62	2.64k	Dwarf_Unsigned header_offset = 0;
63	2.64k	Dwarf_Small offset_size = 0;
64	2.64k	Dwarf_Small extension_size = 0;
65	2.64k	unsigned version = 0;
66	2.64k	Dwarf_Small address_size = 0;
67	2.64k	Dwarf_Small segment_selector_size = 0;
68	2.64k	Dwarf_Unsigned offset_entry_count = 0;
69	2.64k	Dwarf_Unsigned offset_of_offset_array = 0;
70	2.64k	Dwarf_Unsigned offset_of_first_rangeentry = 0;
71	2.64k	Dwarf_Unsigned offset_past_last_rangeentry = 0;
72
73	2.64k	res = dwarf_get_rnglist_context_basics(
74	2.64k	dbg, i, &header_offset, &offset_size, &extension_size, &version,
75	2.64k	&address_size, &segment_selector_size, &offset_entry_count,
76	2.64k	&offset_of_offset_array, &offset_of_first_rangeentry,
77	2.64k	&offset_past_last_rangeentry, errp);
78
79	2.64k	Dwarf_Unsigned e = 0;
80	2.64k	unsigned colmax = 4;
81	2.64k	unsigned col = 0;
82	2.64k	Dwarf_Unsigned global_offset_of_value = 0;
83
84	8.51k	for (; e < offset_entry_count; ++e) {
85	5.86k	Dwarf_Unsigned value = 0;
86	5.86k	int resc = 0;
87
88	5.86k	resc = dwarf_get_rnglist_offset_index_value(
89	5.86k	dbg, i, e, &value, &global_offset_of_value, errp);
90	5.86k	if (resc != DW_DLV_OK) {
91	0	dwarf_finish(dbg);
92	0	close(fuzz_fd);
93	0	unlink(filename);
94	0	return resc;
95	0	}
96	5.86k	col++;
97	5.86k	if (col == colmax) {
98	1.02k	col = 0;
99	1.02k	}
100	5.86k	}
101
102	2.64k	Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
103	2.64k	Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
104	2.64k	int rese = 0;
105	2.64k	Dwarf_Unsigned ct = 0;
106
107	9.51k	for (; curoffset < endoffset; ++ct) {
108	6.89k	unsigned entrylen = 0;
109	6.89k	unsigned code = 0;
110	6.89k	Dwarf_Unsigned v1 = 0;
111	6.89k	Dwarf_Unsigned v2 = 0;
112	6.89k	rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
113	6.89k	&code, &v1, &v2, errp);
114	6.89k	if (rese != DW_DLV_OK) {
115	27	dwarf_finish(dbg);
116	27	close(fuzz_fd);
117	27	unlink(filename);
118	27	return rese;
119	27	}
120	6.86k	curoffset += entrylen;
121	6.86k	if (curoffset > endoffset) {
122	0	dwarf_finish(dbg);
123	0	close(fuzz_fd);
124	0	unlink(filename);
125	0	return DW_DLV_ERROR;
126	0	}
127	6.86k	}
128	2.64k	}
129	168	}
130	9.04k	dwarf_finish(dbg);
131	9.04k	close(fuzz_fd);
132	9.04k	}
133	9.04k	unlink(filename);
134	9.04k	return 0;
135	9.07k	}

Coverage Report

Created: 2025-07-23 06:45