/src/libdwarf/fuzz/fuzz_dnames.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <fcntl.h> /* open() O_RDONLY O_BINARY */
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef O_BINARY
#define O_BINARY 0 /* So it does nothing in Linux/Unix */
#endif


/*
 * Libdwarf library callers can only use these headers.
 */
#include "dwarf.h"
#include "libdwarf.h"

/*  This now initializes local variables to zero
    rather than leaving them uninitialized.
    When uninitialized consistent behavior is
    unlikely, run-to-run.  And
    crashes are likely.
    David Anderson 30 May 2023.
*/
/*
 * A fuzzer that simulates a small part of the simplereader.c example.
 */
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  char filename[256];
#ifdef DWREGRESSIONTEMP
  /* Under msys2, the /tmp/ results in an open fail */
  sprintf(filename, "junklibfuzzer.%d", getpid());
#else
  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
#endif
  FILE *fp = fopen(filename, "wb");
  if (!fp) {
    printf("FAIL libfuzzer cannot open temp as writeable %s\n",
        filename);
    return 0;
  }
  fwrite(data, size, 1, fp);
  fclose(fp);

  Dwarf_Debug dbg = 0;
  int res = DW_DLV_ERROR;
  Dwarf_Error error = 0;
  Dwarf_Handler errhand = 0;
  Dwarf_Ptr errarg = 0;
  int regtabrulecount = 0;
  int curopt = 0;

  int fd = open(filename, O_RDONLY | O_BINARY);
  if (fd < 0) {
    exit(EXIT_FAILURE);
  }

  res = dwarf_init_b(fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, &error);

  if (res != DW_DLV_OK) {
    dwarf_dealloc_error(dbg, error);
  } else {

    Dwarf_Dnames_Head dnames_h = 0;
    Dwarf_Off dw_offset_of_next_table = 0;
    res = dwarf_dnames_header(dbg, 0, &dnames_h, &dw_offset_of_next_table,
                              &error);

    if (res != DW_DLV_OK) {
      dwarf_dealloc_dnames(dnames_h);
      dwarf_finish(dbg);
      close(fd);
      unlink(filename);
      return 0;
    }

    Dwarf_Unsigned dw_index = 1;
    Dwarf_Unsigned dw_abbrev_offset = 0;
    Dwarf_Unsigned dw_abbrev_code = 0;
    Dwarf_Unsigned dw_abbrev_tag = 0;
    Dwarf_Unsigned dw_array_size = 256;
    /*  This test code originally passed in uninitialized
        pointers dw_idxattr_array and dw_form_array, which
        we cannot protect against. But we can check for NULL
        so now the variables are initialilized.
        In any case this code does not call the function correctly,
        but we leave that as written. David Anderson 30 May 2023 */
    Dwarf_Half *dw_idxattr_array = 0;
    Dwarf_Half *dw_form_array = 0;
    Dwarf_Unsigned dw_idxattr_count = 0;

    res = dwarf_dnames_abbrevtable(
        dnames_h, dw_index, &dw_abbrev_offset, &dw_abbrev_code, &dw_abbrev_tag,
        dw_array_size, dw_idxattr_array, dw_form_array, &dw_idxattr_count);
    if (res == DW_DLV_NO_ENTRY) {
    }

    Dwarf_Unsigned dw_comp_unit_count = 0;
    Dwarf_Unsigned dw_local_type_unit_count = 0;
    Dwarf_Unsigned dw_foreign_type_unit_count = 0;
    Dwarf_Unsigned dw_bucket_count = 0;
    Dwarf_Unsigned dw_name_count = 0;
    Dwarf_Unsigned dw_abbrev_table_size = 0;
    Dwarf_Unsigned dw_entry_pool_size = 0;
    Dwarf_Unsigned dw_augmentation_string_size = 0;
    char *dw_augmentation_string = 0;
    Dwarf_Unsigned dw_section_size = 0;
    Dwarf_Half dw_table_version = 0;
    Dwarf_Half dw_offset_size = 0;
    res = dwarf_dnames_sizes(
        dnames_h, &dw_comp_unit_count, &dw_local_type_unit_count,
        &dw_foreign_type_unit_count, &dw_bucket_count, &dw_name_count,
        &dw_abbrev_table_size, &dw_entry_pool_size,
        &dw_augmentation_string_size, &dw_augmentation_string, &dw_section_size,
        &dw_table_version, &dw_offset_size, &error);
    if (res != DW_DLV_OK) {
      dwarf_dealloc_dnames(dnames_h);
      dwarf_finish(dbg);
      close(fd);
      unlink(filename);
      return 0;
    }

    Dwarf_Unsigned dw_header_offset = 0;
    Dwarf_Unsigned dw_cu_table_offset = 0;
    Dwarf_Unsigned dw_tu_local_offset = 0;
    Dwarf_Unsigned dw_foreign_tu_offset = 0;
    Dwarf_Unsigned dw_bucket_offset = 0;
    Dwarf_Unsigned dw_hashes_offset = 0;
    Dwarf_Unsigned dw_stringoffsets_offset = 0;
    Dwarf_Unsigned dw_entryoffsets_offset = 0;
    Dwarf_Unsigned dw_abbrev_table_offset = 0;
    Dwarf_Unsigned dw_entry_pool_offset = 0;
    res = dwarf_dnames_offsets(
        dnames_h, &dw_header_offset, &dw_cu_table_offset, &dw_tu_local_offset,
        &dw_foreign_tu_offset, &dw_bucket_offset, &dw_hashes_offset,
        &dw_stringoffsets_offset, &dw_entryoffsets_offset,
        &dw_abbrev_table_offset, &dw_entry_pool_offset, &error);
    if (res != DW_DLV_OK) {
      dwarf_dealloc_dnames(dnames_h);
      dwarf_finish(dbg);
      close(fd);
      unlink(filename);
      return 0;
    }

    Dwarf_Unsigned dw_offset = 0;
    Dwarf_Sig8 dw_sig;
    res = dwarf_dnames_cu_table(dnames_h, "cu", 0, &dw_offset, &dw_sig, &error);
    if (res != DW_DLV_OK) {
      dwarf_dealloc_dnames(dnames_h);
      dwarf_finish(dbg);
      close(fd);
      unlink(filename);
      return 0;
    }

    dw_index = 0;
    Dwarf_Unsigned dw_indexcount;
    res = dwarf_dnames_bucket(dnames_h, 0, &dw_index, &dw_indexcount, &error);
    if (res != DW_DLV_OK) {
      dwarf_dealloc_dnames(dnames_h);
      dwarf_finish(dbg);
      close(fd);
      unlink(filename);
      return 0;
    }

    Dwarf_Unsigned dw_bucket_number = 0;
    Dwarf_Unsigned dw_hash_value = 0;
    Dwarf_Unsigned dw_offset_to_debug_str = 0;
    char *dw_ptrtostr = 0;
    Dwarf_Unsigned dw_offset_in_entrypool = 0;
    Dwarf_Unsigned dw_abbrev_number = 0;
    Dwarf_Half abbrev_tg = 0;
    dw_array_size = 10;
    Dwarf_Half idxattr_array[10];
    Dwarf_Half form_array[10];
    res = dwarf_dnames_name(
        dnames_h, 1, &dw_bucket_number, &dw_hash_value, &dw_offset_to_debug_str,
        &dw_ptrtostr, &dw_offset_in_entrypool, &dw_abbrev_number, &abbrev_tg,
        dw_array_size, idxattr_array, form_array, &dw_idxattr_count, &error);
    if (res != DW_DLV_OK) {
      dwarf_dealloc_dnames(dnames_h);
      dwarf_finish(dbg);
      close(fd);
      unlink(filename);
      return 0;
    }

    dwarf_dealloc_dnames(dnames_h);
  }

  dwarf_finish(dbg);
  close(fd);
  unlink(filename);
  return 0;
}

Coverage Report

Created: 2026-02-26 06:16

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12		#include <fcntl.h> /* open() O_RDONLY O_BINARY */
13		#include <stdint.h>
14		#include <stdio.h>
15		#include <stdlib.h>
16		#include <string.h>
17		#include <sys/types.h>
18		#include <unistd.h>
19
20		#ifndef O_BINARY
21	8.84k	#define O_BINARY 0 /* So it does nothing in Linux/Unix */
22		#endif
23
24
25		/*
26		* Libdwarf library callers can only use these headers.
27		*/
28		#include "dwarf.h"
29		#include "libdwarf.h"
30
31		/* This now initializes local variables to zero
32		rather than leaving them uninitialized.
33		When uninitialized consistent behavior is
34		unlikely, run-to-run. And
35		crashes are likely.
36		David Anderson 30 May 2023.
37		*/
38		/*
39		* A fuzzer that simulates a small part of the simplereader.c example.
40		*/
41	8.84k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
42	8.84k	char filename[256];
43		#ifdef DWREGRESSIONTEMP
44		/* Under msys2, the /tmp/ results in an open fail */
45		sprintf(filename, "junklibfuzzer.%d", getpid());
46		#else
47	8.84k	sprintf(filename, "/tmp/libfuzzer.%d", getpid());
48	8.84k	#endif
49	8.84k	FILE *fp = fopen(filename, "wb");
50	8.84k	if (!fp) {
51	0	printf("FAIL libfuzzer cannot open temp as writeable %s\n",
52	0	filename);
53	0	return 0;
54	0	}
55	8.84k	fwrite(data, size, 1, fp);
56	8.84k	fclose(fp);
57
58	8.84k	Dwarf_Debug dbg = 0;
59	8.84k	int res = DW_DLV_ERROR;
60	8.84k	Dwarf_Error error = 0;
61	8.84k	Dwarf_Handler errhand = 0;
62	8.84k	Dwarf_Ptr errarg = 0;
63	8.84k	int regtabrulecount = 0;
64	8.84k	int curopt = 0;
65
66	8.84k	int fd = open(filename, O_RDONLY \| O_BINARY);
67	8.84k	if (fd < 0) {
68	0	exit(EXIT_FAILURE);
69	0	}
70
71	8.84k	res = dwarf_init_b(fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, &error);
72
73	8.84k	if (res != DW_DLV_OK) {
74	7.31k	dwarf_dealloc_error(dbg, error);
75	7.31k	} else {
76
77	1.53k	Dwarf_Dnames_Head dnames_h = 0;
78	1.53k	Dwarf_Off dw_offset_of_next_table = 0;
79	1.53k	res = dwarf_dnames_header(dbg, 0, &dnames_h, &dw_offset_of_next_table,
80	1.53k	&error);
81
82	1.53k	if (res != DW_DLV_OK) {
83	1.24k	dwarf_dealloc_dnames(dnames_h);
84	1.24k	dwarf_finish(dbg);
85	1.24k	close(fd);
86	1.24k	unlink(filename);
87	1.24k	return 0;
88	1.24k	}
89
90	295	Dwarf_Unsigned dw_index = 1;
91	295	Dwarf_Unsigned dw_abbrev_offset = 0;
92	295	Dwarf_Unsigned dw_abbrev_code = 0;
93	295	Dwarf_Unsigned dw_abbrev_tag = 0;
94	295	Dwarf_Unsigned dw_array_size = 256;
95		/* This test code originally passed in uninitialized
96		pointers dw_idxattr_array and dw_form_array, which
97		we cannot protect against. But we can check for NULL
98		so now the variables are initialilized.
99		In any case this code does not call the function correctly,
100		but we leave that as written. David Anderson 30 May 2023 */
101	295	Dwarf_Half *dw_idxattr_array = 0;
102	295	Dwarf_Half *dw_form_array = 0;
103	295	Dwarf_Unsigned dw_idxattr_count = 0;
104
105	295	res = dwarf_dnames_abbrevtable(
106	295	dnames_h, dw_index, &dw_abbrev_offset, &dw_abbrev_code, &dw_abbrev_tag,
107	295	dw_array_size, dw_idxattr_array, dw_form_array, &dw_idxattr_count);
108	295	if (res == DW_DLV_NO_ENTRY) {
109	295	}
110
111	295	Dwarf_Unsigned dw_comp_unit_count = 0;
112	295	Dwarf_Unsigned dw_local_type_unit_count = 0;
113	295	Dwarf_Unsigned dw_foreign_type_unit_count = 0;
114	295	Dwarf_Unsigned dw_bucket_count = 0;
115	295	Dwarf_Unsigned dw_name_count = 0;
116	295	Dwarf_Unsigned dw_abbrev_table_size = 0;
117	295	Dwarf_Unsigned dw_entry_pool_size = 0;
118	295	Dwarf_Unsigned dw_augmentation_string_size = 0;
119	295	char *dw_augmentation_string = 0;
120	295	Dwarf_Unsigned dw_section_size = 0;
121	295	Dwarf_Half dw_table_version = 0;
122	295	Dwarf_Half dw_offset_size = 0;
123	295	res = dwarf_dnames_sizes(
124	295	dnames_h, &dw_comp_unit_count, &dw_local_type_unit_count,
125	295	&dw_foreign_type_unit_count, &dw_bucket_count, &dw_name_count,
126	295	&dw_abbrev_table_size, &dw_entry_pool_size,
127	295	&dw_augmentation_string_size, &dw_augmentation_string, &dw_section_size,
128	295	&dw_table_version, &dw_offset_size, &error);
129	295	if (res != DW_DLV_OK) {
130	0	dwarf_dealloc_dnames(dnames_h);
131	0	dwarf_finish(dbg);
132	0	close(fd);
133	0	unlink(filename);
134	0	return 0;
135	0	}
136
137	295	Dwarf_Unsigned dw_header_offset = 0;
138	295	Dwarf_Unsigned dw_cu_table_offset = 0;
139	295	Dwarf_Unsigned dw_tu_local_offset = 0;
140	295	Dwarf_Unsigned dw_foreign_tu_offset = 0;
141	295	Dwarf_Unsigned dw_bucket_offset = 0;
142	295	Dwarf_Unsigned dw_hashes_offset = 0;
143	295	Dwarf_Unsigned dw_stringoffsets_offset = 0;
144	295	Dwarf_Unsigned dw_entryoffsets_offset = 0;
145	295	Dwarf_Unsigned dw_abbrev_table_offset = 0;
146	295	Dwarf_Unsigned dw_entry_pool_offset = 0;
147	295	res = dwarf_dnames_offsets(
148	295	dnames_h, &dw_header_offset, &dw_cu_table_offset, &dw_tu_local_offset,
149	295	&dw_foreign_tu_offset, &dw_bucket_offset, &dw_hashes_offset,
150	295	&dw_stringoffsets_offset, &dw_entryoffsets_offset,
151	295	&dw_abbrev_table_offset, &dw_entry_pool_offset, &error);
152	295	if (res != DW_DLV_OK) {
153	0	dwarf_dealloc_dnames(dnames_h);
154	0	dwarf_finish(dbg);
155	0	close(fd);
156	0	unlink(filename);
157	0	return 0;
158	0	}
159
160	295	Dwarf_Unsigned dw_offset = 0;
161	295	Dwarf_Sig8 dw_sig;
162	295	res = dwarf_dnames_cu_table(dnames_h, "cu", 0, &dw_offset, &dw_sig, &error);
163	295	if (res != DW_DLV_OK) {
164	22	dwarf_dealloc_dnames(dnames_h);
165	22	dwarf_finish(dbg);
166	22	close(fd);
167	22	unlink(filename);
168	22	return 0;
169	22	}
170
171	273	dw_index = 0;
172	273	Dwarf_Unsigned dw_indexcount;
173	273	res = dwarf_dnames_bucket(dnames_h, 0, &dw_index, &dw_indexcount, &error);
174	273	if (res != DW_DLV_OK) {
175	7	dwarf_dealloc_dnames(dnames_h);
176	7	dwarf_finish(dbg);
177	7	close(fd);
178	7	unlink(filename);
179	7	return 0;
180	7	}
181
182	266	Dwarf_Unsigned dw_bucket_number = 0;
183	266	Dwarf_Unsigned dw_hash_value = 0;
184	266	Dwarf_Unsigned dw_offset_to_debug_str = 0;
185	266	char *dw_ptrtostr = 0;
186	266	Dwarf_Unsigned dw_offset_in_entrypool = 0;
187	266	Dwarf_Unsigned dw_abbrev_number = 0;
188	266	Dwarf_Half abbrev_tg = 0;
189	266	dw_array_size = 10;
190	266	Dwarf_Half idxattr_array[10];
191	266	Dwarf_Half form_array[10];
192	266	res = dwarf_dnames_name(
193	266	dnames_h, 1, &dw_bucket_number, &dw_hash_value, &dw_offset_to_debug_str,
194	266	&dw_ptrtostr, &dw_offset_in_entrypool, &dw_abbrev_number, &abbrev_tg,
195	266	dw_array_size, idxattr_array, form_array, &dw_idxattr_count, &error);
196	266	if (res != DW_DLV_OK) {
197	258	dwarf_dealloc_dnames(dnames_h);
198	258	dwarf_finish(dbg);
199	258	close(fd);
200	258	unlink(filename);
201	258	return 0;
202	258	}
203
204	8	dwarf_dealloc_dnames(dnames_h);
205	8	}
206
207	7.31k	dwarf_finish(dbg);
208	7.31k	close(fd);
209	7.31k	unlink(filename);
210	7.31k	return 0;
211	8.84k	}