/src/libdwarf/fuzz/fuzz_rng.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <fcntl.h> /* open() O_RDONLY O_BINARY */
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "dwarf.h"
#include "libdwarf.h"

#ifndef O_BINARY
#define O_BINARY 0
#endif


/* Every return from this after dwarf_init_b()
    has to call
    dwarf_finish(dbg);
    close(fuzz_fd);
    unlink(filename);
to avoid memory leaks (and close the fd, of course). */

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  char filename[256];

#ifdef DWREGRESSIONTEMP
  /*  Under msys2, the /tmp/ results in an open fail,
      so we discard the /tmp/ here */
  sprintf(filename, "junklibfuzzer.%d", getpid());
#else
  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
#endif
  FILE *fp = fopen(filename, "wb");
  if (!fp) {
    printf("FAIL libfuzzer cannot open temp as writeable %s\n",
        filename);
    return 0;
  }
  fwrite(data, size, 1, fp);
  fclose(fp);

  int fuzz_fd = 0;
  Dwarf_Ptr errarg = 0;
  Dwarf_Handler errhand = 0;
  Dwarf_Error *errp = NULL;
  Dwarf_Debug dbg = 0;

  fuzz_fd = open(filename, O_RDONLY|O_BINARY);
  if (fuzz_fd != -1) {
    dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
    Dwarf_Unsigned count = 0;
    int res = 0;
    Dwarf_Unsigned i = 0;

    res = dwarf_load_rnglists(dbg, &count, errp);
    if (res == DW_DLV_OK) {
      for (i = 0; i < count; ++i) {
        Dwarf_Unsigned header_offset = 0;
        Dwarf_Small offset_size = 0;
        Dwarf_Small extension_size = 0;
        unsigned version = 0;
        Dwarf_Small address_size = 0;
        Dwarf_Small segment_selector_size = 0;
        Dwarf_Unsigned offset_entry_count = 0;
        Dwarf_Unsigned offset_of_offset_array = 0;
        Dwarf_Unsigned offset_of_first_rangeentry = 0;
        Dwarf_Unsigned offset_past_last_rangeentry = 0;

        res = dwarf_get_rnglist_context_basics(
            dbg, i, &header_offset, &offset_size, &extension_size, &version,
            &address_size, &segment_selector_size, &offset_entry_count,
            &offset_of_offset_array, &offset_of_first_rangeentry,
            &offset_past_last_rangeentry, errp);

        Dwarf_Unsigned e = 0;
        unsigned colmax = 4;
        unsigned col = 0;
        Dwarf_Unsigned global_offset_of_value = 0;

        for (; e < offset_entry_count; ++e) {
          Dwarf_Unsigned value = 0;
          int resc = 0;

          resc = dwarf_get_rnglist_offset_index_value(
              dbg, i, e, &value, &global_offset_of_value, errp);
          if (resc != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return resc;
          }
          col++;
          if (col == colmax) {
            col = 0;
          }
        }

        Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
        Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
        int rese = 0;
        Dwarf_Unsigned ct = 0;

        for (; curoffset < endoffset; ++ct) {
          unsigned entrylen = 0;
          unsigned code = 0;
          Dwarf_Unsigned v1 = 0;
          Dwarf_Unsigned v2 = 0;
          rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
                                       &code, &v1, &v2, errp);
          if (rese != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return rese;
          }
          curoffset += entrylen;
          if (curoffset > endoffset) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return DW_DLV_ERROR;
          }
        }
      }
    }
    dwarf_finish(dbg);
    close(fuzz_fd);
  }
  unlink(filename);
  return 0;
}

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12		#include <fcntl.h> /* open() O_RDONLY O_BINARY */
13		#include <stdint.h>
14		#include <stdio.h>
15		#include <stdlib.h>
16		#include <string.h>
17		#include <sys/stat.h>
18		#include <sys/types.h>
19		#include <unistd.h>
20		#include "dwarf.h"
21		#include "libdwarf.h"
22
23		#ifndef O_BINARY
24	9.55k	#define O_BINARY 0
25		#endif
26
27
28		/* Every return from this after dwarf_init_b()
29		has to call
30		dwarf_finish(dbg);
31		close(fuzz_fd);
32		unlink(filename);
33		to avoid memory leaks (and close the fd, of course). */
34
35	9.55k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
36	9.55k	char filename[256];
37
38		#ifdef DWREGRESSIONTEMP
39		/* Under msys2, the /tmp/ results in an open fail,
40		so we discard the /tmp/ here */
41		sprintf(filename, "junklibfuzzer.%d", getpid());
42		#else
43	9.55k	sprintf(filename, "/tmp/libfuzzer.%d", getpid());
44	9.55k	#endif
45	9.55k	FILE *fp = fopen(filename, "wb");
46	9.55k	if (!fp) {
47	0	printf("FAIL libfuzzer cannot open temp as writeable %s\n",
48	0	filename);
49	0	return 0;
50	0	}
51	9.55k	fwrite(data, size, 1, fp);
52	9.55k	fclose(fp);
53
54	9.55k	int fuzz_fd = 0;
55	9.55k	Dwarf_Ptr errarg = 0;
56	9.55k	Dwarf_Handler errhand = 0;
57	9.55k	Dwarf_Error *errp = NULL;
58	9.55k	Dwarf_Debug dbg = 0;
59
60	9.55k	fuzz_fd = open(filename, O_RDONLY\|O_BINARY);
61	9.55k	if (fuzz_fd != -1) {
62	9.55k	dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
63	9.55k	Dwarf_Unsigned count = 0;
64	9.55k	int res = 0;
65	9.55k	Dwarf_Unsigned i = 0;
66
67	9.55k	res = dwarf_load_rnglists(dbg, &count, errp);
68	9.55k	if (res == DW_DLV_OK) {
69	2.56k	for (i = 0; i < count; ++i) {
70	2.44k	Dwarf_Unsigned header_offset = 0;
71	2.44k	Dwarf_Small offset_size = 0;
72	2.44k	Dwarf_Small extension_size = 0;
73	2.44k	unsigned version = 0;
74	2.44k	Dwarf_Small address_size = 0;
75	2.44k	Dwarf_Small segment_selector_size = 0;
76	2.44k	Dwarf_Unsigned offset_entry_count = 0;
77	2.44k	Dwarf_Unsigned offset_of_offset_array = 0;
78	2.44k	Dwarf_Unsigned offset_of_first_rangeentry = 0;
79	2.44k	Dwarf_Unsigned offset_past_last_rangeentry = 0;
80
81	2.44k	res = dwarf_get_rnglist_context_basics(
82	2.44k	dbg, i, &header_offset, &offset_size, &extension_size, &version,
83	2.44k	&address_size, &segment_selector_size, &offset_entry_count,
84	2.44k	&offset_of_offset_array, &offset_of_first_rangeentry,
85	2.44k	&offset_past_last_rangeentry, errp);
86
87	2.44k	Dwarf_Unsigned e = 0;
88	2.44k	unsigned colmax = 4;
89	2.44k	unsigned col = 0;
90	2.44k	Dwarf_Unsigned global_offset_of_value = 0;
91
92	8.16k	for (; e < offset_entry_count; ++e) {
93	5.71k	Dwarf_Unsigned value = 0;
94	5.71k	int resc = 0;
95
96	5.71k	resc = dwarf_get_rnglist_offset_index_value(
97	5.71k	dbg, i, e, &value, &global_offset_of_value, errp);
98	5.71k	if (resc != DW_DLV_OK) {
99	0	dwarf_finish(dbg);
100	0	close(fuzz_fd);
101	0	unlink(filename);
102	0	return resc;
103	0	}
104	5.71k	col++;
105	5.71k	if (col == colmax) {
106	990	col = 0;
107	990	}
108	5.71k	}
109
110	2.44k	Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
111	2.44k	Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
112	2.44k	int rese = 0;
113	2.44k	Dwarf_Unsigned ct = 0;
114
115	9.79k	for (; curoffset < endoffset; ++ct) {
116	7.39k	unsigned entrylen = 0;
117	7.39k	unsigned code = 0;
118	7.39k	Dwarf_Unsigned v1 = 0;
119	7.39k	Dwarf_Unsigned v2 = 0;
120	7.39k	rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
121	7.39k	&code, &v1, &v2, errp);
122	7.39k	if (rese != DW_DLV_OK) {
123	45	dwarf_finish(dbg);
124	45	close(fuzz_fd);
125	45	unlink(filename);
126	45	return rese;
127	45	}
128	7.34k	curoffset += entrylen;
129	7.34k	if (curoffset > endoffset) {
130	0	dwarf_finish(dbg);
131	0	close(fuzz_fd);
132	0	unlink(filename);
133	0	return DW_DLV_ERROR;
134	0	}
135	7.34k	}
136	2.44k	}
137	162	}
138	9.51k	dwarf_finish(dbg);
139	9.51k	close(fuzz_fd);
140	9.51k	}
141	9.51k	unlink(filename);
142	9.51k	return 0;
143	9.55k	}

Coverage Report

Created: 2026-04-01 06:25