/src/libdwarf/fuzz/fuzz_rng.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <fcntl.h> /* open() O_RDONLY O_BINARY */
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "dwarf.h"
#include "libdwarf.h"

#ifndef O_BINARY
#define O_BINARY 0
#endif


/* Every return from this after dwarf_init_b()
    has to call
    dwarf_finish(dbg);
    close(fuzz_fd);
    unlink(filename);
to avoid memory leaks (and close the fd, of course). */

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  char filename[256];

#ifdef DWREGRESSIONTEMP
  /*  Under msys2, the /tmp/ results in an open fail,
      so we discard the /tmp/ here */
  sprintf(filename, "junklibfuzzer.%d", getpid());
#else
  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
#endif
  FILE *fp = fopen(filename, "wb");
  if (!fp) {
    printf("FAIL libfuzzer cannot open temp as writeable %s\n",
        filename);
    return 0;
  }
  fwrite(data, size, 1, fp);
  fclose(fp);

  int fuzz_fd = 0;
  Dwarf_Ptr errarg = 0;
  Dwarf_Handler errhand = 0;
  Dwarf_Error *errp = NULL;
  Dwarf_Debug dbg = 0;

  fuzz_fd = open(filename, O_RDONLY|O_BINARY);
  if (fuzz_fd != -1) {
    dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
    Dwarf_Unsigned count = 0;
    int res = 0;
    Dwarf_Unsigned i = 0;

    res = dwarf_load_rnglists(dbg, &count, errp);
    if (res == DW_DLV_OK) {
      for (i = 0; i < count; ++i) {
        Dwarf_Unsigned header_offset = 0;
        Dwarf_Small offset_size = 0;
        Dwarf_Small extension_size = 0;
        unsigned version = 0;
        Dwarf_Small address_size = 0;
        Dwarf_Small segment_selector_size = 0;
        Dwarf_Unsigned offset_entry_count = 0;
        Dwarf_Unsigned offset_of_offset_array = 0;
        Dwarf_Unsigned offset_of_first_rangeentry = 0;
        Dwarf_Unsigned offset_past_last_rangeentry = 0;

        res = dwarf_get_rnglist_context_basics(
            dbg, i, &header_offset, &offset_size, &extension_size, &version,
            &address_size, &segment_selector_size, &offset_entry_count,
            &offset_of_offset_array, &offset_of_first_rangeentry,
            &offset_past_last_rangeentry, errp);

        Dwarf_Unsigned e = 0;
        unsigned colmax = 4;
        unsigned col = 0;
        Dwarf_Unsigned global_offset_of_value = 0;

        for (; e < offset_entry_count; ++e) {
          Dwarf_Unsigned value = 0;
          int resc = 0;

          resc = dwarf_get_rnglist_offset_index_value(
              dbg, i, e, &value, &global_offset_of_value, errp);
          if (resc != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return resc;
          }
          col++;
          if (col == colmax) {
            col = 0;
          }
        }

        Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
        Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
        int rese = 0;
        Dwarf_Unsigned ct = 0;

        for (; curoffset < endoffset; ++ct) {
          unsigned entrylen = 0;
          unsigned code = 0;
          Dwarf_Unsigned v1 = 0;
          Dwarf_Unsigned v2 = 0;
          rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
                                       &code, &v1, &v2, errp);
          if (rese != DW_DLV_OK) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return rese;
          }
          curoffset += entrylen;
          if (curoffset > endoffset) {
            dwarf_finish(dbg);
            close(fuzz_fd);
            unlink(filename);
            return DW_DLV_ERROR;
          }
        }
      }
    }
    dwarf_finish(dbg);
    close(fuzz_fd);
  }
  unlink(filename);
  return 0;
}

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12		#include <fcntl.h> /* open() O_RDONLY O_BINARY */
13		#include <stdint.h>
14		#include <stdio.h>
15		#include <stdlib.h>
16		#include <string.h>
17		#include <sys/stat.h>
18		#include <sys/types.h>
19		#include <unistd.h>
20		#include "dwarf.h"
21		#include "libdwarf.h"
22
23		#ifndef O_BINARY
24	9.32k	#define O_BINARY 0
25		#endif
26
27
28		/* Every return from this after dwarf_init_b()
29		has to call
30		dwarf_finish(dbg);
31		close(fuzz_fd);
32		unlink(filename);
33		to avoid memory leaks (and close the fd, of course). */
34
35	9.32k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
36	9.32k	char filename[256];
37
38		#ifdef DWREGRESSIONTEMP
39		/* Under msys2, the /tmp/ results in an open fail,
40		so we discard the /tmp/ here */
41		sprintf(filename, "junklibfuzzer.%d", getpid());
42		#else
43	9.32k	sprintf(filename, "/tmp/libfuzzer.%d", getpid());
44	9.32k	#endif
45	9.32k	FILE *fp = fopen(filename, "wb");
46	9.32k	if (!fp) {
47	0	printf("FAIL libfuzzer cannot open temp as writeable %s\n",
48	0	filename);
49	0	return 0;
50	0	}
51	9.32k	fwrite(data, size, 1, fp);
52	9.32k	fclose(fp);
53
54	9.32k	int fuzz_fd = 0;
55	9.32k	Dwarf_Ptr errarg = 0;
56	9.32k	Dwarf_Handler errhand = 0;
57	9.32k	Dwarf_Error *errp = NULL;
58	9.32k	Dwarf_Debug dbg = 0;
59
60	9.32k	fuzz_fd = open(filename, O_RDONLY\|O_BINARY);
61	9.32k	if (fuzz_fd != -1) {
62	9.32k	dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
63	9.32k	Dwarf_Unsigned count = 0;
64	9.32k	int res = 0;
65	9.32k	Dwarf_Unsigned i = 0;
66
67	9.32k	res = dwarf_load_rnglists(dbg, &count, errp);
68	9.32k	if (res == DW_DLV_OK) {
69	3.17k	for (i = 0; i < count; ++i) {
70	3.04k	Dwarf_Unsigned header_offset = 0;
71	3.04k	Dwarf_Small offset_size = 0;
72	3.04k	Dwarf_Small extension_size = 0;
73	3.04k	unsigned version = 0;
74	3.04k	Dwarf_Small address_size = 0;
75	3.04k	Dwarf_Small segment_selector_size = 0;
76	3.04k	Dwarf_Unsigned offset_entry_count = 0;
77	3.04k	Dwarf_Unsigned offset_of_offset_array = 0;
78	3.04k	Dwarf_Unsigned offset_of_first_rangeentry = 0;
79	3.04k	Dwarf_Unsigned offset_past_last_rangeentry = 0;
80
81	3.04k	res = dwarf_get_rnglist_context_basics(
82	3.04k	dbg, i, &header_offset, &offset_size, &extension_size, &version,
83	3.04k	&address_size, &segment_selector_size, &offset_entry_count,
84	3.04k	&offset_of_offset_array, &offset_of_first_rangeentry,
85	3.04k	&offset_past_last_rangeentry, errp);
86
87	3.04k	Dwarf_Unsigned e = 0;
88	3.04k	unsigned colmax = 4;
89	3.04k	unsigned col = 0;
90	3.04k	Dwarf_Unsigned global_offset_of_value = 0;
91
92	9.24k	for (; e < offset_entry_count; ++e) {
93	6.19k	Dwarf_Unsigned value = 0;
94	6.19k	int resc = 0;
95
96	6.19k	resc = dwarf_get_rnglist_offset_index_value(
97	6.19k	dbg, i, e, &value, &global_offset_of_value, errp);
98	6.19k	if (resc != DW_DLV_OK) {
99	0	dwarf_finish(dbg);
100	0	close(fuzz_fd);
101	0	unlink(filename);
102	0	return resc;
103	0	}
104	6.19k	col++;
105	6.19k	if (col == colmax) {
106	1.03k	col = 0;
107	1.03k	}
108	6.19k	}
109
110	3.04k	Dwarf_Unsigned curoffset = offset_of_first_rangeentry;
111	3.04k	Dwarf_Unsigned endoffset = offset_past_last_rangeentry;
112	3.04k	int rese = 0;
113	3.04k	Dwarf_Unsigned ct = 0;
114
115	11.8k	for (; curoffset < endoffset; ++ct) {
116	8.89k	unsigned entrylen = 0;
117	8.89k	unsigned code = 0;
118	8.89k	Dwarf_Unsigned v1 = 0;
119	8.89k	Dwarf_Unsigned v2 = 0;
120	8.89k	rese = dwarf_get_rnglist_rle(dbg, i, curoffset, endoffset, &entrylen,
121	8.89k	&code, &v1, &v2, errp);
122	8.89k	if (rese != DW_DLV_OK) {
123	46	dwarf_finish(dbg);
124	46	close(fuzz_fd);
125	46	unlink(filename);
126	46	return rese;
127	46	}
128	8.85k	curoffset += entrylen;
129	8.85k	if (curoffset > endoffset) {
130	0	dwarf_finish(dbg);
131	0	close(fuzz_fd);
132	0	unlink(filename);
133	0	return DW_DLV_ERROR;
134	0	}
135	8.85k	}
136	3.04k	}
137	176	}
138	9.27k	dwarf_finish(dbg);
139	9.27k	close(fuzz_fd);
140	9.27k	}
141	9.27k	unlink(filename);
142	9.27k	return 0;
143	9.32k	}

Coverage Report

Created: 2026-06-10 06:19