/src/libdwarf/fuzz/fuzz_crc_32.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* Copyright 2021 Google LLC |
2 | | Licensed under the Apache License, Version 2.0 (the "License"); |
3 | | you may not use this file except in compliance with the License. |
4 | | You may obtain a copy of the License at |
5 | | http://www.apache.org/licenses/LICENSE-2.0 |
6 | | Unless required by applicable law or agreed to in writing, software |
7 | | distributed under the License is distributed on an "AS IS" BASIS, |
8 | | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
9 | | See the License for the specific language governing permissions and |
10 | | limitations under the License. |
11 | | */ |
12 | | #include <fcntl.h> /* open() O_RDONLY O_BINARY */ |
13 | | #include <stdint.h> |
14 | | #include <stdio.h> |
15 | | #include <stdlib.h> |
16 | | #include <string.h> |
17 | | #include <sys/stat.h> |
18 | | #include <sys/types.h> |
19 | | #include <unistd.h> |
20 | | |
21 | | /* |
22 | | * Libdwarf library callers can only use these headers. |
23 | | */ |
24 | | #include "dwarf.h" |
25 | | #include "libdwarf.h" |
26 | | #ifndef O_BINARY |
27 | 24.2k | #define O_BINARY 0 |
28 | | #endif |
29 | | |
30 | | |
31 | | /* |
32 | | * Fuzzer function targeting dwarf_crc32 |
33 | | */ |
34 | 24.2k | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
35 | 24.2k | char filename[256]; |
36 | 24.2k | sprintf(filename, "/tmp/libfuzzer.%d", getpid()); |
37 | | |
38 | 24.2k | FILE *fp = fopen(filename, "wb"); |
39 | 24.2k | if (!fp) { |
40 | 0 | return 0; |
41 | 0 | } |
42 | 24.2k | fwrite(data, size, 1, fp); |
43 | 24.2k | fclose(fp); |
44 | | |
45 | 24.2k | int fuzz_fd = 0; |
46 | 24.2k | Dwarf_Ptr errarg = 0; |
47 | 24.2k | Dwarf_Handler errhand = 0; |
48 | 24.2k | Dwarf_Error error = 0; |
49 | 24.2k | Dwarf_Debug dbg = 0; |
50 | 24.2k | off_t size_left = 0; |
51 | 24.2k | off_t fsize = 0; |
52 | 24.2k | unsigned char *crcbuf = 0; |
53 | 24.2k | int res = 0; |
54 | | |
55 | 24.2k | fuzz_fd = open(filename, O_RDONLY|O_BINARY); |
56 | 24.2k | fsize = size_left = lseek(fuzz_fd, 0L, SEEK_END); |
57 | | /* The read below will fail, so to avoid |
58 | | reading uninitialized data we ensure |
59 | | the data is initialized. */ |
60 | | |
61 | 24.2k | if (fuzz_fd != -1) { |
62 | 24.2k | dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, &error); |
63 | | /* By not checking the return code, on a failed init |
64 | | we cannot dealloc the error field, so |
65 | | there is a leak from |
66 | | _dwarf_special_no_dbg_error_malloc() */ |
67 | | /* The library has no way to verify a non-null |
68 | | crcbuf points to a valid 4 byte block of memory. |
69 | | Passing in NULL results in returning DW_DLV_NO_ENTRY. */ |
70 | 24.2k | res = dwarf_crc32(dbg, crcbuf, &error); |
71 | | /* Ignoring res! */ |
72 | | |
73 | 24.2k | dwarf_finish(dbg); |
74 | 24.2k | } |
75 | 24.2k | close(fuzz_fd); |
76 | 24.2k | unlink(filename); |
77 | 24.2k | return 0; |
78 | 24.2k | } |