/src/libdwarf/fuzz/fuzz_die_cu_e_print.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <fcntl.h> /* open() O_RDONLY O_BINARY */
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>

/*
 * Libdwarf library callers can only use these headers.
 */
#include "dwarf.h"
#include "libdwarf.h"
#ifndef O_BINARY
#define O_BINARY 0
#endif


/*
 * A fuzzer that simulates a small part of the simplereader.c example.
 * This fuzzer targets dwarf_init_b.
 */
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  char filename[256];
#ifdef DWREGRESSIONTEMP
  /* Under msys2, the /tmp/ results in an open fail */
  sprintf(filename, "junklibfuzzer.%d", getpid());
#else
  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
#endif
  FILE *fp = fopen(filename, "wb");
  if (!fp) {
    printf("FAIL libfuzzer cannot open temp as writeable %s\n",
        filename);
    return 0;
  }

  fwrite(data, size, 1, fp);
  fclose(fp);

  Dwarf_Debug dbg = 0;
  int fuzz_fd = 0;
  int res = DW_DLV_ERROR;
  Dwarf_Error error = 0;
  Dwarf_Handler errhand = 0;
  Dwarf_Ptr errarg = 0;
  Dwarf_Error *errp = 0;
  int i = 0;
  Dwarf_Die die;

  fuzz_fd = open(filename, O_RDONLY|O_BINARY);
  if (fuzz_fd != -1) {
    res =
        dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
    if (res == DW_DLV_OK) {
      Dwarf_Bool is_info = 0;
      Dwarf_Unsigned cu_header_length = 0;
      Dwarf_Half version_stamp = 0;
      Dwarf_Off abbrev_offset = 0;
      Dwarf_Half address_size = 0;
      Dwarf_Half length_size = 0;
      Dwarf_Half extension_size = 0;
      Dwarf_Sig8 type_signature;
      Dwarf_Unsigned typeoffset = 0;
      Dwarf_Unsigned next_cu_header_offset = 0;
      Dwarf_Half header_cu_type = 0;
      Dwarf_Die cu_die = 0;
      static const Dwarf_Sig8 zerosignature;

      res = dwarf_get_address_size(dbg, &address_size, errp);

      const char *frame_section_name = 0;
      res = dwarf_get_frame_section_name(dbg, &frame_section_name, errp);

      type_signature = zerosignature;
      res = dwarf_next_cu_header_e(
          dbg, is_info,&cu_die, &cu_header_length, &version_stamp, &abbrev_offset,
          &address_size, &length_size, &extension_size, &type_signature,
          &typeoffset, &next_cu_header_offset, &header_cu_type, errp);
      if (res == DW_DLV_OK) {
          Dwarf_Die child = 0;
          res = dwarf_child(cu_die, &child, errp);
      } else {
        dwarf_finish(dbg);
        close(fuzz_fd);
        unlink(filename);
        return 0;
      }
      dwarf_dealloc(dbg, cu_die, DW_DLA_DIE);
    }
  }
  dwarf_finish(dbg);
  close(fuzz_fd);
  unlink(filename);
  return 0;
}

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12		#include <fcntl.h> /* open() O_RDONLY O_BINARY */
13		#include <stdint.h>
14		#include <stdio.h>
15		#include <stdlib.h>
16		#include <string.h>
17		#include <sys/stat.h>
18		#include <sys/types.h>
19		#include <unistd.h>
20
21		/*
22		* Libdwarf library callers can only use these headers.
23		*/
24		#include "dwarf.h"
25		#include "libdwarf.h"
26		#ifndef O_BINARY
27	9.97k	#define O_BINARY 0
28		#endif
29
30
31		/*
32		* A fuzzer that simulates a small part of the simplereader.c example.
33		* This fuzzer targets dwarf_init_b.
34		*/
35	9.97k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
36	9.97k	char filename[256];
37		#ifdef DWREGRESSIONTEMP
38		/* Under msys2, the /tmp/ results in an open fail */
39		sprintf(filename, "junklibfuzzer.%d", getpid());
40		#else
41	9.97k	sprintf(filename, "/tmp/libfuzzer.%d", getpid());
42	9.97k	#endif
43	9.97k	FILE *fp = fopen(filename, "wb");
44	9.97k	if (!fp) {
45	0	printf("FAIL libfuzzer cannot open temp as writeable %s\n",
46	0	filename);
47	0	return 0;
48	0	}
49
50	9.97k	fwrite(data, size, 1, fp);
51	9.97k	fclose(fp);
52
53	9.97k	Dwarf_Debug dbg = 0;
54	9.97k	int fuzz_fd = 0;
55	9.97k	int res = DW_DLV_ERROR;
56	9.97k	Dwarf_Error error = 0;
57	9.97k	Dwarf_Handler errhand = 0;
58	9.97k	Dwarf_Ptr errarg = 0;
59	9.97k	Dwarf_Error *errp = 0;
60	9.97k	int i = 0;
61	9.97k	Dwarf_Die die;
62
63	9.97k	fuzz_fd = open(filename, O_RDONLY\|O_BINARY);
64	9.97k	if (fuzz_fd != -1) {
65	9.97k	res =
66	9.97k	dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
67	9.97k	if (res == DW_DLV_OK) {
68	4.21k	Dwarf_Bool is_info = 0;
69	4.21k	Dwarf_Unsigned cu_header_length = 0;
70	4.21k	Dwarf_Half version_stamp = 0;
71	4.21k	Dwarf_Off abbrev_offset = 0;
72	4.21k	Dwarf_Half address_size = 0;
73	4.21k	Dwarf_Half length_size = 0;
74	4.21k	Dwarf_Half extension_size = 0;
75	4.21k	Dwarf_Sig8 type_signature;
76	4.21k	Dwarf_Unsigned typeoffset = 0;
77	4.21k	Dwarf_Unsigned next_cu_header_offset = 0;
78	4.21k	Dwarf_Half header_cu_type = 0;
79	4.21k	Dwarf_Die cu_die = 0;
80	4.21k	static const Dwarf_Sig8 zerosignature;
81
82	4.21k	res = dwarf_get_address_size(dbg, &address_size, errp);
83
84	4.21k	const char *frame_section_name = 0;
85	4.21k	res = dwarf_get_frame_section_name(dbg, &frame_section_name, errp);
86
87	4.21k	type_signature = zerosignature;
88	4.21k	res = dwarf_next_cu_header_e(
89	4.21k	dbg, is_info,&cu_die, &cu_header_length, &version_stamp, &abbrev_offset,
90	4.21k	&address_size, &length_size, &extension_size, &type_signature,
91	4.21k	&typeoffset, &next_cu_header_offset, &header_cu_type, errp);
92	4.21k	if (res == DW_DLV_OK) {
93	893	Dwarf_Die child = 0;
94	893	res = dwarf_child(cu_die, &child, errp);
95	3.32k	} else {
96	3.32k	dwarf_finish(dbg);
97	3.32k	close(fuzz_fd);
98	3.32k	unlink(filename);
99	3.32k	return 0;
100	3.32k	}
101	893	dwarf_dealloc(dbg, cu_die, DW_DLA_DIE);
102	893	}
103	9.97k	}
104	6.64k	dwarf_finish(dbg);
105	6.64k	close(fuzz_fd);
106	6.64k	unlink(filename);
107	6.64k	return 0;
108	9.97k	}

Coverage Report

Created: 2025-09-27 06:39