Coverage Report

Created: 2025-10-10 06:36

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/libdwarf/fuzz/fuzz_debuglink.c
Line
Count
Source
1
/* Copyright 2021 Google LLC
2
Licensed under the Apache License, Version 2.0 (the "License");
3
you may not use this file except in compliance with the License.
4
You may obtain a copy of the License at
5
      http://www.apache.org/licenses/LICENSE-2.0
6
Unless required by applicable law or agreed to in writing, software
7
distributed under the License is distributed on an "AS IS" BASIS,
8
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9
See the License for the specific language governing permissions and
10
limitations under the License.
11
*/
12
#include <fcntl.h> /* open() O_RDONLY O_BINARY */
13
#include <stdint.h>
14
#include <stdio.h>
15
#include <stdlib.h>
16
#include <string.h>
17
#include <sys/stat.h>
18
#include <sys/types.h>
19
#include <unistd.h>
20
21
/*
22
 * Libdwarf library callers can only use these headers.
23
 */
24
#include "dwarf.h"
25
#include "libdwarf.h"
26
#ifndef O_BINARY
27
23.5k
#define O_BINARY 0
28
#endif
29
30
/*
31
 * Fuzzer function targeting a case of dwarf_gnu_debuglink
32
 */
33
23.5k
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
34
23.5k
  char filename[256];
35
#ifdef DWREGRESSIONTEMP
36
  /* Under msys2, the /tmp/ results in an open fail */
37
  sprintf(filename, "libfuzzer.%d", getpid());
38
#else
39
23.5k
  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
40
23.5k
#endif
41
23.5k
  FILE *fp = fopen(filename, "wb");
42
23.5k
  if (!fp) {
43
0
    printf("FAIL libfuzzer cannot open temp as writeable %s\n",
44
0
        filename);
45
0
    return 0;
46
0
  }
47
48
23.5k
  fwrite(data, size, 1, fp);
49
23.5k
  fclose(fp);
50
51
23.5k
  int fuzz_fd = 0;
52
23.5k
  Dwarf_Ptr errarg = 0;
53
23.5k
  Dwarf_Handler errhand = 0;
54
23.5k
  Dwarf_Error *errp = NULL;
55
23.5k
  Dwarf_Debug dbg = 0;
56
57
23.5k
  fuzz_fd = open(filename, O_RDONLY |O_BINARY);
58
23.5k
  if (fuzz_fd != -1) {
59
23.5k
    dwarf_init_b(fuzz_fd, DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
60
61
23.5k
    int res = 0;
62
23.5k
    char *debuglink_path = 0;
63
23.5k
    unsigned char *crc = 0;
64
23.5k
    char *debuglink_fullpath = 0;
65
23.5k
    unsigned debuglink_fullpath_strlen = 0;
66
23.5k
    unsigned buildid_type = 0;
67
23.5k
    char *buildidowner_name = 0;
68
23.5k
    unsigned char *buildid_itself = 0;
69
23.5k
    unsigned buildid_length = 0;
70
23.5k
    char **paths = 0;
71
23.5k
    unsigned paths_count = 0;
72
23.5k
    unsigned i = 0;
73
74
    /*  This is just an example if one knows
75
        of another place full-DWARF objects
76
        may be. "/usr/lib/debug" is automatically
77
        set. */
78
23.5k
    res =
79
23.5k
        dwarf_add_debuglink_global_path(dbg, "/usr/include/c++/9/debug", errp);
80
23.5k
    res = dwarf_gnu_debuglink(dbg, &debuglink_path, &crc, &debuglink_fullpath,
81
23.5k
                              &debuglink_fullpath_strlen, &buildid_type,
82
23.5k
                              &buildidowner_name, &buildid_itself,
83
23.5k
                              &buildid_length, &paths, &paths_count, errp);
84
    /*  Calling dwarf_gnu_debuglink and passing in
85
        &paths here means the caller
86
        is obligated to free the array/block of strings
87
        returned. dwarf_finish() will NOT
88
        free these strings. See the libdwarf documentation.  */
89
23.5k
    free(paths);
90
    /*  Calling dwarf_gnu_debuglink and passing in
91
        &debuglink_fullpath  means the caller
92
        is obligated to free the array/block of strings
93
        returned. dwarf_finish() will NOT
94
        free these strings. See the libdwarf documentation.  */
95
23.5k
    free(debuglink_fullpath);
96
97
23.5k
    dwarf_finish(dbg);
98
23.5k
    close(fuzz_fd);
99
23.5k
  }
100
101
23.5k
  unlink(filename);
102
23.5k
  return 0;
103
23.5k
}