/src/read_fuzzer.c

Source (jump to first uncovered line)
#include <stddef.h>
#include <unistd.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>

#include "mpg123.h"

static char* fuzzer_get_tmpfile(const uint8_t* data, size_t size) {
  char* filename_buffer = strdup("/tmp/generate_temporary_file.XXXXXX");
  if (!filename_buffer) {
    perror("Failed to allocate file name buffer.");
    abort();
  }
  const int file_descriptor = mkstemp(filename_buffer);
  if (file_descriptor < 0) {
    perror("Failed to make temporary file.");
    abort();
  }
  FILE* file = fdopen(file_descriptor, "wb");
  if (!file) {
    perror("Failed to open file descriptor.");
    close(file_descriptor);
    abort();
  }
  const size_t bytes_written = fwrite(data, sizeof(uint8_t), size, file);
  if (bytes_written < size) {
    close(file_descriptor);
    fprintf(stderr, "Failed to write all bytes to file (%zu out of %zu)",
            bytes_written, size);
    abort();
  }
  fclose(file);
  return filename_buffer;
}

static void fuzzer_release_tmpfile(char* filename) {
  if (unlink(filename) != 0) {
    perror("WARNING: Failed to delete temporary file.");
  }
  free(filename);
}

int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  static bool initialized = false;
  if (!initialized) {
    mpg123_init();
    initialized = true;
  }
  char* filename = fuzzer_get_tmpfile(data, size);
  if (filename == NULL) {
    return 0;
  }

  size_t outmemorysize = size * 2;  // Guess based on the size of data.
  unsigned char* outmemory = (unsigned char*)malloc(outmemorysize);
  if (outmemory == NULL) {
    fuzzer_release_tmpfile(filename);
    return 0;
  }

  int error;
  mpg123_handle* handle = mpg123_new(NULL, &error);
  if (handle == NULL || mpg123_param(handle,
      MPG123_ADD_FLAGS, MPG123_QUIET, 0.) != MPG123_OK) {
    free(outmemory);
    fuzzer_release_tmpfile(filename);
    return 0;
  }

  if (mpg123_open(handle, filename) == MPG123_OK) {
    int read_error;
    do {
      size_t decoded_size;
      read_error = mpg123_read(handle, outmemory, outmemorysize, &decoded_size);
    } while (read_error == MPG123_OK && mpg123_tellframe(handle) <= 10000
          && mpg123_tell_stream(handle) <= 1<<20);
  }

  mpg123_close(handle);
  mpg123_delete(handle);
  free(outmemory);
  fuzzer_release_tmpfile(filename);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		#include <stddef.h>
2		#include <unistd.h>
3		#include <stdint.h>
4		#include <stdio.h>
5		#include <stdlib.h>
6		#include <stdbool.h>
7		#include <string.h>
8
9		#include "mpg123.h"
10
11	6.05k	static char* fuzzer_get_tmpfile(const uint8_t* data, size_t size) {
12	6.05k	char* filename_buffer = strdup("/tmp/generate_temporary_file.XXXXXX");
13	6.05k	if (!filename_buffer) {
14	0	perror("Failed to allocate file name buffer.");
15	0	abort();
16	0	}
17	6.05k	const int file_descriptor = mkstemp(filename_buffer);
18	6.05k	if (file_descriptor < 0) {
19	0	perror("Failed to make temporary file.");
20	0	abort();
21	0	}
22	6.05k	FILE* file = fdopen(file_descriptor, "wb");
23	6.05k	if (!file) {
24	0	perror("Failed to open file descriptor.");
25	0	close(file_descriptor);
26	0	abort();
27	0	}
28	6.05k	const size_t bytes_written = fwrite(data, sizeof(uint8_t), size, file);
29	6.05k	if (bytes_written < size) {
30	0	close(file_descriptor);
31	0	fprintf(stderr, "Failed to write all bytes to file (%zu out of %zu)",
32	0	bytes_written, size);
33	0	abort();
34	0	}
35	6.05k	fclose(file);
36	6.05k	return filename_buffer;
37	6.05k	}
38
39	6.05k	static void fuzzer_release_tmpfile(char* filename) {
40	6.05k	if (unlink(filename) != 0) {
41	0	perror("WARNING: Failed to delete temporary file.");
42	0	}
43	6.05k	free(filename);
44	6.05k	}
45
46	6.05k	int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
47	6.05k	static bool initialized = false;
48	6.05k	if (!initialized) {
49	1	mpg123_init();
50	1	initialized = true;
51	1	}
52	6.05k	char* filename = fuzzer_get_tmpfile(data, size);
53	6.05k	if (filename == NULL) {
54	0	return 0;
55	0	}
56
57	6.05k	size_t outmemorysize = size * 2; // Guess based on the size of data.
58	6.05k	unsigned char* outmemory = (unsigned char*)malloc(outmemorysize);
59	6.05k	if (outmemory == NULL) {
60	0	fuzzer_release_tmpfile(filename);
61	0	return 0;
62	0	}
63
64	6.05k	int error;
65	6.05k	mpg123_handle* handle = mpg123_new(NULL, &error);
66	6.05k	if (handle == NULL \|\| mpg123_param(handle,
67	6.05k	MPG123_ADD_FLAGS, MPG123_QUIET, 0.) != MPG123_OK) {
68	0	free(outmemory);
69	0	fuzzer_release_tmpfile(filename);
70	0	return 0;
71	0	}
72
73	6.05k	if (mpg123_open(handle, filename) == MPG123_OK) {
74	6.05k	int read_error;
75	6.05k	do {
76	6.05k	size_t decoded_size;
77	6.05k	read_error = mpg123_read(handle, outmemory, outmemorysize, &decoded_size);
78	6.05k	} while (read_error == MPG123_OK && mpg123_tellframe(handle) <= 10000
79	6.05k	&& mpg123_tell_stream(handle) <= 1<<20);
80	6.05k	}
81
82	6.05k	mpg123_close(handle);
83	6.05k	mpg123_delete(handle);
84	6.05k	free(outmemory);
85	6.05k	fuzzer_release_tmpfile(filename);
86	6.05k	return 0;
87	6.05k	}

Coverage Report

Created: 2023-06-07 06:25