/src/qubes-os/app-linux-input-proxy/fuzz/input-proxy-receiver_fuzzer.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * The Qubes OS Project, http://www.qubes-os.org |
3 | | * |
4 | | * Copyright (C) 2018 Marek Marczykowski-Górecki |
5 | | * <marmarek@invisiblethingslab.com> |
6 | | * |
7 | | * This program is free software; you can redistribute it and/or |
8 | | * modify it under the terms of the GNU General Public License |
9 | | * as published by the Free Software Foundation; either version 2 |
10 | | * of the License, or (at your option) any later version. |
11 | | * |
12 | | * This program is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program; if not, write to the Free Software |
19 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
20 | | * |
21 | | */ |
22 | | |
23 | | #include <unistd.h> |
24 | | #include <stdio.h> |
25 | | #include <stdint.h> |
26 | | #include "common.h" |
27 | | |
28 | | /* hardcode pipe size for speed, verify from time to time with F_GETPIPE_SZ ioctl */ |
29 | 282 | #define PIPE_SZ 65536 |
30 | | |
31 | | #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION |
32 | | #error "This file is meant only for fuzzing build" |
33 | | #endif |
34 | | |
35 | | /* too lazy to create one-line header file */ |
36 | | int input_proxy_receiver_main(int argc, char **argv); |
37 | | |
38 | 282 | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
39 | 282 | int pipe_fd[2]; |
40 | 282 | char *argv[] = { |
41 | 282 | "input-proxy-receiver", |
42 | 282 | "--mouse", |
43 | 282 | "--keyboard", |
44 | 282 | "--tablet", |
45 | 282 | "--quiet", |
46 | 282 | }; |
47 | | |
48 | 282 | if (Size > PIPE_SZ) { |
49 | | /* sorry, too large - would deadlock */ |
50 | 0 | goto out; |
51 | 0 | } |
52 | | |
53 | 282 | if (pipe(pipe_fd) == -1) { |
54 | 0 | perror("pipe"); |
55 | 0 | goto out; |
56 | 0 | } |
57 | | |
58 | 282 | if (write_all(pipe_fd[1], Data, Size) != Size) { |
59 | 0 | perror("failed to write all data to pipe"); |
60 | 0 | goto out_pipe; |
61 | 0 | } |
62 | | |
63 | | /* put pipe read end on stdin */ |
64 | 282 | if (dup2(pipe_fd[0], 0) == -1) { |
65 | 0 | perror("dup pipe to stdin"); |
66 | 0 | goto out_pipe; |
67 | 0 | } |
68 | 282 | close(pipe_fd[0]); |
69 | | /* not needed anymore since we'we written all the data */ |
70 | 282 | close(pipe_fd[1]); |
71 | | |
72 | 282 | input_proxy_receiver_main(5, argv); |
73 | 282 | return 0; |
74 | | |
75 | 0 | out_pipe: |
76 | 0 | close(pipe_fd[0]); |
77 | 0 | close(pipe_fd[1]); |
78 | 0 | out: |
79 | 0 | return 0; |
80 | 0 | } |