Blame SOURCES/0160-fuzz-bus-message-add-fuzzer-for-message-parsing.patch

a3e2b5
From 9a6a36b44ad131036fef5c91edc86c842c9821ba Mon Sep 17 00:00:00 2001
a3e2b5
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
a3e2b5
Date: Sat, 7 Jul 2018 19:30:25 +0200
a3e2b5
Subject: [PATCH] fuzz-bus-message: add fuzzer for message parsing
a3e2b5
a3e2b5
As with other fuzzers, SYSTEMD_FUZZ_OUTPUT=1 and SYSTEMD_LOG_LEVEL=debug can be
a3e2b5
used for debugging.
a3e2b5
a3e2b5
(cherry picked from commit 56b560c26339c4b282c06038316a91509eae75fd)
a3e2b5
a3e2b5
Resolves: #1696224
a3e2b5
---
a3e2b5
 src/fuzz/fuzz-bus-message.c         |  47 ++++++++++++++++++++++++++++
a3e2b5
 src/fuzz/meson.build                |   4 +++
a3e2b5
 test/fuzz/fuzz-bus-message/message1 | Bin 0 -> 534 bytes
a3e2b5
 3 files changed, 51 insertions(+)
a3e2b5
 create mode 100644 src/fuzz/fuzz-bus-message.c
a3e2b5
 create mode 100644 test/fuzz/fuzz-bus-message/message1
a3e2b5
a3e2b5
diff --git a/src/fuzz/fuzz-bus-message.c b/src/fuzz/fuzz-bus-message.c
a3e2b5
new file mode 100644
a3e2b5
index 0000000000..9842c62a6f
a3e2b5
--- /dev/null
a3e2b5
+++ b/src/fuzz/fuzz-bus-message.c
a3e2b5
@@ -0,0 +1,47 @@
a3e2b5
+/* SPDX-License-Identifier: LGPL-2.1+ */
a3e2b5
+
a3e2b5
+#include <errno.h>
a3e2b5
+#include <stdio.h>
a3e2b5
+
a3e2b5
+#include "alloc-util.h"
a3e2b5
+#include "bus-dump.h"
a3e2b5
+#include "bus-message.h"
a3e2b5
+#include "env-util.h"
a3e2b5
+#include "fd-util.h"
a3e2b5
+#include "fuzz.h"
a3e2b5
+
a3e2b5
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
a3e2b5
+        _cleanup_free_ char *out = NULL; /* out should be freed after g */
a3e2b5
+        size_t out_size;
a3e2b5
+        _cleanup_fclose_ FILE *g = NULL;
a3e2b5
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
a3e2b5
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
a3e2b5
+        _cleanup_free_ void *buffer = NULL;
a3e2b5
+        int r;
a3e2b5
+
a3e2b5
+        /* We don't want to fill the logs with messages about parse errors.
a3e2b5
+         * Disable most logging if not running standalone */
a3e2b5
+        if (!getenv("SYSTEMD_LOG_LEVEL"))
a3e2b5
+                log_set_max_level(LOG_CRIT);
a3e2b5
+
a3e2b5
+        r = sd_bus_new(&bus;;
a3e2b5
+        assert_se(r >= 0);
a3e2b5
+
a3e2b5
+        assert_se(buffer = memdup(data, size));
a3e2b5
+
a3e2b5
+        r = bus_message_from_malloc(bus, buffer, size, NULL, 0, NULL, &m);
a3e2b5
+        if (r == -EBADMSG)
a3e2b5
+                return 0;
a3e2b5
+        assert_se(r >= 0);
a3e2b5
+        TAKE_PTR(buffer);
a3e2b5
+
a3e2b5
+        if (getenv_bool("SYSTEMD_FUZZ_OUTPUT") <= 0)
a3e2b5
+                assert_se(g = open_memstream(&out, &out_size));
a3e2b5
+
a3e2b5
+        bus_message_dump(m, g ?: stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
a3e2b5
+
a3e2b5
+        r = sd_bus_message_rewind(m, true);
a3e2b5
+        assert_se(r >= 0);
a3e2b5
+
a3e2b5
+        return 0;
a3e2b5
+}
a3e2b5
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
a3e2b5
index 5c81ac0c5b..1dbe28e57e 100644
a3e2b5
--- a/src/fuzz/meson.build
a3e2b5
+++ b/src/fuzz/meson.build
a3e2b5
@@ -1,6 +1,10 @@
a3e2b5
 # SPDX-License-Identifier: LGPL-2.1+
a3e2b5
 
a3e2b5
 fuzzers += [
a3e2b5
+        [['src/fuzz/fuzz-bus-message.c'],
a3e2b5
+         [libshared],
a3e2b5
+         []],
a3e2b5
+
a3e2b5
         [['src/fuzz/fuzz-dns-packet.c',
a3e2b5
           dns_type_headers],
a3e2b5
          [libsystemd_resolve_core,
a3e2b5
diff --git a/test/fuzz/fuzz-bus-message/message1 b/test/fuzz/fuzz-bus-message/message1
a3e2b5
new file mode 100644
a3e2b5
index 0000000000000000000000000000000000000000..2df70fd7cb6f0e632c4d5c2358091309a5cd3edc
a3e2b5
GIT binary patch
a3e2b5
literal 534
a3e2b5
zcmZ{h!A`?442GSJjTUi2h$EV`OM6*iyZ|>&NW6m6ZC#~`RCNGV2*icg27V{4hLEuI
a3e2b5
z*Z%6nv6IG-c{fDW8PO*Z8RG~@1*A4LLPziq^|n=>fKTCf&ROnOFWhXL{-6KzKQR>*
a3e2b5
zA}kdo{MtXi^_lPUKI=U`x#dhG*Hq0
a3e2b5
zruVss?wLceSE4J#)5yVN0GffvA#~1mm{Zra+=e{w{I&z@*?J#i4Is_HhZ+f`nuHx|
a3e2b5
zld${fh;=jUB)V|NE5y2-nFH%A%GTPz>w(L%415E=fPT+(I2*knx96tO2RVnnVP6o!
a3e2b5
Yuz#WfEX)Cqd!b_JHzYppZsXhk08nC8%>V!Z
a3e2b5
a3e2b5
literal 0
a3e2b5
HcmV?d00001
a3e2b5