From f06002981d2bd2a582d2252f7d509205bcc2a9ed Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 26 Dec 2021 23:26:56 +0000 Subject: [PATCH] tests: add fuzz-bcd (cherry picked from commit 4b65fc8725fa169bf870eb022d7b346796977c21) Related: #2017035 --- src/boot/efi/fuzz-bcd.c | 26 ++++++++++++++++++++++++++ src/boot/efi/meson.build | 3 +++ tools/oss-fuzz.sh | 16 ++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 src/boot/efi/fuzz-bcd.c diff --git a/src/boot/efi/fuzz-bcd.c b/src/boot/efi/fuzz-bcd.c new file mode 100644 index 0000000000..e5ed6638a4 --- /dev/null +++ b/src/boot/efi/fuzz-bcd.c @@ -0,0 +1,26 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "alloc-util.h" +#include "fd-util.h" +#include "fuzz.h" +#include "utf8.h" + +#include "bcd.c" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + _cleanup_free_ void *p = NULL; + + /* This limit was borrowed from src/boot/efi/boot.c */ + if (size > 100*1024) + return 0; + + if (!getenv("SYSTEMD_LOG_LEVEL")) + log_set_max_level(LOG_CRIT); + + p = memdup(data, size); + assert_se(p); + + char16_t *title = get_bcd_title(p, size); + assert_se(!title || char16_strlen(title) >= 0); + return 0; +} diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 16b34f0ac2..229771026d 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -358,6 +358,9 @@ if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64'] [], 'HAVE_ZSTD'], ] + fuzzers += [ + [['src/boot/efi/fuzz-bcd.c']], + ] endif systemd_boot_objects = [] diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh index 8a19da665e..ae57fc25d5 100755 --- a/tools/oss-fuzz.sh +++ b/tools/oss-fuzz.sh @@ -36,6 +36,13 @@ else apt-get install -y gperf m4 gettext python3-pip \ libcap-dev libmount-dev libkmod-dev \ pkg-config wget python3-jinja2 + + # gnu-efi is installed here to enable -Dgnu-efi behind which fuzz-bcd + # is hidden. It isn't linked against efi. It doesn't + # even include "efi.h" because "bcd.c" can work in "unit test" mode + # where it isn't necessary. + apt-get install -y gnu-efi zstd + pip3 install -r .github/workflows/requirements.txt --require-hashes # https://github.com/google/oss-fuzz/issues/6868 @@ -56,6 +63,15 @@ fi ninja -v -C "$build" fuzzers +# Compressed BCD files are kept in test/test-bcd so let's unpack them +# and put them all in the seed corpus. +bcd=$(mktemp -d) +for i in test/test-bcd/*.zst; do + unzstd "$i" -o "$bcd/$(basename "${i%.zst}")"; +done +zip -jqr "$OUT/fuzz-bcd_seed_corpus.zip" "$bcd" +rm -rf "$bcd" + # The seed corpus is a separate flat archive for each fuzzer, # with a fixed name ${fuzzer}_seed_corpus.zip. for d in "$(dirname "$0")/../test/fuzz/fuzz-"*; do