richardphibel / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
Source Code
GIT

Blame SOURCES/0102-fuzz-no-longer-skip-empty-files.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   8d419f4dc3eb68798cd482c3cd0228433c38c87c
  2.   SOURCES
  3.   0102-fuzz-no-longer-skip-empty-files.patch
Blob History Raw
8d419f 
From 0235f9ea3d221aba513f4b6215418bf554e02791 Mon Sep 17 00:00:00 2001
8d419f 
From: Evgeny Vereshchagin <evvers@ya.ru>
8d419f 
Date: Mon, 3 Jan 2022 12:31:07 +0000
8d419f 
Subject: [PATCH] fuzz: no longer skip empty files
8d419f
8d419f 
Empty files and empty strings seem to have triggered various
8d419f 
issues in the past so it seems they shouldn't be ignore by the
8d419f 
fuzzers just because fmemopen can't handle them.
8d419f
8d419f 
Prompted by https://github.com/systemd/systemd/pull/21939#issuecomment-1003113669
8d419f
8d419f 
(cherry picked from commit 5df66d7d68006615abb4c4d3b1ebad545af4dd72)
8d419f 
Related: #2087652
8d419f 
---
8d419f 
 src/core/fuzz-unit-file.c         | 6 +-----
8d419f 
 src/fuzz/fuzz-env-file.c          | 5 ++---
8d419f 
 src/fuzz/fuzz-hostname-setup.c    | 6 +-----
8d419f 
 src/fuzz/fuzz-json.c              | 6 +-----
8d419f 
 src/fuzz/fuzz.h                   | 9 +++++++++
8d419f 
 src/nspawn/fuzz-nspawn-oci.c      | 6 +-----
8d419f 
 src/nspawn/fuzz-nspawn-settings.c | 6 +-----
8d419f 
 7 files changed, 16 insertions(+), 28 deletions(-)
8d419f
8d419f 
diff --git a/src/core/fuzz-unit-file.c b/src/core/fuzz-unit-file.c
8d419f 
index aef29f4cf7..780dd3988d 100644
8d419f 
--- a/src/core/fuzz-unit-file.c
8d419f 
+++ b/src/core/fuzz-unit-file.c
8d419f 
@@ -2,7 +2,6 @@
8d419f
8d419f 
 #include "conf-parser.h"
8d419f 
 #include "fd-util.h"
8d419f 
-#include "fileio.h"
8d419f 
 #include "fuzz.h"
8d419f 
 #include "install.h"
8d419f 
 #include "load-fragment.h"
8d419f 
@@ -22,10 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
8d419f 
         const char *name;
8d419f 
         long offset;
8d419f
8d419f 
-        if (size == 0)
8d419f 
-                return 0;
8d419f 
-
8d419f 
-        f = fmemopen_unlocked((char*) data, size, "re");
8d419f 
+        f = data_to_file(data, size);
8d419f 
         assert_se(f);
8d419f
8d419f 
         if (read_line(f, LINE_MAX, &p) < 0)
8d419f 
diff --git a/src/fuzz/fuzz-env-file.c b/src/fuzz/fuzz-env-file.c
8d419f 
index e0dac260b0..3b3e625608 100644
8d419f 
--- a/src/fuzz/fuzz-env-file.c
8d419f 
+++ b/src/fuzz/fuzz-env-file.c
8d419f 
@@ -4,7 +4,6 @@
8d419f
8d419f 
 #include "alloc-util.h"
8d419f 
 #include "env-file.h"
8d419f 
-#include "fileio.h"
8d419f 
 #include "fd-util.h"
8d419f 
 #include "fuzz.h"
8d419f 
 #include "strv.h"
8d419f 
@@ -13,10 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
8d419f 
         _cleanup_fclose_ FILE *f = NULL;
8d419f 
         _cleanup_strv_free_ char **rl = NULL, **rlp =  NULL;
8d419f
8d419f 
-        if (size == 0 || size > 65535)
8d419f 
+        if (size > 65535)
8d419f 
                 return 0;
8d419f
8d419f 
-        f = fmemopen_unlocked((char*) data, size, "re");
8d419f 
+        f = data_to_file(data, size);
8d419f 
         assert_se(f);
8d419f
8d419f 
         /* We don't want to fill the logs with messages about parse errors.
8d419f 
diff --git a/src/fuzz/fuzz-hostname-setup.c b/src/fuzz/fuzz-hostname-setup.c
8d419f 
index b8d36da54a..d7c23eef12 100644
8d419f 
--- a/src/fuzz/fuzz-hostname-setup.c
8d419f 
+++ b/src/fuzz/fuzz-hostname-setup.c
8d419f 
@@ -2,7 +2,6 @@
8d419f
8d419f 
 #include "alloc-util.h"
8d419f 
 #include "fd-util.h"
8d419f 
-#include "fileio.h"
8d419f 
 #include "fuzz.h"
8d419f 
 #include "hostname-setup.h"
8d419f
8d419f 
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
8d419f 
         _cleanup_fclose_ FILE *f = NULL;
8d419f 
         _cleanup_free_ char *ret = NULL;
8d419f
8d419f 
-        if (size == 0)
8d419f 
-                return 0;
8d419f 
-
8d419f 
-        f = fmemopen_unlocked((char*) data, size, "re");
8d419f 
+        f = data_to_file(data, size);
8d419f 
         assert_se(f);
8d419f
8d419f 
         /* We don't want to fill the logs with messages about parse errors.
8d419f 
diff --git a/src/fuzz/fuzz-json.c b/src/fuzz/fuzz-json.c
8d419f 
index f9a0e818c4..ad7460c6fd 100644
8d419f 
--- a/src/fuzz/fuzz-json.c
8d419f 
+++ b/src/fuzz/fuzz-json.c
8d419f 
@@ -1,7 +1,6 @@
8d419f 
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
8d419f
8d419f 
 #include "alloc-util.h"
8d419f 
-#include "fileio.h"
8d419f 
 #include "fd-util.h"
8d419f 
 #include "fuzz.h"
8d419f 
 #include "json.h"
8d419f 
@@ -12,10 +11,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
8d419f 
         _cleanup_fclose_ FILE *f = NULL, *g = NULL;
8d419f 
         _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
8d419f
8d419f 
-        if (size == 0)
8d419f 
-                return 0;
8d419f 
-
8d419f 
-        f = fmemopen_unlocked((char*) data, size, "re");
8d419f 
+        f = data_to_file(data, size);
8d419f 
         assert_se(f);
8d419f
8d419f 
         if (json_parse_file(f, NULL, 0, &v, NULL, NULL) < 0)
8d419f 
diff --git a/src/fuzz/fuzz.h b/src/fuzz/fuzz.h
8d419f 
index 579b0eed73..d7cbb0bb16 100644
8d419f 
--- a/src/fuzz/fuzz.h
8d419f 
+++ b/src/fuzz/fuzz.h
8d419f 
@@ -4,5 +4,14 @@
8d419f 
 #include <stddef.h>
8d419f 
 #include <stdint.h>
8d419f
8d419f 
+#include "fileio.h"
8d419f 
+
8d419f 
 /* The entry point into the fuzzer */
8d419f 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
8d419f 
+
8d419f 
+static inline FILE* data_to_file(const uint8_t *data, size_t size) {
8d419f 
+        if (size == 0)
8d419f 
+                return fopen("/dev/null", "re");
8d419f 
+        else
8d419f 
+                return fmemopen_unlocked((char*) data, size, "re");
8d419f 
+}
8d419f 
diff --git a/src/nspawn/fuzz-nspawn-oci.c b/src/nspawn/fuzz-nspawn-oci.c
8d419f 
index cfebf65c00..91f2a81dfc 100644
8d419f 
--- a/src/nspawn/fuzz-nspawn-oci.c
8d419f 
+++ b/src/nspawn/fuzz-nspawn-oci.c
8d419f 
@@ -2,7 +2,6 @@
8d419f
8d419f 
 #include "alloc-util.h"
8d419f 
 #include "fd-util.h"
8d419f 
-#include "fileio.h"
8d419f 
 #include "fuzz.h"
8d419f 
 #include "nspawn-oci.h"
8d419f
8d419f 
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
8d419f 
         _cleanup_fclose_ FILE *f = NULL;
8d419f 
         _cleanup_(settings_freep) Settings *s = NULL;
8d419f
8d419f 
-        if (size == 0)
8d419f 
-                return 0;
8d419f 
-
8d419f 
-        f = fmemopen_unlocked((char*) data, size, "re");
8d419f 
+        f = data_to_file(data, size);
8d419f 
         assert_se(f);
8d419f
8d419f 
         /* We don't want to fill the logs with messages about parse errors.
8d419f 
diff --git a/src/nspawn/fuzz-nspawn-settings.c b/src/nspawn/fuzz-nspawn-settings.c
8d419f 
index bd98ed26e8..6b91e1506e 100644
8d419f 
--- a/src/nspawn/fuzz-nspawn-settings.c
8d419f 
+++ b/src/nspawn/fuzz-nspawn-settings.c
8d419f 
@@ -2,7 +2,6 @@
8d419f
8d419f 
 #include "alloc-util.h"
8d419f 
 #include "fd-util.h"
8d419f 
-#include "fileio.h"
8d419f 
 #include "fuzz.h"
8d419f 
 #include "nspawn-settings.h"
8d419f
8d419f 
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
8d419f 
         _cleanup_fclose_ FILE *f = NULL;
8d419f 
         _cleanup_(settings_freep) Settings *s = NULL;
8d419f
8d419f 
-        if (size == 0)
8d419f 
-                return 0;
8d419f 
-
8d419f 
-        f = fmemopen_unlocked((char*) data, size, "re");
8d419f 
+        f = data_to_file(data, size);
8d419f 
         assert_se(f);
8d419f
8d419f 
         /* We don't want to fill the logs with messages about parse errors.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation