|
|
52b84b |
From 242273e1afd456e86ebc48d7d601cb28297f8efb Mon Sep 17 00:00:00 2001
|
|
|
52b84b |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
|
52b84b |
Date: Tue, 30 Oct 2018 09:02:26 +0100
|
|
|
52b84b |
Subject: [PATCH] fuzz-compress: add fuzzer for compression and decompression
|
|
|
52b84b |
|
|
|
52b84b |
(cherry picked from commit 029427043b2e0523a21f54374f872b23cf744350)
|
|
|
52b84b |
Resolves: #1843871
|
|
|
52b84b |
---
|
|
|
52b84b |
src/fuzz/fuzz-compress.c | 80 ++++++++++++++++++++++++++++++++++++++++
|
|
|
52b84b |
src/fuzz/meson.build | 7 +++-
|
|
|
52b84b |
2 files changed, 86 insertions(+), 1 deletion(-)
|
|
|
52b84b |
create mode 100644 src/fuzz/fuzz-compress.c
|
|
|
52b84b |
|
|
|
52b84b |
diff --git a/src/fuzz/fuzz-compress.c b/src/fuzz/fuzz-compress.c
|
|
|
52b84b |
new file mode 100644
|
|
|
52b84b |
index 0000000000..9c5dfc92c0
|
|
|
52b84b |
--- /dev/null
|
|
|
52b84b |
+++ b/src/fuzz/fuzz-compress.c
|
|
|
52b84b |
@@ -0,0 +1,80 @@
|
|
|
52b84b |
+/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
52b84b |
+
|
|
|
52b84b |
+#include <errno.h>
|
|
|
52b84b |
+
|
|
|
52b84b |
+#include "alloc-util.h"
|
|
|
52b84b |
+#include "compress.h"
|
|
|
52b84b |
+#include "fuzz.h"
|
|
|
52b84b |
+
|
|
|
52b84b |
+static int compress(int alg,
|
|
|
52b84b |
+ const void *src, uint64_t src_size,
|
|
|
52b84b |
+ void *dst, size_t dst_alloc_size, size_t *dst_size) {
|
|
|
52b84b |
+
|
|
|
52b84b |
+ if (alg == OBJECT_COMPRESSED_LZ4)
|
|
|
52b84b |
+ return compress_blob_lz4(src, src_size, dst, dst_alloc_size, dst_size);
|
|
|
52b84b |
+ if (alg == OBJECT_COMPRESSED_XZ)
|
|
|
52b84b |
+ return compress_blob_xz(src, src_size, dst, dst_alloc_size, dst_size);
|
|
|
52b84b |
+ return -EOPNOTSUPP;
|
|
|
52b84b |
+}
|
|
|
52b84b |
+
|
|
|
52b84b |
+typedef struct header {
|
|
|
52b84b |
+ uint32_t alg:2; /* We have only two compression algorithms so far, but we might add
|
|
|
52b84b |
+ * more in the future. Let's make this a bit wider so our fuzzer
|
|
|
52b84b |
+ * cases remain stable in the future. */
|
|
|
52b84b |
+ uint32_t sw_len;
|
|
|
52b84b |
+ uint32_t sw_alloc;
|
|
|
52b84b |
+ uint32_t reserved[3]; /* Extra space to keep fuzz cases stable in case we need to
|
|
|
52b84b |
+ * add stuff in the future. */
|
|
|
52b84b |
+ uint8_t data[];
|
|
|
52b84b |
+} header;
|
|
|
52b84b |
+
|
|
|
52b84b |
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
|
52b84b |
+ _cleanup_free_ void *buf = NULL, *buf2 = NULL;
|
|
|
52b84b |
+ int r;
|
|
|
52b84b |
+
|
|
|
52b84b |
+ if (size < offsetof(header, data) + 1)
|
|
|
52b84b |
+ return 0;
|
|
|
52b84b |
+
|
|
|
52b84b |
+ const header *h = (struct header*) data;
|
|
|
52b84b |
+ const size_t data_len = size - offsetof(header, data);
|
|
|
52b84b |
+
|
|
|
52b84b |
+ int alg = h->alg;
|
|
|
52b84b |
+
|
|
|
52b84b |
+ /* We don't want to fill the logs with messages about parse errors.
|
|
|
52b84b |
+ * Disable most logging if not running standalone */
|
|
|
52b84b |
+ if (!getenv("SYSTEMD_LOG_LEVEL"))
|
|
|
52b84b |
+ log_set_max_level(LOG_CRIT);
|
|
|
52b84b |
+
|
|
|
52b84b |
+ log_info("Using compression %s, data size=%zu",
|
|
|
52b84b |
+ object_compressed_to_string(alg) ?: "(none)",
|
|
|
52b84b |
+ data_len);
|
|
|
52b84b |
+
|
|
|
52b84b |
+ buf = malloc(MAX(size, 128u)); /* Make the buffer a bit larger for very small data */
|
|
|
52b84b |
+ if (!buf) {
|
|
|
52b84b |
+ log_oom();
|
|
|
52b84b |
+ return 0;
|
|
|
52b84b |
+ }
|
|
|
52b84b |
+
|
|
|
52b84b |
+ size_t csize;
|
|
|
52b84b |
+ r = compress(alg, h->data, data_len, buf, size, &csize);
|
|
|
52b84b |
+ if (r < 0) {
|
|
|
52b84b |
+ log_error_errno(r, "Compression failed: %m");
|
|
|
52b84b |
+ return 0;
|
|
|
52b84b |
+ }
|
|
|
52b84b |
+
|
|
|
52b84b |
+ log_debug("Compressed %zu bytes to → %zu bytes", data_len, csize);
|
|
|
52b84b |
+
|
|
|
52b84b |
+ size_t sw_alloc = MAX(h->sw_alloc, 1u);
|
|
|
52b84b |
+ buf2 = malloc(sw_alloc);
|
|
|
52b84b |
+ if (!buf) {
|
|
|
52b84b |
+ log_oom();
|
|
|
52b84b |
+ return 0;
|
|
|
52b84b |
+ }
|
|
|
52b84b |
+
|
|
|
52b84b |
+ size_t sw_len = MIN(data_len - 1, h->sw_len);
|
|
|
52b84b |
+
|
|
|
52b84b |
+ r = decompress_startswith(alg, buf, csize, &buf2, &sw_alloc, h->data, sw_len, h->data[sw_len]);
|
|
|
52b84b |
+ assert_se(r > 0);
|
|
|
52b84b |
+
|
|
|
52b84b |
+ return 0;
|
|
|
52b84b |
+}
|
|
|
52b84b |
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
|
|
|
52b84b |
index 5315d2771c..b8d5979d3c 100644
|
|
|
52b84b |
--- a/src/fuzz/meson.build
|
|
|
52b84b |
+++ b/src/fuzz/meson.build
|
|
|
52b84b |
@@ -73,8 +73,13 @@ fuzzers += [
|
|
|
52b84b |
[libsystemd_journal_remote,
|
|
|
52b84b |
libshared],
|
|
|
52b84b |
[]],
|
|
|
52b84b |
+
|
|
|
52b84b |
[['src/fuzz/fuzz-fido-id-desc.c',
|
|
|
52b84b |
'src/udev/fido_id/fido_id_desc.c'],
|
|
|
52b84b |
[],
|
|
|
52b84b |
- []]
|
|
|
52b84b |
+ []],
|
|
|
52b84b |
+
|
|
|
52b84b |
+ [['src/fuzz/fuzz-compress.c'],
|
|
|
52b84b |
+ [libshared],
|
|
|
52b84b |
+ []],
|
|
|
52b84b |
]
|