0daf48d9aa
Resolves: #2047682,#2068043,#2068131,#2073003,#2073994,#2082131,#2083493,#2087652,#2100340
188 lines
5.8 KiB
Diff
188 lines
5.8 KiB
Diff
From 0235f9ea3d221aba513f4b6215418bf554e02791 Mon Sep 17 00:00:00 2001
|
|
From: Evgeny Vereshchagin <evvers@ya.ru>
|
|
Date: Mon, 3 Jan 2022 12:31:07 +0000
|
|
Subject: [PATCH] fuzz: no longer skip empty files
|
|
|
|
Empty files and empty strings seem to have triggered various
|
|
issues in the past so it seems they shouldn't be ignore by the
|
|
fuzzers just because fmemopen can't handle them.
|
|
|
|
Prompted by https://github.com/systemd/systemd/pull/21939#issuecomment-1003113669
|
|
|
|
(cherry picked from commit 5df66d7d68006615abb4c4d3b1ebad545af4dd72)
|
|
Related: #2087652
|
|
---
|
|
src/core/fuzz-unit-file.c | 6 +-----
|
|
src/fuzz/fuzz-env-file.c | 5 ++---
|
|
src/fuzz/fuzz-hostname-setup.c | 6 +-----
|
|
src/fuzz/fuzz-json.c | 6 +-----
|
|
src/fuzz/fuzz.h | 9 +++++++++
|
|
src/nspawn/fuzz-nspawn-oci.c | 6 +-----
|
|
src/nspawn/fuzz-nspawn-settings.c | 6 +-----
|
|
7 files changed, 16 insertions(+), 28 deletions(-)
|
|
|
|
diff --git a/src/core/fuzz-unit-file.c b/src/core/fuzz-unit-file.c
|
|
index aef29f4cf7..780dd3988d 100644
|
|
--- a/src/core/fuzz-unit-file.c
|
|
+++ b/src/core/fuzz-unit-file.c
|
|
@@ -2,7 +2,6 @@
|
|
|
|
#include "conf-parser.h"
|
|
#include "fd-util.h"
|
|
-#include "fileio.h"
|
|
#include "fuzz.h"
|
|
#include "install.h"
|
|
#include "load-fragment.h"
|
|
@@ -22,10 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
const char *name;
|
|
long offset;
|
|
|
|
- if (size == 0)
|
|
- return 0;
|
|
-
|
|
- f = fmemopen_unlocked((char*) data, size, "re");
|
|
+ f = data_to_file(data, size);
|
|
assert_se(f);
|
|
|
|
if (read_line(f, LINE_MAX, &p) < 0)
|
|
diff --git a/src/fuzz/fuzz-env-file.c b/src/fuzz/fuzz-env-file.c
|
|
index e0dac260b0..3b3e625608 100644
|
|
--- a/src/fuzz/fuzz-env-file.c
|
|
+++ b/src/fuzz/fuzz-env-file.c
|
|
@@ -4,7 +4,6 @@
|
|
|
|
#include "alloc-util.h"
|
|
#include "env-file.h"
|
|
-#include "fileio.h"
|
|
#include "fd-util.h"
|
|
#include "fuzz.h"
|
|
#include "strv.h"
|
|
@@ -13,10 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
_cleanup_fclose_ FILE *f = NULL;
|
|
_cleanup_strv_free_ char **rl = NULL, **rlp = NULL;
|
|
|
|
- if (size == 0 || size > 65535)
|
|
+ if (size > 65535)
|
|
return 0;
|
|
|
|
- f = fmemopen_unlocked((char*) data, size, "re");
|
|
+ f = data_to_file(data, size);
|
|
assert_se(f);
|
|
|
|
/* We don't want to fill the logs with messages about parse errors.
|
|
diff --git a/src/fuzz/fuzz-hostname-setup.c b/src/fuzz/fuzz-hostname-setup.c
|
|
index b8d36da54a..d7c23eef12 100644
|
|
--- a/src/fuzz/fuzz-hostname-setup.c
|
|
+++ b/src/fuzz/fuzz-hostname-setup.c
|
|
@@ -2,7 +2,6 @@
|
|
|
|
#include "alloc-util.h"
|
|
#include "fd-util.h"
|
|
-#include "fileio.h"
|
|
#include "fuzz.h"
|
|
#include "hostname-setup.h"
|
|
|
|
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
_cleanup_fclose_ FILE *f = NULL;
|
|
_cleanup_free_ char *ret = NULL;
|
|
|
|
- if (size == 0)
|
|
- return 0;
|
|
-
|
|
- f = fmemopen_unlocked((char*) data, size, "re");
|
|
+ f = data_to_file(data, size);
|
|
assert_se(f);
|
|
|
|
/* We don't want to fill the logs with messages about parse errors.
|
|
diff --git a/src/fuzz/fuzz-json.c b/src/fuzz/fuzz-json.c
|
|
index f9a0e818c4..ad7460c6fd 100644
|
|
--- a/src/fuzz/fuzz-json.c
|
|
+++ b/src/fuzz/fuzz-json.c
|
|
@@ -1,7 +1,6 @@
|
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
|
|
#include "alloc-util.h"
|
|
-#include "fileio.h"
|
|
#include "fd-util.h"
|
|
#include "fuzz.h"
|
|
#include "json.h"
|
|
@@ -12,10 +11,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
_cleanup_fclose_ FILE *f = NULL, *g = NULL;
|
|
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
|
|
|
- if (size == 0)
|
|
- return 0;
|
|
-
|
|
- f = fmemopen_unlocked((char*) data, size, "re");
|
|
+ f = data_to_file(data, size);
|
|
assert_se(f);
|
|
|
|
if (json_parse_file(f, NULL, 0, &v, NULL, NULL) < 0)
|
|
diff --git a/src/fuzz/fuzz.h b/src/fuzz/fuzz.h
|
|
index 579b0eed73..d7cbb0bb16 100644
|
|
--- a/src/fuzz/fuzz.h
|
|
+++ b/src/fuzz/fuzz.h
|
|
@@ -4,5 +4,14 @@
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
|
|
+#include "fileio.h"
|
|
+
|
|
/* The entry point into the fuzzer */
|
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
|
|
+
|
|
+static inline FILE* data_to_file(const uint8_t *data, size_t size) {
|
|
+ if (size == 0)
|
|
+ return fopen("/dev/null", "re");
|
|
+ else
|
|
+ return fmemopen_unlocked((char*) data, size, "re");
|
|
+}
|
|
diff --git a/src/nspawn/fuzz-nspawn-oci.c b/src/nspawn/fuzz-nspawn-oci.c
|
|
index cfebf65c00..91f2a81dfc 100644
|
|
--- a/src/nspawn/fuzz-nspawn-oci.c
|
|
+++ b/src/nspawn/fuzz-nspawn-oci.c
|
|
@@ -2,7 +2,6 @@
|
|
|
|
#include "alloc-util.h"
|
|
#include "fd-util.h"
|
|
-#include "fileio.h"
|
|
#include "fuzz.h"
|
|
#include "nspawn-oci.h"
|
|
|
|
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
_cleanup_fclose_ FILE *f = NULL;
|
|
_cleanup_(settings_freep) Settings *s = NULL;
|
|
|
|
- if (size == 0)
|
|
- return 0;
|
|
-
|
|
- f = fmemopen_unlocked((char*) data, size, "re");
|
|
+ f = data_to_file(data, size);
|
|
assert_se(f);
|
|
|
|
/* We don't want to fill the logs with messages about parse errors.
|
|
diff --git a/src/nspawn/fuzz-nspawn-settings.c b/src/nspawn/fuzz-nspawn-settings.c
|
|
index bd98ed26e8..6b91e1506e 100644
|
|
--- a/src/nspawn/fuzz-nspawn-settings.c
|
|
+++ b/src/nspawn/fuzz-nspawn-settings.c
|
|
@@ -2,7 +2,6 @@
|
|
|
|
#include "alloc-util.h"
|
|
#include "fd-util.h"
|
|
-#include "fileio.h"
|
|
#include "fuzz.h"
|
|
#include "nspawn-settings.h"
|
|
|
|
@@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
_cleanup_fclose_ FILE *f = NULL;
|
|
_cleanup_(settings_freep) Settings *s = NULL;
|
|
|
|
- if (size == 0)
|
|
- return 0;
|
|
-
|
|
- f = fmemopen_unlocked((char*) data, size, "re");
|
|
+ f = data_to_file(data, size);
|
|
assert_se(f);
|
|
|
|
/* We don't want to fill the logs with messages about parse errors.
|