fuzz-bus-message: add fuzzer for message parsing

As with other fuzzers, SYSTEMD_FUZZ_OUTPUT=1 and SYSTEMD_LOG_LEVEL=debug can be used for debugging.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-07-07 19:30:25 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-10-02 11:09:05 +0200
commit: 56b560c26339c4b282c06038316a91509eae75fd (patch)
tree: 88907b0c7b976f64bc5da9efe5cefc4e51003962
parent: e6bad6746151c79a5f408e95714ffa5cea290ab0 (diff)
download: systemd-56b560c26339c4b282c06038316a91509eae75fd.tar.gz
3 files changed, 51 insertions, 0 deletions
diff --git a/src/fuzz/fuzz-bus-message.c b/src/fuzz/fuzz-bus-message.c
new file mode 100644
index 0000000000..9842c62a6f
--- /dev/null
+++ b/src/fuzz/fuzz-bus-message.c
@@ -0,0 +1,47 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include <errno.h>
+#include <stdio.h>
+
+#include "alloc-util.h"
+#include "bus-dump.h"
+#include "bus-message.h"
+#include "env-util.h"
+#include "fd-util.h"
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        _cleanup_free_ char *out = NULL; /* out should be freed after g */
+        size_t out_size;
+        _cleanup_fclose_ FILE *g = NULL;
+        _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+        _cleanup_free_ void *buffer = NULL;
+        int r;
+
+        /* We don't want to fill the logs with messages about parse errors.
+         * Disable most logging if not running standalone */
+        if (!getenv("SYSTEMD_LOG_LEVEL"))
+                log_set_max_level(LOG_CRIT);
+
+        r = sd_bus_new(&bus);
+        assert_se(r >= 0);
+
+        assert_se(buffer = memdup(data, size));
+
+        r = bus_message_from_malloc(bus, buffer, size, NULL, 0, NULL, &m);
+        if (r == -EBADMSG)
+                return 0;
+        assert_se(r >= 0);
+        TAKE_PTR(buffer);
+
+        if (getenv_bool("SYSTEMD_FUZZ_OUTPUT") <= 0)
+                assert_se(g = open_memstream(&out, &out_size));
+
+        bus_message_dump(m, g ?: stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
+
+        r = sd_bus_message_rewind(m, true);
+        assert_se(r >= 0);
+
+        return 0;
+}
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
index 066737c175..31ee41cbe0 100644
--- a/src/fuzz/meson.build
+++ b/src/fuzz/meson.build
@@ -1,6 +1,10 @@
 # SPDX-License-Identifier: LGPL-2.1+
 
 fuzzers += [
+        [['src/fuzz/fuzz-bus-message.c'],
+         [libshared],
+         []],
+
         [['src/fuzz/fuzz-dns-packet.c',
           dns_type_headers],
          [libsystemd_resolve_core,
diff --git a/test/fuzz/fuzz-bus-message/message1 b/test/fuzz/fuzz-bus-message/message1
new file mode 100644
index 0000000000..2df70fd7cb
--- /dev/null
+++ b/test/fuzz/fuzz-bus-message/message1
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-07-07 19:30:25 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-10-02 11:09:05 +0200
commit	56b560c26339c4b282c06038316a91509eae75fd (patch)
tree	88907b0c7b976f64bc5da9efe5cefc4e51003962
parent	e6bad6746151c79a5f408e95714ffa5cea290ab0 (diff)
download	systemd-56b560c26339c4b282c06038316a91509eae75fd.tar.gz