diff options
| author | Evgeny Vereshchagin <evvers@ya.ru> | 2022-01-03 12:31:07 +0000 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-01-04 09:26:26 +0100 |
| commit | 5df66d7d68006615abb4c4d3b1ebad545af4dd72 (patch) | |
| tree | 9eb17e7d3061239c8eef09d2af49984dc1c1beb1 /src/fuzz | |
| parent | bb18c742c8131c41d1152eb387e82d788874306b (diff) | |
| download | systemd-5df66d7d68006615abb4c4d3b1ebad545af4dd72.tar.gz | |
fuzz: no longer skip empty files
Empty files and empty strings seem to have triggered various
issues in the past so it seems they shouldn't be ignore by the
fuzzers just because fmemopen can't handle them.
Prompted by https://github.com/systemd/systemd/pull/21939#issuecomment-1003113669
Diffstat (limited to 'src/fuzz')
| -rw-r--r-- | src/fuzz/fuzz-env-file.c | 5 | ||||
| -rw-r--r-- | src/fuzz/fuzz-hostname-setup.c | 6 | ||||
| -rw-r--r-- | src/fuzz/fuzz-json.c | 6 | ||||
| -rw-r--r-- | src/fuzz/fuzz.h | 9 |
4 files changed, 13 insertions, 13 deletions
diff --git a/src/fuzz/fuzz-env-file.c b/src/fuzz/fuzz-env-file.c index e0dac260b0..3b3e625608 100644 --- a/src/fuzz/fuzz-env-file.c +++ b/src/fuzz/fuzz-env-file.c @@ -4,7 +4,6 @@ #include "alloc-util.h" #include "env-file.h" -#include "fileio.h" #include "fd-util.h" #include "fuzz.h" #include "strv.h" @@ -13,10 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_fclose_ FILE *f = NULL; _cleanup_strv_free_ char **rl = NULL, **rlp = NULL; - if (size == 0 || size > 65535) + if (size > 65535) return 0; - f = fmemopen_unlocked((char*) data, size, "re"); + f = data_to_file(data, size); assert_se(f); /* We don't want to fill the logs with messages about parse errors. diff --git a/src/fuzz/fuzz-hostname-setup.c b/src/fuzz/fuzz-hostname-setup.c index b8d36da54a..d7c23eef12 100644 --- a/src/fuzz/fuzz-hostname-setup.c +++ b/src/fuzz/fuzz-hostname-setup.c @@ -2,7 +2,6 @@ #include "alloc-util.h" #include "fd-util.h" -#include "fileio.h" #include "fuzz.h" #include "hostname-setup.h" @@ -10,10 +9,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_fclose_ FILE *f = NULL; _cleanup_free_ char *ret = NULL; - if (size == 0) - return 0; - - f = fmemopen_unlocked((char*) data, size, "re"); + f = data_to_file(data, size); assert_se(f); /* We don't want to fill the logs with messages about parse errors. diff --git a/src/fuzz/fuzz-json.c b/src/fuzz/fuzz-json.c index f9a0e818c4..ad7460c6fd 100644 --- a/src/fuzz/fuzz-json.c +++ b/src/fuzz/fuzz-json.c @@ -1,7 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #include "alloc-util.h" -#include "fileio.h" #include "fd-util.h" #include "fuzz.h" #include "json.h" @@ -12,10 +11,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_fclose_ FILE *f = NULL, *g = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; - if (size == 0) - return 0; - - f = fmemopen_unlocked((char*) data, size, "re"); + f = data_to_file(data, size); assert_se(f); if (json_parse_file(f, NULL, 0, &v, NULL, NULL) < 0) diff --git a/src/fuzz/fuzz.h b/src/fuzz/fuzz.h index 579b0eed73..d7cbb0bb16 100644 --- a/src/fuzz/fuzz.h +++ b/src/fuzz/fuzz.h @@ -4,5 +4,14 @@ #include <stddef.h> #include <stdint.h> +#include "fileio.h" + /* The entry point into the fuzzer */ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +static inline FILE* data_to_file(const uint8_t *data, size_t size) { + if (size == 0) + return fopen("/dev/null", "re"); + else + return fmemopen_unlocked((char*) data, size, "re"); +} |