Fix STDERR closing/restoring in fuzzers

* fuzz/fuzzer.h: Add CLOSE_STDERR and RESTORE_STDERR * fuzz/wget_*_fuzzer.c: Use CLOSE_STDERR and RESTORE_STDERR
author: Tim Rühsen <tim.ruehsen@gmx.de> 2019-02-19 15:50:31 +0100
committer: Tim Rühsen <tim.ruehsen@gmx.de> 2019-02-19 15:50:34 +0100
commit: 07f9fbd0b3ee903b7779688948a534db43ca28a2 (patch)
tree: 1c09045fdce0e4838cdb03aa4130135367e38161 /fuzz
parent: 74866d9ea06bb0a5103f20b1238907445983a930 (diff)
download: wget-07f9fbd0b3ee903b7779688948a534db43ca28a2.tar.gz
9 files changed, 35 insertions, 39 deletions
diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h
index fd5e3b1a..e09668b1 100644
--- a/fuzz/fuzzer.h
+++ b/fuzz/fuzzer.h
@@ -20,6 +20,16 @@
 #include <stddef.h> // size_t
 #include <stdint.h> // uint8_t
 
+#define CLOSE_STDERR \
+	int bak = dup(STDERR_FILENO); \
+	int fd = open("/dev/null", O_WRONLY); \
+	dup2(fd, STDERR_FILENO); \
+	close(fd);
+
+#define RESTORE_STDERR \
+	dup2(bak, STDERR_FILENO); \
+	close(bak);
+
 #ifdef __cplusplus
 extern "C"
 #endif
diff --git a/fuzz/wget_cookie_fuzzer.c b/fuzz/wget_cookie_fuzzer.c
index bd6e3b2b..9ff691b6 100644
--- a/fuzz/wget_cookie_fuzzer.c
+++ b/fuzz/wget_cookie_fuzzer.c
@@ -25,6 +25,8 @@
 #include <stdio.h>  // fmemopen
 #include <string.h>  // strncmp
 #include <stdlib.h>  // free
+#include <fcntl.h>  // open flags
+#include <unistd.h>  // close
 
 #include "wget.h"
 #undef fopen_wgetrc
@@ -68,7 +70,6 @@ void exit(int status)
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-	FILE *bak;
 	struct cookie_jar *cookie_jar;
 	char *set_cookie;
 
@@ -79,8 +80,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	memcpy(set_cookie, data, size);
 	set_cookie[size] = 0;
 
-	bak = stderr;
-	stderr = fopen("/dev/null", "w");
+	CLOSE_STDERR
 
 	cookie_jar = cookie_jar_new();
 	cookie_handle_set_cookie(cookie_jar, "x", 81, "p", set_cookie);
@@ -88,10 +88,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	cookie_handle_set_cookie(cookie_jar, "x", 80, "p/d/", set_cookie);
 	cookie_jar_delete(cookie_jar);
 
-	fclose(stderr);
-	stderr = bak;
+	RESTORE_STDERR
 
-        free(set_cookie);
+	free(set_cookie);
 
 	return 0;
 }
diff --git a/fuzz/wget_css_fuzzer.c b/fuzz/wget_css_fuzzer.c
index 7ad2cf16..794e0135 100644
--- a/fuzz/wget_css_fuzzer.c
+++ b/fuzz/wget_css_fuzzer.c
@@ -91,8 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 		.document_file = NULL,
 	};
 
-	FILE *bak = stderr;
-	stderr = fopen("/dev/null", "w");
+	CLOSE_STDERR
 
 	if (setjmp(jmpbuf))
 		goto done;
@@ -102,8 +101,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	free((void *) ctx.parent_base);
 
 done:
-	fclose(stderr);
-	stderr = bak;
+	RESTORE_STDERR
 
 	return 0;
 }
diff --git a/fuzz/wget_ftpls_fuzzer.c b/fuzz/wget_ftpls_fuzzer.c
index cbdce5f5..bdc0d274 100644
--- a/fuzz/wget_ftpls_fuzzer.c
+++ b/fuzz/wget_ftpls_fuzzer.c
@@ -71,14 +71,13 @@ void exit(int status)
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-	FILE *fp, *bak;
+	FILE *fp;
 	struct fileinfo *fi;
 
 	if (size > 4096) // same as max_len = ... in .options file
 		return 0;
 
-	bak = stderr;
-	stderr = fopen("/dev/null", "w");
+	CLOSE_STDERR
 
 	fp = fmemopen((void *) data, size, "r");
 	if (!fp) return 0;
@@ -100,8 +99,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
 	fclose(fp);
 
-	fclose(stderr);
-	stderr = bak;
+	RESTORE_STDERR
 
 	return 0;
 }
diff --git a/fuzz/wget_html_fuzzer.c b/fuzz/wget_html_fuzzer.c
index 7ce34a25..70162b1b 100644
--- a/fuzz/wget_html_fuzzer.c
+++ b/fuzz/wget_html_fuzzer.c
@@ -82,13 +82,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
    struct urlpos *urls;
    struct file_memory fm;
-   FILE *bak;
 
    if (size > 4096) // same as max_len = ... in .options file
 		return 0;
 
-	bak = stderr;
-	stderr = fopen("/dev/null", "w");
+	CLOSE_STDERR
 
    fm.content = (char *) data;
    fm.length = size;
@@ -97,8 +95,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
    urls = get_urls_html_fm("xxx", &fm, "https://x.y", NULL, NULL);
 	free_urlpos(urls);
 
-	fclose(stderr);
-	stderr = bak;
+	RESTORE_STDERR
 
 	return 0;
 }
diff --git a/fuzz/wget_netrc_fuzzer.c b/fuzz/wget_netrc_fuzzer.c
index 35d627f5..20f6c32f 100644
--- a/fuzz/wget_netrc_fuzzer.c
+++ b/fuzz/wget_netrc_fuzzer.c
@@ -25,6 +25,8 @@
 #include <string.h>  // strncmp
 #include <stdlib.h>  // free
 #include <setjmp.h> // longjmp, setjmp
+#include <fcntl.h>  // open flags
+#include <unistd.h>  // close
 
 #include "wget.h"
 #undef fopen_wgetrc
@@ -68,15 +70,14 @@ void exit(int status)
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-	FILE *fp, *bak;
+	FILE *fp;
 	struct fileinfo *fi;
         const char *user = NULL, *pw = NULL;
 
 	if (size > 4096) // same as max_len = ... in .options file
 		return 0;
 
-	bak = stderr;
-	stderr = fopen("/dev/null", "w");
+	CLOSE_STDERR
 
 	fp = fmemopen((void *) data, size, "r");
 	if (!fp) return 0;
@@ -93,8 +94,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
 	fclose(fp);
 
-	fclose(stderr);
-	stderr = bak;
+	RESTORE_STDERR
 
 	return 0;
 }
diff --git a/fuzz/wget_options_fuzzer.c b/fuzz/wget_options_fuzzer.c
index 586f1308..d3063701 100644
--- a/fuzz/wget_options_fuzzer.c
+++ b/fuzz/wget_options_fuzzer.c
@@ -83,8 +83,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	g_data = data;
 	g_size = size;
 
-	FILE *bak = stderr;
-	stderr = fopen("/dev/null", "w");
+	CLOSE_STDERR
 
 	if (setjmp(jmpbuf))
 		goto done;
@@ -94,8 +93,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 done:
 	cleanup();
 
-	fclose(stderr);
-	stderr = bak;
+	RESTORE_STDERR
 
 	return 0;
 }
diff --git a/fuzz/wget_robots_fuzzer.c b/fuzz/wget_robots_fuzzer.c
index f3e4c27c..bd8100a9 100644
--- a/fuzz/wget_robots_fuzzer.c
+++ b/fuzz/wget_robots_fuzzer.c
@@ -71,14 +71,12 @@ void exit(int status)
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-	FILE *fp, *bak;
 	struct robot_specs *specs;
 
 	if (size > 4096) // same as max_len = ... in .options file
 		return 0;
 
-	bak = stderr;
-	stderr = fopen("/dev/null", "w");
+	CLOSE_STDERR
 
 	specs = res_parse((char *) data, (int) size);
 	if (!specs)
@@ -90,8 +88,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
 	res_cleanup();
 
-	fclose(stderr);
-	stderr = bak;
+	RESTORE_STDERR
 
 	return 0;
 }
diff --git a/fuzz/wget_url_fuzzer.c b/fuzz/wget_url_fuzzer.c
index d6df7495..1163f21a 100644
--- a/fuzz/wget_url_fuzzer.c
+++ b/fuzz/wget_url_fuzzer.c
@@ -25,6 +25,8 @@
 #include <string.h>  // strncmp
 #include <stdlib.h>  // free
 #include <unistd.h>  // close
+#include <fcntl.h>  // open flags
+#include <unistd.h>  // close
 
 #include "wget.h"
 #undef fopen_wgetrc
@@ -68,7 +70,6 @@ void exit(int status)
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-	FILE *bak;
 	struct url *url;
 	struct iri iri;
 	char *in;
@@ -76,8 +77,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	if (size > 4096) // same as max_len = ... in .options file
 		return 0;
 
-	bak = stderr;
-	stderr = fopen("/dev/null", "w");
+	CLOSE_STDERR
 
 	in = (char *) malloc(size + 1);
 	memcpy(in, data, size);
@@ -103,8 +103,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	free(iri.orig_url);
 	free(in);
 
-	fclose(stderr);
-	stderr = bak;
+	RESTORE_STDERR
 
 	return 0;
 }
author	Tim Rühsen <tim.ruehsen@gmx.de>	2019-02-19 15:50:31 +0100
committer	Tim Rühsen <tim.ruehsen@gmx.de>	2019-02-19 15:50:34 +0100
commit	07f9fbd0b3ee903b7779688948a534db43ca28a2 (patch)
tree	1c09045fdce0e4838cdb03aa4130135367e38161 /fuzz
parent	74866d9ea06bb0a5103f20b1238907445983a930 (diff)
download	wget-07f9fbd0b3ee903b7779688948a534db43ca28a2.tar.gz