diff options
| author | Ran Benita <ran234@gmail.com> | 2018-03-11 00:04:05 +0200 |
|---|---|---|
| committer | Ran Benita <ran234@gmail.com> | 2018-07-30 10:35:10 +0300 |
| commit | 2cb5c2a3f3a74fb7478648a7811ca2b6e6272311 (patch) | |
| tree | c1d58aa95d6408690ea2a346be09387d22ee01a0 /fuzz/compose | |
| parent | a54cfe087a2b84d5cb44f4dfa0e5951f8289ca3c (diff) | |
| download | xorg-lib-libxkbcommon-2cb5c2a3f3a74fb7478648a7811ca2b6e6272311.tar.gz | |
Add fuzzing infrastructure
Though text formats aren't exactly fuzzer's strong suit, fuzzers can
catch many surface-level bugs.
The fuzz/ directory contains target programs, testcases and dictionaries
to drive the afl fuzzer.
This commit adds a fuzzer for the XKB keymap text format and the Compose
text format. On my slow machine, using a single core, a full cycle of
the XKB fuzzer takes 5 hours. For Compose, it takes a few minutes.
Fuzzing for the other file formats (rules files mostly) will be added
later.
To do some fuzzing, run `./fuzz/fuzz.sh`.
Signed-off-by: Ran Benita <ran234@gmail.com>
Diffstat (limited to 'fuzz/compose')
| -rw-r--r-- | fuzz/compose/dict | 8 | ||||
| -rw-r--r-- | fuzz/compose/target.c | 45 | ||||
| -rw-r--r-- | fuzz/compose/testcases/Compose | 2 |
3 files changed, 55 insertions, 0 deletions
diff --git a/fuzz/compose/dict b/fuzz/compose/dict new file mode 100644 index 0000000..38dfe3a --- /dev/null +++ b/fuzz/compose/dict @@ -0,0 +1,8 @@ +"Ctrl" +"Lock" +"Caps" +"Shift" +"Alt" +"Meta" +"None" +"acute" diff --git a/fuzz/compose/target.c b/fuzz/compose/target.c new file mode 100644 index 0000000..69b434e --- /dev/null +++ b/fuzz/compose/target.c @@ -0,0 +1,45 @@ +/* + * A target program for fuzzing the Compose text format. + * + * Currently, just parses an input file, and hopefully doesn't crash or hang. + */ + +#include <assert.h> + +#include "xkbcommon/xkbcommon.h" +#include "xkbcommon/xkbcommon-compose.h" + +int +main(int argc, char *argv[]) +{ + struct xkb_context *ctx; + FILE *file; + struct xkb_compose_table *table; + + if (argc != 2) { + fprintf(stderr, "usage: %s <file>\n", argv[0]); + return 1; + } + + ctx = xkb_context_new(XKB_CONTEXT_NO_DEFAULT_INCLUDES | XKB_CONTEXT_NO_ENVIRONMENT_NAMES); + assert(ctx); + +#ifdef __AFL_HAVE_MANUAL_CONTROL + __AFL_INIT(); + + while (__AFL_LOOP(1000)) +#endif + { + file = fopen(argv[1], "r"); + assert(file); + table = xkb_compose_table_new_from_file(ctx, file, + "en_US.UTF-8", + XKB_COMPOSE_FORMAT_TEXT_V1, + XKB_COMPOSE_COMPILE_NO_FLAGS); + xkb_compose_table_unref(table); + fclose(file); + } + + puts(table ? "OK" : "FAIL"); + xkb_context_unref(ctx); +} diff --git a/fuzz/compose/testcases/Compose b/fuzz/compose/testcases/Compose new file mode 100644 index 0000000..a62727d --- /dev/null +++ b/fuzz/compose/testcases/Compose @@ -0,0 +1,2 @@ +<dead_tilde> <space> : "~" asciitilde # X +Meta <Multi_key> !Alt ~Shift <apostrophe> <apostrophe> : "\"\'\x43\123abc" acute # Y |