From 2cb5c2a3f3a74fb7478648a7811ca2b6e6272311 Mon Sep 17 00:00:00 2001
From: Ran Benita <ran234@gmail.com>
Date: Sun, 11 Mar 2018 00:04:05 +0200
Subject: Add fuzzing infrastructure

Though text formats aren't exactly fuzzer's strong suit, fuzzers can
catch many surface-level bugs.

The fuzz/ directory contains target programs, testcases and dictionaries
to drive the afl fuzzer.

This commit adds a fuzzer for the XKB keymap text format and the Compose
text format. On my slow machine, using a single core, a full cycle of
the XKB fuzzer takes 5 hours. For Compose, it takes a few minutes.

Fuzzing for the other file formats (rules files mostly) will be added
later.

To do some fuzzing, run `./fuzz/fuzz.sh`.

Signed-off-by: Ran Benita <ran234@gmail.com>
---
 fuzz/compose/dict              |  8 ++++++++
 fuzz/compose/target.c          | 45 ++++++++++++++++++++++++++++++++++++++++++
 fuzz/compose/testcases/Compose |  2 ++
 3 files changed, 55 insertions(+)
 create mode 100644 fuzz/compose/dict
 create mode 100644 fuzz/compose/target.c
 create mode 100644 fuzz/compose/testcases/Compose

(limited to 'fuzz/compose')

diff --git a/fuzz/compose/dict b/fuzz/compose/dict
new file mode 100644
index 0000000..38dfe3a
--- /dev/null
+++ b/fuzz/compose/dict
@@ -0,0 +1,8 @@
+"Ctrl"
+"Lock"
+"Caps"
+"Shift"
+"Alt"
+"Meta"
+"None"
+"acute"
diff --git a/fuzz/compose/target.c b/fuzz/compose/target.c
new file mode 100644
index 0000000..69b434e
--- /dev/null
+++ b/fuzz/compose/target.c
@@ -0,0 +1,45 @@
+/*
+ * A target program for fuzzing the Compose text format.
+ *
+ * Currently, just parses an input file, and hopefully doesn't crash or hang.
+ */
+
+#include <assert.h>
+
+#include "xkbcommon/xkbcommon.h"
+#include "xkbcommon/xkbcommon-compose.h"
+
+int
+main(int argc, char *argv[])
+{
+    struct xkb_context *ctx;
+    FILE *file;
+    struct xkb_compose_table *table;
+
+    if (argc != 2) {
+        fprintf(stderr, "usage: %s <file>\n", argv[0]);
+        return 1;
+    }
+
+    ctx = xkb_context_new(XKB_CONTEXT_NO_DEFAULT_INCLUDES | XKB_CONTEXT_NO_ENVIRONMENT_NAMES);
+    assert(ctx);
+
+#ifdef __AFL_HAVE_MANUAL_CONTROL
+  __AFL_INIT();
+
+    while (__AFL_LOOP(1000))
+#endif
+    {
+        file = fopen(argv[1], "r");
+        assert(file);
+        table = xkb_compose_table_new_from_file(ctx, file,
+                                                "en_US.UTF-8",
+                                                XKB_COMPOSE_FORMAT_TEXT_V1,
+                                                XKB_COMPOSE_COMPILE_NO_FLAGS);
+        xkb_compose_table_unref(table);
+        fclose(file);
+    }
+
+    puts(table ? "OK" : "FAIL");
+    xkb_context_unref(ctx);
+}
diff --git a/fuzz/compose/testcases/Compose b/fuzz/compose/testcases/Compose
new file mode 100644
index 0000000..a62727d
--- /dev/null
+++ b/fuzz/compose/testcases/Compose
@@ -0,0 +1,2 @@
+<dead_tilde> <space> : "~" asciitilde # X
+Meta <Multi_key> !Alt ~Shift <apostrophe> <apostrophe> : "\"\'\x43\123abc" acute # Y
-- 
cgit v1.2.1