p/liberty
1
1
Fork 0
Code Issues Pull Requests Releases Activity

Add remaining fuzzing entry points

Browse Source 
Closes #1
This commit is contained in:
Přemysl Eric Janouch
2020-10-11 21:58:56 +02:00
parent df3f53bd5c
commit c2c5031538
2 changed files with 94 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fuzz
View File

@@ -8,7 +8,7 @@ fuzz () {
echo "`tput bold`-- Fuzzing $1`tput sgr0`" echo "`tput bold`-- Fuzzing $1`tput sgr0`"
mkdir -p /tmp/corpus-$1 mkdir -p /tmp/corpus-$1
./fuzz-executor -test=$1 -artifact_prefix=$1- \ ./fuzz-executor -test=$1 -artifact_prefix=$1- \
-max_len=32 -max_total_time=600 -timeout=1 /tmp/corpus-$1 -max_total_time=600 -timeout=1 /tmp/corpus-$1
} }
if [ $# -gt 0 ]; then if [ $# -gt 0 ]; then

99
tests/fuzz.c
View File

@@ -32,6 +32,13 @@
#define LIBERTY_WANT_PROTO_MPD #define LIBERTY_WANT_PROTO_MPD
#include "../liberty.c" #include "../liberty.c"
#include "../liberty-tui.c"
static bool
app_is_character_in_locale (ucs4_t ch)
{
return ch < 128;
}
// --- UTF-8 ------------------------------------------------------------------- // --- UTF-8 -------------------------------------------------------------------
@@ -46,9 +53,14 @@ test_utf8_validate (const uint8_t *data, size_t size)
static void static void
test_base64_decode (const uint8_t *data, size_t size) test_base64_decode (const uint8_t *data, size_t size)
{ {
struct str wrap = str_make ();
str_append_data (&wrap, data, size);
struct str out = str_make (); struct str out = str_make ();
base64_decode ((const char *) data, size, &out); base64_decode (wrap.str, true /* ignore_ws */, &out);
str_free (&out); str_free (&out);
str_free (&wrap);
} }
// --- IRC --------------------------------------------------------------------- // --- IRC ---------------------------------------------------------------------
@@ -131,7 +143,7 @@ test_scgi_parser_push (const uint8_t *data, size_t size)
// --- WebSockets -------------------------------------------------------------- // --- WebSockets --------------------------------------------------------------
static bool static bool
test_websockets_on_frame_header (void *user_data, const struct ws_parser *self) test_ws_parser_on_frame_header (void *user_data, const struct ws_parser *self)
{ {
(void) user_data; (void) user_data;
(void) self; (void) self;
@@ -139,7 +151,7 @@ test_websockets_on_frame_header (void *user_data, const struct ws_parser *self)
} }
static bool static bool
test_websockets_on_frame (void *user_data, const struct ws_parser *self) test_ws_parser_on_frame (void *user_data, const struct ws_parser *self)
{ {
(void) user_data; (void) user_data;
(void) self; (void) self;
@@ -150,13 +162,84 @@ static void
test_ws_parser_push (const uint8_t *data, size_t size) test_ws_parser_push (const uint8_t *data, size_t size)
{ {
struct ws_parser parser = ws_parser_make (); struct ws_parser parser = ws_parser_make ();
parser.on_frame_header = test_websockets_on_frame_header; parser.on_frame_header = test_ws_parser_on_frame_header;
parser.on_frame = test_websockets_on_frame; parser.on_frame = test_ws_parser_on_frame;
ws_parser_push (&parser, data, size); ws_parser_push (&parser, data, size);
ws_parser_free (&parser); ws_parser_free (&parser);
} }
// --- FastCGI -----------------------------------------------------------------
static bool
test_fcgi_parser_on_message (const struct fcgi_parser *parser, void *user_data)
{
(void) parser;
(void) user_data;
return true;
}
static void
test_fcgi_parser_push (const uint8_t *data, size_t size)
{
struct fcgi_parser parser = fcgi_parser_make ();
parser.on_message = test_fcgi_parser_on_message;
fcgi_parser_push (&parser, data, size);
fcgi_parser_free (&parser);
}
static void
test_fcgi_nv_parser_push (const uint8_t *data, size_t size)
{
struct str_map values = str_map_make (free);
struct fcgi_nv_parser nv_parser = fcgi_nv_parser_make ();
nv_parser.output = &values;
fcgi_nv_parser_push (&nv_parser, data, size);
fcgi_nv_parser_free (&nv_parser);
str_map_free (&values);
}
// --- Config ------------------------------------------------------------------
static void
test_config_item_parse (const uint8_t *data, size_t size)
{
struct config_item *item =
config_item_parse ((const char *) data, size, false, NULL);
if (item)
config_item_destroy (item);
}
// --- TUI ---------------------------------------------------------------------
static void
test_attrs_decode (const uint8_t *data, size_t size)
{
struct str wrap = str_make ();
str_append_data (&wrap, data, size);
attrs_decode (wrap.str);
str_free (&wrap);
}
// --- MPD ---------------------------------------------------------------------
static void
test_mpd_client_process_input (const uint8_t *data, size_t size)
{
struct poller poller;
poller_init (&poller);
struct mpd_client mpd = mpd_client_make (&poller);
str_append_data (&mpd.read_buffer, data, size);
mpd_client_process_input (&mpd);
mpd_client_free (&mpd);
poller_free (&poller);
}
// --- Main -------------------------------------------------------------------- // --- Main --------------------------------------------------------------------
typedef void (*fuzz_test_fn) (const uint8_t *data, size_t size); typedef void (*fuzz_test_fn) (const uint8_t *data, size_t size);
@@ -180,7 +263,11 @@ LLVMFuzzerInitialize (int *argcp, char ***argvp)
REGISTER (http_parse_upgrade) REGISTER (http_parse_upgrade)
REGISTER (scgi_parser_push) REGISTER (scgi_parser_push)
REGISTER (ws_parser_push) REGISTER (ws_parser_push)
// TODO: add more parsers/processors REGISTER (fcgi_parser_push)
REGISTER (fcgi_nv_parser_push)
REGISTER (config_item_parse)
REGISTER (attrs_decode)
REGISTER (mpd_client_process_input)
char **argv = *argvp, *option = "-test=", *name = NULL; char **argv = *argvp, *option = "-test=", *name = NULL;
for (int i = 1; i < *argcp; i++) for (int i = 1; i < *argcp; i++)