• source navigation  • diff markup  • identifier search  • freetext search  • 

Sources/libubox/tests/fuzz/test-fuzz.c

  1 #include <stdio.h>
  2 #include <stdint.h>
  3 #include <stddef.h>
  4 #include <limits.h>
  5 
  6 #include "blob.h"
  7 #include "blobmsg.h"
  8 
  9 #define BLOBMSG_TYPE_TROUBLE INT_MAX
 10 
 11 static void fuzz_blobmsg_parse(const uint8_t *data, size_t size)
 12 {
 13         enum {
 14                 FOO_MESSAGE,
 15                 FOO_LIST,
 16                 FOO_TESTDATA,
 17                 __FOO_MAX
 18         };
 19 
 20         static const int blobmsg_type[] = {
 21                 BLOBMSG_TYPE_UNSPEC,
 22                 BLOBMSG_TYPE_ARRAY,
 23                 BLOBMSG_TYPE_TABLE,
 24                 BLOBMSG_TYPE_STRING,
 25                 BLOBMSG_TYPE_INT64,
 26                 BLOBMSG_TYPE_INT32,
 27                 BLOBMSG_TYPE_INT16,
 28                 BLOBMSG_TYPE_INT8,
 29                 BLOBMSG_TYPE_DOUBLE,
 30                 BLOBMSG_TYPE_TROUBLE,
 31         };
 32 
 33         static const struct blobmsg_policy foo_policy[] = {
 34                 [FOO_MESSAGE] = {
 35                         .name = "message",
 36                         .type = BLOBMSG_TYPE_STRING,
 37                 },
 38                 [FOO_LIST] = {
 39                         .name = "list",
 40                         .type = BLOBMSG_TYPE_ARRAY,
 41                 },
 42                 [FOO_TESTDATA] = {
 43                         .name = "testdata",
 44                         .type = BLOBMSG_TYPE_TABLE,
 45                 },
 46         };
 47 
 48         struct blob_attr *tb[__FOO_MAX];
 49 
 50         blobmsg_parse(foo_policy, __FOO_MAX, tb, (uint8_t *)data, size);
 51         blobmsg_parse_array(foo_policy, __FOO_MAX, tb, (uint8_t *)data, size);
 52 
 53         blobmsg_check_attr_len((struct blob_attr *)data, false, size);
 54         blobmsg_check_attr_len((struct blob_attr *)data, true, size);
 55 
 56         for (size_t i=0; i < ARRAY_SIZE(blobmsg_type); i++) {
 57                 blobmsg_check_array_len((struct blob_attr *)data, blobmsg_type[i], size);
 58                 blobmsg_check_attr_list_len((struct blob_attr *)data, blobmsg_type[i], size);
 59         }
 60 }
 61 
 62 static void fuzz_blob_parse(const uint8_t *data, size_t size)
 63 {
 64         enum {
 65                 FOO_ATTR_NESTED,
 66                 FOO_ATTR_BINARY,
 67                 FOO_ATTR_STRING,
 68                 FOO_ATTR_INT8,
 69                 FOO_ATTR_INT16,
 70                 FOO_ATTR_INT32,
 71                 FOO_ATTR_INT64,
 72                 FOO_ATTR_DOUBLE,
 73                 __FOO_ATTR_MAX
 74         };
 75 
 76 
 77         static const struct blob_attr_info foo_policy[__FOO_ATTR_MAX] = {
 78                 [FOO_ATTR_NESTED] = { .type = BLOB_ATTR_NESTED },
 79                 [FOO_ATTR_BINARY] = { .type = BLOB_ATTR_BINARY },
 80                 [FOO_ATTR_STRING] = { .type = BLOB_ATTR_STRING },
 81                 [FOO_ATTR_INT8] = { .type = BLOB_ATTR_INT8 },
 82                 [FOO_ATTR_INT16] = { .type = BLOB_ATTR_INT16 },
 83                 [FOO_ATTR_INT32] = { .type = BLOB_ATTR_INT32 },
 84                 [FOO_ATTR_INT64] = { .type = BLOB_ATTR_INT64 },
 85                 [FOO_ATTR_DOUBLE] = { .type = BLOB_ATTR_DOUBLE },
 86         };
 87 
 88         struct blob_attr *foo[__FOO_ATTR_MAX];
 89         struct blob_attr *buf = (struct blob_attr *)data;
 90 
 91         blob_parse_untrusted(buf, size, foo, foo_policy, __FOO_ATTR_MAX);
 92 }
 93 
 94 int LLVMFuzzerTestOneInput(const uint8_t *input, size_t size)
 95 {
 96         uint8_t *data;
 97 
 98         data = malloc(size);
 99         if (!data)
100                 return -1;
101 
102         memcpy(data, input, size);
103         fuzz_blob_parse(data, size);
104         fuzz_blobmsg_parse(data, size);
105         free(data);
106 
107         return 0;
108 }
109

This page was automatically generated by LXR 0.3.1.  •  OpenWrt