diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-10-30 09:02:26 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-10-30 11:04:53 +0100 |
commit | 029427043b2e0523a21f54374f872b23cf744350 (patch) | |
tree | c7f1f8d62687f226ae256844252ba4f70c9cbb17 /src/fuzz | |
parent | journal: adapt for new improved LZ4_decompress_safe_partial() (diff) | |
download | systemd-029427043b2e0523a21f54374f872b23cf744350.tar.xz systemd-029427043b2e0523a21f54374f872b23cf744350.zip |
fuzz-compress: add fuzzer for compression and decompression
Diffstat (limited to 'src/fuzz')
-rw-r--r-- | src/fuzz/fuzz-compress.c | 80 | ||||
-rw-r--r-- | src/fuzz/meson.build | 4 |
2 files changed, 84 insertions, 0 deletions
diff --git a/src/fuzz/fuzz-compress.c b/src/fuzz/fuzz-compress.c new file mode 100644 index 0000000000..9c5dfc92c0 --- /dev/null +++ b/src/fuzz/fuzz-compress.c @@ -0,0 +1,80 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#include <errno.h> + +#include "alloc-util.h" +#include "compress.h" +#include "fuzz.h" + +static int compress(int alg, + const void *src, uint64_t src_size, + void *dst, size_t dst_alloc_size, size_t *dst_size) { + + if (alg == OBJECT_COMPRESSED_LZ4) + return compress_blob_lz4(src, src_size, dst, dst_alloc_size, dst_size); + if (alg == OBJECT_COMPRESSED_XZ) + return compress_blob_xz(src, src_size, dst, dst_alloc_size, dst_size); + return -EOPNOTSUPP; +} + +typedef struct header { + uint32_t alg:2; /* We have only two compression algorithms so far, but we might add + * more in the future. Let's make this a bit wider so our fuzzer + * cases remain stable in the future. */ + uint32_t sw_len; + uint32_t sw_alloc; + uint32_t reserved[3]; /* Extra space to keep fuzz cases stable in case we need to + * add stuff in the future. */ + uint8_t data[]; +} header; + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + _cleanup_free_ void *buf = NULL, *buf2 = NULL; + int r; + + if (size < offsetof(header, data) + 1) + return 0; + + const header *h = (struct header*) data; + const size_t data_len = size - offsetof(header, data); + + int alg = h->alg; + + /* We don't want to fill the logs with messages about parse errors. + * Disable most logging if not running standalone */ + if (!getenv("SYSTEMD_LOG_LEVEL")) + log_set_max_level(LOG_CRIT); + + log_info("Using compression %s, data size=%zu", + object_compressed_to_string(alg) ?: "(none)", + data_len); + + buf = malloc(MAX(size, 128u)); /* Make the buffer a bit larger for very small data */ + if (!buf) { + log_oom(); + return 0; + } + + size_t csize; + r = compress(alg, h->data, data_len, buf, size, &csize); + if (r < 0) { + log_error_errno(r, "Compression failed: %m"); + return 0; + } + + log_debug("Compressed %zu bytes to → %zu bytes", data_len, csize); + + size_t sw_alloc = MAX(h->sw_alloc, 1u); + buf2 = malloc(sw_alloc); + if (!buf) { + log_oom(); + return 0; + } + + size_t sw_len = MIN(data_len - 1, h->sw_len); + + r = decompress_startswith(alg, buf, csize, &buf2, &sw_alloc, h->data, sw_len, h->data[sw_len]); + assert_se(r > 0); + + return 0; +} diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build index 4c23849352..3b6a7dec61 100644 --- a/src/fuzz/meson.build +++ b/src/fuzz/meson.build @@ -62,4 +62,8 @@ fuzzers += [ [libsystemd_journal_remote, libshared], []], + + [['src/fuzz/fuzz-compress.c'], + [libshared], + []], ] |