From 84fc92635acd4d513049794fdbc574b79ac1c5d5 Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Tue, 24 Oct 2017 13:27:11 -0400 Subject: Add event_get_params to fe-fuzz --- src/fe-fuzz/Makefile.am | 2 + src/fe-fuzz/irc/Makefile.am | 1 + src/fe-fuzz/irc/core/Makefile.am | 46 ++++++++++++++++++ src/fe-fuzz/irc/core/event-get-params.c | 86 +++++++++++++++++++++++++++++++++ 4 files changed, 135 insertions(+) create mode 100644 src/fe-fuzz/irc/Makefile.am create mode 100644 src/fe-fuzz/irc/core/Makefile.am create mode 100644 src/fe-fuzz/irc/core/event-get-params.c (limited to 'src') diff --git a/src/fe-fuzz/Makefile.am b/src/fe-fuzz/Makefile.am index c11b3dbb..ae49f3df 100644 --- a/src/fe-fuzz/Makefile.am +++ b/src/fe-fuzz/Makefile.am @@ -1,3 +1,5 @@ +SUBDIRS = irc + bin_PROGRAMS = irssi-fuzz # Force link with CXX for libfuzzer support diff --git a/src/fe-fuzz/irc/Makefile.am b/src/fe-fuzz/irc/Makefile.am new file mode 100644 index 00000000..52770885 --- /dev/null +++ b/src/fe-fuzz/irc/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = core diff --git a/src/fe-fuzz/irc/core/Makefile.am b/src/fe-fuzz/irc/core/Makefile.am new file mode 100644 index 00000000..fa614abb --- /dev/null +++ b/src/fe-fuzz/irc/core/Makefile.am @@ -0,0 +1,46 @@ +bin_PROGRAMS = event-get-params-fuzz + +# Force link with CXX for libfuzzer support +CCLD=$(CXX) $(CXXFLAGS) + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/src/core/ \ + -I$(top_srcdir)/src/irc/core/ \ + -I$(top_srcdir)/src/fe-common/core/ \ + $(GLIB_CFLAGS) + +AM_DEPENDENCIES = \ + ../../../core/libcore.a \ + ../../../lib-config/libirssi_config.a \ + ../../../irc/libirc.a \ + ../../../irc/core/libirc_core.a \ + ../../../irc/dcc/libirc_dcc.a \ + ../../../irc/flood/libirc_flood.a \ + ../../../irc/notifylist/libirc_notifylist.a \ + ../../../fe-common/core/libfe_common_core.a \ + ../../../fe-common/irc/libfe_common_irc.a \ + ../../../fe-common/irc/dcc/libfe_irc_dcc.a \ + ../../../fe-common/irc/notifylist/libfe_irc_notifylist a + +LDADD = \ + ../../../irc/libirc.a \ + ../../../irc/core/libirc_core.a \ + ../../../irc/dcc/libirc_dcc.a \ + ../../../irc/flood/libirc_flood.a \ + ../../../irc/notifylist/libirc_notifylist.a \ + ../../../fe-common/core/libfe_common_core.a \ + ../../../fe-common/irc/libfe_common_irc.a \ + ../../../fe-common/irc/dcc/libfe_irc_dcc.a \ + ../../../fe-common/irc/notifylist/libfe_irc_notifylist.a \ + ../../../core/libcore.a \ + ../../../lib-config/libirssi_config.a \ + @PROG_LIBS@ \ + $(FUZZER_LIBS) + +event_get_params_fuzz_SOURCES = \ + event-get-params.c \ + $(top_srcdir)/src/fe-text/module-formats.c + +noinst_HEADERS = \ + $(top_srcdir)/src/fe-text/module-formats.h diff --git a/src/fe-fuzz/irc/core/event-get-params.c b/src/fe-fuzz/irc/core/event-get-params.c new file mode 100644 index 00000000..89eb89d2 --- /dev/null +++ b/src/fe-fuzz/irc/core/event-get-params.c @@ -0,0 +1,86 @@ +/* + event-get-params.c : irssi + + Copyright (C) 2017 Joseph Bisch + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +#include "module.h" +#include "modules-load.h" +#include "levels.h" +#include "../fe-text/module-formats.h" // need to explicitly grab from fe-text +#include "themes.h" +#include "core.h" +#include "fe-common-core.h" +#include "args.h" +#include "printtext.h" +#include "irc.h" + +#include +#include +#include +#include + +int LLVMFuzzerInitialize(int *argc, char ***argv) { + core_register_options(); + fe_common_core_register_options(); + /* no args */ + args_execute(0, NULL); + core_preinit((*argv)[0]); + core_init(); + fe_common_core_init(); + theme_register(gui_text_formats); + module_register("core", "fe-fuzz"); + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size < 1) { + return 0; + } + uint8_t count = *data; + char *copy = (char *)malloc(sizeof(char)*(size-1+1)); + memcpy(copy, data+1, size-1); + copy[size-1] = '\0'; + + char *output0; + char *output1; + char *output2; + char *output3; + char *params; + if (count % 8 == 0) { + params = event_get_params(copy, 1 | PARAM_FLAG_GETREST, &output0); + } else if (count % 8 == 1) { + params = event_get_params(copy, 2 | PARAM_FLAG_GETREST, &output0, &output1); + } else if (count % 8 == 2) { + params = event_get_params(copy, 3 | PARAM_FLAG_GETREST, &output0, &output1, &output2); + } else if (count % 8 == 3) { + params = event_get_params(copy, 4 | PARAM_FLAG_GETREST, &output0, &output1, &output2, &output3); + } else if (count % 8 == 4) { + params = event_get_params(copy, 1, &output0); + } else if (count % 8 == 5) { + params = event_get_params(copy, 2, &output0, &output1); + } else if (count % 8 == 6) { + params = event_get_params(copy, 3, &output0, &output1, &output2); + } else if (count % 8 == 7) { + params = event_get_params(copy, 4, &output0, &output1, &output2, &output3); + } else { + params = event_get_params(copy, 4, &output0, &output1, &output2, &output3); + } + g_free(params); + free(copy); + return 0; +} -- cgit v1.2.3 From f9d69597ef1e204640d5ce104061717aca0d213a Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Thu, 2 Nov 2017 11:44:57 -0400 Subject: Remove unnecessary malloc cast in fe-fuzz We compile this as C code, so the cast is unnecessary. --- src/fe-fuzz/irc/core/event-get-params.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/fe-fuzz/irc/core/event-get-params.c b/src/fe-fuzz/irc/core/event-get-params.c index 89eb89d2..fc21bbeb 100644 --- a/src/fe-fuzz/irc/core/event-get-params.c +++ b/src/fe-fuzz/irc/core/event-get-params.c @@ -52,7 +52,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return 0; } uint8_t count = *data; - char *copy = (char *)malloc(sizeof(char)*(size-1+1)); + char *copy = malloc(sizeof(char)*(size-1+1)); memcpy(copy, data+1, size-1); copy[size-1] = '\0'; -- cgit v1.2.3 From f4b89044f075038d29089435f7620a068507d80e Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Thu, 2 Nov 2017 11:48:30 -0400 Subject: Fix malloc parameter in fe-fuzz It is fairly safe to assume that sizeof(char) will always be 1 anyway and replace the size calculation with a comment explaining the calculation. --- src/fe-fuzz/irc/core/event-get-params.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/fe-fuzz/irc/core/event-get-params.c b/src/fe-fuzz/irc/core/event-get-params.c index fc21bbeb..f8060ffe 100644 --- a/src/fe-fuzz/irc/core/event-get-params.c +++ b/src/fe-fuzz/irc/core/event-get-params.c @@ -52,7 +52,8 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return 0; } uint8_t count = *data; - char *copy = malloc(sizeof(char)*(size-1+1)); + /* malloc(size) instead of size+1, because we already used one byte of data */ + char *copy = malloc(size); memcpy(copy, data+1, size-1); copy[size-1] = '\0'; -- cgit v1.2.3 From 532527ffa6a5eaccdbf607a2dc3d0e6ef884fce9 Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Thu, 2 Nov 2017 11:56:53 -0400 Subject: Use gchar and g_strndup in fe-fuzz --- src/fe-fuzz/irc/core/event-get-params.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/fe-fuzz/irc/core/event-get-params.c b/src/fe-fuzz/irc/core/event-get-params.c index f8060ffe..6266ffb6 100644 --- a/src/fe-fuzz/irc/core/event-get-params.c +++ b/src/fe-fuzz/irc/core/event-get-params.c @@ -53,9 +53,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { } uint8_t count = *data; /* malloc(size) instead of size+1, because we already used one byte of data */ - char *copy = malloc(size); - memcpy(copy, data+1, size-1); - copy[size-1] = '\0'; + gchar *copy = g_strndup((const gchar *)data+1, size-1); char *output0; char *output1; @@ -82,6 +80,6 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { params = event_get_params(copy, 4, &output0, &output1, &output2, &output3); } g_free(params); - free(copy); + g_free(copy); return 0; } -- cgit v1.2.3 From ef07b3c60c80a828f529a2075246185d7d0b5b25 Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Tue, 2 Jan 2018 20:21:07 -0500 Subject: Remove redundant if case --- src/fe-fuzz/irc/core/event-get-params.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'src') diff --git a/src/fe-fuzz/irc/core/event-get-params.c b/src/fe-fuzz/irc/core/event-get-params.c index 6266ffb6..beeca6ba 100644 --- a/src/fe-fuzz/irc/core/event-get-params.c +++ b/src/fe-fuzz/irc/core/event-get-params.c @@ -74,8 +74,6 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { params = event_get_params(copy, 2, &output0, &output1); } else if (count % 8 == 6) { params = event_get_params(copy, 3, &output0, &output1, &output2); - } else if (count % 8 == 7) { - params = event_get_params(copy, 4, &output0, &output1, &output2, &output3); } else { params = event_get_params(copy, 4, &output0, &output1, &output2, &output3); } -- cgit v1.2.3 From 15705432e1fb88d9f784cb3fc12c89f8f9164043 Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Tue, 2 Jan 2018 20:22:38 -0500 Subject: Remove outdated comment --- src/fe-fuzz/irc/core/event-get-params.c | 1 - 1 file changed, 1 deletion(-) (limited to 'src') diff --git a/src/fe-fuzz/irc/core/event-get-params.c b/src/fe-fuzz/irc/core/event-get-params.c index beeca6ba..c50b6205 100644 --- a/src/fe-fuzz/irc/core/event-get-params.c +++ b/src/fe-fuzz/irc/core/event-get-params.c @@ -52,7 +52,6 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return 0; } uint8_t count = *data; - /* malloc(size) instead of size+1, because we already used one byte of data */ gchar *copy = g_strndup((const gchar *)data+1, size-1); char *output0; -- cgit v1.2.3