Lagom+LibELF: Add an ELF fuzzer, and tweak the code to survive a few minutes of fuzzing (#3071)

If a buffer smaller than Elf32_Ehdr was passed to Image, header()
would do an out-of-bounds read.

Make parse() check for that. Make most Image methods assert that the image
is_valid(). For that to work, set m_valid early in Image::parse()
instead of only at its end.

Also reorder a few things so that the fuzzer doesn't hit (valid)
assertions, which were harmless from a security PoV but which still
allowed userspace to crash the kernel with an invalid ELF file.

Make dbgprintf()s configurable at run time so that the fuzzer doesn't
produce lots of logspam.

1 files changed, 9 insertions, 2 deletions

diff --git a/Meta/Lagom/Fuzzers/CMakeLists.txt b/Meta/Lagom/Fuzzers/CMakeLists.txt
index 0d4ffea220..cec56eccb6 100644
--- a/Meta/Lagom/Fuzzers/CMakeLists.txt
+++ b/Meta/Lagom/Fuzzers/CMakeLists.txt
@@ -1,8 +1,16 @@
+add_executable(FuzzELF FuzzELF.cpp)
+target_compile_options(FuzzELF
+    PRIVATE $<$<C_COMPILER_ID:Clang>:-g -O1 -fsanitize=fuzzer>
+    )
+target_link_libraries(FuzzELF
+    PUBLIC Lagom
+    PRIVATE $<$<C_COMPILER_ID:Clang>:-fsanitize=fuzzer>
+    )
+
 add_executable(FuzzJs FuzzJs.cpp)
 target_compile_options(FuzzJs
     PRIVATE $<$<C_COMPILER_ID:Clang>:-g -O1 -fsanitize=fuzzer>
     )
-
 target_link_libraries(FuzzJs
     PUBLIC Lagom
     PRIVATE $<$<C_COMPILER_ID:Clang>:-fsanitize=fuzzer>
@@ -12,7 +20,6 @@ add_executable(FuzzMarkdown FuzzMarkdown.cpp)
 target_compile_options(FuzzMarkdown
     PRIVATE $<$<C_COMPILER_ID:Clang>:-g -O1 -fsanitize=fuzzer>
     )
-
 target_link_libraries(FuzzMarkdown
     PUBLIC Lagom
     PRIVATE $<$<C_COMPILER_ID:Clang>:-fsanitize=fuzzer>