diff --git a/fuzzing/fuzz_resolver.c b/fuzzing/fuzz_resolver.c new file mode 100644 index 000000000..d4ba4b8ba --- /dev/null +++ b/fuzzing/fuzz_resolver.c @@ -0,0 +1,53 @@ +#include "fuzz.h" +#include "gio/gnetworking.h" + +#include "../gio/gthreadedresolver.h" + +static void +test_for_rrtype (const guint8 *data, + gsize data_len, + gint rrtype) +{ + /* g_resolver_records_from_res_query() is only available on Unix */ +#ifdef G_OS_UNIX + GList *record_list = NULL; + + /* Data too long? */ + if (data_len > G_MAXSSIZE) + return; + + /* rrname is only used in error messages, so doesn’t need to vary. + * herr is used similarly, so is just set to zero. */ + record_list = g_resolver_records_from_res_query ("rrname", + rrtype, + data, + data_len, + 0, + NULL); + + g_list_free_full (record_list, (GDestroyNotify) g_variant_unref); +#endif /* G_OS_UNIX */ +} + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + const gint rrtypes_to_test[] = + { + /* See https://en.wikipedia.org/wiki/List_of_DNS_record_types */ + 33 /* SRV */, + 15 /* MX */, + 6 /* SOA */, + 2 /* NS */, + 16 /* TXT */, + 999, /* not currently a valid rrtype, to test the ‘unknown’ code path */ + }; + gsize i; + + fuzz_set_logging_func (); + + for (i = 0; i < G_N_ELEMENTS (rrtypes_to_test); i++) + test_for_rrtype (data, size, rrtypes_to_test[i]); + + return 0; +} diff --git a/fuzzing/meson.build b/fuzzing/meson.build index c60dcf446..259c6d91d 100644 --- a/fuzzing/meson.build +++ b/fuzzing/meson.build @@ -11,6 +11,7 @@ fuzz_targets = [ 'fuzz_network_address_parse', 'fuzz_network_address_parse_uri', 'fuzz_paths', + 'fuzz_resolver', 'fuzz_uri_escape', 'fuzz_uri_parse', 'fuzz_uri_parse_params',