From 3079ca90abd8ebe66b744e6b8a1fd7472a3196d3 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Thu, 27 Oct 2022 12:13:13 +0100 Subject: [PATCH] fuzzing: Add a new fuzz test for g_variant_byteswap() The behaviour of `g_variant_byteswap()` is largely dominated by its call to `g_variant_get_normal_form()`, but it does do an additional call to `g_variant_serialised_byteswap()` which we should probably be fuzzing. Signed-off-by: Philip Withnall --- fuzzing/fuzz_variant_binary_byteswap.c | 41 ++++++++++++++++++++++++++ fuzzing/meson.build | 1 + 2 files changed, 42 insertions(+) create mode 100644 fuzzing/fuzz_variant_binary_byteswap.c diff --git a/fuzzing/fuzz_variant_binary_byteswap.c b/fuzzing/fuzz_variant_binary_byteswap.c new file mode 100644 index 000000000..b33f9243e --- /dev/null +++ b/fuzzing/fuzz_variant_binary_byteswap.c @@ -0,0 +1,41 @@ +/* + * Copyright 2018 pdknsk + * Copyright 2022 Endless OS Foundation, LLC + * + * SPDX-License-Identifier: LGPL-2.1-or-later + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ + +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + GVariant *variant = NULL, *swapped_variant = NULL; + + fuzz_set_logging_func (); + + variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size, FALSE, + NULL, NULL); + if (variant == NULL) + return 0; + + swapped_variant = g_variant_byteswap (variant); + g_variant_get_data (swapped_variant); + + g_variant_unref (swapped_variant); + g_variant_unref (variant); + return 0; +} diff --git a/fuzzing/meson.build b/fuzzing/meson.build index e87abc7ec..22e4d8956 100644 --- a/fuzzing/meson.build +++ b/fuzzing/meson.build @@ -35,6 +35,7 @@ fuzz_targets = [ 'fuzz_uri_parse_params', 'fuzz_uuid_string_is_valid', 'fuzz_variant_binary', + 'fuzz_variant_binary_byteswap', 'fuzz_variant_text', ]