fuzzing: Add a new fuzz test for g_variant_byteswap()

The behaviour of `g_variant_byteswap()` is largely dominated by its call
to `g_variant_get_normal_form()`, but it does do an additional call to
`g_variant_serialised_byteswap()` which we should probably be fuzzing.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This commit is contained in:
Philip Withnall 2022-10-27 12:13:13 +01:00
parent 16169c8773
commit 3079ca90ab
2 changed files with 42 additions and 0 deletions

View File

@ -0,0 +1,41 @@
/*
* Copyright 2018 pdknsk
* Copyright 2022 Endless OS Foundation, LLC
*
* SPDX-License-Identifier: LGPL-2.1-or-later
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include "fuzz.h"
int
LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
{
GVariant *variant = NULL, *swapped_variant = NULL;
fuzz_set_logging_func ();
variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size, FALSE,
NULL, NULL);
if (variant == NULL)
return 0;
swapped_variant = g_variant_byteswap (variant);
g_variant_get_data (swapped_variant);
g_variant_unref (swapped_variant);
g_variant_unref (variant);
return 0;
}

View File

@ -35,6 +35,7 @@ fuzz_targets = [
'fuzz_uri_parse_params',
'fuzz_uuid_string_is_valid',
'fuzz_variant_binary',
'fuzz_variant_binary_byteswap',
'fuzz_variant_text',
]