Merge branch 'string-replace-tests' into 'main'

fuzzing: Add simple fuzz test for g_string_replace() See merge request GNOME/glib!4315
2025-02-03 01:36:17 +01:00 · 2024-10-01 12:00:43 +00:00 · 2024-10-01 12:00:43 +00:00 · cc2b78ec47
commit cc2b78ec47
parent a083ae415b e115eafb8a
3 changed files with 54 additions and 1 deletions
--- a/.lcovrc
+++ b/.lcovrc
@ -2,7 +2,7 @@
 # See lcovrc(5)

 # Always enable branch coverage
-lcov_branch_coverage = 1
+branch_coverage = 1

 # Disable exception branch for C++:
 # https://github.com/linux-test-project/lcov/issues/209
--- a/fuzzing/fuzz_string.c
+++ b/fuzzing/fuzz_string.c
@ -0,0 +1,52 @@
+/*
+ * Copyright 2024 GNOME Foundation, Inc.
+ *
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  char **args = NULL;
+  size_t n_args;
+  const char *init, *find, *replace;
+  GString *string = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (none of the functions support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+
+  /* Split the data into three arguments. */
+  args = g_strsplit ((char *) nul_terminated_data, "|", 3);
+  n_args = g_strv_length (args);
+  init = (n_args > 0) ? args[0] : "";
+  find = (n_args > 1) ? args[1] : "";
+  replace = (n_args > 2) ? args[2] : "";
+
+  /* Test g_string_replace() and see if it crashes. */
+  string = g_string_new (init);
+  g_string_replace (string, find, replace, 0);
+  g_string_free (string, TRUE);
+
+  g_strfreev (args);
+  g_free (nul_terminated_data);
+
+  return 0;
+}
--- a/fuzzing/meson.build
+++ b/fuzzing/meson.build
@ -30,6 +30,7 @@ fuzz_targets = [
  'fuzz_network_address_parse_uri',
  'fuzz_paths',
  'fuzz_resolver',
+  'fuzz_string',
  'fuzz_uri_escape',
  'fuzz_uri_parse',
  'fuzz_uri_parse_params',