Commit Graph

40 Commits

Author SHA1 Message Date
0e0421cfe2 fuzzing: Fix buffer overread error in the fuzz test itself
valgrind spotted this one: a read off the end of the `stop_chars` buffer
when `stop_chars_len == -1`, due to the fuzzing test not sticking to the
requirement from `g_data_input_stream_read_upto()` that `stop_chars`
must be nul-terminated if `stop_chars_len < 0`.

This can happen when reading `fuzzing/README.md`, which is done as a
smoketest when the fuzzing tests are run without the fuzzer, as normal
unit tests. In this case, it made smoke.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-22 13:18:59 +01:00
2732650bfb fuzzing: Add fuzz tests for GDataInputStream’s complex read methods
While reading a single byte or uint16 from an input stream is fairly
simple and uncontroversial, the code to read a line or read up to any of
a set of stop characters is not so trivial. People may be using
`GDataInputStream` to parse untrusted input like this, so we should
probably test that it’s robust against a variety of input conditions.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-10 12:15:30 +01:00
276889ac85 fuzzing: Add input length limits on g_string_replace() test
Limit the input size. With a short @find, and a long `init` and `replace`
it’s quite possible to hit OOM. We’re not interested in testing that — it’s
up to the caller of `g_string_replace()` to handle that. 1KB on each of the
inputs should be plenty to find any string parsing or pointer arithmetic
bugs in `g_string_replace()`.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

oss-fuzz#371233785
2024-10-05 23:01:58 +01:00
4136db0a8c fuzzing: Add simple fuzz test for g_string_replace()
Now that the implementation of it is significantly more complex,
involving pointer arithmetic, it should probably be fuzzed. It’s not an
API which is obviously used to handle untrusted input, but some users of
GLib might do so.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-09-28 22:37:53 +01:00
71801e445e gthreadedresolver: Move private testing symbols to a private header
The symbols still have to be exported from the library (since they’re
called from unit tests), but there was never any reason for them to be
in a public header.

This means they now disappear from `Gio-2.0.gir`.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #3231
2024-02-09 10:05:56 +00:00
0cfa300c00 Add fuzzing harness for g_utf8_normalize() 2023-04-14 15:50:47 +00:00
52b9af5fd9 fuzzing: do not build tests if build_tests is false 2023-03-10 12:11:11 +01:00
46259f612e fuzzing: Add a fuzz test for g_utf8_validate()
Since it’s used extensively and has to handle untrusted arbitrary binary
input.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-11-07 13:20:32 +00:00
3079ca90ab fuzzing: Add a new fuzz test for g_variant_byteswap()
The behaviour of `g_variant_byteswap()` is largely dominated by its call
to `g_variant_get_normal_form()`, but it does do an additional call to
`g_variant_serialised_byteswap()` which we should probably be fuzzing.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-10-27 12:13:13 +01:00
d0b9ebbaac meson: fix build without cpp toolchain
We don't need a cpp toolchain for building glib so lets just
automatically disable tests requiring one when not available.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
2022-07-15 12:58:41 -06:00
ee69c882e4 fuzzing: Add fuzz test for g_uuid_string_is_valid()
Another public string parsing function which I noticed while looking at
unrelated stuff.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-06-10 16:12:48 +01:00
e66277943d fuzzing: Add copyright/licensing headers to fuzzing files
The files have only been touched by a subset of three people: pdknsk,
Philip Withnall, and Marc-André Lureau. Their copyrights are assigned to
pdknsk, Endless OS Foundation and Red Hat.

The default license for GLib at the time of writing these files was (and
still is) LGPL-2.1-or-later.

`driver.c` came from LLVM and is under a different license:
https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c.
That doesn’t affect the license of GLib overall, since it’s only used
for testing during development.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1415
2022-05-18 09:49:26 +01:00
70e7161bc5 fuzzing: Only set the writer function once
This should fix fuzzing builds since commit dfb3517d.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

oss-fuzz#47108
2022-05-05 16:32:27 +01:00
fa5947d3e7 fuzzing: Add unit tests to check fuzzers
Test the fuzzers with one arbitrary input each, to ensure that they work
at a very basic level.

This should catch regressions in each of the fuzzers without having to
wait for them to be picked up by oss-fuzz.

These tests can be run using `meson test --suite fuzzing`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-05-05 14:06:57 +01:00
b1315988fc fuzzing: Fix test failure with G_DISABLE_ASSERT
https://gitlab.gnome.org/GNOME/glib/-/jobs/1875915
```
../fuzzing/fuzz_paths.c: In function ‘LLVMFuzzerTestOneInput’:
../fuzzing/fuzz_paths.c:7:16: error: variable ‘skipped_root’ set but not used [-Werror=unused-but-set-variable]
    7 |   const gchar *skipped_root;
      |                ^~~~~~~~~~~~
cc1: all warnings being treated as errors
```

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-03-08 11:52:30 +00:00
06e282e50f fuzzing: Add a fuzz test for parsing DNS records
Based on Patrick’s work to expose the parser for unit testing.

See !2134.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-12-16 11:26:03 +00:00
1a43d950b4 docs: Update various external links to use HEAD instead of master
Update several links to allow the remote to use its configured default
branch name, rather than specifying `master` as the default branch name.
This will help avoid breakage if any of these projects rename their
default branch in the future.

Fix a few of the links where they were hitting redirects or had moved.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2348
2021-06-07 14:03:48 +01:00
e2f2706539 Fix small file leak in fuzzing driver
This doesn't matter as the file is needed until right before the program
quits, but it placates Coverity.
2021-04-01 14:27:03 -05:00
c3eb4a939b fuzzing: Fix assertion failure in fuzz_paths.c
If operating on a zero-length input, the return values of
`g_path_get_basename()` and `g_path_get_dirname()` are correctly `.`.
The assertions in the test didn’t account for this.

oss-fuzz#32454

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-25 11:23:55 +00:00
1140c228ab fuzzing: Add fuzz tests for functions which parse paths
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-24 11:16:49 +00:00
1f8d8b397e Fix wrong position for static qualifier warning in fuzzing/fuzz_dbus_message.c
fuzzing/fuzz_dbus_message.c:3:1: error: ‘static’ is not at beginning of declaration
    3 | const static GDBusCapabilityFlags flags = G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
      | ^~~~~
2021-02-10 20:41:16 +01:00
0c83f05be8 fuzzing: Add more parsing flags to the GKeyFile test
To increase the coverage.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-17 12:42:54 +00:00
486a2cadbb fuzzing: Add more GUriFlags to the URI parsing test
Widen the amount of test coverage.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-17 12:03:18 +00:00
105f4a0f39 fuzzing: Add more fuzzing tests for various string parsing functions
There’s no explicit guarantee that any of these functions are safe to
use on untrusted data, but it does no harm to test them.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-08 11:07:43 +00:00
895da99694 fuzzing: Fix minor Coverity warning about return values
ftell() could theoretically fail; handle that.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1430667
2020-11-13 14:12:18 +00:00
b654eb1846 guri: Make G_URI_FLAGS_PARSE_STRICT the default
Make `G_URI_FLAGS_PARSE_RELAXED` available instead, for the
implementations which need to handle user-provided or incorrect URIs.
The default should nudge people towards being compliant with RFC 3986.

This required also adding a new `G_URI_PARAMS_PARSE_RELAXED` flag, as
previously parsing param strings *always* used relaxed mode and there
was no way to control it. Now it defaults to using strict mode, and the
new flag allows for relaxed mode to be enabled if needed.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #2149
2020-08-07 14:02:18 +01:00
ea395e3fdd uri: add a GError to the new g_uri_unescape_bytes()
Suggested-by: Matthias Clasen <mclasen@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-26 17:19:37 +04:00
4c6654dcd4 uri: add illegal_characters argument to unescape_bytes
It's not clear to me why this argument was excluded in the first place,
and Dan doesn't remember either. At least for consistency with
unescape_string, add it.

See also:
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1574#note_867283

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-15 22:03:28 +04:00
3f72a95925 uri: make g_uri_parse_params() take an error
This should be more future-proof.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-07 15:20:57 +04:00
591d8676ee uri: modify g_uri_parse_params() to take flags
This will allow to further enhance the parsing, without breaking API,
and also makes argument on call side a bit clearer than just TRUE/FALSE.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-07 15:16:22 +04:00
d022b7199b uri: change parse_params() to take a separator set
This should give a bit more flexibility, without drawbacks.

Many URI encoding accept either '&' or ';' as separators.

Change the documentation to reflect that '&' is probably more
common (http query string).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-07 15:16:12 +04:00
67ba5bfe60 fuzzing: Test g_uri_unescape_segment() as well as g_uri_unescape_bytes()
They have different `%`-encoding behaviour, and probably both deserve to
be tested.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-07-01 13:28:09 +01:00
39f8aff8f5 fuzzing: Test URI parsing with and without the strict flag
This should test a few more code paths.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-30 11:10:51 +01:00
0bf12c8bfa fuzzing: Use nul-terminated array introduced in previous commit
This fixes commit b2a6a9a434. Doh.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-30 11:08:05 +01:00
b2a6a9a434 fuzzing: Ensure input to g_uri_parse() is nul-terminated
The fuzzer will produce arbitrary binary blobs, which might not be
nul-terminated. `g_uri_parse()` has no length argument, so relies on
receiving a nul-terminated string as input. Guarantee that.

This should fix fuzzing build failures like
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23750.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-29 11:52:40 +01:00
dd11160f7f fuzzing: Add fuzz tests for GUri parsing and escaping
Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #110
2020-06-25 13:57:35 +04:00
4ccaff05a9 Fix oss-fuzz coverage link 2020-02-15 08:23:25 +00:00
92043cf077 Introduce oss_fuzz feature option 2019-03-13 11:47:36 +00:00
8b151f5055 Add useful links to fuzzing README 2018-10-11 22:11:00 +02:00
a2c09f57f6 Integrate oss-fuzz targets 2018-10-11 00:02:03 +00:00