Commit Graph

22 Commits

Author SHA1 Message Date
Philip Withnall
c3eb4a939b fuzzing: Fix assertion failure in fuzz_paths.c
If operating on a zero-length input, the return values of
`g_path_get_basename()` and `g_path_get_dirname()` are correctly `.`.
The assertions in the test didn’t account for this.

oss-fuzz#32454

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-25 11:23:55 +00:00
Philip Withnall
1140c228ab fuzzing: Add fuzz tests for functions which parse paths
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-24 11:16:49 +00:00
Emmanuel Fleury
1f8d8b397e Fix wrong position for static qualifier warning in fuzzing/fuzz_dbus_message.c
fuzzing/fuzz_dbus_message.c:3:1: error: ‘static’ is not at beginning of declaration
    3 | const static GDBusCapabilityFlags flags = G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
      | ^~~~~
2021-02-10 20:41:16 +01:00
Philip Withnall
0c83f05be8 fuzzing: Add more parsing flags to the GKeyFile test
To increase the coverage.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-17 12:42:54 +00:00
Philip Withnall
486a2cadbb fuzzing: Add more GUriFlags to the URI parsing test
Widen the amount of test coverage.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-17 12:03:18 +00:00
Philip Withnall
105f4a0f39 fuzzing: Add more fuzzing tests for various string parsing functions
There’s no explicit guarantee that any of these functions are safe to
use on untrusted data, but it does no harm to test them.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-08 11:07:43 +00:00
Philip Withnall
895da99694 fuzzing: Fix minor Coverity warning about return values
ftell() could theoretically fail; handle that.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1430667
2020-11-13 14:12:18 +00:00
Philip Withnall
b654eb1846 guri: Make G_URI_FLAGS_PARSE_STRICT the default
Make `G_URI_FLAGS_PARSE_RELAXED` available instead, for the
implementations which need to handle user-provided or incorrect URIs.
The default should nudge people towards being compliant with RFC 3986.

This required also adding a new `G_URI_PARAMS_PARSE_RELAXED` flag, as
previously parsing param strings *always* used relaxed mode and there
was no way to control it. Now it defaults to using strict mode, and the
new flag allows for relaxed mode to be enabled if needed.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Fixes: #2149
2020-08-07 14:02:18 +01:00
Marc-André Lureau
ea395e3fdd uri: add a GError to the new g_uri_unescape_bytes()
Suggested-by: Matthias Clasen <mclasen@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-26 17:19:37 +04:00
Marc-André Lureau
4c6654dcd4 uri: add illegal_characters argument to unescape_bytes
It's not clear to me why this argument was excluded in the first place,
and Dan doesn't remember either. At least for consistency with
unescape_string, add it.

See also:
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1574#note_867283

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-15 22:03:28 +04:00
Marc-André Lureau
3f72a95925 uri: make g_uri_parse_params() take an error
This should be more future-proof.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-07 15:20:57 +04:00
Marc-André Lureau
591d8676ee uri: modify g_uri_parse_params() to take flags
This will allow to further enhance the parsing, without breaking API,
and also makes argument on call side a bit clearer than just TRUE/FALSE.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-07 15:16:22 +04:00
Marc-André Lureau
d022b7199b uri: change parse_params() to take a separator set
This should give a bit more flexibility, without drawbacks.

Many URI encoding accept either '&' or ';' as separators.

Change the documentation to reflect that '&' is probably more
common (http query string).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2020-07-07 15:16:12 +04:00
Philip Withnall
67ba5bfe60 fuzzing: Test g_uri_unescape_segment() as well as g_uri_unescape_bytes()
They have different `%`-encoding behaviour, and probably both deserve to
be tested.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-07-01 13:28:09 +01:00
Philip Withnall
39f8aff8f5 fuzzing: Test URI parsing with and without the strict flag
This should test a few more code paths.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-30 11:10:51 +01:00
Philip Withnall
0bf12c8bfa fuzzing: Use nul-terminated array introduced in previous commit
This fixes commit b2a6a9a434. Doh.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-30 11:08:05 +01:00
Philip Withnall
b2a6a9a434 fuzzing: Ensure input to g_uri_parse() is nul-terminated
The fuzzer will produce arbitrary binary blobs, which might not be
nul-terminated. `g_uri_parse()` has no length argument, so relies on
receiving a nul-terminated string as input. Guarantee that.

This should fix fuzzing build failures like
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23750.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-06-29 11:52:40 +01:00
Philip Withnall
dd11160f7f fuzzing: Add fuzz tests for GUri parsing and escaping
Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #110
2020-06-25 13:57:35 +04:00
pdknsk
4ccaff05a9 Fix oss-fuzz coverage link 2020-02-15 08:23:25 +00:00
pdknsk
92043cf077 Introduce oss_fuzz feature option 2019-03-13 11:47:36 +00:00
pdknsk
8b151f5055 Add useful links to fuzzing README 2018-10-11 22:11:00 +02:00
pdknsk
a2c09f57f6 Integrate oss-fuzz targets 2018-10-11 00:02:03 +00:00