Commit Graph

16 Commits

Author SHA1 Message Date
Philip Withnall
4136db0a8c
fuzzing: Add simple fuzz test for g_string_replace()
Now that the implementation of it is significantly more complex,
involving pointer arithmetic, it should probably be fuzzed. It’s not an
API which is obviously used to handle untrusted input, but some users of
GLib might do so.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-09-28 22:37:53 +01:00
Todd Carson
0cfa300c00 Add fuzzing harness for g_utf8_normalize() 2023-04-14 15:50:47 +00:00
Stéphane Cerveau
52b9af5fd9 fuzzing: do not build tests if build_tests is false 2023-03-10 12:11:11 +01:00
Philip Withnall
46259f612e fuzzing: Add a fuzz test for g_utf8_validate()
Since it’s used extensively and has to handle untrusted arbitrary binary
input.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-11-07 13:20:32 +00:00
Philip Withnall
3079ca90ab fuzzing: Add a new fuzz test for g_variant_byteswap()
The behaviour of `g_variant_byteswap()` is largely dominated by its call
to `g_variant_get_normal_form()`, but it does do an additional call to
`g_variant_serialised_byteswap()` which we should probably be fuzzing.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-10-27 12:13:13 +01:00
James Hilliard
d0b9ebbaac meson: fix build without cpp toolchain
We don't need a cpp toolchain for building glib so lets just
automatically disable tests requiring one when not available.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
2022-07-15 12:58:41 -06:00
Philip Withnall
ee69c882e4 fuzzing: Add fuzz test for g_uuid_string_is_valid()
Another public string parsing function which I noticed while looking at
unrelated stuff.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-06-10 16:12:48 +01:00
Philip Withnall
e66277943d fuzzing: Add copyright/licensing headers to fuzzing files
The files have only been touched by a subset of three people: pdknsk,
Philip Withnall, and Marc-André Lureau. Their copyrights are assigned to
pdknsk, Endless OS Foundation and Red Hat.

The default license for GLib at the time of writing these files was (and
still is) LGPL-2.1-or-later.

`driver.c` came from LLVM and is under a different license:
https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c.
That doesn’t affect the license of GLib overall, since it’s only used
for testing during development.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1415
2022-05-18 09:49:26 +01:00
Philip Withnall
fa5947d3e7 fuzzing: Add unit tests to check fuzzers
Test the fuzzers with one arbitrary input each, to ensure that they work
at a very basic level.

This should catch regressions in each of the fuzzers without having to
wait for them to be picked up by oss-fuzz.

These tests can be run using `meson test --suite fuzzing`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-05-05 14:06:57 +01:00
Philip Withnall
06e282e50f fuzzing: Add a fuzz test for parsing DNS records
Based on Patrick’s work to expose the parser for unit testing.

See !2134.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-12-16 11:26:03 +00:00
Philip Withnall
1a43d950b4 docs: Update various external links to use HEAD instead of master
Update several links to allow the remote to use its configured default
branch name, rather than specifying `master` as the default branch name.
This will help avoid breakage if any of these projects rename their
default branch in the future.

Fix a few of the links where they were hitting redirects or had moved.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2348
2021-06-07 14:03:48 +01:00
Philip Withnall
1140c228ab fuzzing: Add fuzz tests for functions which parse paths
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-24 11:16:49 +00:00
Philip Withnall
105f4a0f39 fuzzing: Add more fuzzing tests for various string parsing functions
There’s no explicit guarantee that any of these functions are safe to
use on untrusted data, but it does no harm to test them.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-12-08 11:07:43 +00:00
Philip Withnall
dd11160f7f fuzzing: Add fuzz tests for GUri parsing and escaping
Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #110
2020-06-25 13:57:35 +04:00
pdknsk
92043cf077 Introduce oss_fuzz feature option 2019-03-13 11:47:36 +00:00
pdknsk
a2c09f57f6 Integrate oss-fuzz targets 2018-10-11 00:02:03 +00:00