-
Notifications
You must be signed in to change notification settings - Fork 30
/
fuzz_fnmatch.cc
executable file
·105 lines (89 loc) · 3.22 KB
/
fuzz_fnmatch.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2017, Max Dymond, <[email protected]>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
extern "C"
{
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <unistd.h>
#include <inttypes.h>
#include <curl/curl.h>
#include "curl_fnmatch.h"
}
/* #define DEBUG(STMT) STMT */
#define DEBUG(STMT)
/**
* Fuzzing entry point. This function is passed a buffer containing a test
* case. This test case should drive the CURL fnmatch function.
*/
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
const char *string_data = (const char *)data;
const char *pattern;
const char *contents;
int pattern_len;
int fnrc;
DEBUG(printf("\nSize is %lu bytes \n", size));
/* The string requires at least two null terminators. Anything
smaller is an error. */
if(size < 2) {
DEBUG(printf("Size is too small. \n"));
goto EXIT_LABEL;
}
/* The data should be split into two strings - the pattern and the
string to match on. The data should be null-terminated. */
if(data[size - 1] != 0) {
DEBUG(printf("Not null terminated \n"));
goto EXIT_LABEL;
}
pattern_len = strnlen(string_data, size);
DEBUG(printf("Pattern length %d \n", pattern_len));
/* Check to see if the string length is valid. Because pattern_len
doesn't include a null terminator, we should check to see if the length
equals the full buffer size with or without a null terminator. */
if((pattern_len >= size - 1) ||
(string_data[pattern_len] != 0)) {
/* The string was not valid. */
DEBUG(printf("Pattern string was invalid \n"));
goto EXIT_LABEL;
}
/* Set up the pointers for the pattern and string. */
pattern = string_data;
contents = &string_data[pattern_len + 1];
/* Sanity check the size of the strings. We should have two strings
less two null terminators. */
if(strlen(contents) + pattern_len != size - 2) {
DEBUG(printf("Unexpected lengths: %lu + %d != %lu - 2 \n",
strlen(contents),
pattern_len,
size));
goto EXIT_LABEL;
}
DEBUG(printf("Pattern: '%s' \n", pattern));
DEBUG(printf("Contents: '%s' \n", contents));
/* Call the fuzz function. */
fnrc = Curl_fnmatch(NULL, pattern, contents);
(void)fnrc;
DEBUG(printf("Curl_fnmatch returned %d \n", fnrc));
EXIT_LABEL:
return 0;
}