[glib: 1/2] fuzzing: Add more fuzzing tests for various string parsing functions




commit 105f4a0f393c55bdffd30ae39414251c37182522
Author: Philip Withnall <pwithnall endlessos org>
Date:   Tue Dec 8 11:02:54 2020 +0000

    fuzzing: Add more fuzzing tests for various string parsing functions
    
    There’s no explicit guarantee that any of these functions are safe to
    use on untrusted data, but it does no harm to test them.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>

 fuzzing/fuzz_date_parse.c                          | 19 ++++++++++++++++
 fuzzing/fuzz_date_time_new_from_iso8601.c          | 25 ++++++++++++++++++++++
 fuzzing/fuzz_inet_address_mask_new_from_string.c   | 25 ++++++++++++++++++++++
 fuzzing/fuzz_inet_address_new_from_string.c        | 25 ++++++++++++++++++++++
 fuzzing/fuzz_inet_socket_address_new_from_string.c | 25 ++++++++++++++++++++++
 fuzzing/fuzz_network_address_parse.c               | 25 ++++++++++++++++++++++
 fuzzing/fuzz_network_address_parse_uri.c           | 25 ++++++++++++++++++++++
 fuzzing/meson.build                                |  7 ++++++
 8 files changed, 176 insertions(+)
---
diff --git a/fuzzing/fuzz_date_parse.c b/fuzzing/fuzz_date_parse.c
new file mode 100644
index 000000000..0a7b62eec
--- /dev/null
+++ b/fuzzing/fuzz_date_parse.c
@@ -0,0 +1,19 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GDate *date = g_date_new ();
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_date_set_parse() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  g_date_set_parse (date, (const gchar *) nul_terminated_data);
+  g_free (nul_terminated_data);
+
+  g_date_free (date);
+
+  return 0;
+}
diff --git a/fuzzing/fuzz_date_time_new_from_iso8601.c b/fuzzing/fuzz_date_time_new_from_iso8601.c
new file mode 100644
index 000000000..be53a1319
--- /dev/null
+++ b/fuzzing/fuzz_date_time_new_from_iso8601.c
@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GDateTime *dt = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  dt = g_date_time_new_from_iso8601 ((const gchar *) nul_terminated_data, NULL);
+  g_free (nul_terminated_data);
+
+  if (dt != NULL)
+    {
+      gchar *text = g_date_time_format_iso8601 (dt);
+      g_free (text);
+    }
+
+  g_clear_pointer (&dt, g_date_time_unref);
+
+  return 0;
+}
diff --git a/fuzzing/fuzz_inet_address_mask_new_from_string.c 
b/fuzzing/fuzz_inet_address_mask_new_from_string.c
new file mode 100644
index 000000000..9ac62eda4
--- /dev/null
+++ b/fuzzing/fuzz_inet_address_mask_new_from_string.c
@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GInetAddressMask *mask = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  mask = g_inet_address_mask_new_from_string ((const gchar *) nul_terminated_data, NULL);
+  g_free (nul_terminated_data);
+
+  if (mask != NULL)
+    {
+      gchar *text = g_inet_address_mask_to_string (mask);
+      g_free (text);
+    }
+
+  g_clear_object (&mask);
+
+  return 0;
+}
diff --git a/fuzzing/fuzz_inet_address_new_from_string.c b/fuzzing/fuzz_inet_address_new_from_string.c
new file mode 100644
index 000000000..af24592ac
--- /dev/null
+++ b/fuzzing/fuzz_inet_address_new_from_string.c
@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GInetAddress *addr = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  addr = g_inet_address_new_from_string ((const gchar *) nul_terminated_data);
+  g_free (nul_terminated_data);
+
+  if (addr != NULL)
+    {
+      gchar *text = g_inet_address_to_string (addr);
+      g_free (text);
+    }
+
+  g_clear_object (&addr);
+
+  return 0;
+}
diff --git a/fuzzing/fuzz_inet_socket_address_new_from_string.c 
b/fuzzing/fuzz_inet_socket_address_new_from_string.c
new file mode 100644
index 000000000..11dd16508
--- /dev/null
+++ b/fuzzing/fuzz_inet_socket_address_new_from_string.c
@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GSocketAddress *addr = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  addr = g_inet_socket_address_new_from_string ((const gchar *) nul_terminated_data, 1);
+  g_free (nul_terminated_data);
+
+  if (addr != NULL)
+    {
+      gchar *text = g_socket_connectable_to_string (G_SOCKET_CONNECTABLE (addr));
+      g_free (text);
+    }
+
+  g_clear_object (&addr);
+
+  return 0;
+}
diff --git a/fuzzing/fuzz_network_address_parse.c b/fuzzing/fuzz_network_address_parse.c
new file mode 100644
index 000000000..bda05c2f6
--- /dev/null
+++ b/fuzzing/fuzz_network_address_parse.c
@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GSocketConnectable *connectable = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_network_address_parse() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  connectable = g_network_address_parse ((const gchar *) nul_terminated_data, 1, NULL);
+  g_free (nul_terminated_data);
+
+  if (connectable != NULL)
+    {
+      gchar *text = g_socket_connectable_to_string (connectable);
+      g_free (text);
+    }
+
+  g_clear_object (&connectable);
+
+  return 0;
+}
diff --git a/fuzzing/fuzz_network_address_parse_uri.c b/fuzzing/fuzz_network_address_parse_uri.c
new file mode 100644
index 000000000..ea5113363
--- /dev/null
+++ b/fuzzing/fuzz_network_address_parse_uri.c
@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GSocketConnectable *connectable = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_network_address_parse_uri() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  connectable = g_network_address_parse_uri ((const gchar *) nul_terminated_data, 1, NULL);
+  g_free (nul_terminated_data);
+
+  if (connectable != NULL)
+    {
+      gchar *text = g_socket_connectable_to_string (connectable);
+      g_free (text);
+    }
+
+  g_clear_object (&connectable);
+
+  return 0;
+}
diff --git a/fuzzing/meson.build b/fuzzing/meson.build
index 1a591c4b7..a40321200 100644
--- a/fuzzing/meson.build
+++ b/fuzzing/meson.build
@@ -1,7 +1,14 @@
 fuzz_targets = [
   'fuzz_bookmark',
+  'fuzz_date_parse',
+  'fuzz_date_time_new_from_iso8601',
   'fuzz_dbus_message',
+  'fuzz_inet_address_mask_new_from_string',
+  'fuzz_inet_address_new_from_string',
+  'fuzz_inet_socket_address_new_from_string',
   'fuzz_key',
+  'fuzz_network_address_parse',
+  'fuzz_network_address_parse_uri',
   'fuzz_uri_escape',
   'fuzz_uri_parse',
   'fuzz_uri_parse_params',


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]