diff options
Diffstat (limited to '')
-rw-r--r-- | tests/fuzz/.gitignore | 3 | ||||
-rw-r--r-- | tests/fuzz/Makefile.in | 93 | ||||
-rw-r--r-- | tests/fuzz/ext2fs_check_directory_fuzzer.cc | 43 | ||||
-rw-r--r-- | tests/fuzz/ext2fs_image_read_write_fuzzer.cc | 135 | ||||
-rw-r--r-- | tests/fuzz/ext2fs_read_bitmap_fuzzer.cc | 108 |
5 files changed, 382 insertions, 0 deletions
diff --git a/tests/fuzz/.gitignore b/tests/fuzz/.gitignore new file mode 100644 index 0000000..381b20a --- /dev/null +++ b/tests/fuzz/.gitignore @@ -0,0 +1,3 @@ +ext2fs_check_directory_fuzzer +ext2fs_image_read_write_fuzzer +ext2fs_read_bitmap_fuzzer diff --git a/tests/fuzz/Makefile.in b/tests/fuzz/Makefile.in new file mode 100644 index 0000000..949579e --- /dev/null +++ b/tests/fuzz/Makefile.in @@ -0,0 +1,93 @@ +# +# Makefile for the tests/fuzz directory +# + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +top_builddir = ../.. +my_dir = tests/fuzz + +@MCONFIG@ + +PROGS= ext2fs_check_directory_fuzzer \ + ext2fs_image_read_write_fuzzer \ + ext2fs_read_bitmap_fuzzer + +SRCS= $(srcdir)/ext2fs_check_directory_fuzzer.cc \ + $(srcdir)/ext2fs_image_read_write_fuzzer.cc \ + $(srcdir)/ext2fs_read_bitmap_fuzzer.cc + +LOCAL_CFLAGS= @fuzzer_cflags@ +LOCAL_LDFLAGS= @fuzzer_ldflags@ + +LIBS= $(LIBEXT2FS) $(LIBCOM_ERR) $(LIBSUPPORT) +DEPLIBS= $(LIBEXT2FS) $(DEPLIBCOM_ERR) $(DEPLIBSUPPORT) + +STATIC_LIBS= $(LIBSUPPORT) $(STATIC_LIBE2P) $(STATIC_LIBEXT2FS) \ + $(STATIC_LIBCOM_ERR) +STATIC_DEPLIBS= $(DEPLIBSUPPORT) $(STATIC_LIBE2P) $(STATIC_LIBEXT2FS) \ + $(DEPSTATIC_LIBCOM_ERR) + +FUZZ_LDFLAGS= $(ALL_LDFLAGS) +FUZZ_DEP= $(STATIC_DEPLIBS) $(srcdir)/Makefile.in + +.cc.o: + $(E) " CXX $<" + $(Q) $(CXX) -c $(ALL_CFLAGS) $< -o $@ + +@FUZZING_CMT@all:: $(PROGS) + +clean:: + $(RM) -f $(PROGS) *.o + +install: + +install-strip: + +uninstall: + +mostlyclean: clean +distclean: clean + $(RM) -f .depend Makefile $(srcdir)/TAGS $(srcdir)/Makefile.in.old + +ext2fs_check_directory_fuzzer: ext2fs_check_directory_fuzzer.o $(FUZZ_DEP) + $(E) " LD $@" + $(Q) $(CXX) $(FUZZ_LDFLAGS) -o $@ $< $(STATIC_LIBS) $(SYSLIBS) + +ext2fs_image_read_write_fuzzer: ext2fs_image_read_write_fuzzer.o $(FUZZ_DEP) + $(E) " LD $@" + $(Q) $(CXX) $(FUZZ_LDFLAGS) -o $@ $< $(STATIC_LIBS) $(SYSLIBS) + +ext2fs_read_bitmap_fuzzer: ext2fs_read_bitmap_fuzzer.o $(FUZZ_DEP) + $(E) " LD $@" + $(Q) $(CXX) $(FUZZ_LDFLAGS) -o $@ $< $(STATIC_LIBS) $(SYSLIBS) + +# +++ Dependency line eater +++ +# +# Makefile dependencies follow. This must be the last section in +# the Makefile.in file +# +ext2fs_check_directory_fuzzer.o: $(srcdir)/ext2fs_check_directory_fuzzer.cc \ + $(top_srcdir)/lib/ext2fs/ext2fs.h $(top_builddir)/lib/ext2fs/ext2_types.h \ + $(top_srcdir)/lib/ext2fs/ext2_fs.h $(top_srcdir)/lib/ext2fs/ext3_extents.h \ + $(top_srcdir)/lib/et/com_err.h $(top_srcdir)/lib/ext2fs/ext2_io.h \ + $(top_builddir)/lib/ext2fs/ext2_err.h \ + $(top_srcdir)/lib/ext2fs/ext2_ext_attr.h $(top_srcdir)/lib/ext2fs/hashmap.h \ + $(top_srcdir)/lib/ext2fs/bitops.h +ext2fs_image_read_write_fuzzer.o: $(srcdir)/ext2fs_image_read_write_fuzzer.cc \ + $(top_srcdir)/lib/ext2fs/ext2fs.h $(top_builddir)/lib/ext2fs/ext2_types.h \ + $(top_srcdir)/lib/ext2fs/ext2_fs.h $(top_srcdir)/lib/ext2fs/ext3_extents.h \ + $(top_srcdir)/lib/et/com_err.h $(top_srcdir)/lib/ext2fs/ext2_io.h \ + $(top_builddir)/lib/ext2fs/ext2_err.h \ + $(top_srcdir)/lib/ext2fs/ext2_ext_attr.h $(top_srcdir)/lib/ext2fs/hashmap.h \ + $(top_srcdir)/lib/ext2fs/bitops.h $(top_srcdir)/lib/e2p/e2p.h \ + $(top_srcdir)/lib/support/print_fs_flags.h +ext2fs_read_bitmap_fuzzer.o: $(srcdir)/ext2fs_read_bitmap_fuzzer.cc \ + $(top_srcdir)/lib/ext2fs/ext2fs.h $(top_builddir)/lib/ext2fs/ext2_types.h \ + $(top_srcdir)/lib/ext2fs/ext2_fs.h $(top_srcdir)/lib/ext2fs/ext3_extents.h \ + $(top_srcdir)/lib/et/com_err.h $(top_srcdir)/lib/ext2fs/ext2_io.h \ + $(top_builddir)/lib/ext2fs/ext2_err.h \ + $(top_srcdir)/lib/ext2fs/ext2_ext_attr.h $(top_srcdir)/lib/ext2fs/hashmap.h \ + $(top_srcdir)/lib/ext2fs/bitops.h $(top_srcdir)/lib/e2p/e2p.h \ + $(top_srcdir)/lib/support/print_fs_flags.h diff --git a/tests/fuzz/ext2fs_check_directory_fuzzer.cc b/tests/fuzz/ext2fs_check_directory_fuzzer.cc new file mode 100644 index 0000000..61cf42f --- /dev/null +++ b/tests/fuzz/ext2fs_check_directory_fuzzer.cc @@ -0,0 +1,43 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include <stddef.h> +#include <stdint.h> +#include <fcntl.h> +#include <unistd.h> + +#include "ext2fs/ext2fs.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + static const char* fname = "/tmp/ext2_test_file"; + + // Write our data to a temp file. + int fd = open(fname, O_RDWR|O_CREAT|O_TRUNC); + write(fd, data, size); + close(fd); + + ext2_filsys fs; + errcode_t retval = ext2fs_open( + fname, + EXT2_FLAG_IGNORE_CSUM_ERRORS, 0, 0, + unix_io_manager, + &fs); + + if (!retval) { + retval = ext2fs_check_directory(fs, EXT2_ROOT_INO); + ext2fs_close(fs); + } + + return 0; +} diff --git a/tests/fuzz/ext2fs_image_read_write_fuzzer.cc b/tests/fuzz/ext2fs_image_read_write_fuzzer.cc new file mode 100644 index 0000000..8aa0cb8 --- /dev/null +++ b/tests/fuzz/ext2fs_image_read_write_fuzzer.cc @@ -0,0 +1,135 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// #define USE_FLAGS +// #define DUMP_SUPER +// #define SAVE_FS_IMAGE + +#include <stdio.h> +#include <stddef.h> +#include <stdint.h> +#include <unistd.h> +#include <assert.h> +#include <fcntl.h> +#include <sys/syscall.h> +#include <linux/memfd.h> +#include <fuzzer/FuzzedDataProvider.h> + +#include "ext2fs/ext2fs.h" +extern "C" { +#include "e2p/e2p.h" +#include "support/print_fs_flags.h" +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + + const char *progname = "ext2fs_image_read_write_fuzzer"; + add_error_table(&et_ext2_error_table); + + enum FuzzerType { + ext2fsImageBitmapRead, + ext2fsImageInodeRead, + ext2fsImageSuperRead, + ext2fsImageBitmapWrite, + ext2fsImageInodeWrite, + ext2fsImageSuperWrite, + kMaxValue = ext2fsImageSuperWrite + }; + + FuzzedDataProvider stream(data, size); + const FuzzerType f = stream.ConsumeEnum<FuzzerType>(); + int flags = stream.ConsumeIntegral<int>(); +#ifndef USE_FLAGS + flags = 0; +#endif + + static const char* fname = "/tmp/ext2_test_file"; + + // Write our data to a temp file. +#ifdef SAVE_FS_IMAGE + int fd = open(fname, O_CREAT|O_TRUNC|O_RDWR, 0644); +#else + int fd = syscall(SYS_memfd_create, fname, 0); +#endif + std::vector<char> buffer = stream.ConsumeRemainingBytes<char>(); + write(fd, buffer.data(), buffer.size()); + + std::string fspath("/proc/self/fd/" + std::to_string(fd)); + + ext2_filsys fs; +#ifdef USE_FLAGS + printf("Flags: 0x%08x ", flags); + print_fs_flags(stdout, flags); + flags &= ~EXT2_FLAG_NOFREE_ON_ERROR; +#endif + errcode_t retval = ext2fs_open( + fspath.c_str(), + flags | EXT2_FLAG_IGNORE_CSUM_ERRORS, 0, 0, + unix_io_manager, + &fs); + + if (retval) { + com_err(progname, retval, "while trying to open file system"); + } else { +#ifdef DUMP_SUPER + list_super2(fs->super, stdout); +#endif + printf("FuzzerType: %d\n", (int) f); + switch (f) { + case ext2fsImageBitmapRead: { + retval = ext2fs_image_bitmap_read(fs, fd, 0); + if (retval) + com_err(progname, retval, "while trying to read image bitmap"); + break; + } + case ext2fsImageInodeRead: { + retval = ext2fs_image_inode_read(fs, fd, 0); + if (retval) + com_err(progname, retval, "while trying to read image inode"); + break; + } + case ext2fsImageSuperRead: { + retval = ext2fs_image_super_read(fs, fd, 0); + if (retval) + com_err(progname, retval, "while trying to read image superblock"); + break; + } + case ext2fsImageBitmapWrite: { + retval = ext2fs_image_bitmap_write(fs, fd, 0); + if (retval) + com_err(progname, retval, "while trying to write image bitmap"); + break; + } + case ext2fsImageInodeWrite: { + retval = ext2fs_image_inode_write(fs, fd, 0); + if (retval) + com_err(progname, retval, "while trying to write image inode"); + break; + } + case ext2fsImageSuperWrite: { + retval = ext2fs_image_super_write(fs, fd, 0); + if (retval) + com_err(progname, retval, "while trying to write image superblock"); + break; + } + default: { + assert(false); + } + } + ext2fs_close(fs); + } + close(fd); + + return 0; +} diff --git a/tests/fuzz/ext2fs_read_bitmap_fuzzer.cc b/tests/fuzz/ext2fs_read_bitmap_fuzzer.cc new file mode 100644 index 0000000..fa3d7e7 --- /dev/null +++ b/tests/fuzz/ext2fs_read_bitmap_fuzzer.cc @@ -0,0 +1,108 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// #define USE_FLAGS +// #define DUMP_SUPER +// #define SAVE_FS_IMAGE + +#include <stdio.h> +#include <stddef.h> +#include <stdint.h> +#include <unistd.h> +#include <assert.h> +#include <fcntl.h> +#include <sys/syscall.h> +#include <linux/memfd.h> +#include <fuzzer/FuzzedDataProvider.h> + +#include "ext2fs/ext2fs.h" +extern "C" { +#include "e2p/e2p.h" +#include "support/print_fs_flags.h" +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + + const char *progname = "ext2fs_read_bitmap_fuzzer"; + add_error_table(&et_ext2_error_table); + + enum FuzzerType { + ext2fsReadBlockBitmap, + ext2fsReadInodeBitmap, + kMaxValue = ext2fsReadInodeBitmap + }; + + FuzzedDataProvider stream(data, size); + const FuzzerType f = stream.ConsumeEnum<FuzzerType>(); + int flags = stream.ConsumeIntegral<int>(); +#ifndef USE_FLAGS + flags = 0; +#endif + + static const char* fname = "/tmp/ext2_test_file"; + + // Write our data to a temp file. +#ifdef SAVE_FS_IMAGE + int fd = open(fname, O_CREAT|O_TRUNC|O_RDWR, 0644); +#else + int fd = syscall(SYS_memfd_create, fname, 0); +#endif + std::vector<char> buffer = stream.ConsumeRemainingBytes<char>(); + write(fd, buffer.data(), buffer.size()); + + std::string fspath("/proc/self/fd/" + std::to_string(fd)); + + ext2_filsys fs; +#ifdef USE_FLAGS + printf("Flags: 0x%08x ", flags); + print_fs_flags(stdout, flags); + flags &= ~EXT2_FLAG_NOFREE_ON_ERROR; +#endif + errcode_t retval = ext2fs_open( + fspath.c_str(), + flags | EXT2_FLAG_IGNORE_CSUM_ERRORS, 0, 0, + unix_io_manager, + &fs); + + if (retval) { + com_err(progname, retval, "while trying to open file system"); + } else { +#ifdef DUMP_SUPER + list_super2(fs->super, stdout); +#endif + switch (f) { + case ext2fsReadBlockBitmap: { + retval = ext2fs_read_block_bitmap(fs); + if (retval) + com_err(progname, retval, "while trying to read block bitmap"); + break; + } + case ext2fsReadInodeBitmap: { + retval = ext2fs_read_inode_bitmap(fs); + if (retval) + com_err(progname, retval, "while trying to read inode bitmap"); + break; + } + default: { + assert(false); + } + } + retval = ext2fs_close(fs); + if (retval) + com_err(progname, retval, "while trying to close file system"); + } + close(fd); + + return 0; +} |