summaryrefslogtreecommitdiffstats
path: root/tests/fuzz
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tests/fuzz/.gitignore3
-rw-r--r--tests/fuzz/Makefile.in93
-rw-r--r--tests/fuzz/ext2fs_check_directory_fuzzer.cc43
-rw-r--r--tests/fuzz/ext2fs_image_read_write_fuzzer.cc135
-rw-r--r--tests/fuzz/ext2fs_read_bitmap_fuzzer.cc108
5 files changed, 382 insertions, 0 deletions
diff --git a/tests/fuzz/.gitignore b/tests/fuzz/.gitignore
new file mode 100644
index 0000000..381b20a
--- /dev/null
+++ b/tests/fuzz/.gitignore
@@ -0,0 +1,3 @@
+ext2fs_check_directory_fuzzer
+ext2fs_image_read_write_fuzzer
+ext2fs_read_bitmap_fuzzer
diff --git a/tests/fuzz/Makefile.in b/tests/fuzz/Makefile.in
new file mode 100644
index 0000000..949579e
--- /dev/null
+++ b/tests/fuzz/Makefile.in
@@ -0,0 +1,93 @@
+#
+# Makefile for the tests/fuzz directory
+#
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+top_builddir = ../..
+my_dir = tests/fuzz
+
+@MCONFIG@
+
+PROGS= ext2fs_check_directory_fuzzer \
+ ext2fs_image_read_write_fuzzer \
+ ext2fs_read_bitmap_fuzzer
+
+SRCS= $(srcdir)/ext2fs_check_directory_fuzzer.cc \
+ $(srcdir)/ext2fs_image_read_write_fuzzer.cc \
+ $(srcdir)/ext2fs_read_bitmap_fuzzer.cc
+
+LOCAL_CFLAGS= @fuzzer_cflags@
+LOCAL_LDFLAGS= @fuzzer_ldflags@
+
+LIBS= $(LIBEXT2FS) $(LIBCOM_ERR) $(LIBSUPPORT)
+DEPLIBS= $(LIBEXT2FS) $(DEPLIBCOM_ERR) $(DEPLIBSUPPORT)
+
+STATIC_LIBS= $(LIBSUPPORT) $(STATIC_LIBE2P) $(STATIC_LIBEXT2FS) \
+ $(STATIC_LIBCOM_ERR)
+STATIC_DEPLIBS= $(DEPLIBSUPPORT) $(STATIC_LIBE2P) $(STATIC_LIBEXT2FS) \
+ $(DEPSTATIC_LIBCOM_ERR)
+
+FUZZ_LDFLAGS= $(ALL_LDFLAGS)
+FUZZ_DEP= $(STATIC_DEPLIBS) $(srcdir)/Makefile.in
+
+.cc.o:
+ $(E) " CXX $<"
+ $(Q) $(CXX) -c $(ALL_CFLAGS) $< -o $@
+
+@FUZZING_CMT@all:: $(PROGS)
+
+clean::
+ $(RM) -f $(PROGS) *.o
+
+install:
+
+install-strip:
+
+uninstall:
+
+mostlyclean: clean
+distclean: clean
+ $(RM) -f .depend Makefile $(srcdir)/TAGS $(srcdir)/Makefile.in.old
+
+ext2fs_check_directory_fuzzer: ext2fs_check_directory_fuzzer.o $(FUZZ_DEP)
+ $(E) " LD $@"
+ $(Q) $(CXX) $(FUZZ_LDFLAGS) -o $@ $< $(STATIC_LIBS) $(SYSLIBS)
+
+ext2fs_image_read_write_fuzzer: ext2fs_image_read_write_fuzzer.o $(FUZZ_DEP)
+ $(E) " LD $@"
+ $(Q) $(CXX) $(FUZZ_LDFLAGS) -o $@ $< $(STATIC_LIBS) $(SYSLIBS)
+
+ext2fs_read_bitmap_fuzzer: ext2fs_read_bitmap_fuzzer.o $(FUZZ_DEP)
+ $(E) " LD $@"
+ $(Q) $(CXX) $(FUZZ_LDFLAGS) -o $@ $< $(STATIC_LIBS) $(SYSLIBS)
+
+# +++ Dependency line eater +++
+#
+# Makefile dependencies follow. This must be the last section in
+# the Makefile.in file
+#
+ext2fs_check_directory_fuzzer.o: $(srcdir)/ext2fs_check_directory_fuzzer.cc \
+ $(top_srcdir)/lib/ext2fs/ext2fs.h $(top_builddir)/lib/ext2fs/ext2_types.h \
+ $(top_srcdir)/lib/ext2fs/ext2_fs.h $(top_srcdir)/lib/ext2fs/ext3_extents.h \
+ $(top_srcdir)/lib/et/com_err.h $(top_srcdir)/lib/ext2fs/ext2_io.h \
+ $(top_builddir)/lib/ext2fs/ext2_err.h \
+ $(top_srcdir)/lib/ext2fs/ext2_ext_attr.h $(top_srcdir)/lib/ext2fs/hashmap.h \
+ $(top_srcdir)/lib/ext2fs/bitops.h
+ext2fs_image_read_write_fuzzer.o: $(srcdir)/ext2fs_image_read_write_fuzzer.cc \
+ $(top_srcdir)/lib/ext2fs/ext2fs.h $(top_builddir)/lib/ext2fs/ext2_types.h \
+ $(top_srcdir)/lib/ext2fs/ext2_fs.h $(top_srcdir)/lib/ext2fs/ext3_extents.h \
+ $(top_srcdir)/lib/et/com_err.h $(top_srcdir)/lib/ext2fs/ext2_io.h \
+ $(top_builddir)/lib/ext2fs/ext2_err.h \
+ $(top_srcdir)/lib/ext2fs/ext2_ext_attr.h $(top_srcdir)/lib/ext2fs/hashmap.h \
+ $(top_srcdir)/lib/ext2fs/bitops.h $(top_srcdir)/lib/e2p/e2p.h \
+ $(top_srcdir)/lib/support/print_fs_flags.h
+ext2fs_read_bitmap_fuzzer.o: $(srcdir)/ext2fs_read_bitmap_fuzzer.cc \
+ $(top_srcdir)/lib/ext2fs/ext2fs.h $(top_builddir)/lib/ext2fs/ext2_types.h \
+ $(top_srcdir)/lib/ext2fs/ext2_fs.h $(top_srcdir)/lib/ext2fs/ext3_extents.h \
+ $(top_srcdir)/lib/et/com_err.h $(top_srcdir)/lib/ext2fs/ext2_io.h \
+ $(top_builddir)/lib/ext2fs/ext2_err.h \
+ $(top_srcdir)/lib/ext2fs/ext2_ext_attr.h $(top_srcdir)/lib/ext2fs/hashmap.h \
+ $(top_srcdir)/lib/ext2fs/bitops.h $(top_srcdir)/lib/e2p/e2p.h \
+ $(top_srcdir)/lib/support/print_fs_flags.h
diff --git a/tests/fuzz/ext2fs_check_directory_fuzzer.cc b/tests/fuzz/ext2fs_check_directory_fuzzer.cc
new file mode 100644
index 0000000..61cf42f
--- /dev/null
+++ b/tests/fuzz/ext2fs_check_directory_fuzzer.cc
@@ -0,0 +1,43 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <stddef.h>
+#include <stdint.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "ext2fs/ext2fs.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ static const char* fname = "/tmp/ext2_test_file";
+
+ // Write our data to a temp file.
+ int fd = open(fname, O_RDWR|O_CREAT|O_TRUNC);
+ write(fd, data, size);
+ close(fd);
+
+ ext2_filsys fs;
+ errcode_t retval = ext2fs_open(
+ fname,
+ EXT2_FLAG_IGNORE_CSUM_ERRORS, 0, 0,
+ unix_io_manager,
+ &fs);
+
+ if (!retval) {
+ retval = ext2fs_check_directory(fs, EXT2_ROOT_INO);
+ ext2fs_close(fs);
+ }
+
+ return 0;
+}
diff --git a/tests/fuzz/ext2fs_image_read_write_fuzzer.cc b/tests/fuzz/ext2fs_image_read_write_fuzzer.cc
new file mode 100644
index 0000000..8aa0cb8
--- /dev/null
+++ b/tests/fuzz/ext2fs_image_read_write_fuzzer.cc
@@ -0,0 +1,135 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// #define USE_FLAGS
+// #define DUMP_SUPER
+// #define SAVE_FS_IMAGE
+
+#include <stdio.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/syscall.h>
+#include <linux/memfd.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include "ext2fs/ext2fs.h"
+extern "C" {
+#include "e2p/e2p.h"
+#include "support/print_fs_flags.h"
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+ const char *progname = "ext2fs_image_read_write_fuzzer";
+ add_error_table(&et_ext2_error_table);
+
+ enum FuzzerType {
+ ext2fsImageBitmapRead,
+ ext2fsImageInodeRead,
+ ext2fsImageSuperRead,
+ ext2fsImageBitmapWrite,
+ ext2fsImageInodeWrite,
+ ext2fsImageSuperWrite,
+ kMaxValue = ext2fsImageSuperWrite
+ };
+
+ FuzzedDataProvider stream(data, size);
+ const FuzzerType f = stream.ConsumeEnum<FuzzerType>();
+ int flags = stream.ConsumeIntegral<int>();
+#ifndef USE_FLAGS
+ flags = 0;
+#endif
+
+ static const char* fname = "/tmp/ext2_test_file";
+
+ // Write our data to a temp file.
+#ifdef SAVE_FS_IMAGE
+ int fd = open(fname, O_CREAT|O_TRUNC|O_RDWR, 0644);
+#else
+ int fd = syscall(SYS_memfd_create, fname, 0);
+#endif
+ std::vector<char> buffer = stream.ConsumeRemainingBytes<char>();
+ write(fd, buffer.data(), buffer.size());
+
+ std::string fspath("/proc/self/fd/" + std::to_string(fd));
+
+ ext2_filsys fs;
+#ifdef USE_FLAGS
+ printf("Flags: 0x%08x ", flags);
+ print_fs_flags(stdout, flags);
+ flags &= ~EXT2_FLAG_NOFREE_ON_ERROR;
+#endif
+ errcode_t retval = ext2fs_open(
+ fspath.c_str(),
+ flags | EXT2_FLAG_IGNORE_CSUM_ERRORS, 0, 0,
+ unix_io_manager,
+ &fs);
+
+ if (retval) {
+ com_err(progname, retval, "while trying to open file system");
+ } else {
+#ifdef DUMP_SUPER
+ list_super2(fs->super, stdout);
+#endif
+ printf("FuzzerType: %d\n", (int) f);
+ switch (f) {
+ case ext2fsImageBitmapRead: {
+ retval = ext2fs_image_bitmap_read(fs, fd, 0);
+ if (retval)
+ com_err(progname, retval, "while trying to read image bitmap");
+ break;
+ }
+ case ext2fsImageInodeRead: {
+ retval = ext2fs_image_inode_read(fs, fd, 0);
+ if (retval)
+ com_err(progname, retval, "while trying to read image inode");
+ break;
+ }
+ case ext2fsImageSuperRead: {
+ retval = ext2fs_image_super_read(fs, fd, 0);
+ if (retval)
+ com_err(progname, retval, "while trying to read image superblock");
+ break;
+ }
+ case ext2fsImageBitmapWrite: {
+ retval = ext2fs_image_bitmap_write(fs, fd, 0);
+ if (retval)
+ com_err(progname, retval, "while trying to write image bitmap");
+ break;
+ }
+ case ext2fsImageInodeWrite: {
+ retval = ext2fs_image_inode_write(fs, fd, 0);
+ if (retval)
+ com_err(progname, retval, "while trying to write image inode");
+ break;
+ }
+ case ext2fsImageSuperWrite: {
+ retval = ext2fs_image_super_write(fs, fd, 0);
+ if (retval)
+ com_err(progname, retval, "while trying to write image superblock");
+ break;
+ }
+ default: {
+ assert(false);
+ }
+ }
+ ext2fs_close(fs);
+ }
+ close(fd);
+
+ return 0;
+}
diff --git a/tests/fuzz/ext2fs_read_bitmap_fuzzer.cc b/tests/fuzz/ext2fs_read_bitmap_fuzzer.cc
new file mode 100644
index 0000000..fa3d7e7
--- /dev/null
+++ b/tests/fuzz/ext2fs_read_bitmap_fuzzer.cc
@@ -0,0 +1,108 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// #define USE_FLAGS
+// #define DUMP_SUPER
+// #define SAVE_FS_IMAGE
+
+#include <stdio.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/syscall.h>
+#include <linux/memfd.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include "ext2fs/ext2fs.h"
+extern "C" {
+#include "e2p/e2p.h"
+#include "support/print_fs_flags.h"
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+ const char *progname = "ext2fs_read_bitmap_fuzzer";
+ add_error_table(&et_ext2_error_table);
+
+ enum FuzzerType {
+ ext2fsReadBlockBitmap,
+ ext2fsReadInodeBitmap,
+ kMaxValue = ext2fsReadInodeBitmap
+ };
+
+ FuzzedDataProvider stream(data, size);
+ const FuzzerType f = stream.ConsumeEnum<FuzzerType>();
+ int flags = stream.ConsumeIntegral<int>();
+#ifndef USE_FLAGS
+ flags = 0;
+#endif
+
+ static const char* fname = "/tmp/ext2_test_file";
+
+ // Write our data to a temp file.
+#ifdef SAVE_FS_IMAGE
+ int fd = open(fname, O_CREAT|O_TRUNC|O_RDWR, 0644);
+#else
+ int fd = syscall(SYS_memfd_create, fname, 0);
+#endif
+ std::vector<char> buffer = stream.ConsumeRemainingBytes<char>();
+ write(fd, buffer.data(), buffer.size());
+
+ std::string fspath("/proc/self/fd/" + std::to_string(fd));
+
+ ext2_filsys fs;
+#ifdef USE_FLAGS
+ printf("Flags: 0x%08x ", flags);
+ print_fs_flags(stdout, flags);
+ flags &= ~EXT2_FLAG_NOFREE_ON_ERROR;
+#endif
+ errcode_t retval = ext2fs_open(
+ fspath.c_str(),
+ flags | EXT2_FLAG_IGNORE_CSUM_ERRORS, 0, 0,
+ unix_io_manager,
+ &fs);
+
+ if (retval) {
+ com_err(progname, retval, "while trying to open file system");
+ } else {
+#ifdef DUMP_SUPER
+ list_super2(fs->super, stdout);
+#endif
+ switch (f) {
+ case ext2fsReadBlockBitmap: {
+ retval = ext2fs_read_block_bitmap(fs);
+ if (retval)
+ com_err(progname, retval, "while trying to read block bitmap");
+ break;
+ }
+ case ext2fsReadInodeBitmap: {
+ retval = ext2fs_read_inode_bitmap(fs);
+ if (retval)
+ com_err(progname, retval, "while trying to read inode bitmap");
+ break;
+ }
+ default: {
+ assert(false);
+ }
+ }
+ retval = ext2fs_close(fs);
+ if (retval)
+ com_err(progname, retval, "while trying to close file system");
+ }
+ close(fd);
+
+ return 0;
+}