diff options
author | Philip Withnall <philip@tecnocode.co.uk> | 2024-10-01 12:00:43 +0000 |
---|---|---|
committer | Philip Withnall <philip@tecnocode.co.uk> | 2024-10-01 12:00:43 +0000 |
commit | cc2b78ec471fa18cc8d1b8437f72036ce187a026 (patch) | |
tree | dcfb2787c3c9e292c71d5bf89afd00f5ecfcf052 | |
parent | a083ae415bcd8c63b3aef4db4ec9a672e76253ee (diff) | |
parent | e115eafb8a3eb1e551f578e3605d338e02551ecd (diff) |
Merge branch 'string-replace-tests' into 'main'
fuzzing: Add simple fuzz test for g_string_replace()
See merge request GNOME/glib!4315
-rw-r--r-- | .lcovrc | 2 | ||||
-rw-r--r-- | fuzzing/fuzz_string.c | 52 | ||||
-rw-r--r-- | fuzzing/meson.build | 1 |
3 files changed, 54 insertions, 1 deletions
@@ -2,7 +2,7 @@ # See lcovrc(5) # Always enable branch coverage -lcov_branch_coverage = 1 +branch_coverage = 1 # Disable exception branch for C++: # https://github.com/linux-test-project/lcov/issues/209 diff --git a/fuzzing/fuzz_string.c b/fuzzing/fuzz_string.c new file mode 100644 index 000000000..46f04b2ab --- /dev/null +++ b/fuzzing/fuzz_string.c @@ -0,0 +1,52 @@ +/* + * Copyright 2024 GNOME Foundation, Inc. + * + * SPDX-License-Identifier: LGPL-2.1-or-later + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + char **args = NULL; + size_t n_args; + const char *init, *find, *replace; + GString *string = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (none of the functions support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size); + + /* Split the data into three arguments. */ + args = g_strsplit ((char *) nul_terminated_data, "|", 3); + n_args = g_strv_length (args); + init = (n_args > 0) ? args[0] : ""; + find = (n_args > 1) ? args[1] : ""; + replace = (n_args > 2) ? args[2] : ""; + + /* Test g_string_replace() and see if it crashes. */ + string = g_string_new (init); + g_string_replace (string, find, replace, 0); + g_string_free (string, TRUE); + + g_strfreev (args); + g_free (nul_terminated_data); + + return 0; +} diff --git a/fuzzing/meson.build b/fuzzing/meson.build index 24d9d2554..cfd815077 100644 --- a/fuzzing/meson.build +++ b/fuzzing/meson.build @@ -30,6 +30,7 @@ fuzz_targets = [ 'fuzz_network_address_parse_uri', 'fuzz_paths', 'fuzz_resolver', + 'fuzz_string', 'fuzz_uri_escape', 'fuzz_uri_parse', 'fuzz_uri_parse_params', |