diff options
| -rw-r--r-- | .lcovrc | 2 | ||||
| -rw-r--r-- | fuzzing/fuzz_string.c | 52 | ||||
| -rw-r--r-- | fuzzing/meson.build | 1 |
3 files changed, 54 insertions, 1 deletions
@@ -2,7 +2,7 @@ # See lcovrc(5) # Always enable branch coverage -lcov_branch_coverage = 1 +branch_coverage = 1 # Disable exception branch for C++: # https://github.com/linux-test-project/lcov/issues/209 diff --git a/fuzzing/fuzz_string.c b/fuzzing/fuzz_string.c new file mode 100644 index 000000000..46f04b2ab --- /dev/null +++ b/fuzzing/fuzz_string.c @@ -0,0 +1,52 @@ +/* + * Copyright 2024 GNOME Foundation, Inc. + * + * SPDX-License-Identifier: LGPL-2.1-or-later + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + char **args = NULL; + size_t n_args; + const char *init, *find, *replace; + GString *string = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (none of the functions support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size); + + /* Split the data into three arguments. */ + args = g_strsplit ((char *) nul_terminated_data, "|", 3); + n_args = g_strv_length (args); + init = (n_args > 0) ? args[0] : ""; + find = (n_args > 1) ? args[1] : ""; + replace = (n_args > 2) ? args[2] : ""; + + /* Test g_string_replace() and see if it crashes. */ + string = g_string_new (init); + g_string_replace (string, find, replace, 0); + g_string_free (string, TRUE); + + g_strfreev (args); + g_free (nul_terminated_data); + + return 0; +} diff --git a/fuzzing/meson.build b/fuzzing/meson.build index 24d9d2554..cfd815077 100644 --- a/fuzzing/meson.build +++ b/fuzzing/meson.build @@ -30,6 +30,7 @@ fuzz_targets = [ 'fuzz_network_address_parse_uri', 'fuzz_paths', 'fuzz_resolver', + 'fuzz_string', 'fuzz_uri_escape', 'fuzz_uri_parse', 'fuzz_uri_parse_params', |