Merge pull request #1233 from securitykernel/libfuzzer-setup

Add libFuzzer setup

.github/workflows/tests.yml

@@ -22,7 +22,7 @@ jobs:
     - name: Test with service and gpt
       run: |
         rm -rf build/
-        meson setup -Dservice=true -Dgpt=enabled -Db_coverage=true -Dwerror=true build
+        meson setup -Dservice=true -Dgpt=enabled -Dfuzz=true -Db_coverage=true -Dwerror=true build
         meson configure build
         meson compile -C build
         ./qemu-test

fuzz/bundle.c

@@ -0,0 +1,36 @@
+#include <stdio.h>
+#include <locale.h>
+#include <glib.h>
+#include <glib/gstdio.h>
+
+#include <config_file.h>
+#include <context.h>
+#include <bundle.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	g_autofree gchar *tmpdir = NULL;
+	g_autofree gchar *bundlename = NULL;
+	g_autoptr(RaucBundle) bundle = NULL;
+	g_autoptr(GError) error = NULL;
+
+	tmpdir = g_dir_make_tmp("rauc-XXXXXX", NULL);
+	g_assert_nonnull(tmpdir);
+
+	r_context_conf()->certpath = g_strdup("test/openssl-ca/dev/autobuilder-1.cert.pem");
+	r_context_conf()->keypath = g_strdup("test/openssl-ca/dev/private/autobuilder-1.pem");
+	r_context();
+
+	bundlename = g_build_filename(tmpdir, "fuzz-bundle.raucb", NULL);
+	g_assert_nonnull(bundlename);
+	g_file_set_contents(bundlename, (gchar*)data, size, &error);
+
+	(void) check_bundle(bundlename, &bundle, CHECK_BUNDLE_NO_VERIFY, NULL, &error);
+
+	g_free(r_context()->certpath);
+	g_free(r_context()->keypath);
+	g_remove(bundlename);
+	g_remove(tmpdir);
+
+	return 0;
+}

fuzz/manifest.c

@@ -0,0 +1,19 @@
+#include <stdio.h>
+#include <locale.h>
+#include <glib.h>
+#include <glib/gstdio.h>
+
+#include <config_file.h>
+#include <context.h>
+#include <manifest.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	g_autoptr(GBytes) dt = g_bytes_new(data, size);
+	g_autoptr(RaucManifest) rm = NULL;
+	g_autoptr(GError) error = NULL;
+
+	(void) load_manifest_mem(dt, &rm, &error);
+
+	return 0;
+}

fuzz/manifest.dict

@@ -0,0 +1,42 @@
+"[update]"
+"compatible="
+"version="
+"description="
+"build="
+
+"[bundle]"
+"format="
+"plain"
+"verity"
+"crypt"
+"verity="
+"verity-hash="
+"verity-salt="
+"verity-size="
+
+"[hooks]"
+"hooks="
+"install-check"
+
+"[handler]"
+"args="
+
+"[image.rootfs]"
+"filename="
+"rootfs.ext4"
+"size="
+"sha256="
+"hooks="
+"pre-"
+"post-"
+"install"
+"adaptive="
+"block-hash-index"
+
+"[image.appfs]"
+"filename"
+"appfs.ext4"
+"size"
+"sha256"
+
+"[meta.foo]"

fuzz/meson.build

@@ -0,0 +1,22 @@
+if not get_option('fuzzing')
+  subdir_done()
+endif
+
+fuzzers = [
+  'manifest',
+  'bundle',
+]
+
+fuzzer_c_args = cc.get_supported_arguments('-Wno-missing-prototypes')
+
+foreach fuzzer_name : fuzzers
+  exe = executable(
+    fuzzer_name + '_fuzzer',
+    fuzzer_name + '.c',
+    extra_test_sources,
+    c_args : ['-fsanitize=fuzzer,address'] + fuzzer_c_args,
+    link_args : ['-fsanitize=fuzzer,address'],
+    link_with : librauc,
+    include_directories : incdir,
+    dependencies : rauc_deps)
+endforeach

meson.build

@@ -231,3 +231,4 @@ install_data('rauc.1', install_dir : get_option('mandir'))
 subdir('data')
 subdir('docs')
 subdir('test')
+subdir('fuzz')

meson_options.txt

@@ -65,3 +65,8 @@ option(
   type : 'boolean',
   value : 'true',
   description : 'Enable/Disable test suite')
+option(
+  'fuzzing',
+  type : 'boolean',
+  value : 'false',
+  description : 'Enable/Disable fuzz tests')

uncrustify.sh

@@ -8,4 +8,4 @@ if [ ! -e .uncrustify/build/uncrustify ]; then
 	./build-uncrustify.sh
 fi
 
-.uncrustify/build/uncrustify -c .uncrustify.cfg -l C --replace --no-backup src/*.c include/*.h test/*.[ch] contrib/cgi/src/*.[ch]
+.uncrustify/build/uncrustify -c .uncrustify.cfg -l C --replace --no-backup src/*.c include/*.h test/*.[ch] fuzz/*.[ch] contrib/cgi/src/*.[ch]