target.c

Branch :

Show log
Commit
Author : Ran Benita
Date : 2018-03-11 00:04:05
Hash : 2cb5c2a3
Message : Add fuzzing infrastructure Though text formats aren't exactly fuzzer's strong suit, fuzzers can catch many surface-level bugs. The fuzz/ directory contains target programs, testcases and dictionaries to drive the afl fuzzer. This commit adds a fuzzer for the XKB keymap text format and the Compose text format. On my slow machine, using a single core, a full cycle of the XKB fuzzer takes 5 hours. For Compose, it takes a few minutes. Fuzzing for the other file formats (rules files mostly) will be added later. To do some fuzzing, run `./fuzz/fuzz.sh`. Signed-off-by: Ran Benita <ran234@gmail.com>

fuzz/compose/target.c

/*
 * A target program for fuzzing the Compose text format.
 *
 * Currently, just parses an input file, and hopefully doesn't crash or hang.
 */

#include <assert.h>

#include "xkbcommon/xkbcommon.h"
#include "xkbcommon/xkbcommon-compose.h"

int
main(int argc, char *argv[])
{
    struct xkb_context *ctx;
    FILE *file;
    struct xkb_compose_table *table;

    if (argc != 2) {
        fprintf(stderr, "usage: %s <file>\n", argv[0]);
        return 1;
    }

    ctx = xkb_context_new(XKB_CONTEXT_NO_DEFAULT_INCLUDES | XKB_CONTEXT_NO_ENVIRONMENT_NAMES);
    assert(ctx);

#ifdef __AFL_HAVE_MANUAL_CONTROL
  __AFL_INIT();

    while (__AFL_LOOP(1000))
#endif
    {
        file = fopen(argv[1], "r");
        assert(file);
        table = xkb_compose_table_new_from_file(ctx, file,
                                                "en_US.UTF-8",
                                                XKB_COMPOSE_FORMAT_TEXT_V1,
                                                XKB_COMPOSE_COMPILE_NO_FLAGS);
        xkb_compose_table_unref(table);
        fclose(file);
    }

    puts(table ? "OK" : "FAIL");
    xkb_context_unref(ctx);
}

kc3-lang/libxkbcommon/fuzz/compose/target.c

Commit

kc3-lang/libxkbcommon /fuzz/compose/target.c