diff options
| author | Evgeny Vereshchagin <evvers@ya.ru> | 2021-12-27 00:26:56 +0100 |
|---|---|---|
| committer | Evgeny Vereshchagin <evvers@ya.ru> | 2021-12-29 11:39:06 +0100 |
| commit | 4b65fc8725fa169bf870eb022d7b346796977c21 (patch) | |
| tree | 1031e56ec9c9e35dca4f4d69f5a12520c81ecd8e | |
| parent | Merge pull request #21922 from medhefgo/boot-fix (diff) | |
| download | systemd-4b65fc8725fa169bf870eb022d7b346796977c21.tar.xz systemd-4b65fc8725fa169bf870eb022d7b346796977c21.zip | |
tests: add fuzz-bcd
| -rw-r--r-- | src/boot/efi/fuzz-bcd.c | 26 | ||||
| -rw-r--r-- | src/boot/efi/meson.build | 3 | ||||
| -rwxr-xr-x | tools/oss-fuzz.sh | 16 |
3 files changed, 45 insertions, 0 deletions
diff --git a/src/boot/efi/fuzz-bcd.c b/src/boot/efi/fuzz-bcd.c new file mode 100644 index 0000000000..e5ed6638a4 --- /dev/null +++ b/src/boot/efi/fuzz-bcd.c @@ -0,0 +1,26 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "alloc-util.h" +#include "fd-util.h" +#include "fuzz.h" +#include "utf8.h" + +#include "bcd.c" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + _cleanup_free_ void *p = NULL; + + /* This limit was borrowed from src/boot/efi/boot.c */ + if (size > 100*1024) + return 0; + + if (!getenv("SYSTEMD_LOG_LEVEL")) + log_set_max_level(LOG_CRIT); + + p = memdup(data, size); + assert_se(p); + + char16_t *title = get_bcd_title(p, size); + assert_se(!title || char16_strlen(title) >= 0); + return 0; +} diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 03e603a376..af45c013a6 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -360,6 +360,9 @@ if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64'] [], 'HAVE_ZSTD'], ] + fuzzers += [ + [['src/boot/efi/fuzz-bcd.c']], + ] endif systemd_boot_objects = [] diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh index 244eb83906..620015658e 100755 --- a/tools/oss-fuzz.sh +++ b/tools/oss-fuzz.sh @@ -36,6 +36,13 @@ else apt-get install -y gperf m4 gettext python3-pip \ libcap-dev libmount-dev libkmod-dev \ pkg-config wget python3-jinja2 + + # gnu-efi is installed here to enable -Dgnu-efi behind which fuzz-bcd + # is hidden. It isn't linked against efi. It doesn't + # even include "efi.h" because "bcd.c" can work in "unit test" mode + # where it isn't necessary. + apt-get install -y gnu-efi zstd + pip3 install -r .github/workflows/requirements.txt --require-hashes # https://github.com/google/oss-fuzz/issues/6868 @@ -56,6 +63,15 @@ fi ninja -v -C "$build" fuzzers +# Compressed BCD files are kept in test/test-bcd so let's unpack them +# and put them all in the seed corpus. +bcd=$(mktemp -d) +for i in test/test-bcd/*.zst; do + unzstd "$i" -o "$bcd/$(basename "${i%.zst}")"; +done +zip -jqr "$OUT/fuzz-bcd_seed_corpus.zip" "$bcd" +rm -rf "$bcd" + # The seed corpus is a separate flat archive for each fuzzer, # with a fixed name ${fuzzer}_seed_corpus.zip. for d in "$(dirname "$0")/../test/fuzz/fuzz-"*; do |