From 389d59ba3dbe29e3c1d65269b07017f1ff52826a Mon Sep 17 00:00:00 2001 From: elianalf <62831776+elianalf@users.noreply.github.com> Date: Fri, 12 Apr 2024 13:04:12 +0200 Subject: [PATCH 1/3] Refs #20732: Change xml loading method to avoid copy to a file in fuzz_XMLProfiles Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> --- fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx b/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx index c475e238af1..4d6708acc55 100644 --- a/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx +++ b/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx @@ -1,5 +1,5 @@ #include -#include +#include #include "fuzz_utils.h" @@ -23,18 +23,7 @@ extern "C" int LLVMFuzzerTestOneInput( return EXIT_FAILURE; } - const char* filename = buf_to_file(data, size); - - if (filename == NULL) - { - return EXIT_FAILURE; - } - - // TODO change this to a func. taking buf + len (or C string) - // to avoid using `buf_to_file` - xmlparser::XMLProfileManager::loadXMLFile(filename); - - if (delete_file(filename) != 0) + if (ReturnCode_t::RETCODE_OK != fastdds::dds::DomainParticipantFactory::get_instance()->load_XML_profiles_string(reinterpret_cast(data), size)) { return EXIT_FAILURE; } From 9c740bc3e2aac521cbe393fe7eb588e9b56c82f3 Mon Sep 17 00:00:00 2001 From: elianalf <62831776+elianalf@users.noreply.github.com> Date: Mon, 15 Apr 2024 14:45:04 +0200 Subject: [PATCH 2/3] Refs #20732: Remove methods no longer used Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> --- .../C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx | 1 - fuzz/C++/fuzz_XMLProfiles/fuzz_utils.cxx | 61 ------------------- fuzz/C++/fuzz_XMLProfiles/fuzz_utils.h | 16 ----- 3 files changed, 78 deletions(-) diff --git a/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx b/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx index 4d6708acc55..ee2756df5e1 100644 --- a/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx +++ b/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx @@ -1,4 +1,3 @@ -#include #include #include "fuzz_utils.h" diff --git a/fuzz/C++/fuzz_XMLProfiles/fuzz_utils.cxx b/fuzz/C++/fuzz_XMLProfiles/fuzz_utils.cxx index 0a10810ac7c..56feebad706 100644 --- a/fuzz/C++/fuzz_XMLProfiles/fuzz_utils.cxx +++ b/fuzz/C++/fuzz_XMLProfiles/fuzz_utils.cxx @@ -32,64 +32,3 @@ extern "C" int ignore_stdout( return ret; } - -extern "C" int delete_file( - const char* pathname) -{ - int ret = unlink(pathname); - if (ret == -1) - { - warn("failed to delete \"%s\"", pathname); - } - - free((void*)pathname); - - return ret; -} - -extern "C" char* buf_to_file( - const uint8_t* buf, - size_t size) -{ - char* pathname = strdup("/dev/shm/fuzz-XXXXXX"); - if (pathname == NULL) - { - return NULL; - } - - int fd = mkstemp(pathname); - if (fd == -1) - { - warn("mkstemp(\"%s\")", pathname); - free(pathname); - return NULL; - } - - size_t pos = 0; - while (pos < size) - { - int nbytes = write(fd, &buf[pos], size - pos); - if (nbytes <= 0) - { - if (nbytes == -1 && errno == EINTR) - { - continue; - } - warn("write"); - goto err; - } - pos += nbytes; - } - - if (close(fd) == -1) - { - warn("close"); - goto err; - } - - return pathname; - -err: - delete_file(pathname); - return NULL; -} \ No newline at end of file diff --git a/fuzz/C++/fuzz_XMLProfiles/fuzz_utils.h b/fuzz/C++/fuzz_XMLProfiles/fuzz_utils.h index 37b484eb286..193e635b733 100644 --- a/fuzz/C++/fuzz_XMLProfiles/fuzz_utils.h +++ b/fuzz/C++/fuzz_XMLProfiles/fuzz_utils.h @@ -13,21 +13,5 @@ extern "C" int ignore_stdout( void); -// Delete the file passed as argument and free the associated buffer. This -// function is meant to be called on buf_to_file return value. -// -// Return 0 on success, -1 otherwise. -extern "C" int delete_file( - const char* pathname); - -// Write the data provided in buf to a new temporary file. This function is -// meant to be called by LLVMFuzzerTestOneInput() for fuzz targets that only -// take file names (and not data) as input. -// -// Return the path of the newly created file or NULL on error. The caller should -// eventually free the returned buffer (see delete_file). -extern "C" char* buf_to_file( - const uint8_t* buf, - size_t size); #endif // FUZZ_UTILS_H_ \ No newline at end of file From 62b4eeac9296f2473ee9005fea5894fc0f920e30 Mon Sep 17 00:00:00 2001 From: elianalf <62831776+elianalf@users.noreply.github.com> Date: Mon, 15 Apr 2024 16:06:22 +0200 Subject: [PATCH 3/3] Refs #20732: Apply suggestions Signed-off-by: elianalf <62831776+elianalf@users.noreply.github.com> --- fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx b/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx index ee2756df5e1..c5f953147f5 100644 --- a/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx +++ b/fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx @@ -22,10 +22,7 @@ extern "C" int LLVMFuzzerTestOneInput( return EXIT_FAILURE; } - if (ReturnCode_t::RETCODE_OK != fastdds::dds::DomainParticipantFactory::get_instance()->load_XML_profiles_string(reinterpret_cast(data), size)) - { - return EXIT_FAILURE; - } + fastdds::dds::DomainParticipantFactory::get_instance()->load_XML_profiles_string(reinterpret_cast(data), size); return 0; }