Convert last fuzzer to C.

nih-at · Sep 23, 2023 · 3690582 · 3690582
1 parent 97aef31
commit 3690582
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 94 deletions.
diff --git a/regress/fuzzers/zip_read_file_fuzzer.c b/regress/fuzzers/zip_read_file_fuzzer.c
@@ -0,0 +1,87 @@
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#include <zip.h>
+
+void
+randomize(char *buf, int count) {
+    const char *charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    int charlen;
+    int i;
+    charlen = strlen(charset);
+    srandom(time(NULL));
+    for (i = 0; i < count; i++) {
+        buf[i] = charset[random() % charlen];
+    }
+}
+
+/**
+   This fuzzing target takes input data, creates a ZIP archive from it, checks the archive's consistency,
+   and iterates over the entries in the archive, reading data from each entry.
+**/
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    zip_t *za;
+    char buf[32768];
+    zip_int64_t i, n;
+    zip_file_t *f;
+    char name[20 + 4 + 1];
+    int fd;
+
+    snprintf(name, sizeof(name), "XXXXXXXXXXXXXXXXXXXX.zip");
+    randomize(name, 20);
+
+    if ((fd = open(name, O_WRONLY | O_CREAT | O_EXCL, 0600)) < 0) {
+        fprintf(stderr, "can't create file '%s': %s\n", name, strerror(errno));
+        return 1;
+    }
+    if (write(fd, data, size) != size) {
+        fprintf(stderr, "can't write data to file '%s': %s\n", name, strerror(errno));
+        return 1;
+    }
+    if (close(fd) < 0) {
+        fprintf(stderr, "can't close file '%s': %s\n", name, strerror(errno));
+        return 1;
+    }
+
+    za = zip_open(name, 0, NULL);
+    if (za == NULL) {
+        remove(name);
+        fprintf(stderr, "Error opening archive '%s'\n", name);
+        return 1;
+    }
+
+    n = zip_get_num_entries(za, 0);
+    for (i = 0; i < n; i++) {
+        f = zip_fopen_index(za, i, 0);
+        if (f == NULL) {
+            fprintf(stderr, "Unable to open file %d.\n", (int)i);
+            zip_close(za);
+            remove(name);
+            return 1;
+        }
+
+        while (zip_fread(f, buf, sizeof(buf)) > 0) {
+            ;
+        }
+        if (zip_fclose(f) < 0) {
+            fprintf(stderr, "Error closing file %d\n", (int)i);
+            zip_close(za);
+            remove(name);
+            return 1;
+        }
+    }
+    if (zip_close(za) < 0) {
+        zip_discard(za);
+        remove(name);
+        fprintf(stderr, "Error closing archiv '%s'\n", name);
+        return 1;
+    }
+    remove(name);
+    return 0;
+}
diff --git a/regress/fuzzers/zip_read_file_fuzzer.cc b/regress/fuzzers/zip_read_file_fuzzer.cc
diff --git a/regress/ossfuzz.sh b/regress/ossfuzz.sh
@@ -29,8 +29,8 @@ $CXX $CXXFLAGS -I. -I../lib \
     -o $OUT/zip_read_encrypted_file_fuzzer \
     $LIB_FUZZING_ENGINE $SRC/libzip/build/lib/libzip.a -lz -v -lssl -lcrypto
 
-$CXX $CXXFLAGS -std=c++11 -I. -I../lib \
-    $SRC/libzip/regress/fuzzers/zip_read_file_fuzzer.cc \
+$CXX $CXXFLAGS -I. -I../lib \
+    $SRC/libzip/regress/fuzzers/zip_read_file_fuzzer.c \
     -o $OUT/zip_read_file_fuzzer \
     $LIB_FUZZING_ENGINE $SRC/libzip/build/lib/libzip.a -lz -v -lssl -lcrypto