Add a fuzzer for ZIP reading code

The new source file needs to be compiled with a recent clang using libfuzzer using a command line similar to the following: $ clang++ -g -fsanitize=address -fsanitize-coverage=trace-pc-guard tests/fuzz/readzip.cpp `wx-config --cxxflags --libs base` -lFuzzer and then executed passing it the corpus directory as parameter: $ ./a.out tests/fuzz/corpus/zip This will be useful for finding more bugs like #17947 (and, indeed, running it locally already found another assert failure, which will be fixed soon).
2017-10-25 00:38:52 +02:00 · 2017-10-25 00:38:52 +02:00 · d5a6568b21
commit d5a6568b21
parent 1519042018
4 changed files with 49 additions and 0 deletions
--- a/tests/fuzz/corpus/zip/doc.zip
+++ b/tests/fuzz/corpus/zip/doc.zip
--- a/tests/fuzz/corpus/zip/pages.zip
+++ b/tests/fuzz/corpus/zip/pages.zip
--- a/tests/fuzz/corpus/zip/test.zip
+++ b/tests/fuzz/corpus/zip/test.zip
--- a/tests/fuzz/zip.cpp
+++ b/tests/fuzz/zip.cpp
@ -0,0 +1,49 @@
+///////////////////////////////////////////////////////////////////////////////
+// Name:        tests/fuzz/zip.cpp
+// Purpose:     ZIP archives reading code fuzzing test
+// Author:      Vadim Zeitlin
+// Created:     2017-10-24
+// Copyright:   (c) 2017 Vadim Zeitlin <vadim@wxwidgets.org>
+///////////////////////////////////////////////////////////////////////////////
+
+#include "wx/log.h"
+#include "wx/mstream.h"
+#include "wx/zipstrm.h"
+
+#if wxDEBUG_LEVEL
+
+static void exitAssertHandler(const wxString& file,
+                              int line,
+                              const wxString& func,
+                              const wxString& cond,
+                              const wxString& msg);
+
+static volatile wxAssertHandler_t
+    origAssertHandler = wxSetAssertHandler(exitAssertHandler);
+
+static void exitAssertHandler(const wxString& file,
+                              int line,
+                              const wxString& func,
+                              const wxString& cond,
+                              const wxString& msg)
+{
+    origAssertHandler(file, line, func, cond, msg);
+
+    exit(1);
+}
+
+#endif // wxDEBUG_LEVEL
+
+extern "C" int LLVMFuzzerTestOneInput(const wxUint8 *data, size_t size)
+{
+    wxLogNull noLog;
+
+    wxMemoryInputStream mis(data, size);
+    wxZipInputStream zis(mis);
+    while ( wxZipEntry* const ze = zis.GetNextEntry() ) {
+        zis.OpenEntry(*ze);
+        delete ze;
+    }
+
+    return 0;
+}