Add a fuzzer for ZIP reading code
The new source file needs to be compiled with a recent clang using libfuzzer using a command line similar to the following: $ clang++ -g -fsanitize=address -fsanitize-coverage=trace-pc-guard tests/fuzz/readzip.cpp `wx-config --cxxflags --libs base` -lFuzzer and then executed passing it the corpus directory as parameter: $ ./a.out tests/fuzz/corpus/zip This will be useful for finding more bugs like #17947 (and, indeed, running it locally already found another assert failure, which will be fixed soon).
This commit is contained in:
parent
1519042018
commit
d5a6568b21
BIN
tests/fuzz/corpus/zip/doc.zip
Normal file
BIN
tests/fuzz/corpus/zip/doc.zip
Normal file
Binary file not shown.
BIN
tests/fuzz/corpus/zip/pages.zip
Normal file
BIN
tests/fuzz/corpus/zip/pages.zip
Normal file
Binary file not shown.
BIN
tests/fuzz/corpus/zip/test.zip
Normal file
BIN
tests/fuzz/corpus/zip/test.zip
Normal file
Binary file not shown.
49
tests/fuzz/zip.cpp
Normal file
49
tests/fuzz/zip.cpp
Normal file
@ -0,0 +1,49 @@
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
// Name: tests/fuzz/zip.cpp
|
||||
// Purpose: ZIP archives reading code fuzzing test
|
||||
// Author: Vadim Zeitlin
|
||||
// Created: 2017-10-24
|
||||
// Copyright: (c) 2017 Vadim Zeitlin <vadim@wxwidgets.org>
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#include "wx/log.h"
|
||||
#include "wx/mstream.h"
|
||||
#include "wx/zipstrm.h"
|
||||
|
||||
#if wxDEBUG_LEVEL
|
||||
|
||||
static void exitAssertHandler(const wxString& file,
|
||||
int line,
|
||||
const wxString& func,
|
||||
const wxString& cond,
|
||||
const wxString& msg);
|
||||
|
||||
static volatile wxAssertHandler_t
|
||||
origAssertHandler = wxSetAssertHandler(exitAssertHandler);
|
||||
|
||||
static void exitAssertHandler(const wxString& file,
|
||||
int line,
|
||||
const wxString& func,
|
||||
const wxString& cond,
|
||||
const wxString& msg)
|
||||
{
|
||||
origAssertHandler(file, line, func, cond, msg);
|
||||
|
||||
exit(1);
|
||||
}
|
||||
|
||||
#endif // wxDEBUG_LEVEL
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const wxUint8 *data, size_t size)
|
||||
{
|
||||
wxLogNull noLog;
|
||||
|
||||
wxMemoryInputStream mis(data, size);
|
||||
wxZipInputStream zis(mis);
|
||||
while ( wxZipEntry* const ze = zis.GetNextEntry() ) {
|
||||
zis.OpenEntry(*ze);
|
||||
delete ze;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
Loading…
Reference in New Issue
Block a user