mirror of
https://github.com/mirror/wget.git
synced 2025-01-05 09:50:27 +08:00
a4402120ad
* Makefile.am: Add fuzz/ to SUBDIRS * cfg.mk: Fix 'make syntax-check' * configure.ac: Add --enable-fuzzing * fuzz/Makefile.am: New file * fuzz/README.md: New file * fuzz/fuzzer.h: New file * fuzz/get_all_corpora: New file * fuzz/get_ossfuzz_corpora: New file * fuzz/glob_crash.c: New file * fuzz/main.c: New file * fuzz/run-afl.sh: New file * fuzz/run-clang.sh: New file * fuzz/view-coverage.sh: New file * fuzz/wget_options_fuzzer.c: New file * fuzz/wget_options_fuzzer.dict: New file * src/init.c (cleanup): Free more resources * src/main.c (init_switches): Initialize only once, (print_usage): Don't print if TESTING is defined * src/utils.h: Include wget.h
153 lines
3.5 KiB
C
153 lines
3.5 KiB
C
/*
|
|
* Copyright(c) 2017-2018 Free Software Foundation, Inc.
|
|
*
|
|
* This file is part of GNU Wget.
|
|
*
|
|
* GNU Wget is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* GNU Wget is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with Wget. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <stdint.h>
|
|
#include <string.h>
|
|
#include <fcntl.h>
|
|
|
|
#include "fuzzer.h"
|
|
#include "utils.h"
|
|
|
|
#ifdef TEST_RUN
|
|
|
|
#include <dirent.h>
|
|
|
|
#ifdef _WIN32
|
|
# define SLASH '\\'
|
|
#else
|
|
# define SLASH '/'
|
|
#endif
|
|
|
|
static int test_all_from(const char *dirname)
|
|
{
|
|
DIR *dirp;
|
|
|
|
if ((dirp = opendir(dirname))) {
|
|
struct dirent *dp;
|
|
|
|
while ((dp = readdir(dirp))) {
|
|
if (*dp->d_name == '.') continue;
|
|
|
|
char fname[strlen(dirname) + strlen(dp->d_name) + 2];
|
|
snprintf(fname, sizeof(fname), "%s/%s", dirname, dp->d_name);
|
|
|
|
struct file_memory *fmem;
|
|
if ((fmem = wget_read_file(fname))) {
|
|
printf("testing %ld bytes from '%s'\n", fmem->length, fname);
|
|
LLVMFuzzerTestOneInput((uint8_t *)fmem->content, fmem->length);
|
|
wget_read_file_free(fmem);
|
|
}
|
|
}
|
|
closedir(dirp);
|
|
return 0;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
// if VALGRIND testing is enabled, we have to call ourselves with valgrind checking
|
|
const char *valgrind = getenv("VALGRIND_TESTS");
|
|
|
|
if (!valgrind || !*valgrind || !strcmp(valgrind, "0")) {
|
|
// fallthrough
|
|
}
|
|
else if (!strcmp(valgrind, "1")) {
|
|
char cmd[strlen(argv[0]) + 256];
|
|
|
|
snprintf(cmd, sizeof(cmd), "VALGRIND_TESTS=\"\" valgrind --error-exitcode=301 --leak-check=yes --show-reachable=yes --track-origins=yes %s", argv[0]);
|
|
return system(cmd) != 0;
|
|
} else {
|
|
char cmd[strlen(valgrind) + strlen(argv[0]) + 32];
|
|
|
|
snprintf(cmd, sizeof(cmd), "VALGRIND_TESTS="" %s %s", valgrind, argv[0]);
|
|
return system(cmd) != 0;
|
|
}
|
|
|
|
const char *target = strrchr(argv[0], SLASH);
|
|
if (target)
|
|
target = strrchr(target, '/');
|
|
else
|
|
target = strrchr(argv[0], '/');
|
|
target = target ? target + 1 : argv[0];
|
|
size_t target_len;
|
|
|
|
if (strncmp(target, "lt-", 3) == 0)
|
|
target += 3;
|
|
|
|
target_len = strlen(target);
|
|
|
|
#ifdef _WIN32
|
|
target_len -= 4; // ignore .exe
|
|
#endif
|
|
|
|
char corporadir[sizeof(SRCDIR) + 1 + target_len + 8];
|
|
snprintf(corporadir, sizeof(corporadir), SRCDIR "/%.*s.in", (int) target_len, target);
|
|
|
|
if (test_all_from(corporadir)) {
|
|
fprintf(stderr, "Failed to find %s\n", corporadir);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
snprintf(corporadir, sizeof(corporadir), SRCDIR "/%.*s.repro", (int) target_len, target);
|
|
|
|
test_all_from(corporadir);
|
|
|
|
return 0;
|
|
}
|
|
|
|
#else
|
|
|
|
#ifndef __AFL_LOOP
|
|
static int __AFL_LOOP(int n)
|
|
{
|
|
static int first = 1;
|
|
|
|
if (first) {
|
|
first = 0;
|
|
return n && --n > 0;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
int ret;
|
|
unsigned char buf[64 * 1024];
|
|
|
|
while (__AFL_LOOP(10000)) { // only works with clang - we have to use 1 because static/global vars in wget
|
|
ret = fread(buf, 1, sizeof(buf), stdin);
|
|
if (ret < 0)
|
|
return 0;
|
|
|
|
LLVMFuzzerTestOneInput(buf, ret);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
#endif /* #ifdef TEST_RUN */
|