2018-01-19 07:54:30 +01:00
|
|
|
# SPDX-License-Identifier: LGPL-2.1+
|
|
|
|
|
|
|
|
sanitize_address = custom_target(
|
|
|
|
'sanitize-address-fuzzers',
|
|
|
|
output : 'sanitize-address-fuzzers',
|
|
|
|
command : [meson_build_sh,
|
|
|
|
meson.source_root(),
|
|
|
|
'@OUTPUT@',
|
|
|
|
'fuzzers',
|
|
|
|
'-Db_lundef=false -Db_sanitize=address'])
|
|
|
|
|
2018-03-14 14:27:04 +01:00
|
|
|
sanitizers = [['address', sanitize_address]]
|
|
|
|
|
2018-01-19 07:54:30 +01:00
|
|
|
fuzz_regression_tests = '''
|
2018-09-29 05:09:23 +02:00
|
|
|
fuzz-dhcp6-client/crash-4003c06fce43a11fbd22f02584df2807ac333eae
|
tests: add a reproducer for the heap-buffer-overflow fixed in cb1bdeaf56852275e6b
==14==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020001c761a at pc 0x000000540abc bp 0x7ffd0caf2c50 sp 0x7ffd0caf2c48
READ of size 2 at 0x6020001c761a thread T0
#0 0x540abb in client_parse_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:849:73
#1 0x53f3bc in client_receive_advertise /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1083:13
#2 0x53d57f in client_receive_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1182:21
#3 0x7f71d8c3eeee in source_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3042:21
#4 0x7f71d8c3e431 in sd_event_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3455:21
#5 0x7f71d8c3fa8d in sd_event_run /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3512:21
#6 0x531f2b in fuzz_client /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:44:9
#7 0x531bc1 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:53:9
#8 0x57bef8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15
#9 0x579d97 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3
#10 0x57dcc2 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19
#11 0x580cd6 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5
#12 0x55e998 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6
#13 0x551a4c in main /src/libfuzzer/FuzzerMain.cpp:20:10
#14 0x7f71d784182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#15 0x41e928 in _start (/out/fuzz-dhcp6-client+0x41e928)
2018-09-29 05:25:34 +02:00
|
|
|
fuzz-dhcp6-client/crash-6e88fcb6b85c9436bcbe05219aa8e550194645ef
|
2018-03-14 14:27:04 +01:00
|
|
|
fuzz-dns-packet/issue-7888
|
2018-06-11 10:02:49 +02:00
|
|
|
fuzz-dns-packet/oss-fuzz-5465
|
|
|
|
fuzz-journal-remote/crash-5a8f03d4c3a46fcded39527084f437e8e4b54b76
|
|
|
|
fuzz-journal-remote/crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45
|
2018-06-09 13:41:44 +02:00
|
|
|
fuzz-journal-remote/oss-fuzz-8659
|
2018-06-11 10:02:49 +02:00
|
|
|
fuzz-journal-remote/oss-fuzz-8686
|
2018-09-02 20:13:31 +02:00
|
|
|
fuzz-journald-syslog/github-9795
|
|
|
|
fuzz-journald-syslog/github-9820
|
|
|
|
fuzz-journald-syslog/github-9827
|
|
|
|
fuzz-journald-syslog/github-9829
|
2018-09-26 17:10:21 +02:00
|
|
|
fuzz-ndisc-rs/timeout-2815b773c712fa33bea62f541dfa3017c64ea2f1
|
2018-09-26 20:09:09 +02:00
|
|
|
fuzz-ndisc-rs/timeout-61fff7fd1e5dcc07e1b656baab29065ce634ad5b
|
2018-03-14 14:31:24 +01:00
|
|
|
fuzz-unit-file/oss-fuzz-6884
|
2018-03-13 12:25:06 +01:00
|
|
|
fuzz-unit-file/oss-fuzz-6885
|
2018-03-13 12:51:08 +01:00
|
|
|
fuzz-unit-file/oss-fuzz-6886
|
2018-03-15 11:42:00 +01:00
|
|
|
fuzz-unit-file/oss-fuzz-6892
|
2018-03-16 12:02:54 +01:00
|
|
|
fuzz-unit-file/oss-fuzz-6897
|
|
|
|
fuzz-unit-file/oss-fuzz-6897-evverx
|
core/load-fragment: reject overly long paths early
No need to go through the specifier_printf() if the path is already too long in
the unexpanded form (since specifiers increase the length of the string in all
practical cases).
In the oss-fuzz test case, valgrind reports:
total heap usage: 179,044 allocs, 179,044 frees, 72,687,755,703 bytes allocated
and the original config file is ~500kb. This isn't really a security issue,
since the config file has to be trusted any way, but just a matter of
preventing accidental resource exhaustion.
https://oss-fuzz.com/v2/issue/4651449704251392/6977
While at it, fix order of arguments in the neighbouring log_syntax() call.
2018-03-19 15:43:35 +01:00
|
|
|
fuzz-unit-file/oss-fuzz-6908
|
|
|
|
fuzz-unit-file/oss-fuzz-6917
|
|
|
|
fuzz-unit-file/oss-fuzz-6977
|
2018-06-11 10:02:49 +02:00
|
|
|
fuzz-unit-file/oss-fuzz-6977-unminimized
|
2018-03-19 09:21:02 +01:00
|
|
|
fuzz-unit-file/oss-fuzz-7004
|
2018-05-03 09:57:29 +02:00
|
|
|
fuzz-unit-file/oss-fuzz-8064
|
2018-06-11 05:39:59 +02:00
|
|
|
fuzz-unit-file/oss-fuzz-8827
|
2018-08-22 05:39:40 +02:00
|
|
|
fuzz-unit-file/oss-fuzz-10007
|
2018-01-19 07:54:30 +01:00
|
|
|
'''.split()
|