xref: /aosp_15_r20/external/flac/oss-fuzz/tool_flac.c (revision 600f14f40d737144c998e2ec7a483122d3776fbc) 
1*600f14f4SXin Li /* fuzzer_tool_flac
2*600f14f4SXin Li  * Copyright (C) 2023  Xiph.Org Foundation
3*600f14f4SXin Li  *
4*600f14f4SXin Li  * Redistribution and use in source and binary forms, with or without
5*600f14f4SXin Li  * modification, are permitted provided that the following conditions
6*600f14f4SXin Li  * are met:
7*600f14f4SXin Li  *
8*600f14f4SXin Li  * - Redistributions of source code must retain the above copyright
9*600f14f4SXin Li  * notice, this list of conditions and the following disclaimer.
10*600f14f4SXin Li  *
11*600f14f4SXin Li  * - Redistributions in binary form must reproduce the above copyright
12*600f14f4SXin Li  * notice, this list of conditions and the following disclaimer in the
13*600f14f4SXin Li  * documentation and/or other materials provided with the distribution.
14*600f14f4SXin Li  *
15*600f14f4SXin Li  * - Neither the name of the Xiph.org Foundation nor the names of its
16*600f14f4SXin Li  * contributors may be used to endorse or promote products derived from
17*600f14f4SXin Li  * this software without specific prior written permission.
18*600f14f4SXin Li  *
19*600f14f4SXin Li  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20*600f14f4SXin Li  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21*600f14f4SXin Li  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22*600f14f4SXin Li  * A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR
23*600f14f4SXin Li  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24*600f14f4SXin Li  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25*600f14f4SXin Li  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26*600f14f4SXin Li  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
27*600f14f4SXin Li  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28*600f14f4SXin Li  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
29*600f14f4SXin Li  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30*600f14f4SXin Li  */
31*600f14f4SXin Li 
32*600f14f4SXin Li #include <stdlib.h>
33*600f14f4SXin Li #include <string.h> /* for memcpy */
34*600f14f4SXin Li #define FUZZ_TOOL_FLAC
35*600f14f4SXin Li #define fprintf(...)
36*600f14f4SXin Li #define printf(...)
37*600f14f4SXin Li #include "../src/flac/main.c"
38*600f14f4SXin Li #include "common.h"
39*600f14f4SXin Li 
40*600f14f4SXin Li int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
41*600f14f4SXin Li 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)42*600f14f4SXin Li int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
43*600f14f4SXin Li {
44*600f14f4SXin Li 	size_t size_left = size;
45*600f14f4SXin Li 	size_t arglen;
46*600f14f4SXin Li 	char * argv[67];
47*600f14f4SXin Li 	char exename[] = "flac";
48*600f14f4SXin Li 	char filename[] = "/tmp/fuzzXXXXXX";
49*600f14f4SXin Li 	int numarg = 0, maxarg;
50*600f14f4SXin Li 	int file_to_fuzz;
51*600f14f4SXin Li 	int tmp_stdout, tmp_stdin;
52*600f14f4SXin Li 	fpos_t pos_stdout;
53*600f14f4SXin Li 	bool use_stdin = false;
54*600f14f4SXin Li 
55*600f14f4SXin Li 	/* reset global vars */
56*600f14f4SXin Li 	flac__utils_verbosity_ = 0;
57*600f14f4SXin Li 	share__opterr = 0;
58*600f14f4SXin Li 	share__optind = 0;
59*600f14f4SXin Li 
60*600f14f4SXin Li 	if(size < 2)
61*600f14f4SXin Li 		return 0;
62*600f14f4SXin Li 
63*600f14f4SXin Li 	maxarg = data[0] & 63;
64*600f14f4SXin Li 	use_stdin = data[0] & 64;
65*600f14f4SXin Li 	size_left--;
66*600f14f4SXin Li 
67*600f14f4SXin Li 	argv[0] = exename;
68*600f14f4SXin Li 	numarg++;
69*600f14f4SXin Li 
70*600f14f4SXin Li 	/* Check whether input is zero delimited */
71*600f14f4SXin Li 	while((arglen = strnlen((char *)data+(size-size_left),size_left)) < size_left && numarg < maxarg) {
72*600f14f4SXin Li 		argv[numarg++] = (char *)data+(size-size_left);
73*600f14f4SXin Li 		size_left -= arglen + 1;
74*600f14f4SXin Li 	}
75*600f14f4SXin Li 
76*600f14f4SXin Li 	file_to_fuzz = mkstemp(filename);
77*600f14f4SXin Li 
78*600f14f4SXin Li 	if (file_to_fuzz < 0)
79*600f14f4SXin Li 		abort();
80*600f14f4SXin Li 	write(file_to_fuzz,data+(size-size_left),size_left);
81*600f14f4SXin Li 	close(file_to_fuzz);
82*600f14f4SXin Li 
83*600f14f4SXin Li 	/* redirect stdout */
84*600f14f4SXin Li 	fflush(stdout);
85*600f14f4SXin Li 	fgetpos(stdout,&pos_stdout);
86*600f14f4SXin Li 	tmp_stdout = dup(fileno(stdout));
87*600f14f4SXin Li 	freopen("/dev/null","w",stdout);
88*600f14f4SXin Li 
89*600f14f4SXin Li 	/* redirect stdin */
90*600f14f4SXin Li 	tmp_stdin = dup(fileno(stdin));
91*600f14f4SXin Li 
92*600f14f4SXin Li 	if(use_stdin)
93*600f14f4SXin Li 		freopen(filename,"r",stdin);
94*600f14f4SXin Li 	else {
95*600f14f4SXin Li 		freopen("/dev/null","r",stdin);
96*600f14f4SXin Li 		argv[numarg++] = filename;
97*600f14f4SXin Li 	}
98*600f14f4SXin Li 
99*600f14f4SXin Li 	main_to_fuzz(numarg,argv);
100*600f14f4SXin Li 
101*600f14f4SXin Li 	/* restore stdout */
102*600f14f4SXin Li 	fflush(stdout);
103*600f14f4SXin Li 	dup2(tmp_stdout, fileno(stdout));
104*600f14f4SXin Li 	close(tmp_stdout);
105*600f14f4SXin Li 	clearerr(stdout);
106*600f14f4SXin Li 	fsetpos(stdout,&pos_stdout);
107*600f14f4SXin Li 
108*600f14f4SXin Li 	/* restore stdin */
109*600f14f4SXin Li 	dup2(tmp_stdin, fileno(stdin));
110*600f14f4SXin Li 	close(tmp_stdin);
111*600f14f4SXin Li 	clearerr(stdin);
112*600f14f4SXin Li 
113*600f14f4SXin Li 	unlink(filename);
114*600f14f4SXin Li 
115*600f14f4SXin Li 	return 0;
116*600f14f4SXin Li }
117*600f14f4SXin Li 
118