1*600f14f4SXin Li /* fuzzer_tool_flac
2*600f14f4SXin Li * Copyright (C) 2023 Xiph.Org Foundation
3*600f14f4SXin Li *
4*600f14f4SXin Li * Redistribution and use in source and binary forms, with or without
5*600f14f4SXin Li * modification, are permitted provided that the following conditions
6*600f14f4SXin Li * are met:
7*600f14f4SXin Li *
8*600f14f4SXin Li * - Redistributions of source code must retain the above copyright
9*600f14f4SXin Li * notice, this list of conditions and the following disclaimer.
10*600f14f4SXin Li *
11*600f14f4SXin Li * - Redistributions in binary form must reproduce the above copyright
12*600f14f4SXin Li * notice, this list of conditions and the following disclaimer in the
13*600f14f4SXin Li * documentation and/or other materials provided with the distribution.
14*600f14f4SXin Li *
15*600f14f4SXin Li * - Neither the name of the Xiph.org Foundation nor the names of its
16*600f14f4SXin Li * contributors may be used to endorse or promote products derived from
17*600f14f4SXin Li * this software without specific prior written permission.
18*600f14f4SXin Li *
19*600f14f4SXin Li * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20*600f14f4SXin Li * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21*600f14f4SXin Li * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22*600f14f4SXin Li * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
23*600f14f4SXin Li * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24*600f14f4SXin Li * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25*600f14f4SXin Li * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26*600f14f4SXin Li * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
27*600f14f4SXin Li * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28*600f14f4SXin Li * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
29*600f14f4SXin Li * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30*600f14f4SXin Li */
31*600f14f4SXin Li
32*600f14f4SXin Li #include <stdio.h>
33*600f14f4SXin Li #include <stdlib.h>
34*600f14f4SXin Li #include <string.h> /* for memcpy */
35*600f14f4SXin Li #define FUZZ_TOOL_METAFLAC
36*600f14f4SXin Li #define fprintf(...)
37*600f14f4SXin Li #define printf(...)
38*600f14f4SXin Li #include "../src/metaflac/main.c"
39*600f14f4SXin Li #include "common.h"
40*600f14f4SXin Li
41*600f14f4SXin Li int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
42*600f14f4SXin Li
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)43*600f14f4SXin Li int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
44*600f14f4SXin Li {
45*600f14f4SXin Li size_t size_left = size;
46*600f14f4SXin Li size_t arglen;
47*600f14f4SXin Li char * argv[64];
48*600f14f4SXin Li char exename[] = "metaflac";
49*600f14f4SXin Li char filename[] = "/tmp/fuzzXXXXXX";
50*600f14f4SXin Li char filename_stdin[] = "/tmp/fuzzXXXXXX";
51*600f14f4SXin Li int numarg = 0, maxarg;
52*600f14f4SXin Li int file_to_fuzz;
53*600f14f4SXin Li int tmp_stdout, tmp_stdin;
54*600f14f4SXin Li fpos_t pos_stdout;
55*600f14f4SXin Li bool use_stdin = false;
56*600f14f4SXin Li
57*600f14f4SXin Li share__opterr = 0;
58*600f14f4SXin Li share__optind = 0;
59*600f14f4SXin Li
60*600f14f4SXin Li
61*600f14f4SXin Li if(size < 2)
62*600f14f4SXin Li return 0;
63*600f14f4SXin Li
64*600f14f4SXin Li maxarg = data[0] & 15;
65*600f14f4SXin Li use_stdin = data[0] & 16;
66*600f14f4SXin Li size_left--;
67*600f14f4SXin Li
68*600f14f4SXin Li argv[0] = exename;
69*600f14f4SXin Li numarg++;
70*600f14f4SXin Li
71*600f14f4SXin Li /* Check whether input is zero delimited */
72*600f14f4SXin Li while((arglen = strnlen((char *)data+(size-size_left),size_left)) < size_left && numarg < maxarg) {
73*600f14f4SXin Li argv[numarg++] = (char *)data+(size-size_left);
74*600f14f4SXin Li size_left -= arglen + 1;
75*600f14f4SXin Li }
76*600f14f4SXin Li
77*600f14f4SXin Li /* Create file to feed directly */
78*600f14f4SXin Li file_to_fuzz = mkstemp(filename);
79*600f14f4SXin Li if (file_to_fuzz < 0)
80*600f14f4SXin Li abort();
81*600f14f4SXin Li if(use_stdin) {
82*600f14f4SXin Li write(file_to_fuzz,data+(size-size_left),size_left/2);
83*600f14f4SXin Li size_left -= size_left/2;
84*600f14f4SXin Li }
85*600f14f4SXin Li else
86*600f14f4SXin Li write(file_to_fuzz,data+(size-size_left),size_left);
87*600f14f4SXin Li close(file_to_fuzz);
88*600f14f4SXin Li
89*600f14f4SXin Li argv[numarg++] = filename;
90*600f14f4SXin Li
91*600f14f4SXin Li /* Create file to feed to stdin */
92*600f14f4SXin Li if(use_stdin) {
93*600f14f4SXin Li file_to_fuzz = mkstemp(filename_stdin);
94*600f14f4SXin Li if (file_to_fuzz < 0)
95*600f14f4SXin Li abort();
96*600f14f4SXin Li write(file_to_fuzz,data+(size-size_left),size_left);
97*600f14f4SXin Li close(file_to_fuzz);
98*600f14f4SXin Li }
99*600f14f4SXin Li
100*600f14f4SXin Li /* redirect stdout */
101*600f14f4SXin Li fflush(stdout);
102*600f14f4SXin Li fgetpos(stdout,&pos_stdout);
103*600f14f4SXin Li tmp_stdout = dup(fileno(stdout));
104*600f14f4SXin Li freopen("/dev/null","w",stdout);
105*600f14f4SXin Li
106*600f14f4SXin Li /* redirect stdin */
107*600f14f4SXin Li tmp_stdin = dup(fileno(stdin));
108*600f14f4SXin Li if(use_stdin)
109*600f14f4SXin Li freopen(filename_stdin,"r",stdin);
110*600f14f4SXin Li else {
111*600f14f4SXin Li freopen("/dev/null","r",stdin);
112*600f14f4SXin Li argv[numarg++] = filename;
113*600f14f4SXin Li }
114*600f14f4SXin Li
115*600f14f4SXin Li main_to_fuzz(numarg,argv);
116*600f14f4SXin Li
117*600f14f4SXin Li /* restore stdout */
118*600f14f4SXin Li fflush(stdout);
119*600f14f4SXin Li dup2(tmp_stdout, fileno(stdout));
120*600f14f4SXin Li close(tmp_stdout);
121*600f14f4SXin Li clearerr(stdout);
122*600f14f4SXin Li fsetpos(stdout,&pos_stdout);
123*600f14f4SXin Li
124*600f14f4SXin Li /* restore stdin */
125*600f14f4SXin Li dup2(tmp_stdin, fileno(stdin));
126*600f14f4SXin Li close(tmp_stdin);
127*600f14f4SXin Li clearerr(stdin);
128*600f14f4SXin Li
129*600f14f4SXin Li unlink(filename);
130*600f14f4SXin Li
131*600f14f4SXin Li if(use_stdin)
132*600f14f4SXin Li unlink(filename_stdin);
133*600f14f4SXin Li
134*600f14f4SXin Li return 0;
135*600f14f4SXin Li }
136*600f14f4SXin Li
137