fuzzing: New data fuzzer with HRI check

terryburton · terryburton · commit aa269bb117d1 · 2024-07-19T14:14:59.000+01:00
diff --git a/src/c-lib/Makefile b/src/c-lib/Makefile
@@ -174,12 +174,12 @@ TEST_OBJ = $(BUILD_DIR)/$(TEST_SRC:.c=.o)
 LINTER_TEST_SRC = syntax/gs1syntaxdictionary-test.c
 
 FUZZER_PREFIX = $(NAME)-fuzzer-
-FUZZER_SRCS = gs1encoders-fuzzer-ais.c gs1encoders-fuzzer-dl.c gs1encoders-fuzzer-scandata.c gs1encoders-fuzzer-syn.c
+FUZZER_SRCS = gs1encoders-fuzzer-ais.c gs1encoders-fuzzer-data.c gs1encoders-fuzzer-dl.c gs1encoders-fuzzer-scandata.c gs1encoders-fuzzer-syn.c
 FUZZER_OBJS = $(addprefix $(BUILD_DIR)/, $(FUZZER_SRCS:.c=.o))
-FUZZER_BINS = $(BUILD_DIR)/$(FUZZER_PREFIX)ais $(BUILD_DIR)/$(FUZZER_PREFIX)dl $(BUILD_DIR)/$(FUZZER_PREFIX)scandata $(BUILD_DIR)/$(FUZZER_PREFIX)syn
+FUZZER_BINS = $(BUILD_DIR)/$(FUZZER_PREFIX)ais $(BUILD_DIR)/$(FUZZER_PREFIX)data $(BUILD_DIR)/$(FUZZER_PREFIX)dl $(BUILD_DIR)/$(FUZZER_PREFIX)scandata $(BUILD_DIR)/$(FUZZER_PREFIX)syn
 
 FUZZER_CORPUS_PREFIX = corpus-
-FUZZER_CORPUSES = $(FUZZER_CORPUS_PREFIX)ais/ $(FUZZER_CORPUS_PREFIX)dl/ $(FUZZER_CORPUS_PREFIX)scandata/ $(FUZZER_CORPUS_PREFIX)syn/
+FUZZER_CORPUSES = $(FUZZER_CORPUS_PREFIX)ais/ $(FUZZER_CORPUS_PREFIX)data/ $(FUZZER_CORPUS_PREFIX)dl/ $(FUZZER_CORPUS_PREFIX)scandata/ $(FUZZER_CORPUS_PREFIX)syn/
 
 ALL_SRCS = $(wildcard *.c) $(wildcard syntax/*.c)
 SRCS = $(filter-out $(APP_SRC) $(TEST_SRC) $(LINTER_TEST_SRC) $(FUZZER_SRCS), $(ALL_SRCS))
@@ -278,6 +278,11 @@ $(FUZZER_CORPUS_PREFIX)ais/:
 $(BUILD_DIR)/$(FUZZER_PREFIX)ais: $(OBJS) $(BUILD_DIR)/$(FUZZER_PREFIX)ais.o
 	$(CC) $(CFLAGS) $(OBJS) $(BUILD_DIR)/$(FUZZER_PREFIX)ais.o -o $(BUILD_DIR)/$(FUZZER_PREFIX)ais
 
+$(FUZZER_CORPUS_PREFIX)data/:
+	mkdir -p $@
+
+$(BUILD_DIR)/$(FUZZER_PREFIX)data: $(OBJS) $(BUILD_DIR)/$(FUZZER_PREFIX)data.o
+	$(CC) $(CFLAGS) $(OBJS) $(BUILD_DIR)/$(FUZZER_PREFIX)data.o -o $(BUILD_DIR)/$(FUZZER_PREFIX)data
 
 $(FUZZER_CORPUS_PREFIX)dl/:
 	mkdir -p $@
diff --git a/src/c-lib/gs1encoders-fuzzer-data.c b/src/c-lib/gs1encoders-fuzzer-data.c
@@ -0,0 +1,81 @@
+/**
+ * GS1 Syntax Engine
+ *
+ * @author Copyright (c) 2021-2024 GS1 AISBL.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "gs1encoders.h"
+#include "enc-private.h"
+
+static gs1_encoder *ctx = NULL;
+
+
+int LLVMFuzzerInitialize(int *argc, char ***argv) {
+
+	(void)argc;
+	(void)argv;
+
+	ctx = gs1_encoder_init(NULL);
+	gs1_encoder_setPermitUnknownAIs(ctx, true);
+
+	return 0;
+
+}
+
+
+int LLVMFuzzerTestOneInput(const uint8_t* const buf, size_t len) {
+
+	char in[MAX_DATA+1];
+	char pristine[MAX_DATA+1];
+	const char *out;
+	char **hri;
+
+	if (len > MAX_DATA)
+		return 0;
+
+	memcpy(in, buf, len);
+	in[len] = '\0';
+
+	memcpy(pristine, in, len);
+
+	if (!gs1_encoder_setDataStr(ctx, in))
+		return 0;
+
+	// Test that the input hasn't been corrupted
+	if (memcmp(in, pristine, len) != 0) {
+		printf("\n:IN %s\nPRISTINE: %s\n", in, pristine);
+		abort();
+	};
+
+	// Validate the round trip
+	out = gs1_encoder_getDataStr(ctx);
+	if (strcmp(in, out) != 0) {
+		printf("\nIN:  %s\nOUT: %s\n", in, out);
+		abort();
+	}
+
+	gs1_encoder_getHRI(ctx, &hri);
+
+	return 0;
+
+}
