1 // Copyright 2020 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 // #define USE_FLAGS
16 // #define DUMP_SUPER
17 // #define SAVE_FS_IMAGE
18
19 #include <stdio.h>
20 #include <stddef.h>
21 #include <stdint.h>
22 #include <unistd.h>
23 #include <assert.h>
24 #include <fcntl.h>
25 #include <sys/syscall.h>
26 #include <linux/memfd.h>
27 #include <fuzzer/FuzzedDataProvider.h>
28
29 #include "ext2fs/ext2fs.h"
30 extern "C" {
31 #include "e2p/e2p.h"
32 #include "support/print_fs_flags.h"
33 }
34
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)35 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
36
37 const char *progname = "ext2fs_image_read_write_fuzzer";
38 add_error_table(&et_ext2_error_table);
39
40 enum FuzzerType {
41 ext2fsImageBitmapRead,
42 ext2fsImageInodeRead,
43 ext2fsImageSuperRead,
44 ext2fsImageBitmapWrite,
45 ext2fsImageInodeWrite,
46 ext2fsImageSuperWrite,
47 kMaxValue = ext2fsImageSuperWrite
48 };
49
50 FuzzedDataProvider stream(data, size);
51 const FuzzerType f = stream.ConsumeEnum<FuzzerType>();
52 int flags = stream.ConsumeIntegral<int>();
53 #ifndef USE_FLAGS
54 flags = 0;
55 #endif
56
57 static const char* fname = "/tmp/ext2_test_file";
58
59 // Write our data to a temp file.
60 #ifdef SAVE_FS_IMAGE
61 int fd = open(fname, O_CREAT|O_TRUNC|O_RDWR, 0644);
62 #else
63 int fd = syscall(SYS_memfd_create, fname, 0);
64 #endif
65 std::vector<char> buffer = stream.ConsumeRemainingBytes<char>();
66 write(fd, buffer.data(), buffer.size());
67
68 std::string fspath("/proc/self/fd/" + std::to_string(fd));
69
70 ext2_filsys fs;
71 #ifdef USE_FLAGS
72 printf("Flags: 0x%08x ", flags);
73 print_fs_flags(stdout, flags);
74 flags &= ~EXT2_FLAG_NOFREE_ON_ERROR;
75 #endif
76 errcode_t retval = ext2fs_open(
77 fspath.c_str(),
78 flags | EXT2_FLAG_IGNORE_CSUM_ERRORS, 0, 0,
79 unix_io_manager,
80 &fs);
81
82 if (retval) {
83 com_err(progname, retval, "while trying to open file system");
84 } else {
85 #ifdef DUMP_SUPER
86 list_super2(fs->super, stdout);
87 #endif
88 printf("FuzzerType: %d\n", (int) f);
89 switch (f) {
90 case ext2fsImageBitmapRead: {
91 retval = ext2fs_image_bitmap_read(fs, fd, 0);
92 if (retval)
93 com_err(progname, retval, "while trying to read image bitmap");
94 break;
95 }
96 case ext2fsImageInodeRead: {
97 retval = ext2fs_image_inode_read(fs, fd, 0);
98 if (retval)
99 com_err(progname, retval, "while trying to read image inode");
100 break;
101 }
102 case ext2fsImageSuperRead: {
103 retval = ext2fs_image_super_read(fs, fd, 0);
104 if (retval)
105 com_err(progname, retval, "while trying to read image superblock");
106 break;
107 }
108 case ext2fsImageBitmapWrite: {
109 retval = ext2fs_image_bitmap_write(fs, fd, 0);
110 if (retval)
111 com_err(progname, retval, "while trying to write image bitmap");
112 break;
113 }
114 case ext2fsImageInodeWrite: {
115 retval = ext2fs_image_inode_write(fs, fd, 0);
116 if (retval)
117 com_err(progname, retval, "while trying to write image inode");
118 break;
119 }
120 case ext2fsImageSuperWrite: {
121 retval = ext2fs_image_super_write(fs, fd, 0);
122 if (retval)
123 com_err(progname, retval, "while trying to write image superblock");
124 break;
125 }
126 default: {
127 assert(false);
128 }
129 }
130 ext2fs_close(fs);
131 }
132 close(fd);
133
134 return 0;
135 }
136