LineageOS/android_external_gptfdisk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
83fdc999601788fa68b505fc2a0429441ecb434a
android_external_gptfdisk/fuzzer/libgptf_fuzzer.cc
Jeff Sharkey 83fdc99960 Add a fuzzer for gptfdisk. 
Since gptfdisk is used to parse MBR and GPT partition tables from
untrusted USB and SD card storage devices, we should get a fuzzer
wired up to hunt for security issues.

To enable the fuzzer, we create a new "diskio-heap" implementation
for backing I/O operations, which allows us to treat the fuzzer
input as a fake block device.  These changes are as minimal as
possible to avoid future merge conflicts.

The single corpus input is a sample block device with a single
empty GPT partition created using these commands:

$ losetup /dev/loop0 typical.bin
$ gdisk /dev/loop0

And the final table is:

Number  Start (sector)    End (sector)  Size       Code  Name
   1              34              38   2.5 KiB     8300  Linux filesystem

Bug: 170783842
Test: SANITIZE_HOST=address make ${FUZZER_NAME} && ${ANDROID_HOST_OUT}/fuzz/$(get_build_var HOST_ARCH)/${FUZZER_NAME}/${FUZZER_NAME}
Change-Id: I21a2a5f7f1019365accf8fd74c958aaafe7f7ff7
2020-10-13 19:55:52 -06:00

44 lines
1.1 KiB
C++
Raw Blame History

/*
* Copyright (C) 2020 The Android Open Source Project
*
* This software is licensed under the terms of the GNU General Public
* License version 2, as published by the Free Software Foundation, and
* may be copied, distributed, and modified under those terms.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <fstream>
#include <iostream>
#include "diskio.h"
#include "mbr.h"
#include "gpt.h"
#include <fuzzer/FuzzedDataProvider.h>
std::ofstream silence("/dev/null");
extern "C" int LLVMFuzzerInitialize(int *, char ***) {
std::cout.rdbuf(silence.rdbuf());
std::cerr.rdbuf(silence.rdbuf());
return 0;
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
DiskIO disk;
disk.OpenForRead(static_cast<const unsigned char*>(data), size);
BasicMBRData mbrData;
mbrData.ReadMBRData(&disk);
GPTData gptData;
gptData.SetDisk(disk);
gptData.LoadPartitions("/dev/does_not_exist");
return 0;
}
Reference in New Issue View Git Blame Copy Permalink