[glib/wip/oholy/x-gvfs-notrash: 6/10] fuzzing: Test g_uri_unescape_segment() as well as g_uri_unescape_bytes()

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib/wip/oholy/x-gvfs-notrash: 6/10] fuzzing: Test g_uri_unescape_segment() as well as g_uri_unescape_bytes()
Date: Wed, 5 Aug 2020 12:04:51 +0000 (UTC)


commit 6a709054acc81ca550ca380fb27470c7e0a9130e
Author: Philip Withnall <withnall endlessm com>
Date:   Wed Jul 1 12:20:45 2020 +0100

    fuzzing: Test g_uri_unescape_segment() as well as g_uri_unescape_bytes()
    
    They have different `%`-encoding behaviour, and probably both deserve to
    be tested.
    
    Signed-off-by: Philip Withnall <withnall endlessm com>

 fuzzing/fuzz_uri_escape.c | 45 ++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 38 insertions(+), 7 deletions(-)
---
diff --git a/fuzzing/fuzz_uri_escape.c b/fuzzing/fuzz_uri_escape.c
index 3b3afa734..3ee7f7089 100644
--- a/fuzzing/fuzz_uri_escape.c
+++ b/fuzzing/fuzz_uri_escape.c
@@ -1,19 +1,18 @@
 #include "fuzz.h"
 
-int
-LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+static void
+test_bytes (const guint8 *data,
+            gsize         size)
 {
   GBytes *unescaped_bytes = NULL;
   gchar *escaped_string = NULL;
 
-  fuzz_set_logging_func ();
-
   if (size > G_MAXSSIZE)
-    return 0;
+    return;
 
   unescaped_bytes = g_uri_unescape_bytes ((const gchar *) data, (gssize) size);
   if (unescaped_bytes == NULL)
-    return 0;
+    return;
 
   escaped_string = g_uri_escape_bytes (g_bytes_get_data (unescaped_bytes, NULL),
                                        g_bytes_get_size (unescaped_bytes),
@@ -21,9 +20,41 @@ LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
   g_bytes_unref (unescaped_bytes);
 
   if (escaped_string == NULL)
-    return 0;
+    return;
+
+  g_free (escaped_string);
+}
+
+static void
+test_string (const guint8 *data,
+             gsize         size)
+{
+  gchar *unescaped_string = NULL;
+  gchar *escaped_string = NULL;
+
+  unescaped_string = g_uri_unescape_segment ((const gchar *) data, (const gchar *) data + size, NULL);
+  if (unescaped_string == NULL)
+    return;
+
+  escaped_string = g_uri_escape_string (unescaped_string, NULL, TRUE);
+  g_free (unescaped_string);
+
+  if (escaped_string == NULL)
+    return;
 
   g_free (escaped_string);
+}
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  fuzz_set_logging_func ();
+
+  /* Bytes form */
+  test_bytes (data, size);
+
+  /* String form (doesn’t do %-decoding) */
+  test_string (data, size);
 
   return 0;
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]