[PATCH] Demangler fuzzer

Mon, 11 Aug 2014 02:27:28 -0700 

Hi all,

This patch adds a simple fuzzer for the libiberty C++ demangler.
You can run it like this:

  make -C /path/to/build/libiberty/testsuite fuzz-demangler

It will run until it dumps core (usually only a few seconds).

Is this ok to commit?

Thanks,
Gary

-- 
2014-08-11  Gary Benson  <gben...@redhat.com>

        * testsuite/demangler-fuzzer.c: New file.
        * testsuite/Makefile.in (fuzz-demangler): New rule.
        (demangler-fuzzer): Likewise.
        (mostlyclean): Clean up demangler fuzzer.

Index: libiberty/testsuite/Makefile.in
===================================================================
--- libiberty/testsuite/Makefile.in     (revision 213809)
+++ libiberty/testsuite/Makefile.in     (working copy)
@@ -59,6 +59,10 @@
 check-expandargv: test-expandargv
        ./test-expandargv
 
+# Run the demangler fuzzer
+fuzz-demangler: demangler-fuzzer
+       ./demangler-fuzzer
+
 TEST_COMPILE = $(CC) @DEFS@ $(LIBCFLAGS) -I.. -I$(INCDIR) $(HDEFINES)
 test-demangle: $(srcdir)/test-demangle.c ../libiberty.a
        $(TEST_COMPILE) -o test-demangle \
@@ -72,6 +76,10 @@
        $(TEST_COMPILE) -DHAVE_CONFIG_H -I.. -o test-expandargv \
                $(srcdir)/test-expandargv.c ../libiberty.a
 
+demangler-fuzzer: $(srcdir)/demangler-fuzzer.c ../libiberty.a
+       $(TEST_COMPILE) -o demangler-fuzzer \
+               $(srcdir)/demangler-fuzzer.c ../libiberty.a
+
 # Standard (either GNU or Cygnus) rules we don't use.
 html install-html info install-info clean-info dvi pdf install-pdf \
 install etags tags installcheck:
@@ -81,6 +89,7 @@
        rm -f test-demangle
        rm -f test-pexecute
        rm -f test-expandargv
+       rm -f demangler-fuzzer
        rm -f core
 clean: mostlyclean
 distclean: clean
Index: libiberty/testsuite/demangler-fuzzer.c
===================================================================
--- libiberty/testsuite/demangler-fuzzer.c      (revision 0)
+++ libiberty/testsuite/demangler-fuzzer.c      (revision 0)
@@ -0,0 +1,47 @@
+/* Demangler fuzzer.
+
+   Copyright (C) 2014 Free Software Foundation, Inc.
+
+   This file is part of GNU libiberty.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <demangle.h>
+
+#define MAXLEN 253
+#define ALPMIN 33
+#define ALPMAX 127
+
+int
+main (int argc, char *argv[])
+{
+  char symbol[2 + MAXLEN + 1] = "_Z";
+
+  srand (time (NULL));
+  while (1)
+    {
+      char *buffer = symbol + 2;
+      int length, i;
+
+      length = rand () % MAXLEN;
+      for (i = 0; i < length; i++)
+       *(buffer++) = (rand () % (ALPMAX - ALPMIN)) + ALPMIN;
+
+      *(buffer++) = '\0';
+
+      cplus_demangle (symbol, DMGL_AUTO | DMGL_ANSI | DMGL_PARAMS);
+    }
+}

Reply via email to