[PATCH] ieee1275/ofdisk: retry on open and read failure

Sometimes, when booting from a very busy SAN, the access to the disk can fail and then grub will eventually drop to grub prompt. This scenario is more frequent when deploying many machines at the same time using the same SAN. This patch aims to force the ofdisk module to retry the open or read func

[PATCH 3/6] tests: create a fuzzer for the png image format

Create a libfuzzer harness for the png image format. Once built, the fuzzer runs as: ./grub-fuzz-png With some hackery it can also be built with the address sanitizer or afl++. With regard to the license: I first worked on this while I was at IBM. I believe, looking at the fuzz fixes, that this

[PATCH 2/6] bitmap.h: set smaller image size limit when fuzzing

Large images mean large memory allocations, which could fail or at least be very slow. Also large images mean large files, which fuzzing generally cannot create. Finally, most parsing bugs (at least that we've found!) don't seem to rely on actually large images. So simply reduce the maximum size

[PATCH 4/6] tests: create a fuzzer for the jpeg image format

As with png, but this time testing jpeg. Signed-off-by: Daniel Axtens --- .gitignore | 1 + Makefile.util.def | 21 + grub-core/tests/fuzz/jpeg.c | 3 +++ 3 files changed, 25 insertions(+) create mode 100644 grub-core/tests/fuzz/jpeg.c diff --gi

[PATCH 6/6] docs: document fuzzer support

This is basic documentation. There are a few extra, super-hacky things we can do to get asan or afl++ going which are a bit too messy at the moment to commit to the docs. But, so as they are not lost to time, here's the invocations that currently work for me: libfuzzer + ASan: ./configure CC=cl

[PATCH 0/6] Support fuzzing grub's image file parsers

This is a cleaned up version of the fuzzers that I used to find CVE-2021-3695, CVE-2021-3696 and CVE-2021-3697. We're releasing this now because the techniques are not novel, the code is not hard to independently replicate, and it's hard to see what is gained by not releasing them. (I should add t

[PATCH 1/6] configure.ac: detect if compiler supports -fsanitize=fuzzer

If detected, COND_ENABLE_FUZZERS is set, which can be used in Makefile templates. This allows us to build libfuzzer fuzzers for parts of grub. --- configure.ac | 32 1 file changed, 32 insertions(+) diff --git a/configure.ac b/configure.ac index ca42ff8f7318..f7f

[PATCH 5/6] tests: create a fuzzer for the tga image format

TGA, the only parser where I didn't find any memory-corruption bugs. Yet. Signed-off-by: Daniel Axtens --- .gitignore | 1 + Makefile.util.def | 21 + grub-core/tests/fuzz/tga.c | 3 +++ 3 files changed, 25 insertions(+) create mode 100644 grub-cor