Merge pull request #263 from chaoticgd/fuzzing

Add fuzzing harness and fix some bugs it found
chaoticgd · Oct 31, 2024 · 67437ac · 67437ac
2 parents 6327ba5 + cc2a4cd
commit 67437ac
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 2 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -121,6 +121,17 @@ target_include_directories(tests PUBLIC src/)
 target_link_libraries(tests ccc ccc_platform ccc_versioninfo demanglegnu gtest)
 add_test(NAME tests COMMAND tests ${CMAKE_SOURCE_DIR}/testdata)
 
+if(FUZZ)
+	if(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+		add_executable(fuzztest src/fuzztest.cpp)
+		target_compile_options(fuzztest PUBLIC -fsanitize=fuzzer)
+		target_link_options(fuzztest PUBLIC -fsanitize=fuzzer)
+		target_link_libraries(fuzztest ccc ccc_platform ccc_versioninfo demanglegnu)
+	else()
+		message(FATAL_ERROR "The FUZZ option only supports clang.")
+	endif()
+endif()
+
 if(WIN32)
 	target_sources(demangle PUBLIC src/ccc.manifest)
 	target_sources(objdump PUBLIC src/ccc.manifest)

diff --git a/src/ccc/elf.cpp b/src/ccc/elf.cpp
@@ -44,7 +44,7 @@ Result<ElfFile> ElfFile::parse(std::vector<u8> image)
 		CCC_CHECK(section_header, "ELF section header out of range.");
 
 		const char* name = get_string(elf.image, shstr_section_header->offset + section_header->name);
-		CCC_CHECK(section_header, "ELF section name out of range.");
+		CCC_CHECK(name, "ELF section name out of range.");
 
 		ElfSection& section = elf.sections.emplace_back();
 		section.name = name;

diff --git a/src/ccc/sndll.cpp b/src/ccc/sndll.cpp
@@ -107,7 +107,9 @@ static Result<SNDLLFile> parse_sndll_common(
 		SNDLLSymbol& symbol = sndll.symbols.emplace_back();
 		symbol.type = symbol_header->type;
 		symbol.value = symbol_header->value;
-		symbol.string = string;
+		if (string) {
+			symbol.string = string;
+		}
 	}
 
 	return sndll;

diff --git a/src/fuzztest.cpp b/src/fuzztest.cpp
@@ -0,0 +1,36 @@
+// This file is part of the Chaos Compiler Collection.
+// SPDX-License-Identifier: MIT
+
+#include "ccc/ccc.h"
+
+using namespace ccc;
+
+extern "C" int LLVMFuzzerTestOneInput(const u8* data, size_t size)
+{
+	std::vector<u8> image(data, data + size);
+	Result<std::unique_ptr<SymbolFile>> symbol_file =
+		parse_symbol_file(std::move(image), "totallyrealvideogame.elf");
+	if (!symbol_file.success()) {
+		return 0;
+	}
+
+	Result<std::vector<std::unique_ptr<SymbolTable>>> symbol_tables =
+		(*symbol_file)->get_all_symbol_tables();
+	if (!symbol_tables.success()) {
+		return 0;
+	}
+
+	SymbolDatabase database;
+
+	DemanglerFunctions demangler; // Don't fuzz the demangler.
+
+	Result<ModuleHandle> module_handle = import_symbol_tables(
+		database,
+		(*symbol_file)->name(),
+		*symbol_tables,
+		NO_IMPORTER_FLAGS,
+		demangler,
+		nullptr);
+
+	return 0;
+}