1
0
mirror of https://github.com/benhoyt/inih.git synced 2025-01-28 22:52:54 +08:00

Fuzzing support via AFL

This commit is contained in:
Ben Hoyt 2021-02-24 11:47:12 +13:00
parent e492a253ec
commit fcdecb8bdb
5 changed files with 66 additions and 0 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
fuzzing/findings
fuzzing/inihfuzz

2
fuzzing/build.sh Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/env bash
../../afl-2.52b/afl-gcc inihfuzz.c ../ini.c -o inihfuzz

2
fuzzing/fuzz.sh Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/env bash
../../afl-2.52b/afl-fuzz -i testcases -o findings -- ./inihfuzz @@

52
fuzzing/inihfuzz.c Normal file
View File

@ -0,0 +1,52 @@
/* This is a slightly tweaked copy of tests/unittest.c for fuzzing */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "../ini.h"
int User;
char Prev_section[50];
int dumper(void* user, const char* section, const char* name,
const char* value)
{
User = *((int*)user);
if (!name || strcmp(section, Prev_section)) {
printf("... [%s]\n", section);
strncpy(Prev_section, section, sizeof(Prev_section));
Prev_section[sizeof(Prev_section) - 1] = '\0';
}
if (!name) {
return 1;
}
printf("... %s%s%s;\n", name, value ? "=" : "", value ? value : "");
if (!value) {
// Happens when INI_ALLOW_NO_VALUE=1 and line has no value (no '=' or ':')
return 1;
}
return strcmp(name, "user")==0 && strcmp(value, "parse_error")==0 ? 0 : 1;
}
void parse(const char* fname) {
static int u = 100;
int e;
*Prev_section = '\0';
e = ini_parse(fname, dumper, &u);
printf("%s: e=%d user=%d\n", fname, e, User);
u++;
}
int main(int argc, char **argv)
{
if (argc < 2) {
printf("usage: inihfuzz file.ini\n");
return 1;
}
parse(argv[1]);
return 0;
}

View File

@ -0,0 +1,8 @@
; comment
[foo] ; section
bar=1 ; name=value
[bar]
name = Bob
age: 42