fuzz-ar: fuzzer for the archive parsing API

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
(cherry picked from commit 4bfa4576e7b64b16937f71094641ec0f39ee47c7)
Signed-off-by: Sam James <sam@gentoo.org>

2 files changed, 63 insertions, 0 deletions

diff --git a/fuzz-ar.c b/fuzz-ar.c
new file mode 100644
index 0000000..360194f
--- /dev/null
+++ b/fuzz-ar.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2024 Gentoo Foundation
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * Copyright 2024 Mike Frysinger  - <vapier@gentoo.org>
+ */
+
+/* Fuzz the ar interface. */
+
+const char argv0[] = "fuzz-ar";
+
+#include "paxinc.h"
+
+static int fd;
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	(void)argc;
+	(void)argv;
+
+	fd = memfd_create("fuzz-input.a", MFD_CLOEXEC);
+	if (fd == -1)
+		errp("memfd_create() failed");
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	if (ftruncate(fd, size) != 0)
+		errp("ftruncate(%i, %zu) failed", fd, size);
+	if (pwrite(fd, data, size, 0) != (ssize_t)size)
+		errp("pwrite() failed");
+	if (lseek(fd, 0, SEEK_SET) != 0)
+		errp("lseek() failed");
+
+	int afd = dup(fd);
+	archive_handle *ar = ar_open_fd("fuzz-input.a", afd, 0);
+	if (ar == NULL) {
+		close(afd);
+		return 0;
+	}
+	while (ar_next(ar) != NULL)
+		continue;
+
+	return 0;
+}
diff --git a/meson.build b/meson.build
index 64fcc14..6de7a30 100644
--- a/meson.build
+++ b/meson.build
@@ -171,5 +171,22 @@ if do_tests and get_option('use_fuzzing')
         '-print_final_stats',
       ]
     )
+
+    fuzz_ar = executable('fuzz-ar',
+      common_src + ['fuzz-ar.c'],
+      override_options : [
+        'buildtype=debug',
+      ],
+      c_args : fuzz_flags,
+      link_args : fuzz_flags,
+      install : false
+    )
+    test('fuzz-ar', fuzz_ar,
+      args : [
+        '-close_fd_mask=3',
+        '-max_total_time=10',
+        '-print_final_stats=1',
+      ]
+    )
   endif
 endif