From: Eric Biggers <ebiggers3@gmail.com>
Date: Sun, 9 Apr 2023 19:39:48 +0000 (-0700)
Subject: libFuzzer: add xml_windows fuzzer
X-Git-Tag: v1.14.0~5
X-Git-Url: https://wimlib.net/git/?a=commitdiff_plain;h=330531d4edefb2cecfd15e20a0a676ab117d2e15;p=wimlib

libFuzzer: add xml_windows fuzzer
---

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index de97a82e..b552af39 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -182,6 +182,8 @@ jobs:
           sanitizer:
         - target: xml
           sanitizer: --asan --ubsan
+        - target: xml_windows
+          sanitizer: --asan --ubsan
         - target: compress
           sanitizer:
         - target: compress
diff --git a/tools/libFuzzer/xml_windows/corpus/dll b/tools/libFuzzer/xml_windows/corpus/dll
new file mode 100644
index 00000000..7a9f1d22
Binary files /dev/null and b/tools/libFuzzer/xml_windows/corpus/dll differ
diff --git a/tools/libFuzzer/xml_windows/corpus/registry b/tools/libFuzzer/xml_windows/corpus/registry
new file mode 100644
index 00000000..c416b0e0
Binary files /dev/null and b/tools/libFuzzer/xml_windows/corpus/registry differ
diff --git a/tools/libFuzzer/xml_windows/fuzz.c b/tools/libFuzzer/xml_windows/fuzz.c
new file mode 100644
index 00000000..2816378a
--- /dev/null
+++ b/tools/libFuzzer/xml_windows/fuzz.c
@@ -0,0 +1,43 @@
+#include "../fuzzer.h"
+
+#include <sys/stat.h>
+
+#define TMPDIR "/tmp/fuzz-xml-windows/"
+
+static void
+write_file(const char *path, const void *data, size_t size)
+{
+	int fd;
+	ssize_t res;
+
+	fd = open(path, O_WRONLY|O_TRUNC|O_CREAT, 0600);
+	assert(fd >= 0);
+	res = write(fd, data, size);
+	assert(res == size);
+	close(fd);
+}
+
+/* Fuzz set_windows_specific_info() in xml_windows.c. */
+int LLVMFuzzerTestOneInput(const uint8_t *in, size_t insize)
+{
+	WIMStruct *wim;
+	int ret;
+
+	mkdir(TMPDIR, 0700);
+	mkdir(TMPDIR "Windows", 0700);
+	mkdir(TMPDIR "Windows", 0700);
+	mkdir(TMPDIR "Windows/System32", 0700);
+	mkdir(TMPDIR "Windows/System32/config", 0700);
+	write_file(TMPDIR "Windows/System32/kernel32.dll", in, insize);
+	write_file(TMPDIR "Windows/System32/config/SYSTEM", in, insize);
+	write_file(TMPDIR "Windows/System32/config/SOFTWARE", in, insize);
+
+	ret = wimlib_create_new_wim(WIMLIB_COMPRESSION_TYPE_NONE, &wim);
+	assert(!ret);
+
+	ret = wimlib_add_image(wim, TMPDIR, NULL, NULL, 0);
+	assert(!ret);
+
+	wimlib_free(wim);
+	return 0;
+}