Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f66460b9 authored by Elliott Hughes's avatar Elliott Hughes
Browse files

libziparchive: add trivial fuzzer. 

Didn't find anything when I ran it, but it did get me to fix the
const/non-const void* in the API.

Test: treehugger
Change-Id: If3849d974965e3e5ffcbdaf5e47921316d717410
parent d76932ff

libziparchive/Android.bp

+7 −0
Original line number Diff line number Diff line
@@ -184,3 +184,10 @@ cc_binary { 
    ],

    recovery_available: true,

}



cc_fuzz {

    name: "libziparchive_fuzzer",

    srcs: ["libziparchive_fuzzer.cpp"],

    static_libs: ["libziparchive", "libbase", "libz", "liblog"],

    host_supported: true,

}

libziparchive/include/ziparchive/zip_archive.h

+1 −1
Original line number Diff line number Diff line
@@ -114,7 +114,7 @@ int32_t OpenArchive(const char* fileName, ZipArchiveHandle* handle); 
int32_t OpenArchiveFd(const int fd, const char* debugFileName, ZipArchiveHandle* handle,

                      bool assume_ownership = true);



int32_t OpenArchiveFromMemory(void* address, size_t length, const char* debugFileName,

int32_t OpenArchiveFromMemory(const void* address, size_t length, const char* debugFileName,

                              ZipArchiveHandle* handle);

/*

 * Close archive, releasing resources associated with it. This will

libziparchive/libziparchive_fuzzer.cpp

0 → 100644
+13 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: Apache-2.0



#include <stddef.h>

#include <stdint.h>



#include <ziparchive/zip_archive.h>



extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  ZipArchiveHandle handle = nullptr;

  OpenArchiveFromMemory(data, size, "fuzz", &handle);

  CloseArchive(handle);

  return 0;

}

libziparchive/zip_archive.cc

+7 −6
Original line number Diff line number Diff line
@@ -178,7 +178,7 @@ ZipArchive::ZipArchive(const int fd, bool assume_ownership) 
#endif

}



ZipArchive::ZipArchive(void* address, size_t length)

ZipArchive::ZipArchive(const void* address, size_t length)

    : mapped_zip(address, length),

      close_file(false),

      directory_offset(0),
@@ -471,7 +471,7 @@ int32_t OpenArchive(const char* fileName, ZipArchiveHandle* handle) { 
  return OpenArchiveInternal(archive, fileName);

}



int32_t OpenArchiveFromMemory(void* address, size_t length, const char* debug_file_name,

int32_t OpenArchiveFromMemory(const void* address, size_t length, const char* debug_file_name,

                              ZipArchiveHandle* handle) {

  ZipArchive* archive = new ZipArchive(address, length);

  *handle = archive;
@@ -1152,7 +1152,7 @@ int MappedZipFile::GetFileDescriptor() const { 
  return fd_;

}



void* MappedZipFile::GetBasePtr() const {

const void* MappedZipFile::GetBasePtr() const {

  if (has_fd_) {

    ALOGW("Zip: MappedZipFile doesn't have a base pointer.");

    return nullptr;
@@ -1188,13 +1188,14 @@ bool MappedZipFile::ReadAtOffset(uint8_t* buf, size_t len, off64_t off) const { 
      ALOGE("Zip: invalid offset: %" PRId64 ", data length: %" PRId64 "\n", off, data_length_);

      return false;

    }

    memcpy(buf, static_cast<uint8_t*>(base_ptr_) + off, len);

    memcpy(buf, static_cast<const uint8_t*>(base_ptr_) + off, len);

  }

  return true;

}



void CentralDirectory::Initialize(void* map_base_ptr, off64_t cd_start_offset, size_t cd_size) {

  base_ptr_ = static_cast<uint8_t*>(map_base_ptr) + cd_start_offset;

void CentralDirectory::Initialize(const void* map_base_ptr, off64_t cd_start_offset,

                                  size_t cd_size) {

  base_ptr_ = static_cast<const uint8_t*>(map_base_ptr) + cd_start_offset;

  length_ = cd_size;

}

libziparchive/zip_archive_private.h

+5 −5
Original line number Diff line number Diff line
@@ -95,14 +95,14 @@ class MappedZipFile { 
  explicit MappedZipFile(const int fd)

      : has_fd_(true), fd_(fd), base_ptr_(nullptr), data_length_(0) {}



  explicit MappedZipFile(void* address, size_t length)

  explicit MappedZipFile(const void* address, size_t length)

      : has_fd_(false), fd_(-1), base_ptr_(address), data_length_(static_cast<off64_t>(length)) {}



  bool HasFd() const { return has_fd_; }



  int GetFileDescriptor() const;



  void* GetBasePtr() const;

  const void* GetBasePtr() const;



  off64_t GetFileLength() const;
@@ -117,7 +117,7 @@ class MappedZipFile { 


  const int fd_;



  void* const base_ptr_;

  const void* const base_ptr_;

  const off64_t data_length_;

};
@@ -129,7 +129,7 @@ class CentralDirectory { 


  size_t GetMapLength() const { return length_; }



  void Initialize(void* map_base_ptr, off64_t cd_start_offset, size_t cd_size);

  void Initialize(const void* map_base_ptr, off64_t cd_start_offset, size_t cd_size);



 private:

  const uint8_t* base_ptr_;
@@ -177,7 +177,7 @@ struct ZipArchive { 
  ZipStringOffset* hash_table;



  ZipArchive(const int fd, bool assume_ownership);

  ZipArchive(void* address, size_t length);

  ZipArchive(const void* address, size_t length);

  ~ZipArchive();



  bool InitializeCentralDirectory(off64_t cd_start_offset, size_t cd_size);