Skip to content

Commit c8713c0

Browse files
committed
Restrict metaflac fuzzer to offered file
The metaflac fuzzer could be directed to use files on the system, leading to unreproducible crashes Credit: Oss-fuzz Issue: N/A (local run)
1 parent 9d23884 commit c8713c0

File tree

3 files changed

+21
-1
lines changed

3 files changed

+21
-1
lines changed

oss-fuzz/common.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,5 @@
11
extern int alloc_check_threshold, alloc_check_counter, alloc_check_keep_failing;
22
int alloc_check_threshold = INT32_MAX, alloc_check_counter = 0, alloc_check_keep_failing = 0;
3+
4+
extern char* allowed_filename;
5+
char* allowed_filename = NULL;

oss-fuzz/tool_metaflac.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
5757
share__opterr = 0;
5858
share__optind = 0;
5959

60+
allowed_filename = NULL;
61+
6062

6163
if(size < 2)
6264
return 0;
@@ -88,6 +90,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
8890

8991
argv[numarg++] = filename;
9092

93+
allowed_filename = filename;
94+
9195
/* Create file to feed to stdin */
9296
if(use_stdin) {
9397
file_to_fuzz = mkstemp(filename_stdin);

src/metaflac/options.c

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -199,10 +199,23 @@ FLAC__bool parse_options(int argc, char *argv[], CommandLineOptions *options)
199199

200200
if(options->num_files > 0) {
201201
unsigned i = 0;
202+
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
203+
extern char* allowed_filename;
204+
#endif
202205
if(0 == (options->filenames = safe_malloc_mul_2op_(sizeof(char*), /*times*/options->num_files)))
203206
die("out of memory allocating space for file names list");
204207
while(share__optind < argc)
205-
options->filenames[i++] = local_strdup(argv[share__optind++]);
208+
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
209+
if(strcmp(argv[share__optind],allowed_filename) == 0)
210+
#endif
211+
options->filenames[i++] = local_strdup(argv[share__optind++]);
212+
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
213+
else {
214+
if(options->num_files > 0)
215+
options->num_files--;
216+
share__optind++;
217+
}
218+
#endif
206219
}
207220

208221
if(options->args.checks.num_major_ops > 0) {

0 commit comments

Comments
 (0)