introduce fuzzer and removed fuzzer-guided warning
diff --git a/skeletons/ber_tlv_length.c b/skeletons/ber_tlv_length.c
index 47459aa..02a120a 100644
--- a/skeletons/ber_tlv_length.c
+++ b/skeletons/ber_tlv_length.c
@@ -40,28 +40,18 @@
for(len = 0, buf++, skipped = 1;
oct && (++skipped <= size); buf++, oct--) {
- len = (len << 8) | *buf;
- if(len < 0
- || (len >> ((8 * sizeof(len)) - 8) && oct > 1)) {
- /*
- * Too large length value.
- */
+ /* Verify that we won't overflow. */
+ if(!(len >> ((8 * sizeof(len)) - (8+1)))) {
+ len = (len << 8) | *buf;
+ } else {
+ /* Too large length value. */
return -1;
}
}
if(oct == 0) {
- ber_tlv_len_t lenplusepsilon = (size_t)len + 1024;
- /*
- * Here length may be very close or equal to 2G.
- * However, the arithmetics used in some decoders
- * may add some (small) quantities to the length,
- * to check the resulting value against some limits.
- * This may result in integer wrap-around, which
- * we try to avoid by checking it earlier here.
- */
- if(lenplusepsilon < 0) {
- /* Too large length value */
+ if(len < 0 || len > RSIZE_MAX) {
+ /* Length value out of sane range. */
return -1;
}
diff --git a/tests/tests-c-compiler/Makefile.am b/tests/tests-c-compiler/Makefile.am
index db0497c..83508e5 100644
--- a/tests/tests-c-compiler/Makefile.am
+++ b/tests/tests-c-compiler/Makefile.am
@@ -14,6 +14,7 @@
CFLAGS="${TESTSUITE_CFLAGS} ${CFLAGS}" \
CXXFLAGS="${CXXFLAGS}" \
LDFLAGS="${LDFLAGS}" \
+ LIBFUZZER_CFLAGS="${LIBFUZZER_CFLAGS}" \
srcdir=${srcdir} \
abs_top_srcdir=${abs_top_srcdir} \
abs_top_builddir=${abs_top_builddir} \
diff --git a/tests/tests-c-compiler/check-src/check-42.c b/tests/tests-c-compiler/check-src/check-42.c
index 137fee3..8a59410 100644
--- a/tests/tests-c-compiler/check-src/check-42.c
+++ b/tests/tests-c-compiler/check-src/check-42.c
@@ -126,6 +126,17 @@
assert(memcmp(buf0, buf, sizeof(buf0)) == 0);
}
+#ifdef ENABLE_LIBFUZZER
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ LogLine_t *lp = 0;
+ (void)ber_decode(0, &asn_DEF_LogLine, (void **)&lp, Data, Size);
+ ASN_STRUCT_FREE(asn_DEF_LogLine, lp);
+ return 0;
+}
+
+#else
+
int
main(int ac, char **av) {
LogLine_t t;
@@ -140,3 +151,5 @@
return 0;
}
+
+#endif