diff options
| author | Patrick Griffis <pgriffis@igalia.com> | 2020-12-16 15:55:10 -0600 |
|---|---|---|
| committer | Patrick Griffis <pgriffis@igalia.com> | 2020-12-16 15:55:10 -0600 |
| commit | bcb62cd296b1e278a42c066de956378f0354741c (patch) | |
| tree | c05aba4d7eb2520be4a67aea69eea38fa8268b89 /fuzzing | |
| parent | b0fd7e1f65049b7efdf50febe6765039de4289ed (diff) | |
| download | libsoup-bcb62cd296b1e278a42c066de956378f0354741c.tar.gz | |
fuzzing: Add SoupContentSniffer coverage
Diffstat (limited to 'fuzzing')
| -rw-r--r-- | fuzzing/fuzz_content_sniffer.c | 19 | ||||
| -rw-r--r-- | fuzzing/fuzz_content_sniffer.dict | 28 | ||||
| -rw-r--r-- | fuzzing/meson.build | 6 |
3 files changed, 50 insertions, 3 deletions
diff --git a/fuzzing/fuzz_content_sniffer.c b/fuzzing/fuzz_content_sniffer.c new file mode 100644 index 00000000..f8be569a --- /dev/null +++ b/fuzzing/fuzz_content_sniffer.c @@ -0,0 +1,19 @@ +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + fuzz_set_logging_func (); + + GBytes *bytes = g_bytes_new (data, size); + SoupContentSniffer *sniffer = soup_content_sniffer_new (); + SoupMessage *msg = soup_message_new (SOUP_METHOD_GET, "https://example.org"); + char *content_type = soup_content_sniffer_sniff (sniffer, msg, bytes, NULL); + + g_bytes_unref (bytes); + g_object_unref (sniffer); + g_object_unref (msg); + g_free (content_type); + + return 0; +}
\ No newline at end of file diff --git a/fuzzing/fuzz_content_sniffer.dict b/fuzzing/fuzz_content_sniffer.dict new file mode 100644 index 00000000..79a3cc8c --- /dev/null +++ b/fuzzing/fuzz_content_sniffer.dict @@ -0,0 +1,28 @@ +# These are just directly copied from soup-content-sniffer.c +# and could surely be improved. + +# UTF-16 BOM +"\xFE\xFF" +# UTF-8 BOM +"\xEF\xBB\xBF" +# webm +"\x1A\x45\xDF\xA3" +# audio +".snd" +# aiff +"FORM\x00\x00\x00\x00AIFF" +# mpeg +"ID3" +# ogg +"OggS\x00" +# midi +"MThd\x00\x00\x00\x06" +# wave +"RIFF\x00\x00\x00\x00WAVE" +# avi +"RIFF\x00\x00\x00\x00AVI " +# HTML +"<!DOCTYPE HTML" +"<HTML" +# XML +"<?xml"
\ No newline at end of file diff --git a/fuzzing/meson.build b/fuzzing/meson.build index 865bfcd3..23777450 100644 --- a/fuzzing/meson.build +++ b/fuzzing/meson.build @@ -3,6 +3,7 @@ fs = import('fs') fuzz_targets = [ 'fuzz_decode_data_uri', 'fuzz_cookie_parse', + 'fuzz_content_sniffer', ] fuzzing_args = '-fsanitize=fuzzer,address,undefined' @@ -29,8 +30,7 @@ if have_fuzzing and (fuzzing_feature.enabled() or fuzzing_feature.auto()) test(target, exe, args: [ - '-runs=500000', - '-jobs=16', # This will automatically limit itself to half your systems threads + '-runs=200000', '-artifact_prefix=meson-logs/' + target + '-', '-print_final_stats=1', ] + extra_args, @@ -39,7 +39,7 @@ if have_fuzzing and (fuzzing_feature.enabled() or fuzzing_feature.auto()) 'UBSAN_OPTIONS=print_stacktrace=1', ], suite: 'fuzzing', - timeout: 240, + timeout: 360, priority: -1, ) endforeach |