From 595b0a6768e3b21a54fd22de91567efabaec98ae Mon Sep 17 00:00:00 2001
From: Victor Porof <vporof@mozilla.com>
Date: Fri, 10 Jan 2020 08:57:30 +0000
Subject: [PATCH] Bug 1601946 - Pre 1: Add a fuzzing test for database names,
 r=truber

Depends on D56335

Differential Revision: https://phabricator.services.mozilla.com/D56336

--HG--
extra : moz-landing-system : lando
---
 tools/fuzzing/rust/RustFuzzingTargets.cpp |  1 +
 tools/fuzzing/rust/RustFuzzingTargets.h   |  1 +
 tools/fuzzing/rust/src/lib.rs             | 21 +++++++++++++++++++++
 3 files changed, 23 insertions(+)

diff --git a/tools/fuzzing/rust/RustFuzzingTargets.cpp b/tools/fuzzing/rust/RustFuzzingTargets.cpp
index d8323d818385..17ee68ef935f 100644
--- a/tools/fuzzing/rust/RustFuzzingTargets.cpp
+++ b/tools/fuzzing/rust/RustFuzzingTargets.cpp
@@ -9,5 +9,6 @@
 int FuzzingInitDummy(int* argc, char*** argv) { return 0; }
 
 MOZ_FUZZING_INTERFACE_RAW(FuzzingInitDummy, fuzz_rkv_db_file, RkvDbFile);
+MOZ_FUZZING_INTERFACE_RAW(FuzzingInitDummy, fuzz_rkv_db_name, RkvDbName);
 MOZ_FUZZING_INTERFACE_RAW(FuzzingInitDummy, fuzz_rkv_key_write, RkvKeyWrite);
 MOZ_FUZZING_INTERFACE_RAW(FuzzingInitDummy, fuzz_rkv_val_write, RkvValWrite);
diff --git a/tools/fuzzing/rust/RustFuzzingTargets.h b/tools/fuzzing/rust/RustFuzzingTargets.h
index 15652579ab49..0e169e06959f 100644
--- a/tools/fuzzing/rust/RustFuzzingTargets.h
+++ b/tools/fuzzing/rust/RustFuzzingTargets.h
@@ -13,6 +13,7 @@
 extern "C" {
 
 int fuzz_rkv_db_file(const uint8_t* raw_data, size_t size);
+int fuzz_rkv_db_name(const uint8_t* raw_data, size_t size);
 int fuzz_rkv_key_write(const uint8_t* raw_data, size_t size);
 int fuzz_rkv_val_write(const uint8_t* raw_data, size_t size);
 
diff --git a/tools/fuzzing/rust/src/lib.rs b/tools/fuzzing/rust/src/lib.rs
index 5dc025c5908e..d2f943142c8d 100644
--- a/tools/fuzzing/rust/src/lib.rs
+++ b/tools/fuzzing/rust/src/lib.rs
@@ -44,6 +44,27 @@ pub extern "C" fn fuzz_rkv_db_file(raw_data: *const u8, size: libc::size_t) -> l
     let reader = env.read().unwrap();
     eat_lmdb_err(store.get(&reader, &[0])).unwrap();
 
+    0
+}
+
+#[no_mangle]
+pub extern "C" fn fuzz_rkv_db_name(raw_data: *const u8, size: libc::size_t) -> libc::c_int {
+    let data = unsafe { std::slice::from_raw_parts(raw_data as *const u8, size as usize) };
+
+    let root = Builder::new().prefix("fuzz_rkv_db_name").tempdir().unwrap();
+    fs::create_dir_all(root.path()).unwrap();
+
+    let env = rkv::Rkv::new(root.path()).unwrap();
+    let name = String::from_utf8_lossy(data);
+    println!("Checking string: '{:?}'", name);
+    // Some strings are invalid database names, and are handled as store errors.
+    // Ignore those errors, but not others.
+    let store = eat_lmdb_err(env.open_single(name.as_ref(), rkv::StoreOptions::create())).unwrap();
+
+    if let Some(store) = store {
+        let reader = env.read().unwrap();
+        eat_lmdb_err(store.get(&reader, &[0])).unwrap();
+    };
 
     0
 }