From 595b0a6768e3b21a54fd22de91567efabaec98ae Mon Sep 17 00:00:00 2001 From: Victor Porof Date: Fri, 10 Jan 2020 08:57:30 +0000 Subject: [PATCH] Bug 1601946 - Pre 1: Add a fuzzing test for database names, r=truber Depends on D56335 Differential Revision: https://phabricator.services.mozilla.com/D56336 --HG-- extra : moz-landing-system : lando --- tools/fuzzing/rust/RustFuzzingTargets.cpp | 1 + tools/fuzzing/rust/RustFuzzingTargets.h | 1 + tools/fuzzing/rust/src/lib.rs | 21 +++++++++++++++++++++ 3 files changed, 23 insertions(+) diff --git a/tools/fuzzing/rust/RustFuzzingTargets.cpp b/tools/fuzzing/rust/RustFuzzingTargets.cpp index d8323d818385..17ee68ef935f 100644 --- a/tools/fuzzing/rust/RustFuzzingTargets.cpp +++ b/tools/fuzzing/rust/RustFuzzingTargets.cpp @@ -9,5 +9,6 @@ int FuzzingInitDummy(int* argc, char*** argv) { return 0; } MOZ_FUZZING_INTERFACE_RAW(FuzzingInitDummy, fuzz_rkv_db_file, RkvDbFile); +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitDummy, fuzz_rkv_db_name, RkvDbName); MOZ_FUZZING_INTERFACE_RAW(FuzzingInitDummy, fuzz_rkv_key_write, RkvKeyWrite); MOZ_FUZZING_INTERFACE_RAW(FuzzingInitDummy, fuzz_rkv_val_write, RkvValWrite); diff --git a/tools/fuzzing/rust/RustFuzzingTargets.h b/tools/fuzzing/rust/RustFuzzingTargets.h index 15652579ab49..0e169e06959f 100644 --- a/tools/fuzzing/rust/RustFuzzingTargets.h +++ b/tools/fuzzing/rust/RustFuzzingTargets.h @@ -13,6 +13,7 @@ extern "C" { int fuzz_rkv_db_file(const uint8_t* raw_data, size_t size); +int fuzz_rkv_db_name(const uint8_t* raw_data, size_t size); int fuzz_rkv_key_write(const uint8_t* raw_data, size_t size); int fuzz_rkv_val_write(const uint8_t* raw_data, size_t size); diff --git a/tools/fuzzing/rust/src/lib.rs b/tools/fuzzing/rust/src/lib.rs index 5dc025c5908e..d2f943142c8d 100644 --- a/tools/fuzzing/rust/src/lib.rs +++ b/tools/fuzzing/rust/src/lib.rs @@ -44,6 +44,27 @@ pub extern "C" fn fuzz_rkv_db_file(raw_data: *const u8, size: libc::size_t) -> l let reader = env.read().unwrap(); eat_lmdb_err(store.get(&reader, &[0])).unwrap(); + 0 +} + +#[no_mangle] +pub extern "C" fn fuzz_rkv_db_name(raw_data: *const u8, size: libc::size_t) -> libc::c_int { + let data = unsafe { std::slice::from_raw_parts(raw_data as *const u8, size as usize) }; + + let root = Builder::new().prefix("fuzz_rkv_db_name").tempdir().unwrap(); + fs::create_dir_all(root.path()).unwrap(); + + let env = rkv::Rkv::new(root.path()).unwrap(); + let name = String::from_utf8_lossy(data); + println!("Checking string: '{:?}'", name); + // Some strings are invalid database names, and are handled as store errors. + // Ignore those errors, but not others. + let store = eat_lmdb_err(env.open_single(name.as_ref(), rkv::StoreOptions::create())).unwrap(); + + if let Some(store) = store { + let reader = env.read().unwrap(); + eat_lmdb_err(store.get(&reader, &[0])).unwrap(); + }; 0 }