diff options
author | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2019-10-02 10:51:39 +0300 |
---|---|---|
committer | Petteri Aimonen <jpa@git.mail.kapsi.fi> | 2019-10-02 10:51:39 +0300 |
commit | 7b0a42f10ce3676ae629aedca96f465e8d1edc80 (patch) | |
tree | 7e68af365fbb07ff794178db723960f0082369ce | |
parent | 6f6a8e45957e033b920d40cc7ea85d13506e78c6 (diff) |
Make fuzztest detect invalid bool values (#434)
-rw-r--r-- | tests/SConstruct | 2 | ||||
-rw-r--r-- | tests/fuzztest/fuzztest.c | 34 |
2 files changed, 35 insertions, 1 deletions
diff --git a/tests/SConstruct b/tests/SConstruct index d2dfeec..504f1b8 100644 --- a/tests/SConstruct +++ b/tests/SConstruct @@ -103,7 +103,7 @@ if not env.GetOption('clean'): # Check if we can use undefined behaviour sanitizer (only with clang) # TODO: Fuzz test triggers the bool sanitizer, figure out whether to # modify the fuzz test or to keep ignoring the check. - extra = '-fsanitize=undefined,integer -fno-sanitize-recover=undefined,integer -fsanitize-recover=bool ' + extra = '-fsanitize=undefined,integer -fno-sanitize-recover=undefined,integer ' if 'clang' in env['CC']: if conf.CheckCCFLAGS(extra, linkflags = extra): conf.env.Append(CORECFLAGS = extra) diff --git a/tests/fuzztest/fuzztest.c b/tests/fuzztest/fuzztest.c index ee851ec..0dc2382 100644 --- a/tests/fuzztest/fuzztest.c +++ b/tests/fuzztest/fuzztest.c @@ -171,6 +171,33 @@ static void rand_mess(uint8_t *buf, size_t count) /* Some default data to put in the message */ static const alltypes_static_AllTypes initval = alltypes_static_AllTypes_init_default; +/* Check the invariants defined in security model on decoded structure */ +static void sanity_check_static(alltypes_static_AllTypes *msg) +{ + bool truebool = true; + bool falsebool = false; + + /* TODO: Add more checks, or rather, generate them automatically */ + assert(strlen(msg->req_string) < sizeof(msg->req_string)); + assert(strlen(msg->opt_string) < sizeof(msg->opt_string)); + if (msg->rep_string_count > 0) + { + assert(strlen(msg->rep_string[0]) < sizeof(msg->rep_string[0])); + } + assert(memcmp(&msg->req_bool, &truebool, sizeof(bool)) == 0 || + memcmp(&msg->req_bool, &falsebool, sizeof(bool)) == 0); + assert(memcmp(&msg->has_opt_bool, &truebool, sizeof(bool)) == 0 || + memcmp(&msg->has_opt_bool, &falsebool, sizeof(bool)) == 0); + assert(memcmp(&msg->opt_bool, &truebool, sizeof(bool)) == 0 || + memcmp(&msg->opt_bool, &falsebool, sizeof(bool)) == 0); + assert(msg->rep_bool_count <= pb_arraysize(alltypes_static_AllTypes, rep_bool)); + if (msg->rep_bool_count > 0) + { + assert(memcmp(&msg->rep_bool[0], &truebool, sizeof(bool)) == 0 || + memcmp(&msg->rep_bool[0], &falsebool, sizeof(bool)) == 0); + } +} + #define BUFSIZE 4096 static bool do_static_encode(uint8_t *buffer, size_t *msglen) @@ -230,6 +257,11 @@ static bool do_static_decode(uint8_t *buffer, size_t msglen, bool assert_success rand_fill((uint8_t*)msg, sizeof(alltypes_static_AllTypes)); stream = pb_istream_from_buffer(buffer, msglen); status = pb_decode(&stream, alltypes_static_AllTypes_fields, msg); + + if (status) + { + sanity_check_static(msg); + } if (!status && assert_success) { @@ -285,6 +317,7 @@ static void do_static_roundtrip(uint8_t *buffer, size_t msglen) pb_istream_t stream = pb_istream_from_buffer(buffer, msglen); status = pb_decode(&stream, alltypes_static_AllTypes_fields, msg1); assert(status); + sanity_check_static(msg1); } { @@ -298,6 +331,7 @@ static void do_static_roundtrip(uint8_t *buffer, size_t msglen) pb_istream_t stream = pb_istream_from_buffer(buf2, msglen2); status = pb_decode(&stream, alltypes_static_AllTypes_fields, msg2); assert(status); + sanity_check_static(msg2); } { |