Merge pull request #7503 from AdamKorcz/fuzz1

bump go-fuzz-headers

go.mod

@@ -3,7 +3,7 @@ module github.com/containerd/containerd
 go 1.18
 
 require (
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20220903154154-e8044f6e4c72
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b
 	github.com/Microsoft/go-winio v0.6.0
 	github.com/Microsoft/hcsshim v0.10.0-rc.1

go.sum

@@ -41,8 +41,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20220903154154-e8044f6e4c72 h1:1sCHCT0xRr7UArrI1WJxsl9S8QeYdf0fmuGIl2xb7YI=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df h1:kDJd/7926nFt3yQeX/o3D/LMoJmlmYKe5AdC3uDGOm4=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20220903154154-e8044f6e4c72/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b h1:RQhYYLDVbdN+fw4I+A90nMRcxg/tEg4KvHiDYOwY32g=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b/go.mod h1:P/MhpyNnqWUWlF8b/ksNuhU2kywD3Qc5fzauL06Gez8=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=

integration/client/go.mod

@@ -19,7 +19,7 @@ require (
 	golang.org/x/sys v0.0.0-20220915200043-7b5979e65e41
 )
 
-require github.com/AdaLogics/go-fuzz-headers v0.0.0-20220903154154-e8044f6e4c72
+require github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
 
 require (
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b // indirect

integration/client/go.sum

@@ -39,8 +39,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20220824214621-3c06a36a6952/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20220903154154-e8044f6e4c72 h1:1sCHCT0xRr7UArrI1WJxsl9S8QeYdf0fmuGIl2xb7YI=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df h1:kDJd/7926nFt3yQeX/o3D/LMoJmlmYKe5AdC3uDGOm4=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20220903154154-e8044f6e4c72/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b h1:RQhYYLDVbdN+fw4I+A90nMRcxg/tEg4KvHiDYOwY32g=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b/go.mod h1:P/MhpyNnqWUWlF8b/ksNuhU2kywD3Qc5fzauL06Gez8=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=

vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go

@@ -6,11 +6,13 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
+	"io"
 	"math"
 	"os"
 	"path/filepath"
 	"reflect"
 	"strings"
+	"time"
 	"unsafe"
 
 	securejoin "github.com/cyphar/filepath-securejoin"
@@ -500,45 +502,177 @@ func (f *ConsumeFuzzer) FuzzMap(m interface{}) error {
 	return nil
 }
 
+func returnTarBytes(buf []byte) ([]byte, error) {
+	reader := bytes.NewReader(buf)
+	tr := tar.NewReader(reader)
+
+	// Count files
+	var fileCounter int
+	fileCounter = 0
+	for {
+		_, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return nil, err
+		}
+		fileCounter++
+	}
+	if fileCounter > 4 {
+		return buf, nil
+	}
+	return nil, fmt.Errorf("Not enough files were created\n")
+}
+
+func setTarHeaderFormat(hdr *tar.Header, f *ConsumeFuzzer) error {
+	ind, err := f.GetInt()
+	if err != nil {
+		return err
+	}
+	switch ind % 4 {
+	case 0:
+		hdr.Format = tar.FormatUnknown
+	case 1:
+		hdr.Format = tar.FormatUSTAR
+	case 2:
+		hdr.Format = tar.FormatPAX
+	case 3:
+		hdr.Format = tar.FormatGNU
+	}
+	return nil
+}
+
+func setTarHeaderTypeflag(hdr *tar.Header, f *ConsumeFuzzer) error {
+	ind, err := f.GetInt()
+	if err != nil {
+		return err
+	}
+	switch ind % 13 {
+	case 0:
+		hdr.Typeflag = tar.TypeReg
+	case 1:
+		hdr.Typeflag = tar.TypeLink
+		linkname, err := f.GetString()
+		if err != nil {
+			return err
+		}
+		hdr.Linkname = linkname
+	case 2:
+		hdr.Typeflag = tar.TypeSymlink
+		linkname, err := f.GetString()
+		if err != nil {
+			return err
+		}
+		hdr.Linkname = linkname
+	case 3:
+		hdr.Typeflag = tar.TypeChar
+	case 4:
+		hdr.Typeflag = tar.TypeBlock
+	case 5:
+		hdr.Typeflag = tar.TypeDir
+	case 6:
+		hdr.Typeflag = tar.TypeFifo
+	case 7:
+		hdr.Typeflag = tar.TypeCont
+	case 8:
+		hdr.Typeflag = tar.TypeXHeader
+	case 9:
+		hdr.Typeflag = tar.TypeXGlobalHeader
+	case 10:
+		hdr.Typeflag = tar.TypeGNUSparse
+	case 11:
+		hdr.Typeflag = tar.TypeGNULongName
+	case 12:
+		hdr.Typeflag = tar.TypeGNULongLink
+	}
+	return nil
+}
+
+func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) {
+	filebody, err := f.GetBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	// Trick fuzzer to explore large file sizes.
+	if len(filebody) > 200 {
+		if len(filebody) > 2000 {
+			if len(filebody) > 20000 {
+				if len(filebody) > 200000 {
+					if len(filebody) > 800000 {
+						if len(filebody) > 1200000 {
+						}
+					}
+				}
+			}
+		}
+	}
+	return filebody, nil
+
+}
+
 // TarBytes returns valid bytes for a tar archive
 func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
-	var buf bytes.Buffer
-	tw := tar.NewWriter(&buf)
-
 	numberOfFiles, err := f.GetInt()
 	if err != nil {
 		return nil, err
 	}
-	maxNoOfFiles := 100000
+
+	var buf bytes.Buffer
+	tw := tar.NewWriter(&buf)
+	defer tw.Close()
+
+	maxNoOfFiles := 1000
 	for i := 0; i < numberOfFiles%maxNoOfFiles; i++ {
 		filename, err := f.GetString()
 		if err != nil {
-			return nil, err
+			return returnTarBytes(buf.Bytes())
 		}
-		filebody, err := f.GetBytes()
+		filebody, err := f.createTarFileBody()
 		if err != nil {
-			return nil, err
+			return returnTarBytes(buf.Bytes())
 		}
 		hdr := &tar.Header{}
-		err = f.GenerateStruct(hdr)
+		/*err = f.GenerateStruct(hdr)
 		if err != nil {
-			return nil, err
+			return returnTarBytes(buf.Bytes())
+		}*/
+
+		err = setTarHeaderTypeflag(hdr, f)
+		if err != nil {
+			return returnTarBytes(buf.Bytes())
 		}
+
+		sec, err := f.GetInt()
+		if err != nil {
+			return returnTarBytes(buf.Bytes())
+		}
+
+		nsec, err := f.GetInt()
+		if err != nil {
+			return returnTarBytes(buf.Bytes())
+		}
+
+		hdr.ModTime = time.Unix(int64(sec), int64(nsec))
+
 		hdr.Name = filename
 		hdr.Size = int64(len(filebody))
 		hdr.Mode = 0600
 
+		err = setTarHeaderFormat(hdr, f)
+		if err != nil {
+			return returnTarBytes(buf.Bytes())
+		}
+
 		if err := tw.WriteHeader(hdr); err != nil {
-			return nil, err
+			return returnTarBytes(buf.Bytes())
 		}
 		if _, err := tw.Write(filebody); err != nil {
-			return nil, err
+			return returnTarBytes(buf.Bytes())
 		}
 	}
-	if err := tw.Close(); err != nil {
+	return returnTarBytes(buf.Bytes())
-		return nil, err
-	}
-	return buf.Bytes(), nil
 }
 
 // Creates pseudo-random files in rootDir.

vendor/modules.txt

@@ -1,4 +1,4 @@
-# github.com/AdaLogics/go-fuzz-headers v0.0.0-20220903154154-e8044f6e4c72
+# github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
 ## explicit; go 1.13
 github.com/AdaLogics/go-fuzz-headers
 # github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b