fuzzing: bump go-fuzz-headers
Signed-off-by: AdamKorcz <adam@adalogics.com>
This commit is contained in:
AdamKorcz
parent
d4b3b54540
commit
b742aa2e77
2
go.mod
2
go.mod
@ -3,7 +3,7 @@ module github.com/containerd/containerd
|
|||||||
go 1.18
|
go 1.18
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8
|
||||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b
|
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b
|
||||||
github.com/Microsoft/go-winio v0.6.0
|
github.com/Microsoft/go-winio v0.6.0
|
||||||
github.com/Microsoft/hcsshim v0.10.0-rc.1
|
github.com/Microsoft/hcsshim v0.10.0-rc.1
|
||||||
|
|||||||
4
go.sum
4
go.sum
@ -41,8 +41,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
|
|||||||
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
|
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
|
||||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df h1:kDJd/7926nFt3yQeX/o3D/LMoJmlmYKe5AdC3uDGOm4=
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8 h1:d+pBUmsteW5tM87xmVXHZ4+LibHRFn40SPAoZJOg2ak=
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
||||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b h1:RQhYYLDVbdN+fw4I+A90nMRcxg/tEg4KvHiDYOwY32g=
|
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b h1:RQhYYLDVbdN+fw4I+A90nMRcxg/tEg4KvHiDYOwY32g=
|
||||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b/go.mod h1:P/MhpyNnqWUWlF8b/ksNuhU2kywD3Qc5fzauL06Gez8=
|
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b/go.mod h1:P/MhpyNnqWUWlF8b/ksNuhU2kywD3Qc5fzauL06Gez8=
|
||||||
github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||||
|
|||||||
@ -19,7 +19,7 @@ require (
|
|||||||
golang.org/x/sys v0.1.0
|
golang.org/x/sys v0.1.0
|
||||||
)
|
)
|
||||||
|
|
||||||
require github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
|
require github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b // indirect
|
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b // indirect
|
||||||
|
|||||||
@ -46,8 +46,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
|
|||||||
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
|
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
|
||||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20220824214621-3c06a36a6952/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20220824214621-3c06a36a6952/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df h1:kDJd/7926nFt3yQeX/o3D/LMoJmlmYKe5AdC3uDGOm4=
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8 h1:d+pBUmsteW5tM87xmVXHZ4+LibHRFn40SPAoZJOg2ak=
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
||||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b h1:RQhYYLDVbdN+fw4I+A90nMRcxg/tEg4KvHiDYOwY32g=
|
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b h1:RQhYYLDVbdN+fw4I+A90nMRcxg/tEg4KvHiDYOwY32g=
|
||||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b/go.mod h1:P/MhpyNnqWUWlF8b/ksNuhU2kywD3Qc5fzauL06Gez8=
|
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b/go.mod h1:P/MhpyNnqWUWlF8b/ksNuhU2kywD3Qc5fzauL06Gez8=
|
||||||
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
|
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
|
||||||
|
|||||||
139
vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
generated
vendored
139
vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
generated
vendored
@ -196,19 +196,38 @@ func (f *ConsumeFuzzer) fuzzStruct(e reflect.Value, customFunctions bool) error
|
|||||||
e.SetString(str)
|
e.SetString(str)
|
||||||
}
|
}
|
||||||
case reflect.Slice:
|
case reflect.Slice:
|
||||||
maxElements := 50
|
var maxElements uint32
|
||||||
randQty, err := f.GetInt()
|
// Byte slices should not be restricted
|
||||||
|
if e.Type().String() == "[]uint8" {
|
||||||
|
maxElements = 10000000
|
||||||
|
} else {
|
||||||
|
maxElements = 50
|
||||||
|
}
|
||||||
|
|
||||||
|
randQty, err := f.GetUint32()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
numOfElements := randQty % maxElements
|
var numOfElements uint32
|
||||||
|
numOfElements = randQty % maxElements
|
||||||
|
if (uint32(len(f.data)) - f.position) < numOfElements {
|
||||||
|
numOfElements = uint32(len(f.data)) - f.position
|
||||||
|
}
|
||||||
|
|
||||||
uu := reflect.MakeSlice(e.Type(), numOfElements, numOfElements)
|
uu := reflect.MakeSlice(e.Type(), int(numOfElements), int(numOfElements))
|
||||||
|
|
||||||
for i := 0; i < numOfElements; i++ {
|
for i := 0; i < int(numOfElements); i++ {
|
||||||
err := f.fuzzStruct(uu.Index(i), customFunctions)
|
err := f.fuzzStruct(uu.Index(i), customFunctions)
|
||||||
|
// If we have more than 10, then we can proceed with that.
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
if i >= 10 {
|
||||||
|
if e.CanSet() {
|
||||||
|
e.Set(uu)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
} else {
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if e.CanSet() {
|
if e.CanSet() {
|
||||||
@ -437,7 +456,7 @@ func (f *ConsumeFuzzer) GetBytes() ([]byte, error) {
|
|||||||
if f.position+length > MaxTotalLen {
|
if f.position+length > MaxTotalLen {
|
||||||
return nil, errors.New("Created too large a string")
|
return nil, errors.New("Created too large a string")
|
||||||
}
|
}
|
||||||
byteBegin := f.position + 1
|
byteBegin := f.position - 1
|
||||||
if byteBegin >= uint32(len(f.data)) {
|
if byteBegin >= uint32(len(f.data)) {
|
||||||
return nil, errors.New("Not enough bytes to create byte array")
|
return nil, errors.New("Not enough bytes to create byte array")
|
||||||
}
|
}
|
||||||
@ -463,10 +482,10 @@ func (f *ConsumeFuzzer) GetString() (string, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return "nil", errors.New("Not enough bytes to create string")
|
return "nil", errors.New("Not enough bytes to create string")
|
||||||
}
|
}
|
||||||
if f.position+length > MaxTotalLen {
|
if f.position > MaxTotalLen {
|
||||||
return "nil", errors.New("Created too large a string")
|
return "nil", errors.New("Created too large a string")
|
||||||
}
|
}
|
||||||
byteBegin := f.position + 1
|
byteBegin := f.position - 1
|
||||||
if byteBegin >= uint32(len(f.data)) {
|
if byteBegin >= uint32(len(f.data)) {
|
||||||
return "nil", errors.New("Not enough bytes to create string")
|
return "nil", errors.New("Not enough bytes to create string")
|
||||||
}
|
}
|
||||||
@ -474,7 +493,7 @@ func (f *ConsumeFuzzer) GetString() (string, error) {
|
|||||||
return "nil", errors.New("Not enough bytes to create string")
|
return "nil", errors.New("Not enough bytes to create string")
|
||||||
}
|
}
|
||||||
if byteBegin > byteBegin+length {
|
if byteBegin > byteBegin+length {
|
||||||
return "nil", errors.New("Nunmbers overflow. Returning")
|
return "nil", errors.New("Numbers overflow. Returning")
|
||||||
}
|
}
|
||||||
str := string(f.data[byteBegin : byteBegin+length])
|
str := string(f.data[byteBegin : byteBegin+length])
|
||||||
f.position = byteBegin + length
|
f.position = byteBegin + length
|
||||||
@ -590,28 +609,96 @@ func setTarHeaderTypeflag(hdr *tar.Header, f *ConsumeFuzzer) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) {
|
func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) {
|
||||||
filebody, err := f.GetBytes()
|
if len(f.data) == 0 || f.position >= uint32(len(f.data)) {
|
||||||
|
return nil, errors.New("Not enough bytes to create byte array")
|
||||||
|
}
|
||||||
|
length, err := f.GetUint32()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, errors.New("Not enough bytes to create byte array")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Trick fuzzer to explore large file sizes.
|
// A bit of optimization to attempt to create a file body
|
||||||
if len(filebody) > 200 {
|
// when we don't have as many bytes left as "length"
|
||||||
if len(filebody) > 2000 {
|
remainingBytes := (uint32(len(f.data)) - f.position)
|
||||||
if len(filebody) > 20000 {
|
totalDataLen := uint32(len(f.data))
|
||||||
if len(filebody) > 200000 {
|
if uint32(len(f.data))-f.position < 50 {
|
||||||
if len(filebody) > 800000 {
|
if remainingBytes == 0 {
|
||||||
if len(filebody) > 1200000 {
|
return nil, errors.New("Created too large a string")
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
length = length % remainingBytes
|
||||||
|
} else if len(f.data) < 500 {
|
||||||
|
if totalDataLen == 0 {
|
||||||
|
return nil, errors.New("Created too large a string")
|
||||||
|
}
|
||||||
|
length = length % totalDataLen
|
||||||
}
|
}
|
||||||
|
if f.position+length > MaxTotalLen {
|
||||||
|
return nil, errors.New("Created too large a string")
|
||||||
|
}
|
||||||
|
byteBegin := f.position - 1
|
||||||
|
if byteBegin >= uint32(len(f.data)) {
|
||||||
|
return nil, errors.New("Not enough bytes to create byte array")
|
||||||
|
}
|
||||||
|
if length == 0 {
|
||||||
|
return nil, errors.New("Zero-length is not supported")
|
||||||
|
}
|
||||||
|
if byteBegin+length >= uint32(len(f.data)) {
|
||||||
|
return nil, errors.New("Not enough bytes to create byte array")
|
||||||
|
}
|
||||||
|
if byteBegin+length < byteBegin {
|
||||||
|
return nil, errors.New("Nunmbers overflow. Returning")
|
||||||
|
}
|
||||||
|
filebody := f.data[byteBegin : byteBegin+length]
|
||||||
|
f.position = byteBegin + length
|
||||||
return filebody, nil
|
return filebody, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Is similar to GetString(), but creates string based on the length
|
||||||
|
// of the length of f.data to increase the likelihood of not overflowing
|
||||||
|
// f.data
|
||||||
|
func (f *ConsumeFuzzer) getTarFilename() (string, error) {
|
||||||
|
if f.position >= uint32(len(f.data)) {
|
||||||
|
return "nil", errors.New("Not enough bytes to create string")
|
||||||
|
}
|
||||||
|
length, err := f.GetUint32()
|
||||||
|
if err != nil {
|
||||||
|
return "nil", errors.New("Not enough bytes to create string")
|
||||||
|
}
|
||||||
|
|
||||||
|
// A bit of optimization to attempt to create a file name
|
||||||
|
// when we don't have as many bytes left as "length"
|
||||||
|
remainingBytes := (uint32(len(f.data)) - f.position)
|
||||||
|
totalDataLen := uint32(len(f.data))
|
||||||
|
if uint32(len(f.data))-f.position < 50 {
|
||||||
|
if remainingBytes == 0 {
|
||||||
|
return "nil", errors.New("Created too large a string")
|
||||||
|
}
|
||||||
|
length = length % remainingBytes
|
||||||
|
} else if len(f.data) < 500 {
|
||||||
|
if totalDataLen == 0 {
|
||||||
|
return "nil", errors.New("Created too large a string")
|
||||||
|
}
|
||||||
|
length = length % totalDataLen
|
||||||
|
}
|
||||||
|
if f.position > MaxTotalLen {
|
||||||
|
return "nil", errors.New("Created too large a string")
|
||||||
|
}
|
||||||
|
byteBegin := f.position - 1
|
||||||
|
if byteBegin >= uint32(len(f.data)) {
|
||||||
|
return "nil", errors.New("Not enough bytes to create string")
|
||||||
|
}
|
||||||
|
if byteBegin+length > uint32(len(f.data)) {
|
||||||
|
return "nil", errors.New("Not enough bytes to create string")
|
||||||
|
}
|
||||||
|
if byteBegin > byteBegin+length {
|
||||||
|
return "nil", errors.New("Numbers overflow. Returning")
|
||||||
|
}
|
||||||
|
str := string(f.data[byteBegin : byteBegin+length])
|
||||||
|
f.position = byteBegin + length
|
||||||
|
return str, nil
|
||||||
|
}
|
||||||
|
|
||||||
// TarBytes returns valid bytes for a tar archive
|
// TarBytes returns valid bytes for a tar archive
|
||||||
func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
|
func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
|
||||||
numberOfFiles, err := f.GetInt()
|
numberOfFiles, err := f.GetInt()
|
||||||
@ -625,7 +712,7 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
|
|||||||
|
|
||||||
maxNoOfFiles := 1000
|
maxNoOfFiles := 1000
|
||||||
for i := 0; i < numberOfFiles%maxNoOfFiles; i++ {
|
for i := 0; i < numberOfFiles%maxNoOfFiles; i++ {
|
||||||
filename, err := f.GetString()
|
filename, err := f.getTarFilename()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return returnTarBytes(buf.Bytes())
|
return returnTarBytes(buf.Bytes())
|
||||||
}
|
}
|
||||||
@ -634,10 +721,6 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
|
|||||||
return returnTarBytes(buf.Bytes())
|
return returnTarBytes(buf.Bytes())
|
||||||
}
|
}
|
||||||
hdr := &tar.Header{}
|
hdr := &tar.Header{}
|
||||||
/*err = f.GenerateStruct(hdr)
|
|
||||||
if err != nil {
|
|
||||||
return returnTarBytes(buf.Bytes())
|
|
||||||
}*/
|
|
||||||
|
|
||||||
err = setTarHeaderTypeflag(hdr, f)
|
err = setTarHeaderTypeflag(hdr, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -1,4 +1,4 @@
|
|||||||
# github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
|
# github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8
|
||||||
## explicit; go 1.13
|
## explicit; go 1.13
|
||||||
github.com/AdaLogics/go-fuzz-headers
|
github.com/AdaLogics/go-fuzz-headers
|
||||||
# github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b
|
# github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user