fuzzing: bump go-fuzz-headers
Signed-off-by: AdamKorcz <adam@adalogics.com>
This commit is contained in:
AdamKorcz
parent
d4b3b54540
commit
b742aa2e77
2
go.mod
2
go.mod
@ -3,7 +3,7 @@ module github.com/containerd/containerd
|
||||
go 1.18
|
||||
|
||||
require (
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8
|
||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b
|
||||
github.com/Microsoft/go-winio v0.6.0
|
||||
github.com/Microsoft/hcsshim v0.10.0-rc.1
|
||||
|
||||
4
go.sum
4
go.sum
@ -41,8 +41,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
|
||||
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
|
||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df h1:kDJd/7926nFt3yQeX/o3D/LMoJmlmYKe5AdC3uDGOm4=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8 h1:d+pBUmsteW5tM87xmVXHZ4+LibHRFn40SPAoZJOg2ak=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b h1:RQhYYLDVbdN+fw4I+A90nMRcxg/tEg4KvHiDYOwY32g=
|
||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b/go.mod h1:P/MhpyNnqWUWlF8b/ksNuhU2kywD3Qc5fzauL06Gez8=
|
||||
github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||
|
||||
@ -19,7 +19,7 @@ require (
|
||||
golang.org/x/sys v0.1.0
|
||||
)
|
||||
|
||||
require github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
|
||||
require github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8
|
||||
|
||||
require (
|
||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b // indirect
|
||||
|
||||
@ -46,8 +46,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
|
||||
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
|
||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20220824214621-3c06a36a6952/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df h1:kDJd/7926nFt3yQeX/o3D/LMoJmlmYKe5AdC3uDGOm4=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8 h1:d+pBUmsteW5tM87xmVXHZ4+LibHRFn40SPAoZJOg2ak=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc=
|
||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b h1:RQhYYLDVbdN+fw4I+A90nMRcxg/tEg4KvHiDYOwY32g=
|
||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b/go.mod h1:P/MhpyNnqWUWlF8b/ksNuhU2kywD3Qc5fzauL06Gez8=
|
||||
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
|
||||
|
||||
129
vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
generated
vendored
129
vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
generated
vendored
@ -196,21 +196,40 @@ func (f *ConsumeFuzzer) fuzzStruct(e reflect.Value, customFunctions bool) error
|
||||
e.SetString(str)
|
||||
}
|
||||
case reflect.Slice:
|
||||
maxElements := 50
|
||||
randQty, err := f.GetInt()
|
||||
var maxElements uint32
|
||||
// Byte slices should not be restricted
|
||||
if e.Type().String() == "[]uint8" {
|
||||
maxElements = 10000000
|
||||
} else {
|
||||
maxElements = 50
|
||||
}
|
||||
|
||||
randQty, err := f.GetUint32()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
numOfElements := randQty % maxElements
|
||||
var numOfElements uint32
|
||||
numOfElements = randQty % maxElements
|
||||
if (uint32(len(f.data)) - f.position) < numOfElements {
|
||||
numOfElements = uint32(len(f.data)) - f.position
|
||||
}
|
||||
|
||||
uu := reflect.MakeSlice(e.Type(), numOfElements, numOfElements)
|
||||
uu := reflect.MakeSlice(e.Type(), int(numOfElements), int(numOfElements))
|
||||
|
||||
for i := 0; i < numOfElements; i++ {
|
||||
for i := 0; i < int(numOfElements); i++ {
|
||||
err := f.fuzzStruct(uu.Index(i), customFunctions)
|
||||
// If we have more than 10, then we can proceed with that.
|
||||
if err != nil {
|
||||
if i >= 10 {
|
||||
if e.CanSet() {
|
||||
e.Set(uu)
|
||||
}
|
||||
return nil
|
||||
} else {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
if e.CanSet() {
|
||||
e.Set(uu)
|
||||
}
|
||||
@ -437,7 +456,7 @@ func (f *ConsumeFuzzer) GetBytes() ([]byte, error) {
|
||||
if f.position+length > MaxTotalLen {
|
||||
return nil, errors.New("Created too large a string")
|
||||
}
|
||||
byteBegin := f.position + 1
|
||||
byteBegin := f.position - 1
|
||||
if byteBegin >= uint32(len(f.data)) {
|
||||
return nil, errors.New("Not enough bytes to create byte array")
|
||||
}
|
||||
@ -463,10 +482,10 @@ func (f *ConsumeFuzzer) GetString() (string, error) {
|
||||
if err != nil {
|
||||
return "nil", errors.New("Not enough bytes to create string")
|
||||
}
|
||||
if f.position+length > MaxTotalLen {
|
||||
if f.position > MaxTotalLen {
|
||||
return "nil", errors.New("Created too large a string")
|
||||
}
|
||||
byteBegin := f.position + 1
|
||||
byteBegin := f.position - 1
|
||||
if byteBegin >= uint32(len(f.data)) {
|
||||
return "nil", errors.New("Not enough bytes to create string")
|
||||
}
|
||||
@ -474,7 +493,7 @@ func (f *ConsumeFuzzer) GetString() (string, error) {
|
||||
return "nil", errors.New("Not enough bytes to create string")
|
||||
}
|
||||
if byteBegin > byteBegin+length {
|
||||
return "nil", errors.New("Nunmbers overflow. Returning")
|
||||
return "nil", errors.New("Numbers overflow. Returning")
|
||||
}
|
||||
str := string(f.data[byteBegin : byteBegin+length])
|
||||
f.position = byteBegin + length
|
||||
@ -590,28 +609,96 @@ func setTarHeaderTypeflag(hdr *tar.Header, f *ConsumeFuzzer) error {
|
||||
}
|
||||
|
||||
func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) {
|
||||
filebody, err := f.GetBytes()
|
||||
if len(f.data) == 0 || f.position >= uint32(len(f.data)) {
|
||||
return nil, errors.New("Not enough bytes to create byte array")
|
||||
}
|
||||
length, err := f.GetUint32()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, errors.New("Not enough bytes to create byte array")
|
||||
}
|
||||
|
||||
// Trick fuzzer to explore large file sizes.
|
||||
if len(filebody) > 200 {
|
||||
if len(filebody) > 2000 {
|
||||
if len(filebody) > 20000 {
|
||||
if len(filebody) > 200000 {
|
||||
if len(filebody) > 800000 {
|
||||
if len(filebody) > 1200000 {
|
||||
// A bit of optimization to attempt to create a file body
|
||||
// when we don't have as many bytes left as "length"
|
||||
remainingBytes := (uint32(len(f.data)) - f.position)
|
||||
totalDataLen := uint32(len(f.data))
|
||||
if uint32(len(f.data))-f.position < 50 {
|
||||
if remainingBytes == 0 {
|
||||
return nil, errors.New("Created too large a string")
|
||||
}
|
||||
length = length % remainingBytes
|
||||
} else if len(f.data) < 500 {
|
||||
if totalDataLen == 0 {
|
||||
return nil, errors.New("Created too large a string")
|
||||
}
|
||||
length = length % totalDataLen
|
||||
}
|
||||
if f.position+length > MaxTotalLen {
|
||||
return nil, errors.New("Created too large a string")
|
||||
}
|
||||
byteBegin := f.position - 1
|
||||
if byteBegin >= uint32(len(f.data)) {
|
||||
return nil, errors.New("Not enough bytes to create byte array")
|
||||
}
|
||||
if length == 0 {
|
||||
return nil, errors.New("Zero-length is not supported")
|
||||
}
|
||||
if byteBegin+length >= uint32(len(f.data)) {
|
||||
return nil, errors.New("Not enough bytes to create byte array")
|
||||
}
|
||||
if byteBegin+length < byteBegin {
|
||||
return nil, errors.New("Nunmbers overflow. Returning")
|
||||
}
|
||||
filebody := f.data[byteBegin : byteBegin+length]
|
||||
f.position = byteBegin + length
|
||||
return filebody, nil
|
||||
|
||||
}
|
||||
|
||||
// Is similar to GetString(), but creates string based on the length
|
||||
// of the length of f.data to increase the likelihood of not overflowing
|
||||
// f.data
|
||||
func (f *ConsumeFuzzer) getTarFilename() (string, error) {
|
||||
if f.position >= uint32(len(f.data)) {
|
||||
return "nil", errors.New("Not enough bytes to create string")
|
||||
}
|
||||
length, err := f.GetUint32()
|
||||
if err != nil {
|
||||
return "nil", errors.New("Not enough bytes to create string")
|
||||
}
|
||||
|
||||
// A bit of optimization to attempt to create a file name
|
||||
// when we don't have as many bytes left as "length"
|
||||
remainingBytes := (uint32(len(f.data)) - f.position)
|
||||
totalDataLen := uint32(len(f.data))
|
||||
if uint32(len(f.data))-f.position < 50 {
|
||||
if remainingBytes == 0 {
|
||||
return "nil", errors.New("Created too large a string")
|
||||
}
|
||||
length = length % remainingBytes
|
||||
} else if len(f.data) < 500 {
|
||||
if totalDataLen == 0 {
|
||||
return "nil", errors.New("Created too large a string")
|
||||
}
|
||||
length = length % totalDataLen
|
||||
}
|
||||
if f.position > MaxTotalLen {
|
||||
return "nil", errors.New("Created too large a string")
|
||||
}
|
||||
byteBegin := f.position - 1
|
||||
if byteBegin >= uint32(len(f.data)) {
|
||||
return "nil", errors.New("Not enough bytes to create string")
|
||||
}
|
||||
if byteBegin+length > uint32(len(f.data)) {
|
||||
return "nil", errors.New("Not enough bytes to create string")
|
||||
}
|
||||
if byteBegin > byteBegin+length {
|
||||
return "nil", errors.New("Numbers overflow. Returning")
|
||||
}
|
||||
str := string(f.data[byteBegin : byteBegin+length])
|
||||
f.position = byteBegin + length
|
||||
return str, nil
|
||||
}
|
||||
|
||||
// TarBytes returns valid bytes for a tar archive
|
||||
func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
|
||||
numberOfFiles, err := f.GetInt()
|
||||
@ -625,7 +712,7 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
|
||||
|
||||
maxNoOfFiles := 1000
|
||||
for i := 0; i < numberOfFiles%maxNoOfFiles; i++ {
|
||||
filename, err := f.GetString()
|
||||
filename, err := f.getTarFilename()
|
||||
if err != nil {
|
||||
return returnTarBytes(buf.Bytes())
|
||||
}
|
||||
@ -634,10 +721,6 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
|
||||
return returnTarBytes(buf.Bytes())
|
||||
}
|
||||
hdr := &tar.Header{}
|
||||
/*err = f.GenerateStruct(hdr)
|
||||
if err != nil {
|
||||
return returnTarBytes(buf.Bytes())
|
||||
}*/
|
||||
|
||||
err = setTarHeaderTypeflag(hdr, f)
|
||||
if err != nil {
|
||||
|
||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -1,4 +1,4 @@
|
||||
# github.com/AdaLogics/go-fuzz-headers v0.0.0-20221007124625-37f5449ff7df
|
||||
# github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8
|
||||
## explicit; go 1.13
|
||||
github.com/AdaLogics/go-fuzz-headers
|
||||
# github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20220912195655-e1f97a00006b
|
||||
|
||||
Loading…
Reference in New Issue
Block a user