Skip to content

Commit

Permalink
fuzz printf too
Browse files Browse the repository at this point in the history
  • Loading branch information
sylvestre committed Nov 20, 2023
1 parent 980d6dc commit 0cc26e2
Show file tree
Hide file tree
Showing 3 changed files with 139 additions and 0 deletions.
1 change: 1 addition & 0 deletions .github/workflows/fuzzing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ jobs:
fuzz_parse_glob,
fuzz_parse_size,
fuzz_parse_time,
fuzz_printf,
# adding more fuzz tests here.
# e.g. fuzz_test_a,
]
Expand Down
7 changes: 7 additions & 0 deletions fuzz/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ uucore = { path = "../src/uucore/" }
uu_date = { path = "../src/uu/date/" }
uu_test = { path = "../src/uu/test/" }
uu_expr = { path = "../src/uu/expr/" }
uu_printf = { path = "../src/uu/printf/" }


# Prevent this from interfering with workspaces
Expand All @@ -28,6 +29,12 @@ path = "fuzz_targets/fuzz_date.rs"
test = false
doc = false

[[bin]]
name = "fuzz_printf"
path = "fuzz_targets/fuzz_printf.rs"
test = false
doc = false

[[bin]]
name = "fuzz_expr"
path = "fuzz_targets/fuzz_expr.rs"
Expand Down
131 changes: 131 additions & 0 deletions fuzz/fuzz_targets/fuzz_printf.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
// This file is part of the uutils coreutils package.
//
// For the full copyright and license information, please view the LICENSE
// file that was distributed with this source code.
// spell-checker:ignore parens

#![no_main]
use libfuzzer_sys::fuzz_target;
use uu_printf::uumain;

use rand::seq::SliceRandom;
use rand::Rng;
use std::ffi::OsString;

mod fuzz_common;
use crate::fuzz_common::CommandResult;
use crate::fuzz_common::{compare_result, generate_and_run_uumain, run_gnu_cmd};

static CMD_PATH: &str = "printf";

fn generate_random_string(max_length: usize) -> String {
let mut rng = rand::thread_rng();
let valid_utf8: Vec<char> = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
.chars()
.collect();
let invalid_utf8 = [0xC3, 0x28]; // Invalid UTF-8 sequence
let mut result = String::new();

for _ in 0..rng.gen_range(1..=max_length) {
if rng.gen_bool(0.9) {
let ch = valid_utf8.choose(&mut rng).unwrap();
result.push(*ch);
} else {
let ch = invalid_utf8.choose(&mut rng).unwrap();
if let Some(c) = char::from_u32(*ch as u32) {
result.push(c);
}
}
}

result
}

fn generate_escape_sequence(rng: &mut impl Rng) -> String {
let escape_sequences = [
"\\\"",
"\\\\",
"\\a",
"\\b",
"\\c",
"\\e",
"\\f",
"\\n",
"\\r",
"\\t",
"\\v",
"\\000",
"\\x00",
"\\u0000",
"\\U00000000",
"%%",
];
escape_sequences.choose(rng).unwrap().to_string()
}

fn generate_printf() -> String {
let mut rng = rand::thread_rng();
let format_specifiers = ["%s", "%d", "%f", "%x", "%o", "%c", "%b", "%q"];
let mut printf_str = String::new();
// Add a 20% chance of generating an invalid format specifier
if rng.gen_bool(0.2) {
printf_str.push_str("%z"); // Invalid format specifier
} else {
let specifier = *format_specifiers.choose(&mut rng).unwrap();
printf_str.push_str(specifier);

// Add a 20% chance of introducing complex format strings
if rng.gen_bool(0.2) {
printf_str.push_str(&format!(" %{}", rng.gen_range(1..=1000)));
} else {
// Add a random string or number after the specifier
if specifier == "%s" {
printf_str.push_str(&format!(
" {}",
generate_random_string(rng.gen_range(1..=10))
));
} else {
printf_str.push_str(&format!(" {}", rng.gen_range(1..=1000)));
}
}
}

// Add a 10% chance of including an escape sequence
if rng.gen_bool(0.1) {
printf_str.push_str(&generate_escape_sequence(&mut rng));
}
printf_str
}

fuzz_target!(|_data: &[u8]| {
let printf_input = generate_printf();
let mut args = vec![OsString::from("printf")];
args.extend(printf_input.split_whitespace().map(OsString::from));
let rust_result = generate_and_run_uumain(&args, uumain);

let gnu_result = match run_gnu_cmd(CMD_PATH, &args[1..], false) {
Ok(result) => result,
Err(error_result) => {
eprintln!("Failed to run GNU command:");
eprintln!("Stderr: {}", error_result.stderr);
eprintln!("Exit Code: {}", error_result.exit_code);
CommandResult {
stdout: String::new(),
stderr: error_result.stderr,
exit_code: error_result.exit_code,
}
}
};

compare_result(
"expr",
&format!("{:?}", &args[1..]),
&rust_result.stdout,
&gnu_result.stdout,
&rust_result.stderr,
&gnu_result.stderr,
rust_result.exit_code,
gnu_result.exit_code,
false, // Set to true if you want to fail on stderr diff
);
});

0 comments on commit 0cc26e2

Please sign in to comment.