1
0
mirror of https://github.com/mpv-player/mpv synced 2024-12-24 15:52:25 +00:00

fuzzers: disallow include command in more principal way

We should never allow include command for fuzzers and it can be
triggered also by direct set property.
This commit is contained in:
Kacper Michajłow 2024-06-23 16:44:45 +02:00
parent cd1b63f628
commit 799137a87c
3 changed files with 4 additions and 5 deletions

View File

@ -28,11 +28,6 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
#if defined(MPV_LOAD_CONFIG_FILE) || defined(MPV_LOAD_INPUT_CONF)
if (memmem(data, size, "include", sizeof("include") - 1))
return 0;
#endif
// fmemopen doesn't have associated file descriptor, so we do copy.
int fd = memfd_create("fuzz_mpv_load", 0);
if (fd == -1)

View File

@ -381,6 +381,7 @@ if get_option('fuzzers')
endif
# Adding flags manually until https://github.com/mesonbuild/meson/pull/9825
flags += ['-fsanitize=address,undefined,fuzzer', '-fno-omit-frame-pointer']
flags += ['-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION']
link_flags += ['-fsanitize=address,undefined,fuzzer', '-fno-omit-frame-pointer']
endif

View File

@ -227,6 +227,9 @@ static bool handle_help_options(struct MPContext *mpctx)
static int cfg_include(void *ctx, char *filename, int flags)
{
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
return 1;
#endif
struct MPContext *mpctx = ctx;
char *fname = mp_get_user_path(NULL, mpctx->global, filename);
int r = m_config_parse_config_file(mpctx->mconfig, mpctx->global, fname, NULL, flags);