mirror of
https://github.com/mpv-player/mpv
synced 2024-12-24 15:52:25 +00:00
fuzzers: disallow include command in more principal way
We should never allow include command for fuzzers and it can be triggered also by direct set property.
This commit is contained in:
parent
cd1b63f628
commit
799137a87c
@ -28,11 +28,6 @@
|
||||
|
||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||
{
|
||||
#if defined(MPV_LOAD_CONFIG_FILE) || defined(MPV_LOAD_INPUT_CONF)
|
||||
if (memmem(data, size, "include", sizeof("include") - 1))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
// fmemopen doesn't have associated file descriptor, so we do copy.
|
||||
int fd = memfd_create("fuzz_mpv_load", 0);
|
||||
if (fd == -1)
|
||||
|
@ -381,6 +381,7 @@ if get_option('fuzzers')
|
||||
endif
|
||||
# Adding flags manually until https://github.com/mesonbuild/meson/pull/9825
|
||||
flags += ['-fsanitize=address,undefined,fuzzer', '-fno-omit-frame-pointer']
|
||||
flags += ['-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION']
|
||||
link_flags += ['-fsanitize=address,undefined,fuzzer', '-fno-omit-frame-pointer']
|
||||
endif
|
||||
|
||||
|
@ -227,6 +227,9 @@ static bool handle_help_options(struct MPContext *mpctx)
|
||||
|
||||
static int cfg_include(void *ctx, char *filename, int flags)
|
||||
{
|
||||
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
return 1;
|
||||
#endif
|
||||
struct MPContext *mpctx = ctx;
|
||||
char *fname = mp_get_user_path(NULL, mpctx->global, filename);
|
||||
int r = m_config_parse_config_file(mpctx->mconfig, mpctx->global, fname, NULL, flags);
|
||||
|
Loading…
Reference in New Issue
Block a user