From 799137a87cf9437ed3ec40bc245c1a16373d8b36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= Date: Sun, 23 Jun 2024 16:44:45 +0200 Subject: [PATCH] fuzzers: disallow include command in more principal way We should never allow include command for fuzzers and it can be triggered also by direct set property. --- fuzzers/fuzzer_load.c | 5 ----- meson.build | 1 + player/main.c | 3 +++ 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/fuzzers/fuzzer_load.c b/fuzzers/fuzzer_load.c index 02d96722e1..1bfd950211 100644 --- a/fuzzers/fuzzer_load.c +++ b/fuzzers/fuzzer_load.c @@ -28,11 +28,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { -#if defined(MPV_LOAD_CONFIG_FILE) || defined(MPV_LOAD_INPUT_CONF) - if (memmem(data, size, "include", sizeof("include") - 1)) - return 0; -#endif - // fmemopen doesn't have associated file descriptor, so we do copy. int fd = memfd_create("fuzz_mpv_load", 0); if (fd == -1) diff --git a/meson.build b/meson.build index 662212ad1e..d368f92fda 100644 --- a/meson.build +++ b/meson.build @@ -381,6 +381,7 @@ if get_option('fuzzers') endif # Adding flags manually until https://github.com/mesonbuild/meson/pull/9825 flags += ['-fsanitize=address,undefined,fuzzer', '-fno-omit-frame-pointer'] + flags += ['-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION'] link_flags += ['-fsanitize=address,undefined,fuzzer', '-fno-omit-frame-pointer'] endif diff --git a/player/main.c b/player/main.c index db3beb554e..cd6f8e698f 100644 --- a/player/main.c +++ b/player/main.c @@ -227,6 +227,9 @@ static bool handle_help_options(struct MPContext *mpctx) static int cfg_include(void *ctx, char *filename, int flags) { +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + return 1; +#endif struct MPContext *mpctx = ctx; char *fname = mp_get_user_path(NULL, mpctx->global, filename); int r = m_config_parse_config_file(mpctx->mconfig, mpctx->global, fname, NULL, flags);