RepoMirrors/mpv
1
0
Fork 0
mirror of https://github.com/mpv-player/mpv synced 2025-02-17 13:17:13 +00:00
Code Issues Releases Wiki Activity

fuzzer_load: seal the input fd after writing the data

Browse Source 
Nothing should ever modify this data. Also, add CLOEXEC for good
measure.
This commit is contained in:
Kacper Michajłow 2024-06-24 22:26:53 +02:00
parent 01330dba71
commit 7eec246d56
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
fuzzers/fuzzer_load.c
View File

@ -19,6 +19,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <fcntl.h>
#include <sys/mman.h> #include <sys/mman.h>
#include <unistd.h> #include <unistd.h>
@ -41,7 +42,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
#endif #endif
// fmemopen doesn't have associated file descriptor, so we do copy. // fmemopen doesn't have associated file descriptor, so we do copy.
int fd = memfd_create("fuzz_mpv_load", 0); int fd = memfd_create("fuzz_mpv_load", MFD_CLOEXEC | MFD_ALLOW_SEALING);
if (fd == -1) if (fd == -1)
exit(1); exit(1);
ssize_t written = 0; ssize_t written = 0;
@ -51,6 +52,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
exit(1); exit(1);
written += result; written += result;
} }
if (fcntl(fd, F_ADD_SEALS, F_SEAL_WRITE | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_SEAL) != 0)
exit(1);
if (lseek(fd, 0, SEEK_SET) != 0) if (lseek(fd, 0, SEEK_SET) != 0)
exit(1); exit(1);
char filename[5 + 10 + 1]; char filename[5 + 10 + 1];