fuzzer_options_parser: add options parser fuzzing

To improve coverage of parse_commandline.c
2024-08-23 17:04:05 +02:00 · 2024-08-23 17:04:05 +02:00 · 938938a985
parent 7398e755d1
commit 938938a985
4 changed files with 87 additions and 2 deletions
--- a/fuzzers/common.h
+++ b/fuzzers/common.h
@ -23,6 +23,8 @@
 #include <stdlib.h>
 #include <string.h>

+#include <libmpv/client.h>
+
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

 #define MPV_STRINGIFY_(X) #X
--- a/fuzzers/fuzzer_options_parser.c
+++ b/fuzzers/fuzzer_options_parser.c
@ -0,0 +1,68 @@
+/*
+ * This file is part of mpv.
+ *
+ * mpv is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * mpv is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with mpv.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#include "common.h"
+
+int mpv_initialize_opts(mpv_handle *ctx, char **options);
+
+#define MAX_INPUT_SIZE (1 << 20)
+#define MAX_OPTS_NUM 10000
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    char buff[MAX_INPUT_SIZE + 2];
+
+    if (!size || size > MAX_INPUT_SIZE)
+        return 0;
+
+    memcpy(buff, data, size);
+    buff[size] = '\0';
+    buff[size + 1] = '\0';
+
+    char *opts[MAX_OPTS_NUM + 1];
+    char *opt = buff;
+    int count = 0;
+    while (*opt && count < MAX_OPTS_NUM) {
+        opts[count] = opt;
+
+        while (*opt && !isspace(*opt))
+            opt++;
+
+        *opt = '\0';
+        opt++;
+
+        while (*opt && isspace(*opt))
+            opt++;
+
+        count++;
+    }
+    opts[count] = NULL;
+
+    mpv_handle *ctx = mpv_create();
+    if (!ctx)
+        exit(1);
+
+    mpv_initialize_opts(ctx, opts);
+
+    mpv_terminate_destroy(ctx);
+
+    return 0;
+}
--- a/fuzzers/meson.build
+++ b/fuzzers/meson.build
@ -71,4 +71,9 @@ foreach cmd : ['file', '-config-file', '-input-conf']
                          link_with: libmpv)
 endforeach

+fuzzers += executable('fuzzer_options_parser', 'fuzzer_options_parser.c',
+                      link_language: 'cpp', include_directories: incdir,
+                      objects: libmpv.extract_all_objects(recursive: true),
+                      dependencies: dependencies)
+
 alias_target('fuzzers', fuzzers)
--- a/player/client.c
+++ b/player/client.c
@ -649,15 +649,25 @@ mpv_handle *mpv_create_weak_client(mpv_handle *ctx, const char *name)
    return new;
 }

-int mpv_initialize(mpv_handle *ctx)
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+int mpv_initialize_opts(mpv_handle *ctx, char **options);
+#else
+static
+#endif
+int mpv_initialize_opts(mpv_handle *ctx, char **options)
 {
    lock_core(ctx);
-    int res = mp_initialize(ctx->mpctx, NULL) ? MPV_ERROR_INVALID_PARAMETER : 0;
+    int res = mp_initialize(ctx->mpctx, options) ? MPV_ERROR_INVALID_PARAMETER : 0;
    mp_wakeup_core(ctx->mpctx);
    unlock_core(ctx);
    return res;
 }

+int mpv_initialize(mpv_handle *ctx)
+{
+    return mpv_initialize_opts(ctx, NULL);
+}
+
 // set ev->data to a new copy of the original data
 // (done only for message types that are broadcast)
 static void dup_event_data(struct mpv_event *ev)