Fix assert in pFB

2024-11-23 13:19:54 +00:00 · 2023-03-06 14:58:20 +01:00 · 2023-03-06 14:58:20 +01:00 · fb9073c65e
commit fb9073c65e
parent ba8fee5809
3 changed files with 76 additions and 2 deletions
--- a/libr/core/cmd_print.c
+++ b/libr/core/cmd_print.c
@ -1419,8 +1419,13 @@ static void cmd_print_fromage(RCore *core, const char *input, const ut8* data, i
 			eprintf ("Usage: pFB[j] - parse binary plist format, check 'b'lock size, pFBj for json output\n");
 		} else {
 			PJ *pj = r_core_pj_new (core);
-			if (!r_bplist_parse (pj, data, size)) {
-				R_LOG_ERROR ("bplist parse error");
+			if (size > 0) {
+				if (!r_bplist_parse (pj, data, size)) {
+					R_LOG_ERROR ("bplist parse error");
+				}
+			} else {
+				pj_o (pj);
+				pj_end (pj);
 			}
 			char *s = pj_drain (pj);
 			if (input[1] == 'j') {
--- a/test/fuzz/fuzz_fs.c
+++ b/test/fuzz/fuzz_fs.c
@ -0,0 +1,68 @@
+#include <r_core.h>
+#include <r_getopt.h>
+
+static const char *opt_forcebin = NULL;
+
+static void usage() {
+	printf (
+	"Usage: fuzz_bin <libFuzzer flags> <corpora> -- <flags>\n"
+	"\n"
+	"libFuzzer flags: show with -help=1\n"
+	);
+	exit (1);
+}
+
+int LLVMFuzzerInitialize(int *lf_argc, char ***lf_argv) {
+	r_sys_clearenv ();
+	// r_sandbox_enable (true);
+	// r_sandbox_grain (R_SANDBOX_GRAIN_NONE);
+	r_log_set_quiet (true);
+
+	int argc = *lf_argc;
+	const char **argv = (const char **)(*lf_argv);
+	bool has_args = false;
+	int i, c;
+	for (i = 1; i < argc; i++) {
+		argv++;
+		if (!strcmp ((*lf_argv)[i], "--")) {
+			has_args = true;
+			break;
+		}
+	}
+
+	if (has_args) {
+		*lf_argc = i;
+		argc -= i;
+
+		RGetopt opt;
+		r_getopt_init (&opt, argc, argv, "F:");
+		while ((c = r_getopt_next (&opt)) != -1) {
+			switch (c) {
+			case 'F':
+				opt_forcebin = opt.arg;
+				break;
+			default:
+				usage();
+				break;
+			}
+		}
+
+		if (opt.ind < argc) {
+			usage();
+		}
+	}
+
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const ut8 *data, size_t len) {
+	RCore *core = r_core_new ();
+	r_core_cmdf (core, "o malloc://%"PFMT64d, (ut64)len);
+	r_io_write_at (core->io, 0, data, len);
+	r_core_cmd0 (core, "m /");
+	r_core_cmd0 (core, "md /");
+	r_core_cmd0 (core, "md /bin");
+	r_core_cmd0 (core, "mc /README.md");
+	r_core_free (core);
+	return 0;
+}
--- a/test/fuzz/meson.build
+++ b/test/fuzz/meson.build
@ -3,6 +3,7 @@ if get_option('enable_libfuzzer')
    'anal',
    'bin',
    'bin2',
+    'fs',
    'dwarf',
    'bin_demangle',
    'ia',