From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH 13/21] filetype: add fuzz target
Date: Thu, 5 Jun 2025 13:35:22 +0200 [thread overview]
Message-ID: <20250605113530.2076990-14-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20250605113530.2076990-1-a.fatoum@pengutronix.de>
Checking for filetype is an operation that we do on every boot, so it's
important it's done in a memory safe manner. Add a test to exercise
this.
This test has unearthed issues which have already been fixed.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
common/filetype.c | 12 ++++++++++++
images/Makefile.sandbox | 1 +
include/filetype.h | 4 ++--
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/common/filetype.c b/common/filetype.c
index a7bbd8f48534..019f34811103 100644
--- a/common/filetype.c
+++ b/common/filetype.c
@@ -18,6 +18,7 @@
#include <image-sparse.h>
#include <elf.h>
#include <linux/zstd.h>
+#include <fuzz.h>
#include <mach/imx/imx-header.h>
@@ -495,6 +496,17 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
return filetype_unknown;
}
+static int fuzz_filetype(const u8 *data, size_t size)
+{
+ if (!PTR_IS_ALIGNED(data, sizeof(u64)))
+ return -EINVAL;
+
+ file_detect_type(data, size);
+
+ return 0;
+}
+fuzz_test("filetype", fuzz_filetype);
+
int file_name_detect_type_offset(const char *filename, loff_t pos, enum filetype *type,
enum filetype (*detect)(const void *buf, size_t bufsize))
{
diff --git a/images/Makefile.sandbox b/images/Makefile.sandbox
index ed5d740bc1fb..ce09d0c1374c 100644
--- a/images/Makefile.sandbox
+++ b/images/Makefile.sandbox
@@ -3,6 +3,7 @@
SYMLINK_TARGET_barebox = sandbox_main.elf
symlink-$(CONFIG_SANDBOX) += barebox
+fuzzer-$(CONFIG_FILETYPE) += filetype
fuzzer-$(CONFIG_PRINTF_HEXSTR) += printf
ifeq ($(CONFIG_SANDBOX),y)
diff --git a/include/filetype.h b/include/filetype.h
index e699815975d0..e66237878615 100644
--- a/include/filetype.h
+++ b/include/filetype.h
@@ -106,7 +106,7 @@ static inline bool file_is_compressed_file(enum filetype ft)
#define ARM_HEAD_MAGICWORD_OFFSET 0x20
#define ARM_HEAD_SIZE_OFFSET 0x2C
-#ifdef CONFIG_ARM
+#if defined(CONFIG_ARM) || defined(CONFIG_FUZZ)
static inline int is_barebox_arm_head(const char *head)
{
return !strcmp(head + ARM_HEAD_MAGICWORD_OFFSET, "barebox");
@@ -122,7 +122,7 @@ static inline int is_barebox_arm_head(const char *head)
#define MIPS_HEAD_MAGICWORD_OFFSET 0x10
#define MIPS_HEAD_SIZE_OFFSET 0x1C
-#ifdef CONFIG_MIPS
+#if defined(CONFIG_MIPS) || defined(CONFIG_FUZZ)
static inline int is_barebox_mips_head(const char *head)
{
return !strncmp(head + MIPS_HEAD_MAGICWORD_OFFSET, "barebox", 7);
--
2.39.5
next prev parent reply other threads:[~2025-06-05 11:39 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-05 11:35 [PATCH 00/21] sandbox: add libfuzzer-based fuzzing Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 01/21] pbl: add provision for architectures without piggy loader Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 02/21] firmware: make Layerscape FMan firmware proper-only Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 03/21] mci: sdhci: support compiling common SDHCI code for sandbox PBL Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 04/21] kbuild: define and use more generic symlink command Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 05/21] kbuild: collect compatibility symlink creation in symlink-y Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 06/21] kbuild: allow customizing barebox proper binary Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 07/21] sandbox: make available all CONFIG_ symbols to OS glue code Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 08/21] sandbox: switch to using PBL Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 09/21] kbuild: populate non-host CXX variables Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 10/21] string: add fortify source support Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 11/21] sandbox: populate UNAME_M variable Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 12/21] Add fuzzing infrastructure Ahmad Fatoum
2025-06-05 11:35 ` Ahmad Fatoum [this message]
2025-06-05 11:35 ` [PATCH 14/21] block: mark underlying cdev with DEVFS_IS_BLOCK_DEV Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 15/21] block: add lightweight ramdisk support Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 16/21] fuzz: add support for passing fuzz data as r/o ramdisk Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 17/21] partitions: add partition table parser fuzz target Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 18/21] fdt: add fuzz test Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 19/21] fit: " Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 20/21] Documentation: add LLVM libfuzzer documentation Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 21/21] sandbox: add support for coverage info generation Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250605113530.2076990-14-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox