Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent argv[0] from being modified in magic and chewing fuzzers. (#303) 

dirname() may modify the input argument. Changing argv[0] breaks any
libFuzzer functionality that requires it to invoke itself (e.g.
failure-resistant merge, minimize).
This commit is contained in:
Oliver Chang 2017-01-20 12:54:04 -08:00 committed by Abhishek Arya
parent 7617655609
commit 8b1c72c8cd
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
projects/file/magic_fuzzer.cc
View File

@ -38,8 +38,11 @@ static Environment* env;
extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
char* exe_path = (*argv)[0];
char* dir = dirname(exe_path);
// dirname() can modify its argument.
char* exe_path_copy = strdup(exe_path);
char* dir = dirname(exe_path_copy);
env = new Environment(dir);
free(exe_path_copy);
return 0;
}

8
projects/libchewing/chewing_fuzzer_common.c
View File

@ -3,14 +3,20 @@
#include <libgen.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static char userphrase_path[] = "/tmp/chewing_userphrase.db.XXXXXX";
int LLVMFuzzerInitialize(int* argc, char*** argv) {
char* exe_path = (*argv)[0];
char* dir = dirname(exe_path);
// dirname() can modify its argument.
char* exe_path_copy = strdup(exe_path);
char* dir = dirname(exe_path_copy);
// Assume data files are at the same location as executable.
setenv("CHEWING_PATH", dir, 0);
free(exe_path_copy);
// Specify user db of this process. So we can run multiple fuzzers at the
// same time.