| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAG_fn=XxRoZJtxKJrLGTTV42H7gDMFEaQZiYQ+nFgmhexzgW9Q@mail.gmail.com>
Date: Wed, 3 Sep 2025 16:07:09 +0200
From: Alexander Potapenko <glider@...gle.com>
To: Ethan Graham <ethan.w.s.graham@...il.com>
Cc: ethangraham@...gle.com, andreyknvl@...il.com, brendan.higgins@...ux.dev,
davidgow@...gle.com, dvyukov@...gle.com, jannh@...gle.com, elver@...gle.com,
rmoar@...gle.com, shuah@...nel.org, tarasmadan@...gle.com,
kasan-dev@...glegroups.com, kunit-dev@...glegroups.com,
linux-kernel@...r.kernel.org, linux-mm@...ck.org, dhowells@...hat.com,
lukas@...ner.de, ignat@...udflare.com, herbert@...dor.apana.org.au,
davem@...emloft.net, linux-crypto@...r.kernel.org
Subject: Re: [PATCH v2 RFC 4/7] tools: add kfuzztest-bridge utility
> + fd = openat(AT_FDCWD, buf, O_WRONLY, 0);
> + if (fd < 0)
> + return fd;
> +
> + bytes_written = write(fd, (void *)data, data_size);
We need a check for bytes_written == data_size here.
There's no way we can use a while-loop to ensure everything was
written (because the debugfs handler expects us to write the whole
packet at once), but at least a sanity check won't hurt.
> + err = tokenize(input_fmt, &tokens, &num_tokens);
> + if (err) {
> + printf("tokenization failed: %s\n", strerror(-err));
> + return err;
> + }
I would probably make tokenization part of parse(), but that's up to you.
> +
> + err = parse(tokens, num_tokens, &ast_prog);
> + if (err) {
> + printf("parsing failed: %s\n", strerror(-err));
> + return err;
> + }
> +
> + rs = new_rand_stream(input_filepath, 1024);
You probably need to destroy this stream after use, like you destroy the buffer.
Same for the tokens.
> +
> +int append_bytes(struct byte_buffer *buf, const char *bytes, size_t num_bytes)
> +{
> + size_t req_size;
> + size_t new_size;
> + char *new_ptr;
> +
> + req_size = buf->num_bytes + num_bytes;
> + new_size = buf->alloc_size;
> +
> + while (req_size > new_size)
> + new_size *= 2;
> + if (new_size != buf->alloc_size) {
> + new_ptr = realloc(buf->buffer, new_size);
> + if (!buf->buffer)
You should be checking for !new_ptr here.
> +
> +static bool is_alpha(char c)
> +{
> + return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z');
> +}
> +
> +static bool is_whitespace(char c)
> +{
> + switch (c) {
> + case ' ':
> + case '\r':
> + case '\t':
> + case '\n':
> + return true;
> + default:
> + return false;
> + }
> +}
> +
> +static void skip_whitespace(struct lexer *l)
> +{
> + for (;;) {
> + if (is_whitespace(peek(l))) {
> + advance(l);
> + } else {
> + return;
> + }
> + }
> +}
while (is_whitespace(peek(l))) {
advance(l);
}
> --- /dev/null
> +++ b/tools/kfuzztest-bridge/input_parser.c
> @@ -0,0 +1,373 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Parser for KFuzzTest textual input format
Some description of the format would be useful here.
> + *
> + * Copyright 2025 Google LLC
> + */
> +#include <asm-generic/errno-base.h>
> +#include <stdio.h>
> +#include <string.h>
> +
> +#include "input_lexer.h"
> +#include "input_parser.h"
> +
> +#define MAX(a, b) ((a) > (b) ? (a) : (b))
> +
> +static struct token *peek(struct parser *p)
> +{
> + return p->tokens[p->curr_token];
> +}
> +
> +static struct token *advance(struct parser *p)
> +{
> + struct token *tok = peek(p);
> + p->curr_token++;
> + return tok;
> +}
It would be nice to check for p->token_count here.
> + region->num_members = 0;
> + while (!match(p, TOKEN_RBRACE)) {
> + err = parse_type(p, &node);
> + if (err)
> + goto fail;
> + region->members = realloc(region->members, ++region->num_members * sizeof(struct ast_node *));
Missing a NULL check here.
Powered by blists - more mailing lists