From 47e7d87a0d011b1a26e421af37e3f710ede8f828 Mon Sep 17 00:00:00 2001
From: Arjun Singh <ajsinghyadav00@gmail.com>
Date: Tue, 9 Apr 2024 21:28:31 +0530
Subject: [PATCH] [fuzzing] making things simple

Signed-off-by: Arjun Singh <ajsinghyadav00@gmail.com>
---
 fuzzing/OSS-FUZZ.MD | 31 -------------------
 fuzzing/build.sh    |  2 --
 fuzzing/fuzz.sh     |  2 --
 fuzzing/fuzzing.sh  | 32 ++++++++++++++++++++
 fuzzing/inihfuzz.c  | 73 +++++++++++----------------------------------
 5 files changed, 50 insertions(+), 90 deletions(-)
 delete mode 100644 fuzzing/OSS-FUZZ.MD
 delete mode 100755 fuzzing/build.sh
 delete mode 100755 fuzzing/fuzz.sh
 create mode 100755 fuzzing/fuzzing.sh

diff --git a/fuzzing/OSS-FUZZ.MD b/fuzzing/OSS-FUZZ.MD
deleted file mode 100644
index 0824d83..0000000
--- a/fuzzing/OSS-FUZZ.MD
+++ /dev/null
@@ -1,31 +0,0 @@
-### oss-fuzz local build with ASAN
-
-```
-export CC=clang
-export CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link"
-export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
-```
-
-### oss-fuzz local build with MSAN
-
-```
-export CC=clang
-export CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=memory -fsanitize-memory-track-origins -fsanitize=fuzzer-no-link"
-export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
-```
-
-
-### oss-fuzz local build with UBSAN
-```
-export CC=clang
-export CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr -fno-sanitize-recover=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr -fsanitize=fuzzer-no-link"
-export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
-```
-
-### run fuzzer
-```
-bash oss-fuzz.sh
-mkdir seed/
-cp ../tests/*.ini seed/
-./inihfuzz seed/
-```
diff --git a/fuzzing/build.sh b/fuzzing/build.sh
deleted file mode 100755
index 656a76f..0000000
--- a/fuzzing/build.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/usr/bin/env bash
-../../afl-2.52b/afl-gcc inihfuzz.c ../ini.c -o inihfuzz
diff --git a/fuzzing/fuzz.sh b/fuzzing/fuzz.sh
deleted file mode 100755
index bc8c340..0000000
--- a/fuzzing/fuzz.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/usr/bin/env bash
-../../afl-2.52b/afl-fuzz -i testcases -o findings -- ./inihfuzz @@
diff --git a/fuzzing/fuzzing.sh b/fuzzing/fuzzing.sh
new file mode 100755
index 0000000..cee7f9a
--- /dev/null
+++ b/fuzzing/fuzzing.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+CC=clang
+CXX=clang++
+LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
+
+# Compile and link with AddressSanitizer
+CFLAGS_ASAN="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link"
+$CC $CFLAGS_ASAN -c ../ini.c
+$CC $CFLAGS_ASAN -c inihfuzz.c
+$CXX $CFLAGS_ASAN $LIB_FUZZING_ENGINE inihfuzz.o ini.o -o inihfuzz_asan
+rm *.o
+
+# Compile and link with MemorySanitizer
+CFLAGS_MSAN="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=memory -fsanitize-memory-track-origins -fsanitize=fuzzer-no-link"
+$CC $CFLAGS_MSAN -c ../ini.c
+$CC $CFLAGS_MSAN -c inihfuzz.c
+$CXX $CFLAGS_MSAN $LIB_FUZZING_ENGINE inihfuzz.o ini.o -o inihfuzz_msan
+rm *.o
+
+# Compile and link with UndefinedBehaviorSanitizer
+CFLAGS_UBSAN="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr -fno-sanitize-recover=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr -fsanitize=fuzzer-no-link"
+$CC $CFLAGS_UBSAN -c ../ini.c
+$CC $CFLAGS_UBSAN -c inihfuzz.c
+$CXX $CFLAGS_UBSAN $LIB_FUZZING_ENGINE inihfuzz.o ini.o -o inihfuzz_ubsan
+rm *.o
+
+# Uncomment to run the fuzzer of your choice
+#cp -r testcases/ testcases_seed
+#./inihfuzz_asan testcases_seed
+#./inihfuzz_msan testcases_seed
+#./inihfuzz_ubsan testcases_seed
diff --git a/fuzzing/inihfuzz.c b/fuzzing/inihfuzz.c
index a181152..90bc61c 100644
--- a/fuzzing/inihfuzz.c
+++ b/fuzzing/inihfuzz.c
@@ -5,6 +5,9 @@
 #include <string.h>
 #include "../ini.h"
 
+#define kMinInputLength 8
+#define kMaxInputLength 512
+
 int User;
 char Prev_section[50];
 
@@ -12,71 +15,31 @@ int dumper(void* user, const char* section, const char* name,
            const char* value)
 {
     User = *((int*)user);
-    if (!name || strcmp(section, Prev_section)) {
-        printf("... [%s]\n", section);
+    if (strcmp(section, Prev_section)) {
         strncpy(Prev_section, section, sizeof(Prev_section));
         Prev_section[sizeof(Prev_section) - 1] = '\0';
     }
-    if (!name) {
-        return 1;
-    }
-
-    printf("... %s%s%s;\n", name, value ? "=" : "", value ? value : "");
-
-    if (!value) {
-        // Happens when INI_ALLOW_NO_VALUE=1 and line has no value (no '=' or ':')
-        return 1;
-    }
-
-    return strcmp(name, "user")==0 && strcmp(value, "parse_error")==0 ? 0 : 1;
+    return 1;
 }
 
-void parse(const char* fname) {
-    static int u = 100;
-    int e;
-
-    *Prev_section = '\0';
-    e = ini_parse(fname, dumper, &u);
-    printf("%s: e=%d user=%d\n", fname, e, User);
-    u++;
-}
-
-#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-
-int main(int argc, char **argv)
-{
-    if (argc < 2) {
-        printf("usage: inihfuzz file.ini\n");
-        return 1;
-    }
-    parse(argv[1]);
-    return 0;
-}
-
-#else
-
-#define kMinInputLength 20
-#define kMaxInputLength 1024
-
-extern int LLVMFuzzerTestOneInput(const char *Data, size_t Size) {
-
-    if (Size < kMinInputLength || Size > kMaxInputLength) {
+extern int LLVMFuzzerTestOneInput(const char *data, size_t size) {
+    if (size < kMinInputLength || size > kMaxInputLength) {
         return 0;
     }
 
-    int ret;
-    *Prev_section = '\0';
-    int u = 100;
+    int e;
+    static int u = 100;
+    Prev_section[0] = '\0';
 
-    char *data = malloc(Size + 1);
-    memcpy(data, Data, Size);
-    data[Size] = '\0';
+    char *data_in = malloc(size + 1);
+    if (!data_in) return 0; // Just in case malloc fails
 
-    ret = ini_parse(data, dumper, &u);
+    memcpy(data_in, data, size);
+    data_in[size] = '\0';
 
-    free(data);
+    e = ini_parse_string(data_in, dumper, &u);
 
-    return ret;
-}
+    free(data_in);
 
-#endif
+    return e;
+}