fuzz_unpickle_account.cpp 1.42 KB
Newer Older
1
#include "fuzzing.hh"
2
3
4
5
6
7
8
9
10
#include "olm/account.hh"
#include "olm/olm.h"

size_t fuzz_unpickle_account(
    OlmAccount * account, void * pickled, size_t pickled_length
) {
    olm::Account & object = *reinterpret_cast<olm::Account *>(account);
    std::uint8_t * const pos = reinterpret_cast<std::uint8_t *>(pickled);
    std::uint8_t * const end = pos + pickled_length;
11

12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
    /* On success unpickle will return (pos + raw_length). If unpickling
     * terminates too soon then it will return a pointer before
     * (pos + raw_length). On error unpickle will return (pos + raw_length + 1).
     */
    if (end != unpickle(pos, end + 1, object)) {
        if (object.last_error == OlmErrorCode::OLM_SUCCESS) {
            object.last_error = OlmErrorCode::OLM_CORRUPTED_PICKLE;
        }
        return std::size_t(-1);
    }

    return pickled_length;
}

int main(int argc, const char * argv[]) {
27
28
29
    int pickle_fd = STDIN_FILENO;
    uint8_t * pickle_buffer;
    ssize_t pickle_length = check_errno(
30
31
32
33
34
35
36
37
38
39
40
        "Error reading pickle file", read_file(pickle_fd, &pickle_buffer));

    void * account_buf = malloc(olm_account_size());
    if (!account_buf) {
        return 3;
    }
    OlmAccount * account = olm_account(account_buf);

    check_error(olm_account_last_error, account, "Error unpickling account",
        fuzz_unpickle_account(account, pickle_buffer, pickle_length));

41
    free(pickle_buffer);
42
    free(account);
43
44

    return EXIT_SUCCESS;
45
}