b53237960b
When parsing invalid ELF data with ranges larger than actual file size, CachedReader would eagerly allocate a buffer to land the read of that huge size even though the read would later fail. This could cause unbounded vec allocations. CachedReader now seeks to find the actual stream lengthh at the beginning and validates read requests against that. Also, add fuzz testing for some basic ElfStream interfaces (that's what caught this bug). Also, rustfmt the fuzz targets.
52 lines
713 B
TOML
52 lines
713 B
TOML
[package]
|
|
name = "elf-fuzz"
|
|
version = "0.0.0"
|
|
publish = false
|
|
edition = "2021"
|
|
|
|
[package.metadata]
|
|
cargo-fuzz = true
|
|
|
|
[dependencies]
|
|
libfuzzer-sys = "0.4"
|
|
|
|
[dependencies.elf]
|
|
path = ".."
|
|
|
|
# Prevent this from interfering with workspaces
|
|
[workspace]
|
|
members = ["."]
|
|
|
|
[profile.release]
|
|
debug = 1
|
|
|
|
[[bin]]
|
|
name = "common"
|
|
path = "fuzz_targets/common.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "notes"
|
|
path = "fuzz_targets/notes.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "symbol_table"
|
|
path = "fuzz_targets/symbol_table.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "symver"
|
|
path = "fuzz_targets/symver.rs"
|
|
test = false
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "stream"
|
|
path = "fuzz_targets/stream.rs"
|
|
test = false
|
|
doc = false
|