From e239eda39e3f0f9342bc0dd6658b49d4bd900875 Mon Sep 17 00:00:00 2001 From: Max Dymond Date: Mon, 11 Sep 2017 20:00:27 +0100 Subject: ossfuzz: don't write out to stdout Don't make the fuzzer write out to stdout - instead write some of the contents to a memory block so we exercise the data output code but quietly. Closes #1885 --- tests/fuzz/curl_fuzzer.cc | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'tests/fuzz/curl_fuzzer.cc') diff --git a/tests/fuzz/curl_fuzzer.cc b/tests/fuzz/curl_fuzzer.cc index bbf91c222..fadb3231b 100644 --- a/tests/fuzz/curl_fuzzer.cc +++ b/tests/fuzz/curl_fuzzer.cc @@ -136,6 +136,12 @@ int fuzz_initialize_fuzz_data(FUZZ_DATA *fuzz, fuzz_read_callback)); FTRY(curl_easy_setopt(fuzz->easy, CURLOPT_READDATA, fuzz)); + /* Set the standard write function callback. */ + FTRY(curl_easy_setopt(fuzz->easy, + CURLOPT_WRITEFUNCTION, + fuzz_write_callback)); + FTRY(curl_easy_setopt(fuzz->easy, CURLOPT_WRITEDATA, fuzz)); + /* Can enable verbose mode by changing 0L to 1L */ FTRY(curl_easy_setopt(fuzz->easy, CURLOPT_VERBOSE, 0L)); @@ -269,6 +275,30 @@ static size_t fuzz_read_callback(char *buffer, return fuzz->upload1_data_len; } +/** + * Callback function for handling data output quietly. + */ +static size_t fuzz_write_callback(void *contents, + size_t size, + size_t nmemb, + void *ptr) +{ + size_t total = size * nmemb; + FUZZ_DATA *fuzz = (FUZZ_DATA *)ptr; + size_t copy_len = total; + + /* Restrict copy_len to at most TEMP_WRITE_ARRAY_SIZE. */ + if(copy_len > TEMP_WRITE_ARRAY_SIZE) { + copy_len = TEMP_WRITE_ARRAY_SIZE; + } + + /* Copy bytes to the temp store just to ensure the parameters are + exercised. */ + memcpy(fuzz->write_array, contents, copy_len); + + return total; +} + /** * TLV access function - gets the first TLV from a data stream. */ -- cgit v1.2.3