9 #define BLOBMSG_TYPE_TROUBLE INT_MAX
11 static void fuzz_blobmsg_parse(const uint8_t *data
, size_t size
)
20 static const int blobmsg_type
[] = {
33 static const struct blobmsg_policy foo_policy
[] = {
36 .type
= BLOBMSG_TYPE_STRING
,
40 .type
= BLOBMSG_TYPE_ARRAY
,
44 .type
= BLOBMSG_TYPE_TABLE
,
48 struct blob_attr
*tb
[__FOO_MAX
];
50 blobmsg_parse(foo_policy
, __FOO_MAX
, tb
, (uint8_t *)data
, size
);
51 blobmsg_parse_array(foo_policy
, __FOO_MAX
, tb
, (uint8_t *)data
, size
);
53 blobmsg_check_attr_len((struct blob_attr
*)data
, false, size
);
54 blobmsg_check_attr_len((struct blob_attr
*)data
, true, size
);
56 for (size_t i
=0; i
< ARRAY_SIZE(blobmsg_type
); i
++) {
57 blobmsg_check_array_len((struct blob_attr
*)data
, blobmsg_type
[i
], size
);
58 blobmsg_check_attr_list_len((struct blob_attr
*)data
, blobmsg_type
[i
], size
);
62 static void fuzz_blob_parse(const uint8_t *data
, size_t size
)
77 static const struct blob_attr_info foo_policy
[__FOO_ATTR_MAX
] = {
78 [FOO_ATTR_NESTED
] = { .type
= BLOB_ATTR_NESTED
},
79 [FOO_ATTR_BINARY
] = { .type
= BLOB_ATTR_BINARY
},
80 [FOO_ATTR_STRING
] = { .type
= BLOB_ATTR_STRING
},
81 [FOO_ATTR_INT8
] = { .type
= BLOB_ATTR_INT8
},
82 [FOO_ATTR_INT16
] = { .type
= BLOB_ATTR_INT16
},
83 [FOO_ATTR_INT32
] = { .type
= BLOB_ATTR_INT32
},
84 [FOO_ATTR_INT64
] = { .type
= BLOB_ATTR_INT64
},
85 [FOO_ATTR_DOUBLE
] = { .type
= BLOB_ATTR_DOUBLE
},
88 struct blob_attr
*foo
[__FOO_ATTR_MAX
];
89 struct blob_attr
*buf
= (struct blob_attr
*)data
;
91 blob_parse_untrusted(buf
, size
, foo
, foo_policy
, __FOO_ATTR_MAX
);
94 int LLVMFuzzerTestOneInput(const uint8_t *data
, size_t size
)
96 fuzz_blob_parse(data
, size
);
97 fuzz_blobmsg_parse(data
, size
);