diff --git a/.vscode/launch.json b/.vscode/launch.json
index 0a5d80c66e9f88befdf2fc8b7633cb0c687d79ea..c25b5c5704a6c6576c5da8262edab628e960a768 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -102,7 +102,7 @@
"request": "launch",
"program": "${workspaceFolder}/tests/elfio_fuzzer",
"args": [
- "slow-unit-82cabac818b690bc042110f7b073e63462c7553d"
+ "crash-98819328ee414bbba1ee50073d66c0727d60a7af"
],
"cwd": "${workspaceFolder}/tests",
}
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
index 2e010ced72230ec5914506b38b083aebab711cb2..27d329764e6af5e74546daf8befd12875c74b975 100644
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -64,7 +64,7 @@
"args": [
"-g",
"-O0",
- "-fsanitize=fuzzer",
+ "-fsanitize=fuzzer,address",
"-I..",
"elfio_fuzzer.cpp",
"-o",
@@ -80,6 +80,25 @@
"problemMatcher": [
"$gcc"
]
+ },
+ {
+ "type": "shell",
+ "label": "Fuzzer Tests",
+ "command": "./elfio_fuzzer",
+ "args": [
+ "-jobs=8",
+ "corpus"
+ ],
+ "options": {
+ "cwd": "${workspaceRoot}/tests"
+ },
+ "group": {
+ "kind": "build",
+ "isDefault": true
+ },
+ "problemMatcher": [
+ "$gcc"
+ ]
}
],
"version": "2.0.0"
diff --git a/elfio/elfio_note.hpp b/elfio/elfio_note.hpp
index e8494d9126cf25f33cc29d705fb50933e575b2e7..db523145de4aec0aa297df2b1b4e886b0ef8443e 100644
--- a/elfio/elfio_note.hpp
+++ b/elfio/elfio_note.hpp
@@ -145,14 +145,18 @@ class note_section_accessor_template
Elf_Word align = sizeof( Elf_Word );
while ( current + (Elf_Xword)3 * align <= size ) {
- note_start_positions.emplace_back( current );
Elf_Word namesz = convertor( *(const Elf_Word*)( data + current ) );
Elf_Word descsz = convertor(
*(const Elf_Word*)( data + current + sizeof( namesz ) ) );
+ Elf_Word advance =
+ (Elf_Xword)3 * sizeof( Elf_Word ) +
+ ( ( namesz + align - 1 ) / align ) * (Elf_Xword)align +
+ ( ( descsz + align - 1 ) / align ) * (Elf_Xword)align;
+ if ( current + advance <= size ) {
+ note_start_positions.emplace_back( current );
+ }
- current += (Elf_Xword)3 * sizeof( Elf_Word ) +
- ( ( namesz + align - 1 ) / align ) * (Elf_Xword)align +
- ( ( descsz + align - 1 ) / align ) * (Elf_Xword)align;
+ current += advance;
}
}
diff --git a/tests/elfio_fuzzer.cpp b/tests/elfio_fuzzer.cpp
index 8154a11e82e8df13d4720cf6402787f53497deb3..6589d184a78677918b526b976beb4e5f1e874dc8 100644
--- a/tests/elfio_fuzzer.cpp
+++ b/tests/elfio_fuzzer.cpp
@@ -2,15 +2,31 @@
#include <sstream>
#include <elfio/elfio.hpp>
+#include <elfio/elfio_dump.hpp>
+
using namespace ELFIO;
extern "C" int LLVMFuzzerTestOneInput( const uint8_t* Data, size_t Size )
{
std::string str( (const char*)Data, Size );
std::istringstream ss( str );
+ std::ostringstream oss;
elfio elf;
- elf.load( ss );
+
+ if ( !elf.load( ss ) ) {
+ return 0;
+ }
+
+ dump::header( oss, elf );
+ dump::section_headers( oss, elf );
+ dump::segment_headers( oss, elf );
+ dump::symbol_tables( oss, elf );
+ dump::notes( oss, elf );
+ dump::modinfo( oss, elf );
+ dump::dynamic_tags( oss, elf );
+ dump::section_datas( oss, elf );
+ dump::segment_datas( oss, elf );
return 0;
}