commit 83fdc999601788fa68b505fc2a0429441ecb434a
author Jeff Sharkey <jsharkey@android.com> Tue Oct 13 19:50:30 2020 -0600
committer Jeff Sharkey <jsharkey@android.com> Tue Oct 13 19:55:52 2020 -0600
tree c2845b33456b8cc22fd9e05addb46df32fbf79c1
parent d0c42f389a4a919878bfab7ceca2e845e42c2c08

Add a fuzzer for gptfdisk.

Since gptfdisk is used to parse MBR and GPT partition tables from
untrusted USB and SD card storage devices, we should get a fuzzer
wired up to hunt for security issues.

To enable the fuzzer, we create a new "diskio-heap" implementation
for backing I/O operations, which allows us to treat the fuzzer
input as a fake block device.  These changes are as minimal as
possible to avoid future merge conflicts.

The single corpus input is a sample block device with a single
empty GPT partition created using these commands:

$ losetup /dev/loop0 typical.bin
$ gdisk /dev/loop0

And the final table is:

Number  Start (sector)    End (sector)  Size       Code  Name
   1              34              38   2.5 KiB     8300  Linux filesystem

Bug: 170783842
Test: SANITIZE_HOST=address make ${FUZZER_NAME} && ${ANDROID_HOST_OUT}/fuzz/$(get_build_var HOST_ARCH)/${FUZZER_NAME}/${FUZZER_NAME}
Change-Id: I21a2a5f7f1019365accf8fd74c958aaafe7f7ff7

diskio.h

diff --git a/diskio.h b/diskio.h
index 0bdaba4..8521b8e 100644
--- a/diskio.h
+++ b/diskio.h
@@ -57,11 +57,19 @@
 #else
       int fd;
 #endif
+#ifdef ENABLE_HEAP_DISKIO
+      const unsigned char* data;
+      size_t size;
+      off_t off;
+#endif
    public:
       DiskIO(void);
       ~DiskIO(void);
 
       void MakeRealName(void);
+#ifdef ENABLE_HEAP_DISKIO
+      int OpenForRead(const unsigned char* data, size_t size);
+#endif
       int OpenForRead(const string & filename);
       int OpenForRead(void);
       int OpenForWrite(const string & filename);