Skip to content

Commit

Permalink
Utilities: Correct TestFatDxe/TestNtfsDxe fuzzer logic
Browse files Browse the repository at this point in the history 
We need to pass a non-empty buffer into the read routine because
the return code EFI_BUFFER_TOO_SMALL is expected only for directories.
Properly, the right way is to retrieve file size using FatGetInfo or 
FileGetInfo,  but this will significantly slow down the fuzzing process,
that's why we use  100-byte temporary buffer
  • Loading branch information
@savvamitrofanov
savvamitrofanov committed Jul 5, 2023
1 parent 425cd5c commit 53a00be
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 30 deletions.
72 changes: 51 additions & 21 deletions Utilities/TestFatDxe/TestFatDxe.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@ TestFatDxe (
EFI_FILE_PROTOCOL *VolumeRootDir;
UINTN BufferSize;
VOID *Buffer;
VOID *TmpBuffer;
EFI_FILE_PROTOCOL *NewHandle;
CHAR16 *FileName;
VOID *Info;
Expand Down Expand Up @@ -258,27 +259,39 @@ TestFatDxe (
//
Status = FatOpen (VolumeRootDir, &NewHandle, FileName, EFI_FILE_MODE_READ, 0);
if (Status == EFI_SUCCESS) {
Buffer = NULL;
BufferSize = 0;
Status = FatRead (NewHandle, &BufferSize, Buffer);
//
// Try to read 100 bytes
//
Buffer = AllocateZeroPool (100);
BufferSize = 100;
if (Buffer == NULL) {
FatClose (NewHandle);
FreeAll (FileName, Volume, VolumeRootDir);
return 0;
}

Status = FatRead (NewHandle, &BufferSize, Buffer);
if (Status == EFI_BUFFER_TOO_SMALL) {
Buffer = AllocateZeroPool (BufferSize);
if (Buffer == NULL) {
TmpBuffer = ReallocatePool (100, BufferSize, Buffer);
if (TmpBuffer == NULL) {
FreePool (Buffer);
FatClose (NewHandle);
FreeAll (FileName, Volume, VolumeRootDir);
return 0;
}

Buffer = TmpBuffer;

ASAN_CHECK_MEMORY_REGION (Buffer, BufferSize);

FatRead (NewHandle, &BufferSize, Buffer);
}

FatWrite (NewHandle, &BufferSize, Buffer);
FatWrite (NewHandle, &BufferSize, Buffer);

FatFlush (NewHandle);
FatFlush (NewHandle);

FreePool (Buffer);
}
FreePool (Buffer);

//
// Set/Get file info
Expand Down Expand Up @@ -358,27 +371,37 @@ TestFatDxe (
Position = (UINT64)-1;
Status = FatSetPosition (NewHandle, Position);
if (!EFI_ERROR (Status)) {
Buffer = NULL;
BufferSize = 0;
Status = FatRead (NewHandle, &BufferSize, Buffer);
Buffer = AllocateZeroPool (100);
BufferSize = 100;

if (Buffer == NULL) {
FatClose (NewHandle);
FreeAll (FileName, Volume, VolumeRootDir);
return 0;
}

Status = FatRead (NewHandle, &BufferSize, Buffer);
if (Status == EFI_BUFFER_TOO_SMALL) {
Buffer = AllocateZeroPool (BufferSize);
if (Buffer == NULL) {
TmpBuffer = ReallocatePool (100, BufferSize, Buffer);
if (TmpBuffer == NULL) {
FreePool (Buffer);
FatClose (NewHandle);
FreeAll (FileName, Volume, VolumeRootDir);
return 0;
}

Buffer = TmpBuffer;

ASAN_CHECK_MEMORY_REGION (Buffer, BufferSize);

FatRead (NewHandle, &BufferSize, Buffer);
}

FatWrite (NewHandle, &BufferSize, Buffer);
FatWrite (NewHandle, &BufferSize, Buffer);

FatFlush (NewHandle);
FatFlush (NewHandle);

FreePool (Buffer);
}
FreePool (Buffer);
}

//
Expand All @@ -390,11 +413,18 @@ TestFatDxe (
Position = FileSize + 1;
Status = FatSetPosition (NewHandle, Position);
if (!EFI_ERROR (Status)) {
Buffer = NULL;
BufferSize = 0;
Status = FatRead (NewHandle, &BufferSize, Buffer);
Buffer = AllocateZeroPool (100);
BufferSize = 100;
if (Buffer == NULL) {
FatClose (NewHandle);
FreeAll (FileName, Volume, VolumeRootDir);
return 0;
}

Status = FatRead (NewHandle, &BufferSize, Buffer);

ASSERT (Status == EFI_DEVICE_ERROR);
FreePool (Buffer);
}
}

Expand Down
27 changes: 18 additions & 9 deletions Utilities/TestNtfsDxe/TestNtfsDxe.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ LLVMFuzzerTestOneInput (
EFI_FILE_PROTOCOL *This;
UINTN BufferSize;
VOID *Buffer;
VOID *TmpBuffer;
EFI_FILE_PROTOCOL *NewHandle;
CHAR16 *FileName;
VOID *Info;
Expand Down Expand Up @@ -176,26 +177,34 @@ LLVMFuzzerTestOneInput (
//
Status = FileOpen (This, &NewHandle, FileName, EFI_FILE_MODE_READ, 0);
if (Status == EFI_SUCCESS) {
Buffer = NULL;
BufferSize = 0;
Status = FileRead (NewHandle, &BufferSize, Buffer);
Buffer = AllocateZeroPool (100);
BufferSize = 100;
if (Buffer == NULL) {
FreeAll (FileName, Instance);
return 0;
}

Status = FileRead (NewHandle, &BufferSize, Buffer);
if (Status == EFI_BUFFER_TOO_SMALL) {
Buffer = AllocateZeroPool (BufferSize);
if (Buffer == NULL) {
TmpBuffer = ReallocatePool (100, BufferSize, Buffer);
if (TmpBuffer == NULL) {
FreePool (Buffer);
FreeAll (FileName, Instance);
return 0;
}

Buffer = TmpBuffer;

ASAN_CHECK_MEMORY_REGION (Buffer, BufferSize);

FileRead (NewHandle, &BufferSize, Buffer);
}

FileWrite (NewHandle, &BufferSize, Buffer);
FileWrite (NewHandle, &BufferSize, Buffer);

FileFlush (NewHandle);
FileFlush (NewHandle);

FreePool (Buffer);
}
FreePool (Buffer);

Len = 0;
Info = NULL;
Expand Down

0 comments on commit 53a00be

Please sign in to comment.