1 files changed, 61 insertions, 0 deletions

diff --git a/projects/binutils/fuzz_readelf.c b/projects/binutils/fuzz_readelf.c
new file mode 100644
index 000000000..3cf02e7b1
--- /dev/null
+++ b/projects/binutils/fuzz_readelf.c
@@ -0,0 +1,61 @@
+/* Copyright 2020 Google Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "readelf.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	char filename[256];
+	sprintf(filename, "/tmp/libfuzzer.%d", getpid());
+
+	FILE *fp = fopen(filename, "wb");
+	if (!fp)
+		return 0;
+
+	fwrite(data, size, 1, fp);
+	fclose(fp);
+	do_syms = TRUE;
+	do_reloc = TRUE;
+	do_unwind = TRUE;
+	do_dynamic = TRUE;
+	do_header = TRUE;
+	do_sections = TRUE;
+	do_section_groups = TRUE;
+	do_segments = TRUE;
+	do_version = TRUE;
+	do_histogram = TRUE;
+	do_arch = TRUE;
+	do_notes = TRUE;
+
+    // Main fuzz entrypoint
+	process_file(filename);
+
+	unlink(filename);
+
+	free (dump_ctf_symtab_name);
+	free (dump_ctf_strtab_name);
+	free (dump_ctf_parent_name);
+
+	// Unless we set this global variable to NULL, then we will run 
+	// into a use-after-free error after a certain set of iterations. 
+	// I have applied this patch because the authors of binutils
+	// prefer to think of their applications as "one-use-only" as written
+    // here: https://github.com/google/oss-fuzz/pull/2617
+	symtab_shndx_list = NULL;
+
+	return 0;
+}