1 /* 2 * Copyright (c) 2014-2020 Pavel Kalvoda <me@pavelkalvoda.com> 3 * 4 * libcbor is free software; you can redistribute it and/or modify 5 * it under the terms of the MIT license. See LICENSE for details. 6 */ 7 8 #include "assertions.h" 9 #include "cbor.h" 10 11 /* These tests verify behavior on interesting randomly generated inputs from the 12 * fuzzer */ 13 14 cbor_item_t *item; 15 struct cbor_load_result res; 16 17 /* Map start + array with embedded length */ 18 unsigned char data1[] = {0xA9, 0x85}; 19 static void test_1(void **_CBOR_UNUSED(_state)) { 20 item = cbor_load(data1, 2, &res); 21 assert_null(item); 22 assert_true(res.error.code == CBOR_ERR_NOTENOUGHDATA); 23 assert_size_equal(res.error.position, 2); 24 } 25 26 unsigned char data2[] = {0x9D}; 27 static void test_2(void **_CBOR_UNUSED(_state)) { 28 item = cbor_load(data2, 1, &res); 29 assert_null(item); 30 assert_true(res.error.code == CBOR_ERR_MALFORMATED); 31 assert_size_equal(res.error.position, 0); 32 } 33 34 unsigned char data3[] = {0xD6}; 35 static void test_3(void **_CBOR_UNUSED(_state)) { 36 item = cbor_load(data3, 1, &res); 37 assert_null(item); 38 assert_true(res.error.code == CBOR_ERR_NOTENOUGHDATA); 39 assert_size_equal(res.error.position, 1); 40 } 41 42 #ifdef SANE_MALLOC 43 unsigned char data4[] = {0xBA, 0xC1, 0xE8, 0x3E, 0xE7, 0x20, 0xA8}; 44 static void test_4(void **_CBOR_UNUSED(_state)) { 45 item = cbor_load(data4, 7, &res); 46 assert_null(item); 47 assert_true(res.error.code == CBOR_ERR_MEMERROR); 48 assert_size_equal(res.error.position, 5); 49 } 50 51 unsigned char data5[] = {0x9A, 0xDA, 0x3A, 0xB2, 0x7F, 0x29}; 52 static void test_5(void **_CBOR_UNUSED(_state)) { 53 assert_true(res.error.code == CBOR_ERR_MEMERROR); 54 item = cbor_load(data5, 6, &res); 55 assert_null(item); 56 assert_size_equal(res.error.position, 5); 57 /* Indef string expectation mismatch */ 58 } 59 #endif 60 61 unsigned char data6[] = {0x7F, 0x21, 0x4C, 0x02, 0x40}; 62 static void test_6(void **_CBOR_UNUSED(_state)) { 63 item = cbor_load(data6, 5, &res); 64 assert_null(item); 65 assert_true(res.error.code == CBOR_ERR_SYNTAXERROR); 66 assert_size_equal(res.error.position, 2); 67 } 68 69 #ifdef EIGHT_BYTE_SIZE_T 70 /* Extremely high size value (overflows size_t in representation size). Only 71 * works with 64b sizes */ 72 unsigned char data7[] = {0xA2, 0x9B, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 73 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; 74 static void test_7(void **_CBOR_UNUSED(_state)) { 75 item = cbor_load(data7, 16, &res); 76 assert_null(item); 77 assert_true(res.error.code == CBOR_ERR_MEMERROR); 78 assert_size_equal(res.error.position, 10); 79 } 80 #endif 81 82 unsigned char data8[] = {0xA3, 0x64, 0x68, 0x61, 0x6C, 0x66, 0xFF, 0x00, 83 0x00, 0x66, 0x73, 0x69, 0x6E, 0x67, 0x6C, 0x65, 84 0xFA, 0x7F, 0x7F, 0xFF, 0xFF, 0x6D, 0x73, 0x69, 85 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x76, 0x61, 0x6C, 86 0x75, 0x65, 0x73, 0x83, 0xF5, 0xF4, 0xF6}; 87 static void test_8(void **_CBOR_UNUSED(_state)) { 88 item = cbor_load(data8, 39, &res); 89 assert_null(item); 90 assert_true(res.error.code == CBOR_ERR_SYNTAXERROR); 91 assert_size_equal(res.error.position, 7); 92 } 93 94 unsigned char data9[] = {0xBF, 0x05, 0xFF, 0x00, 0x00, 0x00, 0x10, 0x04}; 95 static void test_9(void **_CBOR_UNUSED(_state)) { 96 item = cbor_load(data9, 8, &res); 97 assert_null(item); 98 assert_true(res.error.code == CBOR_ERR_SYNTAXERROR); 99 assert_size_equal(res.error.position, 3); 100 } 101 102 int main(void) { 103 const struct CMUnitTest tests[] = { 104 cmocka_unit_test(test_1), cmocka_unit_test(test_2), 105 cmocka_unit_test(test_3), 106 #ifdef SANE_MALLOC 107 cmocka_unit_test(test_4), cmocka_unit_test(test_5), 108 #endif 109 cmocka_unit_test(test_6), 110 #ifdef EIGHT_BYTE_SIZE_T 111 cmocka_unit_test(test_7), 112 #endif 113 cmocka_unit_test(test_8), cmocka_unit_test(test_9), 114 }; 115 return cmocka_run_group_tests(tests, NULL, NULL); 116 } 117