1/* 2 * Copyright (c) 2014-2020 Pavel Kalvoda <me@pavelkalvoda.com> 3 * 4 * libcbor is free software; you can redistribute it and/or modify 5 * it under the terms of the MIT license. See LICENSE for details. 6 */ 7 8#include "assertions.h" 9#include "cbor.h" 10 11/* These tests verify behavior on interesting randomly generated inputs from the 12 * fuzzer */ 13 14cbor_item_t *item; 15struct cbor_load_result res; 16 17/* Map start + array with embedded length */ 18unsigned char data1[] = {0xA9, 0x85}; 19static void test_1(void **_CBOR_UNUSED(_state)) { 20 item = cbor_load(data1, 2, &res); 21 assert_null(item); 22 assert_true(res.error.code == CBOR_ERR_NOTENOUGHDATA); 23 assert_size_equal(res.error.position, 2); 24} 25 26unsigned char data2[] = {0x9D}; 27static void test_2(void **_CBOR_UNUSED(_state)) { 28 item = cbor_load(data2, 1, &res); 29 assert_null(item); 30 assert_true(res.error.code == CBOR_ERR_MALFORMATED); 31 assert_size_equal(res.error.position, 0); 32} 33 34unsigned char data3[] = {0xD6}; 35static void test_3(void **_CBOR_UNUSED(_state)) { 36 item = cbor_load(data3, 1, &res); 37 assert_null(item); 38 assert_true(res.error.code == CBOR_ERR_NOTENOUGHDATA); 39 assert_size_equal(res.error.position, 1); 40} 41 42#ifdef SANE_MALLOC 43unsigned char data4[] = {0xBA, 0xC1, 0xE8, 0x3E, 0xE7, 0x20, 0xA8}; 44static void test_4(void **_CBOR_UNUSED(_state)) { 45 item = cbor_load(data4, 7, &res); 46 assert_null(item); 47 assert_true(res.error.code == CBOR_ERR_MEMERROR); 48 assert_size_equal(res.error.position, 5); 49} 50 51unsigned char data5[] = {0x9A, 0xDA, 0x3A, 0xB2, 0x7F, 0x29}; 52static void test_5(void **_CBOR_UNUSED(_state)) { 53 assert_true(res.error.code == CBOR_ERR_MEMERROR); 54 item = cbor_load(data5, 6, &res); 55 assert_null(item); 56 assert_size_equal(res.error.position, 5); 57 /* Indef string expectation mismatch */ 58} 59#endif 60 61unsigned char data6[] = {0x7F, 0x21, 0x4C, 0x02, 0x40}; 62static void test_6(void **_CBOR_UNUSED(_state)) { 63 item = cbor_load(data6, 5, &res); 64 assert_null(item); 65 assert_true(res.error.code == CBOR_ERR_SYNTAXERROR); 66 assert_size_equal(res.error.position, 2); 67} 68 69#ifdef EIGHT_BYTE_SIZE_T 70/* Extremely high size value (overflows size_t in representation size). Only 71 * works with 64b sizes */ 72unsigned char data7[] = {0xA2, 0x9B, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 73 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; 74static void test_7(void **_CBOR_UNUSED(_state)) { 75 item = cbor_load(data7, 16, &res); 76 assert_null(item); 77 assert_true(res.error.code == CBOR_ERR_MEMERROR); 78 assert_size_equal(res.error.position, 10); 79} 80#endif 81 82unsigned char data8[] = {0xA3, 0x64, 0x68, 0x61, 0x6C, 0x66, 0xFF, 0x00, 83 0x00, 0x66, 0x73, 0x69, 0x6E, 0x67, 0x6C, 0x65, 84 0xFA, 0x7F, 0x7F, 0xFF, 0xFF, 0x6D, 0x73, 0x69, 85 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x76, 0x61, 0x6C, 86 0x75, 0x65, 0x73, 0x83, 0xF5, 0xF4, 0xF6}; 87static void test_8(void **_CBOR_UNUSED(_state)) { 88 item = cbor_load(data8, 39, &res); 89 assert_null(item); 90 assert_true(res.error.code == CBOR_ERR_SYNTAXERROR); 91 assert_size_equal(res.error.position, 7); 92} 93 94unsigned char data9[] = {0xBF, 0x05, 0xFF, 0x00, 0x00, 0x00, 0x10, 0x04}; 95static void test_9(void **_CBOR_UNUSED(_state)) { 96 item = cbor_load(data9, 8, &res); 97 assert_null(item); 98 assert_true(res.error.code == CBOR_ERR_SYNTAXERROR); 99 assert_size_equal(res.error.position, 3); 100} 101 102int main(void) { 103 const struct CMUnitTest tests[] = { 104 cmocka_unit_test(test_1), cmocka_unit_test(test_2), 105 cmocka_unit_test(test_3), 106#ifdef SANE_MALLOC 107 cmocka_unit_test(test_4), cmocka_unit_test(test_5), 108#endif 109 cmocka_unit_test(test_6), 110#ifdef EIGHT_BYTE_SIZE_T 111 cmocka_unit_test(test_7), 112#endif 113 cmocka_unit_test(test_8), cmocka_unit_test(test_9), 114 }; 115 return cmocka_run_group_tests(tests, NULL, NULL); 116} 117