circlecloud/tmux
1
0
Fork 0
mirror of https://github.com/tmux/tmux.git synced 2026-03-31 16:56:28 +00:00
Code Issues Projects Releases Wiki Activity

Add new fuzzers for command parsing, formats and styles, from David Korczynski

Browse Source 
in GitHub issue 4957.
This commit is contained in:
Nicholas Marriott
2026-03-30 10:19:03 +01:00
parent 6324dae114
commit 7620c03b72
10 changed files with 544 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
fuzz/format-fuzzer.c Normal file
View File

@@ -0,0 +1,88 @@
/*
* Copyright (c) 2026 David Korczynski <david@adalogics.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* Fuzz the tmux format string expander (format_expand).
*
* This exercises:
* - format.c (format parsing, modifier chains, conditionals, math, regex)
* - colour.c (colour name and RGB parsing within formats)
* - utf8.c (UTF-8 width calculations in format padding)
*/
#include <stddef.h>
#include <string.h>
#include "tmux.h"
struct event_base *libevent;
int
LLVMFuzzerTestOneInput(const u_char *data, size_t size)
{
struct format_tree *ft;
char *buf, *expanded;
if (size > 2048 || size == 0)
return 0;
/* Null-terminate the input for format_expand. */
buf = malloc(size + 1);
if (buf == NULL)
return 0;
memcpy(buf, data, size);
buf[size] = '\0';
ft = format_create(NULL, NULL, 0, FORMAT_NOJOBS);
format_add(ft, "session_name", "%s", "fuzz-session");
format_add(ft, "window_index", "%d", 0);
format_add(ft, "window_name", "%s", "fuzz-window");
format_add(ft, "pane_index", "%d", 0);
format_add(ft, "pane_id", "%s", "%%0");
format_add(ft, "host", "%s", "fuzzhost");
format_add(ft, "pane_width", "%d", 80);
format_add(ft, "pane_height", "%d", 25);
expanded = format_expand(ft, buf);
free(expanded);
format_free(ft);
free(buf);
return 0;
}
int
LLVMFuzzerInitialize(__unused int *argc, __unused char ***argv)
{
const struct options_table_entry *oe;
global_environ = environ_create();
global_options = options_create(NULL);
global_s_options = options_create(NULL);
global_w_options = options_create(NULL);
for (oe = options_table; oe->name != NULL; oe++) {
if (oe->scope & OPTIONS_TABLE_SERVER)
options_default(global_options, oe);
if (oe->scope & OPTIONS_TABLE_SESSION)
options_default(global_s_options, oe);
if (oe->scope & OPTIONS_TABLE_WINDOW)
options_default(global_w_options, oe);
}
libevent = osdep_event_init();
socket_path = xstrdup("dummy");
return 0;
}