summaryrefslogtreecommitdiff
path: root/fuzzing/libfdt_fuzzer.c
blob: 227e7119dd959707f18e64f9e7c8175d29e72a4f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#include <assert.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>

#include "libfdt.h"
#include "libfdt_env.h"

void walk_device_tree(const void *device_tree, int parent_node) {
  int len = 0;
  const char *node_name = fdt_get_name(device_tree, parent_node, &len);
  if (node_name != NULL) {
    // avoid clang complaining about unused variable node_name and force
    // ASan to validate string pointer in strlen call.
    assert(strlen(node_name) == len);
  }

  uint32_t phandle = fdt_get_phandle(device_tree, parent_node);
  if (phandle != 0) {
    assert(parent_node == fdt_node_offset_by_phandle(device_tree, phandle));
  }

  // recursively walk the node's children
  for (int node = fdt_first_subnode(device_tree, parent_node); node >= 0;
       node = fdt_next_subnode(device_tree, node)) {
    walk_device_tree(device_tree, node);
  }
}

// Information on device tree is available in external/dtc/Documentation/
// folder.
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  // Non-zero return values are reserved for future use.
  if (size < FDT_V17_SIZE) return 0;

  if (fdt_check_full(data, size) != 0) return 0;

  int root_node_offset = 0;
  walk_device_tree(data, root_node_offset);

  return 0;
}