Interpret a blob of memory as a rar file for fuzzing. (#1090)

* Interpret a blob of memory as a rar file for fuzzing. (#4) * Use the in-memory representation of the file * Interpret a blob of memory as a rar file for fuzzing. (#5) * Use the in-memory representation of the file * Use a fixed filename, skip calling getpid
google · Jan 18, 2018 · 2d49182 · 2d49182
1 parent 57fda22
commit 2d49182
Showing 1 changed file with 3 additions and 14 deletions.
diff --git a/projects/unrar/unrar_fuzzer.cc b/projects/unrar/unrar_fuzzer.cc
@@ -1,27 +1,18 @@
-#include <fstream>
 #include <memory>
-#include <sstream>
+#include <string>
 #include <unistd.h>
 
 #include "rar.hpp"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  std::stringstream ss;
-  ss << "temp-" << getpid() << ".rar";
-  static const std::string filename = ss.str();
-  std::ofstream file(filename,
-                     std::ios::binary | std::ios::out | std::ios::trunc);
-  if (!file.is_open()) {
-    return 0;
-  }
-  file.write(reinterpret_cast<const char *>(data), size);
-  file.close();
+  static const std::string filename = "temp.rar";
 
   std::unique_ptr<CommandData> cmd_data(new CommandData);
   cmd_data->ParseArg(const_cast<wchar_t *>(L"-p"));
   cmd_data->ParseArg(const_cast<wchar_t *>(L"x"));
   cmd_data->ParseDone();
   std::wstring wide_filename(filename.begin(), filename.end());
+  cmd_data->SetArcInMem(const_cast<unsigned char *>(data), size);
   cmd_data->AddArcName(wide_filename.c_str());
 
   try {
@@ -30,7 +21,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   } catch (...) {
   }
 
-  unlink(filename.c_str());
-
   return 0;
 }