From 027e8a775d3eb13fe3a8f5723ccbf203b8f25668 Mon Sep 17 00:00:00 2001 From: gitlost Date: Thu, 26 Mar 2020 14:22:27 +0000 Subject: [PATCH] #181 OSS-Fuzz TELEPEN fix, allow for 16 char nul encodings in buffer --- backend/telepen.c | 4 +- backend/tests/CMakeLists.txt | 1 + backend/tests/test_auspost.c | 4 +- backend/tests/test_telepen.c | 85 ++++++++++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+), 4 deletions(-) create mode 100644 backend/tests/test_telepen.c diff --git a/backend/telepen.c b/backend/telepen.c index 5e8713bc..2b46e360 100644 --- a/backend/telepen.c +++ b/backend/telepen.c @@ -60,7 +60,7 @@ static char *TeleTable[] = { INTERNAL int telepen(struct zint_symbol *symbol, unsigned char source[], const size_t src_len) { unsigned int i, count, check_digit; int error_number; - char dest[512]; /*14 + 30 * 14 + 14 + 14 + 1 ~ 512 */ + char dest[521]; /* 12 (start) + 30 * 16 (max for nuls) + 16 (check digit) + 12 (stop) + 1 = 521 */ error_number = 0; @@ -108,7 +108,7 @@ INTERNAL int telepen_num(struct zint_symbol *symbol, unsigned char source[], con unsigned int count, check_digit, glyph; int error_number; size_t i,temp_length = src_len; - char dest[1024]; /* 14 + 60 * 14 + 14 + 14 + 1 ~ 1024 */ + char dest[521]; /* 12 (start) + 30 * 16 (max for nuls) + 16 (check digit) + 12 (stop) + 1 = 521 */ unsigned char temp[64]; count = 0; diff --git a/backend/tests/CMakeLists.txt b/backend/tests/CMakeLists.txt index e416a171..d96574d0 100644 --- a/backend/tests/CMakeLists.txt +++ b/backend/tests/CMakeLists.txt @@ -73,5 +73,6 @@ zint_add_test(qr, test_qr) zint_add_test(raster, test_raster) zint_add_test(rss, test_rss) zint_add_test(sjis, test_sjis) +zint_add_test(telepen, test_telepen) zint_add_test(upcean, test_upcean) zint_add_test(vector, test_vector) diff --git a/backend/tests/test_auspost.c b/backend/tests/test_auspost.c index 1b9f4008..bd61f34b 100644 --- a/backend/tests/test_auspost.c +++ b/backend/tests/test_auspost.c @@ -32,7 +32,7 @@ #include "testcommon.h" // #181 Christian Hartlage OSS-Fuzz -static void test_australia_post_fuzz(void) +static void test_fuzz(void) { testStart(""); @@ -76,7 +76,7 @@ static void test_australia_post_fuzz(void) int main() { - test_australia_post_fuzz(); + test_fuzz(); testReport(); diff --git a/backend/tests/test_telepen.c b/backend/tests/test_telepen.c new file mode 100644 index 00000000..03bdc5c0 --- /dev/null +++ b/backend/tests/test_telepen.c @@ -0,0 +1,85 @@ +/* + libzint - the open source barcode library + Copyright (C) 2008-2020 Robin Stuart + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the project nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + */ +/* vim: set ts=4 sw=4 et : */ + +#include "testcommon.h" + +// #181 Nico Gunkel OSS-Fuzz +static void test_fuzz(void) +{ + testStart(""); + + int ret; + struct item { + int symbology; + unsigned char* data; + int length; + int ret; + }; + // s/\/\*[ 0-9]*\*\//\=printf("\/*%2d*\/", line(".") - line("'<")) + struct item data[] = { + /* 0*/ { BARCODE_TELEPEN, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 30, 0 }, + /* 1*/ { BARCODE_TELEPEN, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 31, ZINT_ERROR_TOO_LONG }, + /* 2*/ { BARCODE_TELEPEN_NUM, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 60, ZINT_ERROR_INVALID_DATA }, + /* 3*/ { BARCODE_TELEPEN_NUM, "040404040404040404040404040404040404040404040404040404040404", 60, 0 }, + /* 4*/ { BARCODE_TELEPEN_NUM, "1234567890123456789012345678901234567890123456789012345678901", 61, ZINT_ERROR_TOO_LONG }, + /* 5*/ { BARCODE_TELEPEN_NUM, "00000000000000000000000000000000000000000000000000000000000X", 60, 0 }, + /* 6*/ { BARCODE_TELEPEN_NUM, "999999999999999999999999999999999999999999999999999999999999", 60, 0 }, + }; + int data_size = sizeof(data) / sizeof(struct item); + + for (int i = 0; i < data_size; i++) { + + struct zint_symbol* symbol = ZBarcode_Create(); + assert_nonnull(symbol, "Symbol not created\n"); + + symbol->symbology = data[i].symbology; + int length = data[i].length; + if (length == -1) { + length = strlen(data[i].data); + } + + ret = ZBarcode_Encode(symbol, data[i].data, length); + assert_equal(ret, data[i].ret, "i:%d ZBarcode_Encode ret %d != %d (%s)\n", i, ret, data[i].ret, symbol->errtxt); + + ZBarcode_Delete(symbol); + } + + testFinish(); +} + +int main() +{ + test_fuzz(); + + testReport(); + + return 0; +}