[PATCH 17/21] partitions: add partition table parser fuzz target

[Ahmad Fatoum]

Parsing on-disk partition tables is something barebox often does on
every boot, so add a fuzz test to smoke out memory safety issues.

Co-developed-by: Abdelrahman Youssef <abdelrahmanyossef12 at gmail.com>
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12 at gmail.com>
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
 common/partitions.c     | 56 +++++++++++++++++++++++++++++++++++++++++
 images/Makefile.sandbox |  1 +
 2 files changed, 57 insertions(+)

diff --git a/common/partitions.c b/common/partitions.c
index 25d5f15721fc..3f618119850d 100644
--- a/common/partitions.c
+++ b/common/partitions.c
@@ -17,6 +17,7 @@
 #include <linux/err.h>
 #include <partitions.h>
 #include <range.h>
+#include <fuzz.h>
 
 static LIST_HEAD(partition_parser_list);
 
@@ -72,6 +73,21 @@ static int register_one_partition(struct block_device *blk, struct partition *pa
 	return ret;
 }
 
+static int remove_one_partition(struct block_device *blk, int no)
+{
+	char *partition_name;
+	int ret;
+
+	partition_name = basprintf("%s.%d", blk->cdev.name, no);
+	if (!partition_name)
+		return -ENOMEM;
+
+	ret = devfs_del_partition(partition_name);
+	free(partition_name);
+
+	return ret;
+}
+
 static struct partition_parser *partition_parser_get_by_filetype(uint8_t *buf)
 {
 	enum filetype type;
@@ -329,6 +345,46 @@ int partition_parser_register(struct partition_parser *p)
 	return 0;
 }
 
+/**
+ * Try to collect partition information on the given block device
+ * @param blk Block device to examine
+ * @return 0 most of the time, negative value else
+ *
+ * It is not a failure if no partition information is found
+ */
+static int fuzz_partition_table_parser(struct block_device *ramdisk)
+{
+	struct partition_desc *pdesc;
+	struct partition *part;
+	int rc = 0;
+	struct partition_parser *parser;
+	u8 buf[2 * SECTOR_SIZE] __aligned(8);
+
+	rc = block_read(ramdisk, buf, 0, 2);
+	if (rc != 0)
+		return 0;
+
+	parser = partition_parser_get_by_filetype(buf);
+	if (!parser)
+		return 0;
+
+	pdesc = parser->parse(buf, ramdisk);
+	if (!pdesc)
+		return 0;
+
+	pdesc->parser = parser;
+
+	list_for_each_entry(part, &pdesc->partitions, list) {
+		register_one_partition(ramdisk, part);
+		remove_one_partition(ramdisk, part->num);
+	}
+
+	partition_table_free(pdesc);
+
+	return 0;
+}
+fuzz_test_ramdisk("partitions", fuzz_partition_table_parser);
+
 /**
  * cdev_unallocated_space - return unallocated space
  * cdev: The cdev
diff --git a/images/Makefile.sandbox b/images/Makefile.sandbox
index ce09d0c1374c..b6893d314668 100644
--- a/images/Makefile.sandbox
+++ b/images/Makefile.sandbox
@@ -4,6 +4,7 @@ SYMLINK_TARGET_barebox = sandbox_main.elf
 symlink-$(CONFIG_SANDBOX) += barebox
 
 fuzzer-$(CONFIG_FILETYPE)	+= filetype
+fuzzer-$(CONFIG_PARTITION)	+= partitions
 fuzzer-$(CONFIG_PRINTF_HEXSTR)	+= printf
 
 ifeq ($(CONFIG_SANDBOX),y)
-- 
2.39.5