[PATCH 13/21] filetype: add fuzz target

Thu Jun 5 04:35:22 PDT 2025

Checking for filetype is an operation that we do on every boot, so it's
important it's done in a memory safe manner. Add a test to exercise
this.

This test has unearthed issues which have already been fixed.

Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
 common/filetype.c       | 12 ++++++++++++
 images/Makefile.sandbox |  1 +
 include/filetype.h      |  4 ++--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/common/filetype.c b/common/filetype.c
index a7bbd8f48534..019f34811103 100644
--- a/common/filetype.c
+++ b/common/filetype.c
@@ -18,6 +18,7 @@
 #include <image-sparse.h>
 #include <elf.h>
 #include <linux/zstd.h>
+#include <fuzz.h>
 
 #include <mach/imx/imx-header.h>
 
@@ -495,6 +496,17 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
 	return filetype_unknown;
 }
 
+static int fuzz_filetype(const u8 *data, size_t size)
+{
+	if (!PTR_IS_ALIGNED(data, sizeof(u64)))
+	    return -EINVAL;
+
+	file_detect_type(data, size);
+
+	return 0;
+}
+fuzz_test("filetype", fuzz_filetype);
+
 int file_name_detect_type_offset(const char *filename, loff_t pos, enum filetype *type,
 				 enum filetype (*detect)(const void *buf, size_t bufsize))
 {
diff --git a/images/Makefile.sandbox b/images/Makefile.sandbox
index ed5d740bc1fb..ce09d0c1374c 100644
--- a/images/Makefile.sandbox
+++ b/images/Makefile.sandbox
@@ -3,6 +3,7 @@
 SYMLINK_TARGET_barebox = sandbox_main.elf
 symlink-$(CONFIG_SANDBOX) += barebox
 
+fuzzer-$(CONFIG_FILETYPE)	+= filetype
 fuzzer-$(CONFIG_PRINTF_HEXSTR)	+= printf
 
 ifeq ($(CONFIG_SANDBOX),y)
diff --git a/include/filetype.h b/include/filetype.h
index e699815975d0..e66237878615 100644
--- a/include/filetype.h
+++ b/include/filetype.h
@@ -106,7 +106,7 @@ static inline bool file_is_compressed_file(enum filetype ft)
 #define ARM_HEAD_MAGICWORD_OFFSET	0x20
 #define ARM_HEAD_SIZE_OFFSET		0x2C
 
-#ifdef CONFIG_ARM
+#if defined(CONFIG_ARM) || defined(CONFIG_FUZZ)
 static inline int is_barebox_arm_head(const char *head)
 {
 	return !strcmp(head + ARM_HEAD_MAGICWORD_OFFSET, "barebox");
@@ -122,7 +122,7 @@ static inline int is_barebox_arm_head(const char *head)
 #define MIPS_HEAD_MAGICWORD_OFFSET	0x10
 #define MIPS_HEAD_SIZE_OFFSET		0x1C
 
-#ifdef CONFIG_MIPS
+#if defined(CONFIG_MIPS) || defined(CONFIG_FUZZ)
 static inline int is_barebox_mips_head(const char *head)
 {
 	return !strncmp(head + MIPS_HEAD_MAGICWORD_OFFSET, "barebox", 7);
-- 
2.39.5


