[elfutils] create tmpfiles properly

Now fuzz-libdwfl and fuzz-libelf can be run a few times in a row with files triggering crashes. It's another follow-up to google#7395 and google#7393.
evverx · Sep 18, 2022 · 9546e4f · 9546e4f
1 parent 9c8bf5c
commit 9546e4f
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 16 deletions.
diff --git a/projects/elfutils/fuzz-libdwfl.c b/projects/elfutils/fuzz-libdwfl.c
@@ -10,16 +10,19 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+#include <assert.h>
 #include <fcntl.h>
 #include <gelf.h>
 #include <inttypes.h>
 #include <libelf.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include "libdwfl.h"
+#include "system.h"
 
 static const char *debuginfo_path = "";
 static const Dwfl_Callbacks cb  = {
@@ -31,14 +34,17 @@ static const Dwfl_Callbacks cb  = {
 
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  char filename[256];
-  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
-  FILE *fp = fopen(filename, "wb");
-  if (!fp) {
-    return 0;
-  }
-  fwrite(data, size, 1, fp);
-  fclose(fp);
+  char filename[] = "/tmp/fuzz-libdwfl.XXXXXX";
+  int fd;
+  ssize_t n;
+
+  fd = mkstemp(filename);
+  assert(fd >= 0);
+
+  n = write_retry(fd, data, size);
+  assert(n == (ssize_t) size);
+
+  close(fd);
 
   Dwarf_Addr bias = 0;
   Dwfl *dwfl = dwfl_begin(&cb);

diff --git a/projects/elfutils/fuzz-libelf.c b/projects/elfutils/fuzz-libelf.c
@@ -10,15 +10,18 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+#include <assert.h>
 #include <fcntl.h>
 #include <gelf.h>
 #include <inttypes.h>
 #include <libelf.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
+#include "system.h"
 
 
 void fuzz_logic_one(char *filename, int compression_type) {
@@ -69,14 +72,17 @@ void fuzz_logic_twice(char *filename, int open_flags, Elf_Cmd cmd) {
 }
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  char filename[256];
-  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
-  FILE *fp = fopen(filename, "wb");
-  if (!fp) {
-    return 0;
-  }
-  fwrite(data, size, 1, fp);
-  fclose(fp);
+  char filename[] = "/tmp/fuzz-libelf.XXXXXX";
+  int fd;
+  ssize_t n;
+
+  fd = mkstemp(filename);
+  assert(fd >= 0);
+
+  n = write_retry(fd, data, size);
+  assert(n == (ssize_t) size);
+
+  close(fd);
 
   fuzz_logic_one(filename, 0);
   fuzz_logic_one(filename, 1);