pacemaker/lib/common/fuzzers/patchset_fuzzer.c at e8980ea33f0e28a3d6a298cf0546c3f2c8d2cb86 · ClusterLabs/pacemaker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
/*
 * Copyright 2026 the Pacemaker project contributors
 *
 * The version control history for this file may have further details.
 *
 * This source code is licensed under the GNU Lesser General Public License
 * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
 */

#include <crm_internal.h>

#include <stdint.h>
#include <stdlib.h>
#include <string.h>

#include <crm/common/util.h>
#include <crm/common/internal.h>
#include <crm/common/xml.h>

/* A minimal but realistic CIB structure that the patchset will be applied to.
 * This provides enough structure for XPath operations to have meaningful
 * targets (nodes, resources, constraints, status).
 */
static const char *BASE_CIB =
    "<cib admin_epoch=\"1\" epoch=\"1\" num_updates=\"0\">"
    "  <configuration>"
    "    <crm_config>"
    "      <cluster_property_set id=\"cib-bootstrap-options\">"
    "        <nvpair id=\"opt1\" name=\"stonith-enabled\" value=\"false\"/>"
    "      </cluster_property_set>"
    "    </crm_config>"
    "    <nodes>"
    "      <node id=\"node1\" uname=\"pcmk-1\"/>"
    "      <node id=\"node2\" uname=\"pcmk-2\"/>"
    "    </nodes>"
    "    <resources>"
    "      <primitive id=\"rsc1\" class=\"ocf\" provider=\"heartbeat\""
    "                 type=\"Dummy\"/>"
    "    </resources>"
    "    <constraints/>"
    "  </configuration>"
    "  <status/>"
    "</cib>";

int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    char *input = NULL;
    xmlNode *patchset = NULL;
    xmlNode *cib = NULL;

    if (size < 15) {
        return -1;
    }

    // Parse a fresh copy of the base CIB for each iteration
    cib = pcmk__xml_parse(BASE_CIB);
    if (cib == NULL) {
        return 0;
    }

    // Parse the fuzz input as a patchset
    input = pcmk__assert_alloc(size + 1, sizeof(char));
    memcpy(input, data, size);
    input[size] = '\0';

    patchset = pcmk__xml_parse(input);
    if (patchset == NULL) {
        pcmk__xml_free(cib);
        free(input);
        return 0;
    }

    // Apply the fuzz-generated patchset to the base CIB
    // Disable version checking to maximize code path exploration
    xml_apply_patchset(cib, patchset, false);

    pcmk__xml_free(patchset);
    pcmk__xml_free(cib);
    free(input);
    return 0;
}