Skip to content

Commit 18c88b7

Browse files
committed
platform: posix: Correct posix_fuzz_sz to size_t to prevent truncation
The fuzzer's payload size posix_fuzz_sz is provided by libFuzzer as a size_t. Declaring it as a uint8_t in the ipc test harness resulted in silent payload truncation (maximum 255 bytes) causing incomplete corpus generation. This corrects the types between fuzz.c and ipc.c. Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
1 parent d335bde commit 18c88b7

3 files changed

Lines changed: 28 additions & 1 deletion

File tree

src/platform/posix/fuzz.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,8 @@
1111
#include <nsi_cpu_if.h>
1212
#include <nsi_main_semipublic.h>
1313

14+
#include <platform/posix_fuzz.h>
15+
1416
const uint8_t *posix_fuzz_buf;
1517
size_t posix_fuzz_sz;
1618

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
/* SPDX-License-Identifier: BSD-3-Clause
2+
*
3+
* Copyright(c) 2026 Intel Corporation. All rights reserved.
4+
*/
5+
6+
/**
7+
* Symbols shared between the native_posix fuzz harness
8+
* (src/platform/posix/fuzz.c) and the SOF posix IPC layer
9+
* (src/platform/posix/ipc.c).
10+
*
11+
* Defining them in one place avoids type-mismatch bugs (e.g. a single
12+
* `extern uint8_t *posix_fuzz_buf, posix_fuzz_sz;` declaring `posix_fuzz_sz`
13+
* as a `uint8_t` rather than a `size_t`).
14+
*/
15+
16+
#ifndef PLATFORM_POSIX_FUZZ_H
17+
#define PLATFORM_POSIX_FUZZ_H
18+
19+
#include <stddef.h>
20+
#include <stdint.h>
21+
22+
extern const uint8_t *posix_fuzz_buf;
23+
extern size_t posix_fuzz_sz;
24+
25+
#endif /* PLATFORM_POSIX_FUZZ_H */

src/platform/posix/ipc.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ static void posix_ipc_isr(void *arg)
2424
}
2525

2626
// External symbols set up by the fuzzing layer
27-
extern uint8_t *posix_fuzz_buf, posix_fuzz_sz;
27+
#include <platform/posix_fuzz.h>
2828

2929
// Lots of space. Should really synchronize with the -max_len
3030
// parameter to libFuzzer (defaults to 4096), but that requires

0 commit comments

Comments
 (0)