Remove randomization from fuzzers

According to ossfuzz docs, all the randomness is supposed to come from outside the fuzzed code.
nih-at · Oct 10, 2023 · 029173d · 029173d
1 parent 4943e90
commit 029173d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 37 deletions.
diff --git a/ossfuzz/zip_write_encrypt_aes256_file_fuzzer.c b/ossfuzz/zip_write_encrypt_aes256_file_fuzzer.c
@@ -4,16 +4,6 @@
 #include <time.h>
 #include <zip.h>
 
-void
-randomize(char *buf, int count) {
-    const char charset[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-    int i;
-    srand(time(NULL));
-    for (i = 0; i < count; i++) {
-        buf[i] = charset[rand() % sizeof(charset)];
-    }
-}
-
 /**
    This fuzzing target takes input data, creates a ZIP archive, load
    it to a buffer, adds a file to it with AES-256 encryption and a
@@ -30,17 +20,12 @@ extern "C"
 #endif
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    char path[20 + 7 + 4 + 1], password[21], file[21];
+    const char *path = "test_aes256.zip";
+    const char *password = "password";
+    const char *file = "filename";
     int error = 0;
     struct zip *archive;
 
-    snprintf(path, sizeof(path), "XXXXXXXXXXXXXXXXXXXX_aes256.zip");
-    snprintf(password, sizeof(password), "XXXXXXXXXXXXXXXXXXXX");
-    snprintf(file, sizeof(file), "XXXXXXXXXXXXXXXXXXXX");
-    randomize(path, 20);
-    randomize(password, 20);
-    randomize(file, 20);
-
     if ((archive = zip_open(path, ZIP_CREATE, &error)) == NULL) {
         return -1;
     }

diff --git a/ossfuzz/zip_write_encrypt_pkware_file_fuzzer.c b/ossfuzz/zip_write_encrypt_pkware_file_fuzzer.c
@@ -16,33 +16,17 @@ inputs, including potentially malicious or malformed data of
 different file types.
 **/
 
-void
-randomize(char *buf, int count) {
-    const char charset[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-    int i;
-    srand(time(NULL));
-    for (i = 0; i < count; i++) {
-        buf[i] = charset[rand() % sizeof(charset)];
-    }
-}
-
-
 #ifdef __cplusplus
 extern "C"
 #endif
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    char path[20 + 7 + 4 + 1], password[21], file[21];
+    const char *path = "test_pkware.zip";
+    const char *password = "password";
+    const char *file = "filename";
     int error = 0;
     struct zip *archive;
 
-    snprintf(path, sizeof(path), "XXXXXXXXXXXXXXXXXXXX_pkware.zip");
-    snprintf(password, sizeof(password), "XXXXXXXXXXXXXXXXXXXX");
-    snprintf(file, sizeof(file), "XXXXXXXXXXXXXXXXXXXX");
-    randomize(path, 20);
-    randomize(password, 20);
-    randomize(file, 20);
-
     if ((archive = zip_open(path, ZIP_CREATE, &error)) == NULL) {
         return -1;
     }