[PATCH 1/3] fuzz: add context pointer to call_for_each_fuzz_test

[PATCH 1/3] fuzz: add context pointer to call_for_each_fuzz_test

[Ahmad Fatoum]

In preparation for removing call_for_each_fuzz_test from the sandbox
PBL, give it a context pointer to simplify its use.

Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
---
 arch/sandbox/os/common.c | 9 +++++----
 include/fuzz.h           | 2 +-
 lib/fuzz.c               | 5 +++--
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/arch/sandbox/os/common.c b/arch/sandbox/os/common.c
index 86aaeb24ee3d..e872a6381988 100644
--- a/arch/sandbox/os/common.c
+++ b/arch/sandbox/os/common.c
@@ -56,11 +56,11 @@ extern int barebox_loglevel;
 #endif
 
 #ifdef CONFIG_FUZZ_EXTERNAL
-int call_for_each_fuzz_test(int (*fn)(const char **test));
+int call_for_each_fuzz_test(int (*fn)(const char **test, void *), void *ctx);
 int setup_external_fuzz(const char *name,
 			int *argc, char ***argv);
 #else
-static inline int call_for_each_fuzz_test(int (*fn)(const char **test))
+static inline int call_for_each_fuzz_test(int (*fn)(const char **test, void *), void *ctx)
 {
 	return 0;
 }
@@ -558,7 +558,8 @@ static struct option long_options[] = {
 
 static const char optstring[] = "hm:i:c:e:d:O:I:B:x:y:";
 
-static __attribute__((unused)) int print_fuzz_test_name(const char **test_name)
+static __attribute__((unused)) int print_fuzz_test_name(const char **test_name,
+							void *ctx)
 {
 	printf("%s\n", *test_name);
 	return 0;
@@ -667,7 +668,7 @@ static int normal_main(int argc, char *argv[])
 			sdl_yres = strtoul(optarg, NULL, 0);
 			break;
 		case OPT_LIST_FUZZERS:
-			call_for_each_fuzz_test(print_fuzz_test_name);
+			call_for_each_fuzz_test(print_fuzz_test_name, NULL);
 			exit(0);
 			break;
 		case OPT_FUZZ:
diff --git a/include/fuzz.h b/include/fuzz.h
index caebc284d5db..f516d86ab769 100644
--- a/include/fuzz.h
+++ b/include/fuzz.h
@@ -84,7 +84,7 @@ static inline int fuzz_test_once(const struct fuzz_test *test, const u8 *data, s
 	return test->func(data, len);
 }
 
-int call_for_each_fuzz_test(int (*fn)(const struct fuzz_test *test));
+int call_for_each_fuzz_test(int (*fn)(const struct fuzz_test *test, void *), void *ctx);
 
 int setup_external_fuzz(const char *fuzz_name,
 			int *argc, char ***argv);
diff --git a/lib/fuzz.c b/lib/fuzz.c
index 084455e365cd..7be7ecedd922 100644
--- a/lib/fuzz.c
+++ b/lib/fuzz.c
@@ -4,13 +4,14 @@
 #include <string.h>
 #include <common.h>
 
-int call_for_each_fuzz_test(int (*fn)(const struct fuzz_test *test))
+int call_for_each_fuzz_test(int (*fn)(const struct fuzz_test *test, void *ctx),
+			    void *ctx)
 {
 	const struct fuzz_test *test;
 	int ret;
 
 	for_each_fuzz_test(test) {
-		ret = fn(test);
+		ret = fn(test, ctx);
 		if (ret)
 			return ret;
 	}
-- 
2.47.3

[PATCH 2/3] sandbox: export list_fuzz_tests to sandbox_main

[Ahmad Fatoum]

Using call_for_each_fuzz_test in the PBL is awkward, because the struct
definition isn't visible there and so we make use of the fact that a
string pointer is the first element of the struct.

Let's avoid this, by just providing a function that lists the fuzzers.

Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
---
 arch/sandbox/Makefile    |  2 +-
 arch/sandbox/os/common.c |  9 +++------
 include/fuzz.h           |  4 +++-
 lib/fuzz.c               | 13 +++++++++++++
 4 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/arch/sandbox/Makefile b/arch/sandbox/Makefile
index 0318c8dd1452..fdff09c07cb9 100644
--- a/arch/sandbox/Makefile
+++ b/arch/sandbox/Makefile
@@ -96,7 +96,7 @@ SANDBOX_PROPER2PBL_GLUE_SYMS := \
 	strsep_unescaped start_barebox linux_get_stickypage_path \
 	stickypage mem_malloc_init \
 	barebox_register_filedev barebox_register_dtb barebox_register_console \
-	barebox_errno barebox_loglevel call_for_each_fuzz_test setup_external_fuzz
+	barebox_errno barebox_loglevel list_fuzz_tests setup_external_fuzz
 
 OBJCOPYFLAGS_barebox.o := $(addprefix --keep-global-symbol=, $(SANDBOX_PROPER2PBL_GLUE_SYMS))
 
diff --git a/arch/sandbox/os/common.c b/arch/sandbox/os/common.c
index e872a6381988..1628e28d83fb 100644
--- a/arch/sandbox/os/common.c
+++ b/arch/sandbox/os/common.c
@@ -56,14 +56,11 @@ extern int barebox_loglevel;
 #endif
 
 #ifdef CONFIG_FUZZ_EXTERNAL
-int call_for_each_fuzz_test(int (*fn)(const char **test, void *), void *ctx);
+void list_fuzz_tests(int (*println)(const char *));
 int setup_external_fuzz(const char *name,
 			int *argc, char ***argv);
 #else
-static inline int call_for_each_fuzz_test(int (*fn)(const char **test, void *), void *ctx)
-{
-	return 0;
-}
+static inline void list_fuzz_tests(int (*println)(const char *)) { }
 static inline int setup_external_fuzz(const char *name,
 				      int *argc, char ***argv)
 {
@@ -668,7 +665,7 @@ static int normal_main(int argc, char *argv[])
 			sdl_yres = strtoul(optarg, NULL, 0);
 			break;
 		case OPT_LIST_FUZZERS:
-			call_for_each_fuzz_test(print_fuzz_test_name, NULL);
+			list_fuzz_tests(puts);
 			exit(0);
 			break;
 		case OPT_FUZZ:
diff --git a/include/fuzz.h b/include/fuzz.h
index f516d86ab769..11332e834753 100644
--- a/include/fuzz.h
+++ b/include/fuzz.h
@@ -20,7 +20,7 @@
  * @func: Function to call to perform fuzz test on an input
  */
 struct fuzz_test {
-	const char *name; /* must be first member */
+	const char *name;
 	int (*func)(const uint8_t * data, size_t size);
 };
 
@@ -86,6 +86,8 @@ static inline int fuzz_test_once(const struct fuzz_test *test, const u8 *data, s
 
 int call_for_each_fuzz_test(int (*fn)(const struct fuzz_test *test, void *), void *ctx);
 
+void list_fuzz_tests(int (*println)(const char *));
+
 int setup_external_fuzz(const char *fuzz_name,
 			int *argc, char ***argv);
 
diff --git a/lib/fuzz.c b/lib/fuzz.c
index 7be7ecedd922..038e176096bc 100644
--- a/lib/fuzz.c
+++ b/lib/fuzz.c
@@ -19,6 +19,19 @@ int call_for_each_fuzz_test(int (*fn)(const struct fuzz_test *test, void *ctx),
 	return 0;
 }
 
+static int list_fuzz_test_one(const struct fuzz_test *test, void *ctx)
+{
+	int (*println)(const char *) = ctx;
+
+	println(test->name);
+	return 0;
+}
+
+void list_fuzz_tests(int (*println)(const char *))
+{
+	call_for_each_fuzz_test(list_fuzz_test_one, println);
+}
+
 #ifdef CONFIG_FUZZ_EXTERNAL
 const u8 *fuzzer_get_data(size_t *len);
 #else
-- 
2.47.3

[PATCH 3/3] fuzz: do not export for_each_fuzz_test

[Ahmad Fatoum]

For issues not further understood, GCC 14, but not clang 19,
UndefinedBehaviorSanitizer doesn't like the way we iterate over the
linker list that holds the fuzzers:

  barebox@Sandbox:/ fuzz -l
  dtb
  commands/fuzz.c:19:23: runtime error: load of address 0x560e1830a050 with
  insufficient space for an object of type 'const struct fuzz_test'
  0x560e1830a050: note: pointer points here
   0e 56 00 00  e0 77 26 18 0e 56 00 00  ef e2 0f 18 0e 56 00 00
                ^
   20 44 25 18 0e 56 00 00  1f be 09 18
  fdt-compatible
  filetype
  fit
  partitions

For some reason, switching to call_for_each_fuzz_test, avoids this
issue, so let's do that.

Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
---
 commands/fuzz.c | 42 ++++++++++++++++++++++++++++++------------
 include/fuzz.h  |  4 ----
 lib/fuzz.c      |  4 ++++
 3 files changed, 34 insertions(+), 16 deletions(-)

diff --git a/commands/fuzz.c b/commands/fuzz.c
index f48032e7e1d9..3ade5bf69a28 100644
--- a/commands/fuzz.c
+++ b/commands/fuzz.c
@@ -9,23 +9,41 @@
 #include <libfile.h>
 #include <fs.h>
 
-static const struct fuzz_test *get_fuzz_test(const char *match, bool print)
-{
+struct fuzz_process {
+	bool print;
+	const char *match;
+	unsigned nmatches;
 	const struct fuzz_test *test;
-	unsigned matches = 0;
+};
 
-	for_each_fuzz_test(test) {
-		if (print) {
-			printf("%s\n", test->name);
-			matches++;
-		}
-
-		if (match && !strcmp(test->name, match))
-			return test;
+static int process_fuzz_test(const struct fuzz_test *test,
+			     void *_ctx)
+{
+	struct fuzz_process *ctx = _ctx;
 
+	if (ctx->print) {
+		printf("%s\n", test->name);
+		ctx->nmatches++;
 	}
 
-	if (!matches) {
+	if (ctx->match && !strcmp(test->name, ctx->match)) {
+		ctx->test = test;
+		return true;
+	}
+
+	return false;
+}
+
+static const struct fuzz_test *get_fuzz_test(const char *match, bool print)
+{
+	struct fuzz_process ctx = {
+		.match = match, .print = print
+	};
+
+	if (call_for_each_fuzz_test(process_fuzz_test, &ctx))
+		return ctx.test;
+
+	if (!ctx.nmatches) {
 		if (match)
 			printf("No fuzz tests matching '%s' found.\n", match);
 		else
diff --git a/include/fuzz.h b/include/fuzz.h
index 11332e834753..4d637f72b176 100644
--- a/include/fuzz.h
+++ b/include/fuzz.h
@@ -27,10 +27,6 @@ struct fuzz_test {
 extern const struct fuzz_test __barebox_fuzz_tests_start;
 extern const struct fuzz_test __barebox_fuzz_tests_end;
 
-#define for_each_fuzz_test(test) \
-	for (test = &__barebox_fuzz_tests_start; \
-	     test != &__barebox_fuzz_tests_end; test++)
-
 #if IS_ENABLED(CONFIG_FUZZ) && IN_PROPER
 /**
  * fuzz_test() - register a fuzz test
diff --git a/lib/fuzz.c b/lib/fuzz.c
index 038e176096bc..708cffbc2cc5 100644
--- a/lib/fuzz.c
+++ b/lib/fuzz.c
@@ -4,6 +4,10 @@
 #include <string.h>
 #include <common.h>
 
+#define for_each_fuzz_test(test) \
+	for (test = &__barebox_fuzz_tests_start; \
+	     test != &__barebox_fuzz_tests_end; test++)
+
 int call_for_each_fuzz_test(int (*fn)(const struct fuzz_test *test, void *ctx),
 			    void *ctx)
 {
-- 
2.47.3

Re: [PATCH 1/3] fuzz: add context pointer to call_for_each_fuzz_test

[Sascha Hauer]

On Mon, 27 Oct 2025 08:42:30 +0100, Ahmad Fatoum wrote:
> In preparation for removing call_for_each_fuzz_test from the sandbox
> PBL, give it a context pointer to simplify its use.
> 
> 

Applied, thanks!

[1/3] fuzz: add context pointer to call_for_each_fuzz_test
      https://git.pengutronix.de/cgit/barebox/commit/?id=17ebc7ac77ac (link may not be stable)
[2/3] sandbox: export list_fuzz_tests to sandbox_main
      https://git.pengutronix.de/cgit/barebox/commit/?id=73ff5a8b79b2 (link may not be stable)
[3/3] fuzz: do not export for_each_fuzz_test
      https://git.pengutronix.de/cgit/barebox/commit/?id=8d3f3aa731b4 (link may not be stable)

Best regards,
-- 
Sascha Hauer <s.hauer@pengutronix.de>