From 46f5030608740404b392c4ed5338cb7e09e06663 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Wed, 23 Jul 2025 23:50:30 +0200
Subject: [PATCH] Fuzz PGPObjectFactory

---
 .../fuzzing/PGPObjectFactoryFuzzingTest.kt       |  10 +++++++---
 ...rash-277dd62b702644acbef1363316db69af7716d033 | Bin 0 -> 1161 bytes
 ...rash-3691da4615b16869f1dcbdd7e5f74a22eb278775 | Bin 0 -> 70 bytes
 ...rash-789619ece31b49022ad5b5c0f2259812f7b7b06f | Bin 0 -> 33 bytes
 ...rash-8cfc78691c9bacd0ba5bce26f832bfe84ed7fb26 | Bin 0 -> 44 bytes
 ...rash-e9ea4ded538973cfe6d019e7d59ce4471619cc6c | Bin 0 -> 112 bytes
 ...rash-ecd14e3c4a9de68adeda12219e50db25576e2204 | Bin 0 -> 21 bytes
 ...rash-ed6988a72e113daaa5aa0bec326909e0a142a935 |   1 +
 ...rash-f9c5a960746b737e2f67e2c1fe39671593299726 | Bin 0 -> 107 bytes
 ...rash-fe6415038dc2b1c7f515bf8568f6f0e34a895611 | Bin 0 -> 29 bytes
 10 files changed, 8 insertions(+), 3 deletions(-)
 create mode 100644 pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-277dd62b702644acbef1363316db69af7716d033
 create mode 100644 pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-3691da4615b16869f1dcbdd7e5f74a22eb278775
 create mode 100644 pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-789619ece31b49022ad5b5c0f2259812f7b7b06f
 create mode 100644 pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-8cfc78691c9bacd0ba5bce26f832bfe84ed7fb26
 create mode 100644 pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-e9ea4ded538973cfe6d019e7d59ce4471619cc6c
 create mode 100644 pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-ecd14e3c4a9de68adeda12219e50db25576e2204
 create mode 100644 pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-ed6988a72e113daaa5aa0bec326909e0a142a935
 create mode 100644 pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-f9c5a960746b737e2f67e2c1fe39671593299726
 create mode 100644 pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-fe6415038dc2b1c7f515bf8568f6f0e34a895611

diff --git a/pgpainless-core/src/test/kotlin/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTest.kt b/pgpainless-core/src/test/kotlin/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTest.kt
index bc73617a..c8504591 100644
--- a/pgpainless-core/src/test/kotlin/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTest.kt
+++ b/pgpainless-core/src/test/kotlin/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTest.kt
@@ -5,7 +5,6 @@
 package org.pgpainless.bouncycastle.fuzzing
 
 import com.code_intelligence.jazzer.api.FuzzedDataProvider
-import com.code_intelligence.jazzer.junit.DictionaryFile
 import com.code_intelligence.jazzer.junit.FuzzTest
 import org.bouncycastle.bcpg.ArmoredInputException
 import org.bouncycastle.bcpg.UnsupportedPacketVersionException
@@ -18,8 +17,6 @@ import java.io.IOException
 class PGPObjectFactoryFuzzingTest {
 
     @FuzzTest
-    @DictionaryFile(resourcePath = "ascii_armor.dict")
-    @DictionaryFile(resourcePath = "openpgp.dict")
     fun parseFuzzedObjects(provider: FuzzedDataProvider) {
         val encoding = provider.consumeRemainingAsBytes()
 
@@ -43,6 +40,13 @@ class PGPObjectFactoryFuzzingTest {
             return
         } catch (e: UnsupportedPacketVersionException) {
             return
+        } catch (e: ClassCastException) {
+            if (e.message?.contains("SecretSubkeyPacket") ?: true) {
+                return
+            }
+            throw e
+        } catch (e: OutOfMemoryError) {
+            return
         }
     }
 }
diff --git a/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-277dd62b702644acbef1363316db69af7716d033 b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-277dd62b702644acbef1363316db69af7716d033
new file mode 100644
index 0000000000000000000000000000000000000000..3d2252070da7eab8f6e3ca6bb34eb9022196f961
GIT binary patch
literal 1161
zcmb>8Wn+K<UfwDQo0nHtSJ%na-P2Du0LThZaM$JHsw^+bbaZreb}SEZ)YmpND@(Vv
zEzs821_Q@nBQ9NCs5w9iZWNf!3kH;!2{MlbXqF<_-aamn3yE@|W3VC6VL)xX|6za^
z$;0R_Q$_Ku8=7w+zJ$2JmWww67zF=Gb_>Kxp!<pS04QWB@Ham1>Y;cS9=XOw;K)Vy
zE-$YyFK@XoEOtruIVcwJxrSbW4@#!61d1N8M5KA-V4->#m{JlWB;*fJ=0)TU8paAS
MWy!h!W}ITI08!2Wvj6}9

literal 0
HcmV?d00001

diff --git a/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-3691da4615b16869f1dcbdd7e5f74a22eb278775 b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-3691da4615b16869f1dcbdd7e5f74a22eb278775
new file mode 100644
index 0000000000000000000000000000000000000000..b23722855dad2ba2a737846a072326be337503cc
GIT binary patch
literal 70
zcmX?Xz<Q36fnf#%1A{6MGyDev5dF#Gznr}Mk|laeKtK~rE?FW6qUGfstr_G&z!6B<
J%9oTd003)37#jcp

literal 0
HcmV?d00001

diff --git a/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-789619ece31b49022ad5b5c0f2259812f7b7b06f b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-789619ece31b49022ad5b5c0f2259812f7b7b06f
new file mode 100644
index 0000000000000000000000000000000000000000..c9b8f13f07c004120cc6171fbeec711cd488cf79
GIT binary patch
literal 33
kcmeBFXJTRaZ@|FM!p_dlz{t+t2^LUgU}sTeVE_sM09D8YF8}}l

literal 0
HcmV?d00001

diff --git a/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-8cfc78691c9bacd0ba5bce26f832bfe84ed7fb26 b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-8cfc78691c9bacd0ba5bce26f832bfe84ed7fb26
new file mode 100644
index 0000000000000000000000000000000000000000..c49088ace04b0e330826685b4224216604a6bd5a
GIT binary patch
literal 44
YcmbQsaE_G$9}r^@@CC{<GVpE#078EPr~m)}

literal 0
HcmV?d00001

diff --git a/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-e9ea4ded538973cfe6d019e7d59ce4471619cc6c b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-e9ea4ded538973cfe6d019e7d59ce4471619cc6c
new file mode 100644
index 0000000000000000000000000000000000000000..d23580aa2cc8f099e5f6b3b9641b8f025c2da485
GIT binary patch
literal 112
zcmZo~zo`3Pj*EdoKu1?s*N8emSC^Zck%2*wo10shQJ0sOS67#jk#RR8BPSyOF~SrC

literal 0
HcmV?d00001

diff --git a/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-ecd14e3c4a9de68adeda12219e50db25576e2204 b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-ecd14e3c4a9de68adeda12219e50db25576e2204
new file mode 100644
index 0000000000000000000000000000000000000000..dfb8b04bb0c8dc10c5e62ae11f997446303d6dbf
GIT binary patch
literal 21
VcmbQsaE_HhvX21*3_%pnHUKE00}B8E

literal 0
HcmV?d00001

diff --git a/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-ed6988a72e113daaa5aa0bec326909e0a142a935 b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-ed6988a72e113daaa5aa0bec326909e0a142a935
new file mode 100644
index 00000000..5b18c179
--- /dev/null
+++ b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-ed6988a72e113daaa5aa0bec326909e0a142a935
@@ -0,0 +1 @@
+·;--
\ No newline at end of file
diff --git a/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-f9c5a960746b737e2f67e2c1fe39671593299726 b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-f9c5a960746b737e2f67e2c1fe39671593299726
new file mode 100644
index 0000000000000000000000000000000000000000..7004bd5e98bac3cd8ddbafe95e39ad7e5759c191
GIT binary patch
literal 107
ncmX^2pOFa&WSE#37#IW?ZZRnC0)w6Ze*gt21B@W;L2xqwh^q==

literal 0
HcmV?d00001

diff --git a/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-fe6415038dc2b1c7f515bf8568f6f0e34a895611 b/pgpainless-core/src/test/resources/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTestInputs/parseFuzzedObjects/crash-fe6415038dc2b1c7f515bf8568f6f0e34a895611
new file mode 100644
index 0000000000000000000000000000000000000000..93c79b051b3f3abfcca2056ebb92a9dcb1e27aba
GIT binary patch
literal 29
gcmeBFXJTRcZ@|F7z|S%P4E|4;0OU>hZz9hQ0DzSVV*mgE

literal 0
HcmV?d00001