Fix bunch of minor oss-fuzz/coverity issues.

src/fuzzing/dump.c

@@ -44,11 +44,12 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     rnp_output_destroy(output);
     rnp_input_destroy(input);
 
-    (void) rnp_input_from_memory(&input, data, size, false);
+    rnp_input_t input2 = NULL;
+    (void) rnp_input_from_memory(&input2, data, size, false);
     char *json = NULL;
-    (void) rnp_dump_packets_to_json(input, RNP_DUMP_RAW, &json);
+    (void) rnp_dump_packets_to_json(input2, RNP_DUMP_RAW, &json);
     rnp_buffer_destroy(json);
-    rnp_input_destroy(input);
+    rnp_input_destroy(input2);
 
     return 0;
 }

src/fuzzing/keyimport.c

@@ -39,58 +39,51 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     rnp_input_t  input = NULL;
     rnp_result_t ret = 0;
     rnp_ffi_t    ffi = NULL;
+    uint32_t     flags = RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS;
 
     /* try non-permissive import */
     ret = rnp_input_from_memory(&input, data, size, false);
     ret = rnp_ffi_create(&ffi, "GPG", "GPG");
     char *results = NULL;
-    ret = rnp_import_keys(
-      ffi, input, RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS, &results);
+    ret = rnp_import_keys(ffi, input, flags, &results);
     rnp_buffer_destroy(results);
     rnp_input_destroy(input);
     rnp_ffi_destroy(ffi);
 
     /* try permissive import */
-    ret = rnp_input_from_memory(&input, data, size, false);
+    rnp_input_t input2 = NULL;
+    ret = rnp_input_from_memory(&input2, data, size, false);
     ret = rnp_ffi_create(&ffi, "GPG", "GPG");
     results = NULL;
-    ret = rnp_import_keys(ffi,
-                          input,
-                          RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS |
-                            RNP_LOAD_SAVE_PERMISSIVE,
-                          &results);
+    ret = rnp_import_keys(ffi, input2, flags | RNP_LOAD_SAVE_PERMISSIVE, &results);
     rnp_buffer_destroy(results);
-    rnp_input_destroy(input);
+    rnp_input_destroy(input2);
     rnp_ffi_destroy(ffi);
 
     /* try non-permissive iterative import */
-    ret = rnp_input_from_memory(&input, data, size, false);
+    rnp_input_t input3 = NULL;
+    ret = rnp_input_from_memory(&input3, data, size, false);
     ret = rnp_ffi_create(&ffi, "GPG", "GPG");
+    flags |= RNP_LOAD_SAVE_SINGLE;
     do {
         results = NULL;
-        ret = rnp_import_keys(ffi,
-                              input,
-                              RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS |
-                                RNP_LOAD_SAVE_SINGLE,
-                              &results);
+        ret = rnp_import_keys(ffi, input3, flags, &results);
         rnp_buffer_destroy(results);
     } while (!ret);
-    rnp_input_destroy(input);
+    rnp_input_destroy(input3);
     rnp_ffi_destroy(ffi);
 
     /* try permissive iterative import */
-    ret = rnp_input_from_memory(&input, data, size, false);
+    rnp_input_t input4 = NULL;
+    ret = rnp_input_from_memory(&input4, data, size, false);
     ret = rnp_ffi_create(&ffi, "GPG", "GPG");
+    flags |= RNP_LOAD_SAVE_PERMISSIVE;
     do {
         results = NULL;
-        ret = rnp_import_keys(ffi,
-                              input,
-                              RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS |
-                                RNP_LOAD_SAVE_PERMISSIVE | RNP_LOAD_SAVE_SINGLE,
-                              &results);
+        ret = rnp_import_keys(ffi, input4, flags, &results);
         rnp_buffer_destroy(results);
     } while (!ret);
-    rnp_input_destroy(input);
+    rnp_input_destroy(input4);
     rnp_ffi_destroy(ffi);
 
     return 0;

src/lib/crypto/sphincsplus.cpp

@@ -302,7 +302,7 @@ sphincsplus_pubkey_size(sphincsplus_parameter_t param)
         return 64;
     default:
         RNP_LOG("invalid SLH-DSA parameter identifier");
-        throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS);
+        return 0;
     }
 }
 
@@ -324,7 +324,7 @@ sphincsplus_signature_size(sphincsplus_parameter_t param)
         return 49856;
     default:
         RNP_LOG("invalid SLH-DSA parameter identifier");
-        throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS);
+        return 0;
     }
 }
 

src/lib/crypto/sphincsplus.h

@@ -39,7 +39,7 @@ struct pgp_sphincsplus_key_t;
 struct pgp_sphincsplus_signature_t;
 
 typedef enum { sphincsplus_sha256, sphinscplus_shake256 } sphincsplus_hash_func_t;
-typedef enum {
+typedef enum : uint8_t {
     sphincsplus_simple_128s = 1,
     sphincsplus_simple_128f = 2,
     sphincsplus_simple_192s = 3,

src/lib/key_material.cpp

@@ -1823,7 +1823,12 @@ SlhdsaKeyMaterial::parse(pgp_packet_body_t &pkt) noexcept
         return false;
     }
     sphincsplus_parameter_t param = (sphincsplus_parameter_t) bt;
-    std::vector<uint8_t>    buf(sphincsplus_pubkey_size(param));
+    auto                    size = sphincsplus_pubkey_size(param);
+    if (!size) {
+        RNP_LOG("invalid SLH-DSA param");
+        return false;
+    }
+    std::vector<uint8_t> buf(size);
     if (!pkt.get(buf.data(), buf.size())) {
         RNP_LOG("failed to parse SLH-DSA public key data");
         return false;

src/lib/pgp-key.cpp

@@ -2097,7 +2097,7 @@ pgp_key_t::validate_sig(pgp_signature_info_t &      sinfo,
         if (!subpkt->critical() || (subpkt->type() != pgp::pkt::sigsub::Type::NotationData)) {
             continue;
         }
-        auto notation = dynamic_cast<pgp::pkt::sigsub::NotationData &>(*subpkt);
+        auto &notation = dynamic_cast<pgp::pkt::sigsub::NotationData &>(*subpkt);
         RNP_LOG("unknown critical notation: %s", notation.name().c_str());
         sinfo.valid = false;
     }

src/lib/sig_subpacket.cpp

@@ -672,11 +672,11 @@ bool
 EmbeddedSignature::parse_data(const uint8_t *data, size_t size)
 {
     pgp_packet_body_t pkt(data, size);
-    pgp_signature_t   sig{};
+    pgp_signature_t   sig;
     if (sig.parse(pkt)) {
         return false;
     }
-    signature_ = std::unique_ptr<pgp_signature_t>(new pgp_signature_t(sig));
+    signature_ = std::unique_ptr<pgp_signature_t>(new pgp_signature_t(std::move(sig)));
     return true;
 }
 

src/lib/sig_subpacket.hpp

@@ -471,7 +471,8 @@ class RevocationKey : public Raw {
 
   public:
     RevocationKey(bool hashed = true, bool critical = false)
-        : Raw(Type::RevocationKey, hashed, critical){};
+        : Raw(Type::RevocationKey, hashed, critical), rev_class_(0),
+          alg_(PGP_PKA_NOTHING), fp_{} {};
 
     uint8_t
     rev_class() const noexcept
@@ -866,7 +867,7 @@ class IssuerFingerprint : public Raw {
 
   public:
     IssuerFingerprint(bool hashed = true, bool critical = false)
-        : Raw(Type::IssuerFingerprint, hashed, critical), version_(0)
+        : Raw(Type::IssuerFingerprint, hashed, critical), version_(0), fp_{}
     {
     }
 

src/librepgp/stream-sig.cpp

@@ -432,6 +432,9 @@
 
     auto sub = sigsub::Raw::create(type);
     auto pref = dynamic_cast<sigsub::Preferred *>(sub.get());
+    if (!pref) {
+        return;
+    }
     pref->set_algs(data);
     add_subpkt(std::move(sub));
 }
@@ -1102,10 +1105,14 @@
             RNP_LOG("failed to parse SLH-DSA signature data");
             return false;
         }
+        auto sig_size = sphincsplus_signature_size((sphincsplus_parameter_t) param);
+        if (!sig_size) {
+            RNP_LOG("invalid SLH-DSA param value");
+            return false;
+        }
         material.sphincsplus.param = (sphincsplus_parameter_t) param;
-        material.sphincsplus.sig.resize(
-          sphincsplus_signature_size(material.sphincsplus.param));
-        if (!pkt.get(material.sphincsplus.sig.data(), material.sphincsplus.sig.size())) {
+        material.sphincsplus.sig.resize(sig_size);
+        if (!pkt.get(material.sphincsplus.sig.data(), sig_size)) {
             RNP_LOG("failed to parse SLH-DSA signature data");
             return false;
         }

src/librepgp/stream-sig.h

@@ -53,13 +53,13 @@ typedef struct pgp_signature_t {
     /* common v3 and v4 fields */
     pgp_pubkey_alg_t       palg;
     pgp_hash_alg_t         halg;
-    std::array<uint8_t, 2> lbits;
+    std::array<uint8_t, 2> lbits{};
     std::vector<uint8_t>   hashed_data;
     std::vector<uint8_t>   material_buf; /* raw signature material */
 
     /* v3 - only fields */
     uint32_t     creation_time;
-    pgp_key_id_t signer;
+    pgp_key_id_t signer{};
 
     /* common v4, v5 and v6 fields */
     pgp::pkt::sigsub::List subpkts;

src/tests/fuzz_dump.cpp

@@ -58,4 +58,7 @@ TEST_F(rnp_tests, test_fuzz_dump)
 
     data = file_to_vec(DATA_PATH "outofmemory-6111789935624192");
     assert_int_equal(dump_LLVMFuzzerTestOneInput(data.data(), data.size()), 0);
+
+    data = file_to_vec(DATA_PATH "abrt-5093675862917120");
+    assert_int_equal(dump_LLVMFuzzerTestOneInput(data.data(), data.size()), 0);
 }

src/tests/fuzz_verify_detached.cpp

@@ -44,4 +44,7 @@ TEST_F(rnp_tests, test_fuzz_verify_detached)
 
     data = file_to_vec(DATA_PATH "outofmemory-dea88a4aa4ab5fec1291446db702ee893d5559cf");
     assert_int_equal(verify_detached_LLVMFuzzerTestOneInput(data.data(), data.size()), 0);
+
+    data = file_to_vec(DATA_PATH "invalid-enum-value-4717481657171968");
+    assert_int_equal(verify_detached_LLVMFuzzerTestOneInput(data.data(), data.size()), 0);
 }