From a5cf079d4dc9097c4e58f0eb7b0996b0a6d91696 Mon Sep 17 00:00:00 2001 From: Max Dymond Date: Tue, 25 Jun 2019 17:22:02 +0100 Subject: Add a fuzzing target that compiles in the oss-fuzz environment --- .travis.yml | 6 ++++ Makefile | 1 + ossfuzz/Makefile | 54 +++++++++++++++++++++++++++++++++ ossfuzz/compress_fuzzer.cc | 22 ++++++++++++++ ossfuzz/ossfuzz.sh | 26 ++++++++++++++++ ossfuzz/standaloneengine.cc | 74 +++++++++++++++++++++++++++++++++++++++++++++ ossfuzz/testinput.h | 3 ++ ossfuzz/travisoss.sh | 24 +++++++++++++++ 8 files changed, 210 insertions(+) create mode 100644 ossfuzz/Makefile create mode 100644 ossfuzz/compress_fuzzer.cc create mode 100755 ossfuzz/ossfuzz.sh create mode 100644 ossfuzz/standaloneengine.cc create mode 100644 ossfuzz/testinput.h create mode 100755 ossfuzz/travisoss.sh diff --git a/.travis.yml b/.travis.yml index ee643e5..4d45e89 100644 --- a/.travis.yml +++ b/.travis.yml @@ -194,5 +194,11 @@ matrix: - pushd build - DESTDIR=./staging ninja install - tree ./staging + + # oss-fuzz compilation test + - name: Compile OSS-Fuzz targets + script: + - ./ossfuzz/travisoss.sh + allow_failures: - env: ALLOW_FAILURES=true diff --git a/Makefile b/Makefile index e24cec5..34835fd 100644 --- a/Makefile +++ b/Makefile @@ -34,6 +34,7 @@ LZ4DIR = lib PRGDIR = programs TESTDIR = tests EXDIR = examples +FUZZDIR = ossfuzz include Makefile.inc diff --git a/ossfuzz/Makefile b/ossfuzz/Makefile new file mode 100644 index 0000000..94829b2 --- /dev/null +++ b/ossfuzz/Makefile @@ -0,0 +1,54 @@ +# ########################################################################## +# LZ4 oss fuzzer - Makefile +# +# GPL v2 License +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# You can contact the author at : +# - LZ4 homepage : http://www.lz4.org +# - LZ4 source repository : https://github.com/lz4/lz4 +# ########################################################################## +# lz4_fuzzer : OSS Fuzz test tool +# ########################################################################## + +LZ4DIR := ../lib +LIB_FUZZING_ENGINE ?= standaloneengine.o + +DEBUGLEVEL?= 1 +DEBUGFLAGS = -g -DLZ4_DEBUG=$(DEBUGLEVEL) + +CFLAGS += -I$(LZ4DIR) $(DEBUGFLAGS) $(MOREFLAGS) +CPPFLAGS+= -I$(LZ4DIR) -DXXH_NAMESPACE=LZ4_ +FLAGS = $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) + +include ../Makefile.inc + +# Include a rule to build the static library if calling this target +# directly. +$(LZ4DIR)/liblz4.a: + $(MAKE) -C $(LZ4DIR) CFLAGS="$(CFLAGS)" liblz4.a + +%.o: %.cc + $(CXX) -c $(CFLAGS) $(CPPFLAGS) $< -o $@ + +.PHONY: compress_fuzzer +compress_fuzzer: compress_fuzzer.o $(LZ4DIR)/liblz4.a + # Compile the standalone code just in case. The OSS-Fuzz code might + # override the LIB_FUZZING_ENGINE value to "-fsanitize=fuzzer" + $(CXX) -c $(CFLAGS) $(CPPFLAGS) standaloneengine.cc -o standaloneengine.o + + # Now compile the actual fuzzer. + $(CXX) $(FLAGS) $(LIB_FUZZING_ENGINE) $^ -o $@$(EXT) diff --git a/ossfuzz/compress_fuzzer.cc b/ossfuzz/compress_fuzzer.cc new file mode 100644 index 0000000..006a0ab --- /dev/null +++ b/ossfuzz/compress_fuzzer.cc @@ -0,0 +1,22 @@ +#include +#include +#include +#include "lz4.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + size_t const compressed_dest_size = LZ4_compressBound(size); + char *const dest_buffer = (char *)malloc(compressed_dest_size); + + int result = LZ4_compress_default((const char*)data, dest_buffer, + size, compressed_dest_size); + + if (result == 0) + { + abort(); + } + + free(dest_buffer); + + return 0; +} diff --git a/ossfuzz/ossfuzz.sh b/ossfuzz/ossfuzz.sh new file mode 100755 index 0000000..e0cb63c --- /dev/null +++ b/ossfuzz/ossfuzz.sh @@ -0,0 +1,26 @@ +#!/bin/bash -eu + +# This script is called by the oss-fuzz main project when compiling the fuzz +# targets. This script is regression tested by travisoss.sh. + +# Save off the current folder as the build root. +export BUILD_ROOT=$PWD + +# lz4 uses CPPFLAGS rather than CXX flags. +export CPPFLAGS="${CXXFLAGS}" + +echo "CC: $CC" +echo "CXX: $CXX" +echo "LIB_FUZZING_ENGINE: $LIB_FUZZING_ENGINE" +echo "CFLAGS: $CFLAGS" +echo "CPPFLAGS: $CPPFLAGS" +echo "OUT: $OUT" + +export MAKEFLAGS+="-j$(nproc)" + +pushd ossfuzz +make V=1 compress_fuzzer +popd + +# Copy the fuzzers to the target directory. +cp -v ossfuzz/compress_fuzzer $OUT/ diff --git a/ossfuzz/standaloneengine.cc b/ossfuzz/standaloneengine.cc new file mode 100644 index 0000000..175360e --- /dev/null +++ b/ossfuzz/standaloneengine.cc @@ -0,0 +1,74 @@ +#include +#include +#include + +#include "testinput.h" + +/** + * Main procedure for standalone fuzzing engine. + * + * Reads filenames from the argument array. For each filename, read the file + * into memory and then call the fuzzing interface with the data. + */ +int main(int argc, char **argv) +{ + int ii; + for(ii = 1; ii < argc; ii++) + { + FILE *infile; + printf("[%s] ", argv[ii]); + + /* Try and open the file. */ + infile = fopen(argv[ii], "rb"); + if(infile) + { + uint8_t *buffer = NULL; + size_t buffer_len; + + printf("Opened.. "); + + /* Get the length of the file. */ + fseek(infile, 0L, SEEK_END); + buffer_len = ftell(infile); + + /* Reset the file indicator to the beginning of the file. */ + fseek(infile, 0L, SEEK_SET); + + /* Allocate a buffer for the file contents. */ + buffer = (uint8_t *)calloc(buffer_len, sizeof(uint8_t)); + if(buffer) + { + /* Read all the text from the file into the buffer. */ + fread(buffer, sizeof(uint8_t), buffer_len, infile); + printf("Read %zu bytes, fuzzing.. ", buffer_len); + + /* Call the fuzzer with the data. */ + LLVMFuzzerTestOneInput(buffer, buffer_len); + + printf("complete !!"); + + /* Free the buffer as it's no longer needed. */ + free(buffer); + buffer = NULL; + } + else + { + fprintf(stderr, + "[%s] Failed to allocate %zu bytes \n", + argv[ii], + buffer_len); + } + + /* Close the file as it's no longer needed. */ + fclose(infile); + infile = NULL; + } + else + { + /* Failed to open the file. Maybe wrong name or wrong permissions? */ + fprintf(stderr, "[%s] Open failed. \n", argv[ii]); + } + + printf("\n"); + } +} diff --git a/ossfuzz/testinput.h b/ossfuzz/testinput.h new file mode 100644 index 0000000..6ab9b51 --- /dev/null +++ b/ossfuzz/testinput.h @@ -0,0 +1,3 @@ +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); diff --git a/ossfuzz/travisoss.sh b/ossfuzz/travisoss.sh new file mode 100755 index 0000000..3b2f26f --- /dev/null +++ b/ossfuzz/travisoss.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +set -ex + +# Clone the oss-fuzz repository +git clone https://github.com/google/oss-fuzz.git /tmp/ossfuzz + +if [[ ! -d /tmp/ossfuzz/projects/lz4 ]] +then + echo "Could not find the lz4 project in ossfuzz" + + # Exit with a success code while the lz4 project is not expected to exist + # on oss-fuzz. + exit 0 +fi + +# Modify the oss-fuzz Dockerfile so that we're checking out the current branch on travis. +sed -i "s@https://github.com/lz4/lz4.git@-b $TRAVIS_BRANCH https://github.com/lz4/lz4.git@" /tmp/ossfuzz/projects/lz4/Dockerfile + +# Try and build the fuzzers +pushd /tmp/ossfuzz +python infra/helper.py build_image --pull lz4 +python infra/helper.py build_fuzzers lz4 +popd -- cgit v0.12 From 88a7cfd7283ea9c51fd044b9f58aee47b9ed3d16 Mon Sep 17 00:00:00 2001 From: Max Dymond Date: Fri, 28 Jun 2019 20:54:46 +0100 Subject: Code review markups: - Correct use of CPPFLAGS - Detect allocation failure - Add a CHECK macro for failure --- ossfuzz/Makefile | 12 ++++++------ ossfuzz/compress_fuzzer.cc | 18 +++++++++++------- ossfuzz/ossfuzz.sh | 5 +---- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/ossfuzz/Makefile b/ossfuzz/Makefile index 94829b2..2a7e439 100644 --- a/ossfuzz/Makefile +++ b/ossfuzz/Makefile @@ -30,9 +30,9 @@ LIB_FUZZING_ENGINE ?= standaloneengine.o DEBUGLEVEL?= 1 DEBUGFLAGS = -g -DLZ4_DEBUG=$(DEBUGLEVEL) -CFLAGS += -I$(LZ4DIR) $(DEBUGFLAGS) $(MOREFLAGS) -CPPFLAGS+= -I$(LZ4DIR) -DXXH_NAMESPACE=LZ4_ -FLAGS = $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) +CFLAGS += -I$(LZ4DIR) $(DEBUGFLAGS) $(MOREFLAGS) +CXXFLAGS += -I$(LZ4DIR) $(DEBUGFLAGS) $(MOREFLAGS) +CPPFLAGS += -DXXH_NAMESPACE=LZ4_ include ../Makefile.inc @@ -42,13 +42,13 @@ $(LZ4DIR)/liblz4.a: $(MAKE) -C $(LZ4DIR) CFLAGS="$(CFLAGS)" liblz4.a %.o: %.cc - $(CXX) -c $(CFLAGS) $(CPPFLAGS) $< -o $@ + $(CXX) -c $(CXXFLAGS) $(CPPFLAGS) $< -o $@ .PHONY: compress_fuzzer compress_fuzzer: compress_fuzzer.o $(LZ4DIR)/liblz4.a # Compile the standalone code just in case. The OSS-Fuzz code might # override the LIB_FUZZING_ENGINE value to "-fsanitize=fuzzer" - $(CXX) -c $(CFLAGS) $(CPPFLAGS) standaloneengine.cc -o standaloneengine.o + $(CXX) -c $(CXXFLAGS) $(CPPFLAGS) standaloneengine.cc -o standaloneengine.o # Now compile the actual fuzzer. - $(CXX) $(FLAGS) $(LIB_FUZZING_ENGINE) $^ -o $@$(EXT) + $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) $(LIB_FUZZING_ENGINE) $^ -o $@$(EXT) diff --git a/ossfuzz/compress_fuzzer.cc b/ossfuzz/compress_fuzzer.cc index 006a0ab..4a720e2 100644 --- a/ossfuzz/compress_fuzzer.cc +++ b/ossfuzz/compress_fuzzer.cc @@ -3,20 +3,24 @@ #include #include "lz4.h" +#define CHECK(COND) if (!(COND)) { abort(); } + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { size_t const compressed_dest_size = LZ4_compressBound(size); char *const dest_buffer = (char *)malloc(compressed_dest_size); - int result = LZ4_compress_default((const char*)data, dest_buffer, - size, compressed_dest_size); - - if (result == 0) + if (dest_buffer != NULL) { - abort(); - } + // Allocation succeeded, try compressing the incoming data. + int result = LZ4_compress_default((const char*)data, + dest_buffer, + size, + compressed_dest_size); + CHECK(result != 0); - free(dest_buffer); + free(dest_buffer); + } return 0; } diff --git a/ossfuzz/ossfuzz.sh b/ossfuzz/ossfuzz.sh index e0cb63c..87bc213 100755 --- a/ossfuzz/ossfuzz.sh +++ b/ossfuzz/ossfuzz.sh @@ -6,14 +6,11 @@ # Save off the current folder as the build root. export BUILD_ROOT=$PWD -# lz4 uses CPPFLAGS rather than CXX flags. -export CPPFLAGS="${CXXFLAGS}" - echo "CC: $CC" echo "CXX: $CXX" echo "LIB_FUZZING_ENGINE: $LIB_FUZZING_ENGINE" echo "CFLAGS: $CFLAGS" -echo "CPPFLAGS: $CPPFLAGS" +echo "CXXFLAGS: $CXXFLAGS" echo "OUT: $OUT" export MAKEFLAGS+="-j$(nproc)" -- cgit v0.12 From 60d71dc20c5f9bb95e0b963ab6fb19212eb441a9 Mon Sep 17 00:00:00 2001 From: Max Dymond Date: Fri, 28 Jun 2019 22:19:27 +0100 Subject: Write a simple decompress target as well --- ossfuzz/Makefile | 7 ++++--- ossfuzz/decompress_fuzzer.cc | 28 ++++++++++++++++++++++++++++ ossfuzz/ossfuzz.sh | 4 ++-- 3 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 ossfuzz/decompress_fuzzer.cc diff --git a/ossfuzz/Makefile b/ossfuzz/Makefile index 2a7e439..1e7679b 100644 --- a/ossfuzz/Makefile +++ b/ossfuzz/Makefile @@ -21,7 +21,8 @@ # - LZ4 homepage : http://www.lz4.org # - LZ4 source repository : https://github.com/lz4/lz4 # ########################################################################## -# lz4_fuzzer : OSS Fuzz test tool +# compress_fuzzer : OSS Fuzz test tool +# decompress_fuzzer : OSS Fuzz test tool # ########################################################################## LZ4DIR := ../lib @@ -44,8 +45,8 @@ $(LZ4DIR)/liblz4.a: %.o: %.cc $(CXX) -c $(CXXFLAGS) $(CPPFLAGS) $< -o $@ -.PHONY: compress_fuzzer -compress_fuzzer: compress_fuzzer.o $(LZ4DIR)/liblz4.a +# Generic rule for generating fuzzers +%_fuzzer: %_fuzzer.o $(LZ4DIR)/liblz4.a # Compile the standalone code just in case. The OSS-Fuzz code might # override the LIB_FUZZING_ENGINE value to "-fsanitize=fuzzer" $(CXX) -c $(CXXFLAGS) $(CPPFLAGS) standaloneengine.cc -o standaloneengine.o diff --git a/ossfuzz/decompress_fuzzer.cc b/ossfuzz/decompress_fuzzer.cc new file mode 100644 index 0000000..594a5af --- /dev/null +++ b/ossfuzz/decompress_fuzzer.cc @@ -0,0 +1,28 @@ +#include +#include +#include +#include "lz4.h" + +#define CHECK(COND) if (!(COND)) { abort(); } + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + size_t const buffer_size = 10 * 1024 * 1024; + char *const dest_buffer = (char *)malloc(buffer_size); + + if (dest_buffer != NULL) + { + // Allocation succeeded, try decompressing the incoming data. + int result = LZ4_decompress_safe((const char*)data, + dest_buffer, + size, + buffer_size); + + // Ignore the result of decompression. + (void)result; + + free(dest_buffer); + } + + return 0; +} diff --git a/ossfuzz/ossfuzz.sh b/ossfuzz/ossfuzz.sh index 87bc213..a76b0d6 100755 --- a/ossfuzz/ossfuzz.sh +++ b/ossfuzz/ossfuzz.sh @@ -16,8 +16,8 @@ echo "OUT: $OUT" export MAKEFLAGS+="-j$(nproc)" pushd ossfuzz -make V=1 compress_fuzzer +make V=1 compress_fuzzer decompress_fuzzer popd # Copy the fuzzers to the target directory. -cp -v ossfuzz/compress_fuzzer $OUT/ +cp -v ossfuzz/compress_fuzzer ossfuzz/decompress_fuzzer $OUT/ -- cgit v0.12 From 02b5b3c242fd4131983152f0dd422429e6702923 Mon Sep 17 00:00:00 2001 From: Max Dymond Date: Fri, 28 Jun 2019 23:48:33 +0100 Subject: Move to using C rather than C++ for compilation --- Makefile | 1 + ossfuzz/Makefile | 12 +++++-- ossfuzz/compress_fuzzer.c | 26 ++++++++++++++++ ossfuzz/compress_fuzzer.cc | 26 ---------------- ossfuzz/decompress_fuzzer.c | 28 +++++++++++++++++ ossfuzz/decompress_fuzzer.cc | 28 ----------------- ossfuzz/standaloneengine.c | 74 ++++++++++++++++++++++++++++++++++++++++++++ ossfuzz/standaloneengine.cc | 74 -------------------------------------------- ossfuzz/testinput.h | 2 +- 9 files changed, 139 insertions(+), 132 deletions(-) create mode 100644 ossfuzz/compress_fuzzer.c delete mode 100644 ossfuzz/compress_fuzzer.cc create mode 100644 ossfuzz/decompress_fuzzer.c delete mode 100644 ossfuzz/decompress_fuzzer.cc create mode 100644 ossfuzz/standaloneengine.c delete mode 100644 ossfuzz/standaloneengine.cc diff --git a/Makefile b/Makefile index 34835fd..f25f951 100644 --- a/Makefile +++ b/Makefile @@ -77,6 +77,7 @@ clean: @$(MAKE) -C $(PRGDIR) $@ > $(VOID) @$(MAKE) -C $(TESTDIR) $@ > $(VOID) @$(MAKE) -C $(EXDIR) $@ > $(VOID) + @$(MAKE) -C $(FUZZDIR) $@ > $(VOID) @$(MAKE) -C contrib/gen_manual $@ > $(VOID) @$(RM) lz4$(EXT) @echo Cleaning completed diff --git a/ossfuzz/Makefile b/ossfuzz/Makefile index 1e7679b..1480ccb 100644 --- a/ossfuzz/Makefile +++ b/ossfuzz/Makefile @@ -42,14 +42,20 @@ include ../Makefile.inc $(LZ4DIR)/liblz4.a: $(MAKE) -C $(LZ4DIR) CFLAGS="$(CFLAGS)" liblz4.a -%.o: %.cc - $(CXX) -c $(CXXFLAGS) $(CPPFLAGS) $< -o $@ +%.o: %.c + $(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@ # Generic rule for generating fuzzers %_fuzzer: %_fuzzer.o $(LZ4DIR)/liblz4.a # Compile the standalone code just in case. The OSS-Fuzz code might # override the LIB_FUZZING_ENGINE value to "-fsanitize=fuzzer" - $(CXX) -c $(CXXFLAGS) $(CPPFLAGS) standaloneengine.cc -o standaloneengine.o + $(CC) -c $(CFLAGS) $(CPPFLAGS) standaloneengine.c -o standaloneengine.o # Now compile the actual fuzzer. $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) $(LIB_FUZZING_ENGINE) $^ -o $@$(EXT) + +%_fuzzer_clean: + $(RM) $*_fuzzer $*_fuzzer.o standaloneengine.o + +.PHONY: clean +clean: compress_fuzzer_clean decompress_fuzzer_clean diff --git a/ossfuzz/compress_fuzzer.c b/ossfuzz/compress_fuzzer.c new file mode 100644 index 0000000..28610ad --- /dev/null +++ b/ossfuzz/compress_fuzzer.c @@ -0,0 +1,26 @@ +#include +#include +#include +#include "lz4.h" + +#define CHECK(COND) if (!(COND)) { abort(); } + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + size_t const compressed_dest_size = LZ4_compressBound(size); + char *const dest_buffer = (char *)malloc(compressed_dest_size); + + if (dest_buffer != NULL) + { + // Allocation succeeded, try compressing the incoming data. + int result = LZ4_compress_default((const char*)data, + dest_buffer, + size, + compressed_dest_size); + CHECK(result != 0); + + free(dest_buffer); + } + + return 0; +} diff --git a/ossfuzz/compress_fuzzer.cc b/ossfuzz/compress_fuzzer.cc deleted file mode 100644 index 4a720e2..0000000 --- a/ossfuzz/compress_fuzzer.cc +++ /dev/null @@ -1,26 +0,0 @@ -#include -#include -#include -#include "lz4.h" - -#define CHECK(COND) if (!(COND)) { abort(); } - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - size_t const compressed_dest_size = LZ4_compressBound(size); - char *const dest_buffer = (char *)malloc(compressed_dest_size); - - if (dest_buffer != NULL) - { - // Allocation succeeded, try compressing the incoming data. - int result = LZ4_compress_default((const char*)data, - dest_buffer, - size, - compressed_dest_size); - CHECK(result != 0); - - free(dest_buffer); - } - - return 0; -} diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c new file mode 100644 index 0000000..1fa2b1a --- /dev/null +++ b/ossfuzz/decompress_fuzzer.c @@ -0,0 +1,28 @@ +#include +#include +#include +#include "lz4.h" + +#define CHECK(COND) if (!(COND)) { abort(); } + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + size_t const buffer_size = 10 * 1024 * 1024; + char *const dest_buffer = (char *)malloc(buffer_size); + + if (dest_buffer != NULL) + { + // Allocation succeeded, try decompressing the incoming data. + int result = LZ4_decompress_safe((const char*)data, + dest_buffer, + size, + buffer_size); + + // Ignore the result of decompression. + (void)result; + + free(dest_buffer); + } + + return 0; +} diff --git a/ossfuzz/decompress_fuzzer.cc b/ossfuzz/decompress_fuzzer.cc deleted file mode 100644 index 594a5af..0000000 --- a/ossfuzz/decompress_fuzzer.cc +++ /dev/null @@ -1,28 +0,0 @@ -#include -#include -#include -#include "lz4.h" - -#define CHECK(COND) if (!(COND)) { abort(); } - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - size_t const buffer_size = 10 * 1024 * 1024; - char *const dest_buffer = (char *)malloc(buffer_size); - - if (dest_buffer != NULL) - { - // Allocation succeeded, try decompressing the incoming data. - int result = LZ4_decompress_safe((const char*)data, - dest_buffer, - size, - buffer_size); - - // Ignore the result of decompression. - (void)result; - - free(dest_buffer); - } - - return 0; -} diff --git a/ossfuzz/standaloneengine.c b/ossfuzz/standaloneengine.c new file mode 100644 index 0000000..175360e --- /dev/null +++ b/ossfuzz/standaloneengine.c @@ -0,0 +1,74 @@ +#include +#include +#include + +#include "testinput.h" + +/** + * Main procedure for standalone fuzzing engine. + * + * Reads filenames from the argument array. For each filename, read the file + * into memory and then call the fuzzing interface with the data. + */ +int main(int argc, char **argv) +{ + int ii; + for(ii = 1; ii < argc; ii++) + { + FILE *infile; + printf("[%s] ", argv[ii]); + + /* Try and open the file. */ + infile = fopen(argv[ii], "rb"); + if(infile) + { + uint8_t *buffer = NULL; + size_t buffer_len; + + printf("Opened.. "); + + /* Get the length of the file. */ + fseek(infile, 0L, SEEK_END); + buffer_len = ftell(infile); + + /* Reset the file indicator to the beginning of the file. */ + fseek(infile, 0L, SEEK_SET); + + /* Allocate a buffer for the file contents. */ + buffer = (uint8_t *)calloc(buffer_len, sizeof(uint8_t)); + if(buffer) + { + /* Read all the text from the file into the buffer. */ + fread(buffer, sizeof(uint8_t), buffer_len, infile); + printf("Read %zu bytes, fuzzing.. ", buffer_len); + + /* Call the fuzzer with the data. */ + LLVMFuzzerTestOneInput(buffer, buffer_len); + + printf("complete !!"); + + /* Free the buffer as it's no longer needed. */ + free(buffer); + buffer = NULL; + } + else + { + fprintf(stderr, + "[%s] Failed to allocate %zu bytes \n", + argv[ii], + buffer_len); + } + + /* Close the file as it's no longer needed. */ + fclose(infile); + infile = NULL; + } + else + { + /* Failed to open the file. Maybe wrong name or wrong permissions? */ + fprintf(stderr, "[%s] Open failed. \n", argv[ii]); + } + + printf("\n"); + } +} diff --git a/ossfuzz/standaloneengine.cc b/ossfuzz/standaloneengine.cc deleted file mode 100644 index 175360e..0000000 --- a/ossfuzz/standaloneengine.cc +++ /dev/null @@ -1,74 +0,0 @@ -#include -#include -#include - -#include "testinput.h" - -/** - * Main procedure for standalone fuzzing engine. - * - * Reads filenames from the argument array. For each filename, read the file - * into memory and then call the fuzzing interface with the data. - */ -int main(int argc, char **argv) -{ - int ii; - for(ii = 1; ii < argc; ii++) - { - FILE *infile; - printf("[%s] ", argv[ii]); - - /* Try and open the file. */ - infile = fopen(argv[ii], "rb"); - if(infile) - { - uint8_t *buffer = NULL; - size_t buffer_len; - - printf("Opened.. "); - - /* Get the length of the file. */ - fseek(infile, 0L, SEEK_END); - buffer_len = ftell(infile); - - /* Reset the file indicator to the beginning of the file. */ - fseek(infile, 0L, SEEK_SET); - - /* Allocate a buffer for the file contents. */ - buffer = (uint8_t *)calloc(buffer_len, sizeof(uint8_t)); - if(buffer) - { - /* Read all the text from the file into the buffer. */ - fread(buffer, sizeof(uint8_t), buffer_len, infile); - printf("Read %zu bytes, fuzzing.. ", buffer_len); - - /* Call the fuzzer with the data. */ - LLVMFuzzerTestOneInput(buffer, buffer_len); - - printf("complete !!"); - - /* Free the buffer as it's no longer needed. */ - free(buffer); - buffer = NULL; - } - else - { - fprintf(stderr, - "[%s] Failed to allocate %zu bytes \n", - argv[ii], - buffer_len); - } - - /* Close the file as it's no longer needed. */ - fclose(infile); - infile = NULL; - } - else - { - /* Failed to open the file. Maybe wrong name or wrong permissions? */ - fprintf(stderr, "[%s] Open failed. \n", argv[ii]); - } - - printf("\n"); - } -} diff --git a/ossfuzz/testinput.h b/ossfuzz/testinput.h index 6ab9b51..8da6215 100644 --- a/ossfuzz/testinput.h +++ b/ossfuzz/testinput.h @@ -1,3 +1,3 @@ #include -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); -- cgit v0.12 From e2a33f12e1198d3f5de374519d7a034a8736f6c8 Mon Sep 17 00:00:00 2001 From: Max Dymond Date: Sat, 29 Jun 2019 00:23:06 +0100 Subject: More markups for style changes --- ossfuzz/Makefile | 14 +++++++------- ossfuzz/compress_fuzzer.c | 19 +++++++++---------- ossfuzz/decompress_fuzzer.c | 22 +++++++++++----------- ossfuzz/testinput.h | 12 ++++++++++++ 4 files changed, 39 insertions(+), 28 deletions(-) diff --git a/ossfuzz/Makefile b/ossfuzz/Makefile index 1480ccb..7812c41 100644 --- a/ossfuzz/Makefile +++ b/ossfuzz/Makefile @@ -31,28 +31,28 @@ LIB_FUZZING_ENGINE ?= standaloneengine.o DEBUGLEVEL?= 1 DEBUGFLAGS = -g -DLZ4_DEBUG=$(DEBUGLEVEL) -CFLAGS += -I$(LZ4DIR) $(DEBUGFLAGS) $(MOREFLAGS) -CXXFLAGS += -I$(LZ4DIR) $(DEBUGFLAGS) $(MOREFLAGS) -CPPFLAGS += -DXXH_NAMESPACE=LZ4_ +LZ4_CFLAGS = $(CFLAGS) $(DEBUGFLAGS) $(MOREFLAGS) +LZ4_CXXFLAGS = $(CXXFLAGS) $(DEBUGFLAGS) $(MOREFLAGS) +LZ4_CPPFLAGS = $(CPPFLAGS) -I$(LZ4DIR) -DXXH_NAMESPACE=LZ4_ include ../Makefile.inc # Include a rule to build the static library if calling this target # directly. $(LZ4DIR)/liblz4.a: - $(MAKE) -C $(LZ4DIR) CFLAGS="$(CFLAGS)" liblz4.a + $(MAKE) -C $(LZ4DIR) CFLAGS="$(LZ4_CFLAGS)" liblz4.a %.o: %.c - $(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@ + $(CC) -c $(LZ4_CFLAGS) $(LZ4_CPPFLAGS) $< -o $@ # Generic rule for generating fuzzers %_fuzzer: %_fuzzer.o $(LZ4DIR)/liblz4.a # Compile the standalone code just in case. The OSS-Fuzz code might # override the LIB_FUZZING_ENGINE value to "-fsanitize=fuzzer" - $(CC) -c $(CFLAGS) $(CPPFLAGS) standaloneengine.c -o standaloneengine.o + $(CC) -c $(LZ4_CFLAGS) $(LZ4_CPPFLAGS) standaloneengine.c -o standaloneengine.o # Now compile the actual fuzzer. - $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) $(LIB_FUZZING_ENGINE) $^ -o $@$(EXT) + $(CXX) $(LZ4_CXXFLAGS) $(LZ4_CPPFLAGS) $(LDFLAGS) $(LIB_FUZZING_ENGINE) $^ -o $@$(EXT) %_fuzzer_clean: $(RM) $*_fuzzer $*_fuzzer.o standaloneengine.o diff --git a/ossfuzz/compress_fuzzer.c b/ossfuzz/compress_fuzzer.c index 28610ad..3908534 100644 --- a/ossfuzz/compress_fuzzer.c +++ b/ossfuzz/compress_fuzzer.c @@ -10,17 +10,16 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) size_t const compressed_dest_size = LZ4_compressBound(size); char *const dest_buffer = (char *)malloc(compressed_dest_size); - if (dest_buffer != NULL) - { - // Allocation succeeded, try compressing the incoming data. - int result = LZ4_compress_default((const char*)data, - dest_buffer, - size, - compressed_dest_size); - CHECK(result != 0); + CHECK(dest_buffer != NULL); - free(dest_buffer); - } + // Allocation succeeded, try compressing the incoming data. + int result = LZ4_compress_default((const char*)data, + dest_buffer, + size, + compressed_dest_size); + CHECK(result != 0); + + free(dest_buffer); return 0; } diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c index 1fa2b1a..e6e14c4 100644 --- a/ossfuzz/decompress_fuzzer.c +++ b/ossfuzz/decompress_fuzzer.c @@ -7,22 +7,22 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + // TODO: Size input buffer pseudo-randomly based on seed extracted from input size_t const buffer_size = 10 * 1024 * 1024; char *const dest_buffer = (char *)malloc(buffer_size); - if (dest_buffer != NULL) - { - // Allocation succeeded, try decompressing the incoming data. - int result = LZ4_decompress_safe((const char*)data, - dest_buffer, - size, - buffer_size); + CHECK(dest_buffer != NULL); - // Ignore the result of decompression. - (void)result; + // Allocation succeeded, try decompressing the incoming data. + int result = LZ4_decompress_safe((const char*)data, + dest_buffer, + size, + buffer_size); - free(dest_buffer); - } + // Ignore the result of decompression. + (void)result; + + free(dest_buffer); return 0; } diff --git a/ossfuzz/testinput.h b/ossfuzz/testinput.h index 8da6215..0e50a3c 100644 --- a/ossfuzz/testinput.h +++ b/ossfuzz/testinput.h @@ -1,3 +1,15 @@ +#ifndef TESTINPUT_H_INCLUDED +#define TESTINPUT_H_INCLUDED + #include +#if defined (__cplusplus) +extern "C" { +#endif + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +#if defined(__cplusplus) +} +#endif +#endif -- cgit v0.12 From f3ec519f594ca78ba22001f416db84ea2da41fa1 Mon Sep 17 00:00:00 2001 From: Max Dymond Date: Sun, 30 Jun 2019 20:16:03 +0100 Subject: Remove unnecessary call to Makefile.inc --- ossfuzz/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/ossfuzz/Makefile b/ossfuzz/Makefile index 7812c41..bd01123 100644 --- a/ossfuzz/Makefile +++ b/ossfuzz/Makefile @@ -35,8 +35,6 @@ LZ4_CFLAGS = $(CFLAGS) $(DEBUGFLAGS) $(MOREFLAGS) LZ4_CXXFLAGS = $(CXXFLAGS) $(DEBUGFLAGS) $(MOREFLAGS) LZ4_CPPFLAGS = $(CPPFLAGS) -I$(LZ4DIR) -DXXH_NAMESPACE=LZ4_ -include ../Makefile.inc - # Include a rule to build the static library if calling this target # directly. $(LZ4DIR)/liblz4.a: -- cgit v0.12