libwebsockets: Add fuzzer for lws-upng (#7977)

* libwebsockets: Add fuzzer for lws-upng

* Add License

* Fix sanitzer config

* Fix fuzzing_engine config

* Update Dockerfile

* Update build.sh

Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>

4 files changed, 100 insertions, 3 deletions

diff --git a/projects/libwebsockets/Dockerfile b/projects/libwebsockets/Dockerfile
new file mode 100644
index 00000000..f69b308c
--- /dev/null
+++ b/projects/libwebsockets/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y libssl-dev
+
+RUN git clone --depth 1 https://github.com/warmcat/libwebsockets.git
+COPY build.sh $SRC
+COPY lws_upng_inflate_fuzzer.cpp $SRC/libwebsockets/
+WORKDIR $SRC/libwebsockets
diff --git a/projects/libwebsockets/build.sh b/projects/libwebsockets/build.sh
new file mode 100755
index 00000000..6afd111a
--- /dev/null
+++ b/projects/libwebsockets/build.sh
@@ -0,0 +1,27 @@
+#!/bin/bash -eu
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+DIR=$SRC/libwebsockets/
+
+cd $DIR
+mkdir build && cd build
+
+cmake -DCMAKE_C_FLAGS="$CFLAGS -fsanitize=address,fuzzer-no-link -g" -DCMAKE_CXX_FLAGS="$CXXFLAGS -fsanitize=address,fuzzer-no-link -g" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address,fuzzer-no-link -g" -DCMAKE_SHARED_LINKER_FLAGS="-fsanitize=address,fuzzer-no-link -g" ..
+make -j8
+
+cd $DIR
+$CXX -g -fsanitize=address,fuzzer -I$DIR/build/include -o $OUT/lws_upng_inflate_fuzzer lws_upng_inflate_fuzzer.cpp -L$DIR/build/lib -l:libwebsockets.a -L/usr/lib/x86_64-linux-gnu/ -l:libssl.so -l:libcrypto.so
diff --git a/projects/libwebsockets/lws_upng_inflate_fuzzer.cpp b/projects/libwebsockets/lws_upng_inflate_fuzzer.cpp
new file mode 100644
index 00000000..b685bd50
--- /dev/null
+++ b/projects/libwebsockets/lws_upng_inflate_fuzzer.cpp
@@ -0,0 +1,48 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/*
+ * This fuzzer is generated by UTopia project based on TEST(Test_Tensorflow,
+ * read_inception). (UTopia Project: https://github.com/Samsung/UTopia)
+ */
+#include "libwebsockets.h"
+#include <fuzzer/FuzzedDataProvider.h>
+
+static void lws_api_test_gunzip(FuzzedDataProvider &provider) {
+  int result = 0;
+  struct inflator_ctx *gunz = nullptr;
+  const uint8_t *outring;
+  size_t outringlen, *opl, *cl = 0;
+  auto input1 = provider.ConsumeRandomLengthString();
+
+  gunz = lws_upng_inflator_create(&outring, &outringlen, &opl, &cl);
+  if (!gunz)
+    goto bail;
+
+  lws_upng_inflate_data(gunz, input1.c_str(), input1.size());
+
+bail:
+  if (gunz)
+    lws_upng_inflator_destroy(&gunz);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, uint32_t size) {
+  FuzzedDataProvider provider(data, size);
+  auto select = provider.ConsumeIntegralInRange<unsigned char>(0, 1);
+  switch (select) {
+  case 0:
+    lws_api_test_gunzip(provider);
+    break;
+  }
+
+  return 0;
+}
diff --git a/projects/libwebsockets/project.yaml b/projects/libwebsockets/project.yaml
index f4563bd4..c490e777 100644
--- a/projects/libwebsockets/project.yaml
+++ b/projects/libwebsockets/project.yaml
@@ -3,7 +3,6 @@ language: c
 primary_contact: "andy@warmcat.com"
 sanitizers:
   - address
-  - memory:
-     experimental: True
-  - undefined
+fuzzing_engines:
+- libfuzzer
 main_repo: 'https://libwebsockets.org/repo/libwebsockets'